Category Archives: privacy

City of LA May Be Moving toward Approval of Digital Kiosks that Could Collect Data from Minors

Posted on by
Do we really need digital kiosks that could collect data from minors?

Advertising is invading our landscape in ever more intrusive ways these days, with digital signs, kiosks and billboards becoming increasingly present in our cities. What’s even more disturbing, advertising is also invading our privacy as technology makes it easier than ever to collect our personal information. It’s bad enough that advertisers are gathering information on millions of adults every day, but it’s even more disturbing when they’re gathering personal data from minors who often don’t even know that their info is being collected.

But the City of LA may be moving forward on an agreement that could put 300 to 500 digital kiosks on our streets, giving advertisers more opportunities to scoop up personal info. The LA City Council voted in 2023 to release a request for proposals (RFP) for interactive kiosks. While the RFP hasn’t been released yet, Councilmembers Tim McOsker and Curren Price have submitted a motion to push the process forward. In the meantime, a company called IKE Smart City and/or its parent company Orange Barrel Media have been busy securing letters of support from local chambers of commerce. They’re hoping to get a contract that would allow them to install their interactive digital kiosks in our communities.

So why should we be worried about the kiosks collecting our personal info? Because, in its privacy policy, IKE acknowledges that they collect and share all kinds of data about people who interact with the kiosks, starting with identifiers like your IP address, device name, phone number, and email address. They also collect and share geolocation and biometric data. IKE’s privacy policy is a classic example of how tech companies try to make you believe that they care about protecting your info. They start off saying that they respect your privacy and are committed to protecting your data. They also tell you that the kiosks don’t store any of the info you give them. But then they acknowledge that your data is being shared with their third-party partners, and that they have no control over the way those partners use the data. They also say that your data can be disclosed to their parent company, subsidiaries, affiliates, and any company that acquires their assets.

If you have kids, think about what this means. Say your teenage daughter is out with some friends, and they decide it would be fun to use the IKE kiosk’s photo booth option. Are they going to take the time to read through IKE’s terms and conditions before they start? Not likely. This means that while they’re having fun getting their picture taken with their friends, they could be giving away all sorts of personal info, including their device name, phone number, email address, location info and biometric data. And IKE acknowledges that, not only do they have no control over how their partners use the data, but they also have the option to share it with their subsidiaries and affiliates.

It gets worse. As part of the process for approving the Sidewalk & Transit Amenities Program (STAP) in 2022, the City Council also approved an ordinance that removed restrictions on any outdoor advertising structures in the public right-of-way that were part of a program approved by the Board of Public Works (BPW). Basically what this does is open up our sidewalks to a flood of new digital ad structures. You may have already seen the STAP bus shelters with digital ads. Digital kiosks are probably the next phase. (IKE’s kiosks appear to be about eight feet tall.) Because there are now no meaningful restrictions on these structures in the public right-of-way, we can expect these things to keep coming. If the BPW gives the green light, it’s a done deal. And don’t expect the BPW to be too particular. If it means revenue for the city, it’s unlikely the members of the board will raise any objections.

If you want to let your city council rep know how you feel about this, you can send them an e-mail or give them a call. If you don’t know who your council rep is, use this link to find out.

Los Angeles Neighborhood Info

If you send an e-mail, you should include the following council file info in your subject line.

Council File: 22-1154-S1, Interactive Kiosks/Installation and Maintenance

It’s bad enough that we’re constantly being bombarded with ads on our personal devices. Now the City of LA wants to put digital advertising on our streets. And if IKE gets the contract, it appears that minors will be at additional risk of having their data collected and shared.

Latest Data Breach Exposes 2.7 Billion Records.  Your Social Security Number Could Be Included.

Posted on by

The number of massive data breaches is accelerating, and your personal information is increasingly at risk of being exposed.  In June it was reported that identity verification company AU10TIX had exposed login credentials online, allowing access to sensitive user data including names, birth dates and drivers licenses.  In July the news broke that hackers had stolen phone numbers, call records and text records of up to 109 million AT&T customers.

But the latest exposure of personal information is one of the largest ever, and one of the most serious.  Back in April hackers claimed that they’d accessed the records of 2.7 billion people kept by a company called National Public Data that serves businesses doing background checks.  This month the hackers offered the complete database on-line, which apparently includes names, dates of birth, Social Security numbers and e-mail addresses.  Having access to this kind of personal information would make it much easier for hackers to access your accounts, steal money from you or assume your identity.

Massive Data Breach that Includes Social Security Numbers May Be Even Worse than Suspected

This is a huge problem, and it’s only going to get worse.  There are some things you can do to protect yourself.  At the end of the LA Times article above, they offer some good suggestions, to which I would add: Don’t give away any of your personal info unless you really need to.  Retailers and on-line services have become more and more aggressive about asking for your info, and most of they time it’s because they plan to share it with someone else.  Don’t give them your data unless you really need to.  Don’t sign up for services you don’t really need. 

Unfortunately, in our surveillance society, there are also companies collecting your data without your knowledge.  Google, Facebook and others have already been busted for this.  Digital outdoor advertising, including billboards and bus stop displays, is also collecting your device data using wireless technology. 

How much money is being lost due to cybercrime?  According to the FBI, in 2023 over $12 billion was taken.  That number is up $2 billion over 2022 and more than triple the amount reported in 2019.  These numbers are expected to grow.  And as data breaches become more frequent and more significant, hackers will have increasing access to personal info, making their job easier than ever.   

This is why we need to start contacting our elected representatives to ask what they’re going to do to protect us.  What’s really needed is legislation at the national level to set standards for companies that handle personal data, followed up with meaningful enforcement when those companies fail to comply.  Many states are passing laws to address this problem, but in most cases the laws are too limited to offer the kind of protection we need. 

We have to start taking this seriously.  If you think you won’t be a victim, think again.  Millions of people have already been hit by hackers.  Real money is being stolen.  Data brokers are collecting your info every day, and many of them don’t do nearly enough to secure the data.  We have to take action.  This has already gotten way out of hand.

LAUSD Student Data Breach: Lots of Hype, Little Oversight

Posted on by
LAUSD Superintendent Alberto Carvalho.

These days government agencies are trying hard to modernize the way they operate by revamping their data management systems.  This is understandable.  Entities that interact with thousands or millions of citizens are trying to offer 21st century efficiency to the people they serve.

The problem is, very few government agencies actually understand the 21st century digital landscape.  Often unelected bureaucrats are making decisions about tech contracts without having any idea whether the vendors can actually deliver what they’re promising.  It’s even worse when politicians get involved, because as we know, politicians sometimes try to steer contracts toward people that have supported them.

So it’s really not surprising to learn that the Los Angeles Unified School District (LAUSD) has had some serious problems handling student data.  In June it was reported that data belonging to LAUSD students had been obtained by a hacker and was being offered for sale on the dark web.  This was related to the massive Snowflake breach, in which customers of AT&T, Live Nation and dozens of other companies had their info exposed.  Then, at the beginning of July, it was reported that a whistleblower had alleged that AllHere, a vendor working with LAUSD, had violated the District’s privacy policies in the course of setting up an on-line information system to serve students and parents.  The icing on the cake is that AllHere seems to have collapsed, and it’s unlikely it will be able to fulfill its contract.

If the whistleblower’s account is accurate, it appears that AllHere promised way more than it could deliver, and LAUSD didn’t vet the company thoroughly enough.  This is actually a fairly common story.  You may remember a few years back when the City of LA was trying to force neighborhood councils to switch to on-line voting.  The City had signed a contract with a company called Everyone Counts, which claimed they were offering a tech breakthrough that would boost citizen engagement.  They also claimed that the personal data submitted by citizens to verify their identity was absolutely secure.  Not surprisingly, Everyone Counts was bought by another company, Votem, which collapsed soon after.  All the hype about on-line voting turned out to be just hype, and no one was ever able to explain what happened to the personal data that citizens had submitted for verification. 

LAUSD Superintendent Alberto Carvalho deserves a good deal of the blame for what’s gone down.  Carvalho spent a lot of time hyping LAUSD’s tech ambitions.  AllHere was supposed to be creating a comprehensive data management system that would allow LAUSD students and parents to find all sorts of information quickly and easily.  The face of the system was an AI chatbot named “Ed”, which appeared as a bright, smiling sun.  Carvalho went on the road telling everybody how great it was going to be.  Check out this video from the ASU+GSV Airshow, where the Superintendent lays out his vision for what “Ed” could do for students and parents.

At the time, it seems that Carvalho thought LAUSD was on the cutting edge of a major breakthrough.  Now it’s clear that he had no idea what he was talking about.  Carvalho is just one of the legions of people who have been hyping so-called Artificial Intelligence without really understanding what it is or what its impacts will be.  At this point nobody really knows how AI will affect the landscape, but there are still lots of people out there making ridiculous statements that have no basis in fact.  As an example, check out this quote from the web page for the ASU+GSV Airshow.

Artificial Intelligence…

Ubiquitous. Invisible. Required for life.

Unfortunately, this kind of idiotic blather is saturating the media.  Why?  Because tech companies want you to buy in to an untested technology that they don’t even understand yet.  It’s not about taking society to the next level.  It’s about conning you into spending your money on something you don’t need.

To be fair, Carvalho is doing a tough job at a time when LAUSD (and school districts across the US) are facing serious challenges.  He probably saw this tech initiative as a rare piece of good news that he could boast about.  And the members of the LAUSD Board also deserve a good deal of blame.  Just last March, the District issued a press release where board members lined up in support of the project. 

This is a serious problem.  Thousands of LAUSD students had their personal data posted for sale on the dark web.  If the whistleblower’s allegations are correct, the problem could be much larger.  Politicians and bureaucrats making decisions about technology need to realize the dangers.  They need to stop believing the hype, and start getting serious about due diligence, or we’ll be seeing a lot more disasters like this one.

Apps Are Collecting Your Data. That Could Cost You Money.

Posted on by
Still from The Great Hack, 2019

In 2021, some customers at the Hollywood Trader Joe’s were surprised when they were told that they now had to download an app in order to park in the underground garage.  Those who took the time to read the privacy policy were even more surprised to learn that by downloading the app they were agreeing to let the company behind the app, Metropolis, track their browsing activity, collect information about services they used, and follow their activities across different devices.

Many landlords are now pushing their tenants to use apps for paying rent, handling complaints, etc., but renters should look at the privacy policy before getting on board.  One such app, Door Loop, collects a lot of sensitive info from its users, including date of birth, job title, e-mail provider with (login info), social media you use (with login info), race, and social security number.  Their privacy policy says they may share that data, along with any other data you provide, with vendors, consultants and third-party service providers.  In other words, their privacy policy seems to describe how they can invade your privacy.

Now, when I talk to people about how their data is being collected by apps and services, their response is usually something like, “Oh, well, they already have all my data anyway.”  Another common response is, “I haven’t done anything wrong, so I don’t care if they’re tracking me.” 

If you don’t think giving up your data can create any problems for you, you need to think again.  For instance….

Consumers who’ve bought cars from GM in recent years have been able to sign up for a service called Smart Driver, which collects data about your driving habits, like how often you brake quickly or whether you go over the speed limit.  Supposedly it was up to customers to choose whether or not they wanted to participate.  But it was recently revealed that GM had been collecting data from people who had never signed up for Smart Driver.  Not only that, the company shared the data with a leading data broker.  Why should this worry you?  A number of GM owners have filed lawsuits alleging, among other things, that their insurance rates went up substantially because insurers had access to the data.

Let’s talk about mental health apps.  There are a number of them out there, and lots of people are relying on them to deal with mental health issues.  But unless the app you’re using is connected to your health care provider, there’s probably nothing to prohibit the company from sharing the data they collect with anyone they like.  A recent report from Duke University found that data brokers advertise their holdings of sensitive mental health data, which includes information on people suffering from depression, ADHD, anxiety and bipolar disorder.  This information is for sale, and there are few meaningful controls on who can access it or how they use it.  Do you think insurance companies might want to know if you’ve been struggling with substance abuse?  Do you think a prospective employer might be interested in knowing whether you’ve been diagnosed with ADHD?  Could there be other folks out there who want to exploit this information for their own ends?

People download apps all the time for all sorts of reasons.  Some apps may be useful, some of them may be fun, but it’s important to remember that many of them are designed and marketed with the sole purpose of collecting data from you.  Collecting and sharing/selling your data is big business. In 2022 data brokers made more than $250 billion by selling consumer data.  That number is only going to grow. 

Apps are a crucial part of this ecosystem.  When you use a browser to surf the net, there are some protections in place to inform you about what information is being collected and you can often choose to opt out of sharing your data.  But with apps, they’re not only collecting your data, they’re sharing it as well, and there are no meaningful protections in place.  When you download the app, you often get a small pop-up that asks you to agree to the company’s terms and conditions.  That’s it.  They generally don’t make any further effort to disclose that they’re going to collect your data.  To learn about what you’re getting into, you’d have to read their terms and conditions, which contains their privacy policy, which usually starts with something like, “We take your privacy seriously.”  The extent of the data they collect and their intent to share it with others is usually buried deep in these documents.  And how many people actually take the time to read these things?  Most people just click “Accept” and move on. 

The best protection is to think carefully about which apps you use, and avoid downloading those that you don’t need.  If in doubt, take the time to read the privacy policy so you at least know what you’re getting into.  If you don’t, you’re taking the chance that the app will collect and share personal info that could have an impact on your life. 

If you have kids, you should also be thinking about the apps they’ve got on their phone.  What data are they sharing?  If the apps are connected to social media, are they collecting info on family and friends?  Are they collecting location data?  Places your kids hang out? 

Data brokers are making big money on this stuff because there are lots of folks out there that want to have access to your personal info, and they’re willing to pay good money for it.  These include insurance companies, employers, government agencies and a host of others.  Don’t assume that any of these people have any interest in protecting your privacy.  In most cases, the only interests they’re protecting are their own.

LA City Council Ready to Ramp Up Digital Billboards, Ignoring Privacy Concerns

Posted on by
Digital billboard on Sunset Strip

Are you ready to have scores of digital billboards installed in neighborhoods all over the City of Los Angeles?  Well, whether you’re ready or not, the City is moving forward with approval of a new ordinance that would allow exactly that.  LA City Planning has posted the Final Draft Ordinance which would allow LA Metro to install scores of digital billboards throughout the city for its so-called Transportation Communication Network (TCN).  There are reasons to believe that the TCN has been a con from the start, but more about that later.

Under the new ordinance, Metro would be allowed to erect 86 digital billboards at locations throughout the City of LA.  The billboards would range in size from 672 square feet to 1,200 square feet, for a total maximum amount of up to 55,000 square feet.  Metro wants us to believe we’re getting a good deal because they’ll be taking down 110,000 square feet of conventional billboards, but does that really seem like a good trade-off to you?  Since the images on digital billboards are constantly changing, we’ll be subjected to more advertising than ever, and with more ads competing for our attention, it seems likely to cause an increase in distracted driving. 

There are also serious privacy concerns.  One of the reasons digital outdoor advertising is so profitable is that it involves the collection of consumer data to learn about consumer behavior.  Metro claims that no personal data will be collected as part of the program, but can we really trust them?  William Eccleshare, former CEO of Clear Channel Outdoor, has bragged about how the company can follow you to a store, can gather info on what you purchase, and can even find out what you’re watching on TV.  This August 2020 article from the LA Times offers more chilling background on how advertisers are collecting your data.

Billboards that Follow You? It’s Not Sci-Fi. They’re Already Here

Metro has already allowed Clear Channel to install digital billboards in Downey and Long Beach.  Ad companies insist that no personally identifiable information is being collected, but no one really knows what they’re gathering.  And because the data collection industry is almost totally unregulated, you really don’t know where the data goes or who has access to it. 

The digital billboards will be installed in communities all across the city.  Check out these maps from the Environmental Impact Report to see the locations.

TCN digital billboard locations in the Valley
TCN digital billboard locations in Central and South LA
TCN digital billboard locations in Downtown LA

If you want to let your LA City Council rep know how you feel about the Transportation Communication Network Ordinance, and the prospect of opening the door to digital billboards citywide, here’s their contact info.

LA City Council

Don’t know who your Councilmember is?  Click here.

Before going on, in the interest of full disclosure, I should acknowledge that I work with a group called Citizens for a Better Los Angeles that has filed a lawsuit to stop the TCN.  But I’m writing about this as an individual because I’m so disturbed by so many aspects of this program.  I’m concerned about the collection of personal data on a massive level.  I’m outraged by this massive invasion of our public space.  And I’m furious about the level of dishonesty exhibited by both the Metro Board and members of the LA City Council. 

Remember that, although these billboards will all land in the City of LA, the so-called “Transportation Communication Network” is Metro’s project.  The City of LA is preparing this ordinance to change the LA Municipal Code to allow widespread deployment of digital billboards by Metro.  Metro announced it would preparing an Environmental Impact Report for the TCN in 2022.  According to the Notice of Preparation, the TCN would….

[….] provide a network of structures with digital displays (TCN Structures) that would incorporate intelligent technology components to promote roadway efficiency, improve public safety, augment Metro’s communication capability, provide for outdoor advertising where revenues would fund new and expanded transportation programs consistent with the goals of the Metro 2028 Vision Plan, and result in an overall reduction in static signage displays throughout the City of Los Angeles.

The first problem with this is that we already have existing infrastructure that does most of the things that the TCN is supposed to do.  The Regional Integration of Intelligent Transportation Systems (RIITS) is a network of systems that gathers transportation related data throughout Southern California and offers it to local transportation agencies.  Here’s what it says on the RIITS “About” web page….

Vision

RIITS’ vision is to deliver multi-modal transportation information services through a flexible platform to achieve regional mobility, safety and sustainability goals.

Mission

Our primary mission is to support the exchange of transportation information and resources between and within government organizations for regional operational mobility improvements.

If it sounds like RIITS and TCN have a lot in common, it’s because they do.  The existing RIITS network is already doing a lot of the things Metro claims TCN will do.  And Metro could expand the RIITS system without installing a single digital billboard.  Sensors, cameras and wireless infrastructure are already widely deployed across our system of roads and freeways, so TCN isn’t really offering anything new.

Except, of course, digital billboards. 

Remember, according to the 2022 Notice of Preparation, the TCN involved the placement of new advertising structures and a reduction in the number of existing static billboards.  But was this really something new?  Actually, no.  It’s a continuation of Metro’s Billboard Program, which has been in existence for over a decade.  An August 2016 Metro Board Report gives a detailed account of how Metro has been working with a company called Allvision to cut deals with cities where they agree to allow new digital billboards in exchange for the removal of static billboards.  Here’s what the report says about the City of LA….

“All Vision and Metro staff have had preliminary discussions with the City of Los Angeles. The City is considering various options for the adoption of a new billboard ordinance. The City of Los Angeles Project offers Metro the greatest potential for new revenue from the conversion of static billboards to digital billboards.”

So in 2022 Metro announced it was preparing an EIR for the Transportation Communication Network, and also in 2022 Councilmember Paul Krekorian submitted his motion for an ordinance that would allow “digital off-site signs to be displayed on structures that are part of the Transportation Communication Network Program”.  But the Metro Board Report shows they’ve been talking about this since 2016.  By calling it the “Transportation Communication Network” they’re actually just rebranding Metro’s long-standing Billboard Program.  And the “new billboard ordinance” mentioned in the Board Report is obviously the TCN Ordinance which Krekorian proposed.   

Above I suggested that people call their LA City Council rep if they’d like to share their views on the Transportation Communication Ordinance (TCN).  You can also submit something in writing by posting a comment to the council file.

Public Comment Portal

You’ll need the council file number.

Council File: 22-0392

Transportation Communication Network Ordinance

If the City of LA passes the TCN Ordinance, you can bet it won’t just be 86 digital billboards.  This is only the beginning. 

Digital billboard in Downtown LA