Connect with us

Illegal Surveillance

Over 200 Mortgage Brokers Leaked Sensitive Data to Facebook

Published

on

Sensitive Data Sharing Raises Legal Concerns

When someone applies for a mortgage, they trust a home loan lender or mortgage broker with some of the most sensitive information they have: information about their credit, their home, and personal details of their lives. Unbeknownst to those prospective homeowners, they may also be sharing that information with Facebook.

The Markup tested more than 700 websites offering loans for people looking to purchase or refinance a home, from major online brokers to lesser-known regional lenders. They found that more than 200 of these companies share some amount of user data with Facebook through the Meta Pixel, a small piece of tracking software embedded on their sites. As users filled out mortgage applications or requested quotes, the pixel tracked information about their credit, veteran status, occupation, the specific homes they wanted, and more. Experts told The Markup that it might be against the law for mortgage lenders to feed this kind of information to Facebook.

For instance, Fairway Independent Mortgage Corporation, one of the largest lenders in the country, used the Meta Pixel to track detailed information about visitors, including every button they clicked on a preapproval page and the type of home they were interested in. Responses to a question about estimated credit, which asked visitors to select a numbered band from “Poor” to “Excellent,” were also tracked. Clicking “I Decline” on the site’s cookie notice did not stop the pixel from tracking.

The pixel also sent Facebook a scrambled version of a visitor’s name and email address. Meta says these “hashed” email addresses “help protect user privacy.” However, it’s simple to determine the pre-obfuscated version of the data, and Meta explicitly uses the hashed information to link other pixel data to Facebook and Instagram profiles.

Kirby Bradley, the chief content officer for Fairway Mortgage, said in an emailed response to questions from The Markup that the company has stopped using the pixel. She stated that the credit estimates shared with Facebook were not actual scores but rather “categories made up completely by the respondent based on nothing but their feeling at the time.” Bradley added that Fairway did not collect or transmit personally identifiable information while using the pixel but declined to detail how the company defines such information.

LendingTree, Veterans United Home Loans, Doorway Home Loans, and ZeroDown were among other companies found to have shared sensitive data with Facebook through the Meta Pixel. These companies sent information including unique IDs, details about co-borrowers, bankruptcy status, military history, and the exact address of homes viewed by users.

A spokesperson for Meta, Emil Vazquez, said in an emailed statement that the company’s system uses automated tools to filter out “potentially sensitive data it is able to detect.” Vazquez added, “Advertisers should not send sensitive information about people through our Business Tools. Doing so is against our policies, and we educate advertisers on properly setting up Business Tools to prevent this from occurring.”

Potential Legal Consequences

The online mortgage industry, valued at tens of billions of dollars globally, is subject to strict regulations under laws such as the Gramm–Leach–Bliley Act, which aims to protect consumers’ financial information. The Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) have the authority to enforce these laws and can penalize companies that violate them.

Natalie Loebner, a consultant and former Justice Department trial attorney, told The Markup that sharing sensitive information with Facebook via the Meta Pixel could violate the Gramm–Leach–Bliley Act or other regulations. Loebner suggested that regulators might scrutinize mortgage companies using the pixel to share customer data, particularly if they failed to disclose this practice to customers.

A Call for Regulatory Action

The Markup’s investigation highlights the pervasive and troubling use of tracking technology in the mortgage industry. While some companies used the Meta Pixel more responsibly, others shared highly sensitive information without adequate consumer consent or protection. This widespread data sharing raises significant privacy concerns and underscores the need for more robust regulatory oversight and enforcement.

As digital mortgage services continue to grow, the importance of safeguarding consumer data becomes ever more critical. Regulators, companies, and consumers must work together to ensure that sensitive financial information is protected from unauthorized access and misuse.

SOURCE: THE MARKUP

Illegal Surveillance

NFL to Roll Out Facial Authentication Software League-Wide

Published

on

The National Football League (NFL) is the latest organization to adopt facial authentication technology to enhance event security, according to an announcement made this week.

All 32 NFL stadiums will begin using this technology in the upcoming season, following the league’s contract with a company specializing in facial scans to verify the identities of people entering event venues and other secure spaces.

The facial authentication platform, with investments from the Cleveland Browns’ owners, aims to “streamline and secure” entry for thousands of credentialed media, officials, staff, and guests. These individuals will be able to access restricted areas such as press boxes and locker rooms with ease, according to Jeff Boehm, the chief operating officer of Wicket, who shared the news in a LinkedIn post on Monday.

“Credential holders simply take a selfie before they come, and then Wicket verifies their identity and checks their credentials with Accredit (a credentialing platform) as they walk through security checkpoints,” Boehm added.

Wicket’s technology was initially deployed in a select number of NFL stadiums last year as part of a pilot program. Other stadiums will start implementing the technology beginning on August 8, coinciding with the pre-season kickoff.

Some teams have extended their use of the technology to scan the faces of ticket holders. The Cleveland Browns, Atlanta Falcons, and New York Mets have all used Wicket’s facial authentication software to authenticate fans with tickets, according to Stadium Tech Report.

“Fans look at the tablet, and instantly, the tablet recognizes the fan,” said Brandon Covert, vice president of information technology for the Cleveland Browns, in a testimonial on Wicket’s website. “It’s almost a half-second stop. It’s not even a stop — more of a pause.”

“It has greatly reduced the amount of time and friction that comes with entering the stadium,” Covert added. “It’s so much faster.”

The Browns also use Wicket to verify the ages of fans purchasing alcohol at concession stands, according to Wicket’s LinkedIn page.

However, the use of facial recognition or authentication technology, especially when applied to thousands of people who are scanned while working or attending a sports event, has long been a concern for privacy advocates. There are worries about the technology being used to track people’s locations, and its potential to intensify racial and gender discrimination, as it is often less accurate in identifying people of color, women, and nonbinary individuals.

Wicket’s website claims its technology uses “facial biometrics algorithms” to authenticate individual faces in less than a second with 99.7% accuracy, even in poorly lit spaces. The company promotes its product to large venues by emphasizing its ability to speed up entry and reduce congestion.

The league-wide adoption of Wicket technology is intended to prevent the use of fraudulent credentials and enhance stadium security, according to NFL officials.

“One of the biggest things is accountability,” Billy Langenstein, senior director of security services for the NFL, told Sports Business Journal, which first reported the news.

“[The league and the teams] know every single person who is being credentialed to work an NFL game, who they are, and the access levels they should have to do their job,” Langenstein added. “And a big part of it is accountability for those individuals, embracing it, learning it, and evaluating the safety and security of the program.”

The NFL is not the only sports league deploying facial recognition technology. Soccer stadiums worldwide are rapidly adopting and deploying facial recognition to monitor fans, according to a Privacy International (PI) report published in May.

Twenty-five of the top 100 soccer stadiums in the world use the technology to enhance video surveillance, PI’s report stated. The nonprofit sent its findings to the United Nations Special Rapporteur in the field of cultural rights, which will issue a related report to the General Assembly in October.

Continue Reading

Government Surveillance

Supreme Court to Review Texas Digital ID Verification Law

Published

on

The Supreme Court has announced it will review a legal challenge against a Texas statute mandating digital ID verification for any websites and apps that could be deemed “harmful to minors.” While the law is typically associated with pornographic material, the broad term “harmful to minors” could apply to a wide range of websites, preventing users from accessing content without first uploading their ID.

This legal battle revolves around Texas’ age verification bill, introduced in 2023. The law also requires these sites to present health warnings about the alleged psychological dangers of pornography consumption. Notably, this labeling requirement does not yet extend to search engines or social media platforms.

Websites that fail to comply with the law face steep fines, including daily civil penalties of up to $10,000 and potential fines from the Texas attorney general of up to $250,000 per instance if a minor accesses restricted content. Similar laws are currently active in seven other states and are set to be introduced in more states soon.

The Free Speech Coalition, along with several adult website operators, filed a lawsuit against the bill. Their argument is that the law infringes on First Amendment rights. A federal district court initially halted the law’s enforcement just before its implementation on September 1, 2023.

Mandatory digital ID requirements for website and social media use raise significant concerns about the chilling effect on free speech. These requirements can deter online participation due to privacy fears and undermine the anonymity vital for activists and whistleblowers. Such policies may also lead to self-censorship, as users might avoid sharing controversial opinions out of fear of being easily traced. Additionally, implementing digital IDs poses complex legal, technical, and logistical challenges that could result in bureaucratic errors and data breaches. The major Big Tech ID verification company AU10TIX was recently reported to have suffered a data leak, though the company says it hasn’t seen evidence of any user data being exploited.

The majority of the panel at the US Court of Appeals for the 5th Circuit concluded that the Texas law is “rationally related to the government’s legitimate interest in preventing minors’ access to pornography,” using the least stringent rational-basis review standard, and thus did not violate the First Amendment. In contrast, Judge Patrick Higginbotham dissented, arguing that the law necessitates strict scrutiny due to its content-based restrictions on adult access to protected speech.

As the 5th Circuit allowed its decision to stand, the Free Speech Coalition and the affected websites escalated the matter to the Supreme Court. Their appeal emphasized the contradiction between the 5th Circuit’s decision and established Supreme Court precedents regarding sexual content and expression. They argue that the law unduly burdens adults’ constitutional rights by requiring the disclosure of personal information, thus increasing the risk of data breaches and privacy violations.

Texas officials defend the legislation, asserting it as a reasonable measure to protect minors from sexually explicit materials and not an undue burden on the porn industry.

As the Supreme Court prepares to review the case, the decision will have significant implications for digital privacy, free speech, and the regulation of online content across the United States.

Continue Reading

Illegal Surveillance

Gates Foundation Awards $4M Grant To Fund Digital ID Initiative

Published

on

The Gates Foundation continues to drive global efforts aimed at introducing digital ID and payment systems by the end of this decade, awarding a $4 million grant to the UK-based Alan Turing Institute. This funding is part of a broader initiative known as the digital public infrastructure (DPI), supported by a coalition of private groups, such as the Gates Foundation and the World Economic Forum (WEF), as well as major global entities like the US, the EU, and the UN.

The Turing Institute, renowned for its work in AI and data science research, has announced that this latest grant will support a multidisciplinary project over the next three years. The project’s primary objective is to ensure the “responsible” implementation of ID services, focusing on privacy and security concerns. This initiative aims to address the critical issues raised by opponents of digital ID schemes, who consistently warn about the risks of centralizing personal identities.

The Turing Institute is framing its work, funded by the Gates Foundation, as an effort to balance the benefits of digital ID systems with robust privacy and security measures. According to the Institute, the project “aims to enhance the privacy and security of national digital identity systems, with the ultimate goal to maximize the value to beneficiaries, whilst limiting known and unknown risks to these constituents and maintaining the integrity of the overall system.”

Despite these assurances, skepticism remains. Critics argue that the Gates Foundation’s long-standing involvement in promoting digital ID and payment systems raises concerns about the true motives behind these initiatives. They fear that the emphasis on privacy and security in this new project may be more about perception management than addressing substantive risks.

The Turing Institute emphasizes that implementing digital ID services can improve inclusion, access to services, and human rights. However, they acknowledge the need for “tweaking” privacy and security measures to enhance trust in these systems. The renewed grant from the Gates Foundation is seen as a step towards achieving this balance, although critics worry it might be a public relations effort to mitigate opposition.

“The project aims to enhance the privacy and security of national digital identity systems, with the ultimate goal to maximize the value to beneficiaries, whilst limiting known and unknown risks to these constituents and maintaining the integrity of the overall system,” the Institute said in its announcement.

This initiative comes amidst increasing investments in developing secure, scalable, and user-friendly digital ID systems. According to the Turing Institute, billions of dollars are being poured into this field each year to address these challenges.

The Gates Foundation’s latest grant highlights the ongoing global push towards digital public infrastructure, which aims to integrate digital ID systems with broader societal benefits. However, the tension between the potential advantages of these systems and the significant privacy and security concerns they raise continues to be a focal point of debate.

As the Turing Institute embarks on this new project, the world will be watching closely to see whether the promised enhancements to privacy and security materialize, and whether these efforts genuinely address the concerns of those wary of centralized digital ID systems.

Continue Reading

Trending