This week, WIRED debuted its joint investigation with Lighthouse Reports into the questions of bias and equity that are inherent in governments’ use of algorithms to oversee financial assistance programs and identify alleged welfare fraud. The investigation included an unprecedented look inside the system used by the city of Rotterdam, in the Netherlands, and the training data that was used on the algorithm. We looked closely at how flaws in the algorithm’s conclusions and wrongful accusations have impacted people’s lives in Rotterdam. And we examined the global role of the private fraud-detection industry in these systems as well as urgent concerns about the pervasive surveillance that is now inherent in Denmark’s national welfare scheme.
The United States FBI admitted for the first time this week that it has purchased location data about people in the US from private data brokers rather than obtaining a warrant for the information. Meanwhile, US congressman Darin LaHood claimed that he has been the subject of unlawful, “backdoor” searches by the FBI. And over in the US military-industrial complex, the US Air Force is moving ahead with plans to incorporate artificial intelligence for piloting fighter jets after successful autonomous flight tests in December.
Meanwhile, the FBI's Internet Crime Complaint Center published its annual Internet Crime Report this week, with new details about an explosion of investment scams and so-called “pig butchering” attacks that led to $3.3 billion in reported losses in 2022.
If all the black box government assistance algorithms and AI-piloted fighter jets have you on edge, you’re not alone. At a memorial on March 4 for the late privacy and web encryption advocate Peter Eckersley, family, friends, and colleagues talked about the importance of continuing to expand the AI Objectives Institute he founded to redirect the evolution of artificial intelligence so that it helps, rather than extorts, humanity.
As his sister Nicole Eckersley put it in her remarks at the event, “We want to see Peter’s plans come to fruition. We want to keep engaged with this incredible community. We want to stop the robots from eating us and crapping out money.”
What else can you really say? And yet, there's more. Each week, we round up the security news we didn’t cover in-depth ourselves. Click the headlines to read the full stories, and stay safe out there.
A Catholic nonprofit based in Colorado is spending millions to purchase location data from dating apps to identify gay priests, a Washington Post investigation revealed. The group, Catholic Laity and Clergy for Renewal, reportedly used this data to prepare reports for bishops across the US about the behavior of individual priests. In one report prepared for bishops and reviewed by the Post, the group claims the data came from data brokers that obtained the information from ad exchanges, sites where ads are bought and sold in real time. The conservative group reportedly cross-referenced the purchased location data with the locations of church residences and seminaries to find clergy who were allegedly active on the apps.
According to the report, the group was responsible for the 2021 outing of a prominent priest named Jeffrey Burrill. Burrill resigned from his post in the US Conference of Catholic Bishops after a Catholic news site obtained mobile app data that showed he regularly used Grindr. At the time, the news organization did not say where its data came from.
In a statement released a day before the investigation’s release, Jayd Henricks, the group’s president, said, “It isn't about straight or gay priests and seminarians. It’s about behavior that harms everyone involved, at some level and in some way, and is a witness against the ministry of the church.”
No national US data privacy laws prohibit the sale of this kind of data.
On Wednesday, the District of Columbia’s health insurance exchange confirmed that it was working with law enforcement to investigate an alleged leak after a database containing personal information of about 170,000 individuals was offered for sale on a hacker forum popular with cybercriminals. The reported breach in DC Health Link, as the exchange is known, could expose sensitive personal data of lawmakers, their employees, and their families. Thousands of the exchange’s participants work in the US House and Senate, and a sample of the stolen data set reviewed by CyberScoop indicates that the victims of the breach also range from lobbyists to coffee shop employees.
According to a letter to the head of the DC Health Benefit Exchange Authority from House Speaker Kevin McCarthy and Minority Leader Hakeem Jeffries, the FBI has apparently purchased some of the stolen data from the dark web. While the FBI had not yet determined the extent of the breach, according to the letter, “the size and scope of impacted House customers could be extraordinary.”
A report by Politico published March 7 details how Ring, Amazon’s home-surveillance company, handed law enforcement videos captured by an Ohio man’s 20 Ring cameras against his will. In December, the Hamilton Police Department sought a warrant for camera footage—including from inside the man’s house—while investigating his neighbor. According to the report, after he willingly providing video to the police that showed the street outside his home, police used the courts to access more footage against his will.
While law enforcement often seeks warrants for digital data, those warrants typically pertain to the subject of a particular investigation. However, as networked home surveillance cameras have become increasingly popular, sometimes blanketing city blocks, law enforcement is increasingly turning to individuals who are completely unaffiliated with a case to provide data. According to Politico, the lack of legal controls on what police can ask for opens the door for a bystander’s indoor home footage to be lawfully acquired by police.
Following Politico's story, Gizmodo reported that a customer service agent for Ring told a concerned customer that the Politico story was a “hoax” perpetrated by a competitor. In response, an Amazon spokesperson told Gizmodo that the company does not in fact think the story was a hoax and the statement was the result of a misunderstanding on the part of the customer support agent. “We will ensure the agent receives the appropriate coaching,” the spokesperson said.
A former roommate of noted fabulist George Santos told federal authorities that the US congressman from Long Island, New York, had orchestrated a credit card skimming operation in Seattle in 2017. In a declaration submitted to authorities and obtained by Politico, the Brazilian man—convicted of credit card fraud and deported from the US—told the FBI, “Santos taught me how to skim card information and how to clone cards. He gave me all the materials and taught me how to put skimming devices and cameras on ATM machines.”
According to the declaration, Gustavo Ribeiro Trelha met Santos in 2016 when he rented a room from him in his Florida apartment. There Santos reportedly taught Trelha how to use credit card cloning equipment and eventually flew him to Seattle to begin stealing financial information. “My deal with Santos was 50 percent for him, 50 percent for me,” Trelha wrote.
