6 Examples of Online Privacy Violation侵犯網絡隱私六例

凱拉·馬修斯 譯/羅小凡 審訂/黃勤 Kayla Matthews

Most people share data without thinking about it. They provide information to companies while purchasing merchandise， signing up for email lists， downloading apps and more. They also expect the respective enterprises to safeguard those details.

Unfortunately， the businesses in question often fall short of the task， exposing valuable data. The resulting violation of privacy laws can lead to huge fines and eroded public trust.

Here are six recent examples of companies that failed to do everything they could to respect users privacy.

1. Zoom gave data to third parties without users knowledge

An April 2020 piece from The New York Times alleged that popular video conferencing site Zoom engaged in undisclosed data mining during user conversations. The coverage asserted that when a person signed into a meeting， Zoom transmitted their data to a system that matched individuals with their LinkedIn profiles. The incident happened via a subscription-based tool called LinkedIn Sales Navigator that Zoom offered customers to assist with their marketing needs.

Moreover， when someone signed into a Zoom meeting with an anonymous name， the tool still connected that person to their respective LinkedIn profile. Thus， the person had their real name revealed to a fellow user despite efforts to keep it private. Zoom promised to disable the tool and remove it from the companys offerings.

2. Google violated childrens privacy laws

Google is under fire for violation of privacy laws， recent reports say. A California federal court received a lawsuit from two children suing the tech giant through their father. The pair assert that the G Suite for Education platform unlawfully collects biometric1 data from kids who use it. If so， that action would likely mean Google disregarded the Childrens Online Privacy Protection Act （COPPA）， a federal mandate that requires getting parental consent before gathering data from minors under 13. Moreover， the company may face allegations of violations associated with state biometric laws. The issues could affect millions of kids and their privacy.

3. Hackers dump confidential law firm data

A law firms document management system （DMS） contains all the legal documents about its clients. Some include records spanning 10 to 20 years， making it especially necessary to protect the data. Privacy violations sometimes occur due to inadequate cybersecurity. For example， the Maze hacker group targeted Texas law firm Baker Wotring and published a “full dump” of the organizations data. The incident was a ransomware attack， and the leak likely happened when the cybercriminals did not receive the requested payment. The compromised records included case diaries， consent forms and more.

4. Facebook fined for its role in Cambridge Analytica data harvesting

Federal officials in the United States carried out a 16-month investigation and determined Facebook repeatedly misled its users and compromised efforts to safeguard privacy. That decision came after Cambridge Analytica used a third-party app to harvest data from a Facebook quiz for political purposes.

The Federal Trade Commission （FTC）2 fined Facebook $5 billion for the infractions， the largest amount ever imposed on a company for a consumer privacy regulation.

5. Ring doorbell app allegedly loaded with trackers

The Ring doorbell has an accompanying app that lets people see， hear and speak to individuals who arrive on their doorsteps—even without being home. Unfortunately， when the Electronic Frontier Foundation （EFF）3 investigated the Android version， it discovered numerous third-party trackers. The researchers say that Ring sent data to four outside entities， providing them with personally identifiable information.

The transmitted details include names， IP addresses and data from users device sensors. The EFF warned that recipients could combine all the information to get a unique user picture.

6. WhatsApp flaw sacrificed the privacy of top government officials

Privacy violations also happen if malicious parties exploit weaknesses in widely used apps. Such a situation unfolded when NSO Group4， an Israeli hacking tool developer， allegedly built and sold a product that allowed the infiltration of WhatsApps servers due to an identified weakness. This problem caused at least 1，400 users to have their mobile phones hacked within approximately two weeks in April and May 2019.

A sizeable segment of the identified victims were reportedly high-profile government officials located in at least 20 countries. Early investigative efforts failed to confirm the perpetrators5 that used the tool from NSO Group.

分享數據時，大多數人往往不假思索。購買商品、注冊電子郵箱列表、下載應用程序等等，人們向公司提供了個人信息，同時也指望這些公司能夠保護好那些細碎信息。

不幸的是，相關企業往往失職，泄露了重要的數據。由此產生的違反隱私法的行為，可能會導致巨額罰款，并削弱其公信力。

下面介紹公司未能盡其所能尊重用戶隱私的6個近期案例。

1. Zoom公司在用戶不知情的情況下將其信息提供給第三方

《紐約時報》2020年4月的一篇文章稱，備受青睞的視頻會議網站Zoom在用戶對話期間秘密采集數據。報道稱，當用戶登錄會議時，Zoom將其數據傳輸到一個系統，該系統將用戶與其領英平臺中的個人資料進行匹配。事件由一個名為領英銷售導航的訂閱工具觸發。Zoom為客戶提供該工具，以滿足公司的營銷需求。

此外，當用戶匿名登錄Zoom會議時，該工具仍會關聯他們在領英平臺上的個人資料。因此，盡管用戶努力保密，其真實姓名還是會被透露給其他用戶。Zoom承諾禁用該工具并將其從公司的產品中刪除。

2. 谷歌公司違反兒童隱私保護法

據近期報道，谷歌公司因違反隱私保護法而受到猛烈抨擊。加州一家聯邦法院收到了兩個孩子通過父親提起的對這家科技巨頭的訴訟。二人稱，谷歌教育平臺非法收集兒童用戶的生物識別數據。如果此事屬實，該行為可能意味著，谷歌無視聯邦政府頒布的《兒童在線隱私保護法》。該法令要求在收集13歲以下未成年人的數據之前，必須征得其父母同意。此外，谷歌可能面臨違反加州生物識別法的指控。這些問題可能會影響數百萬兒童及其隱私。

3. 黑客盜取律所機密數據

律師事務所的文件管理系統包含客戶的所有法律文件。其中一些檔案的時間跨度為10至20年，因此保護這些數據尤為必要。網絡安全措施不足有時會導致侵犯隱私的情況。例如，“迷宮”黑客組織鎖定得克薩斯州的貝克-沃特林律師事務所為攻擊目標，公開了該公司的“全部黑料”。這是一起勒索軟件引起的攻擊事件，很可能是網絡犯罪分子沒有收到贖金而泄露信息的。遭泄露的材料包括案件卷宗和知情同意書等等。

4. 臉書因參與劍橋分析公司數據收集而受罰

美國聯邦政府人員進行了為期16個月的調查，確認臉書一再誤導其用戶并破壞保護隱私方面的種種努力。這一判定裁決前，劍橋分析公司出于政治目的，使用第三方應用程序從臉書的一個智力游戲中獲取數據。

美國聯邦貿易委員會對臉書的違規行為處以50億美元罰款，這是迄今為止因侵犯消費者隱私而對一家公司處以的最高罰款。

5. 據稱“門鈴”應用程序裝有跟蹤器

“門鈴”有一個附帶的應用程序，能夠讓住戶即使不在家也能在有人到了家門口時看到、聽到并與之交談。不幸的是，電子前沿基金會調查其安卓版本時發現了許多第三方追蹤器。研究人員表示，“門鈴”向四個外部實體發送數據，提供個人可標識信息。

發送出去的詳細信息包括姓名、網際協議地址和用戶設備傳感器上的數據。電子前沿基金會警告說，數據接收者可以結合所有信息，勾畫出用戶畫像，即掌握該用戶的個人情況。

6. 沃茨阿普應用程序漏洞致政府高官隱私流出

惡意組織利用流行應用程序的弱點也會帶來侵犯隱私的行為。據稱，以色列黑客工具開發商NSO集團制造并銷售了一款產品，該產品讓人借助已識別的弱點潛入沃茨阿普服務器，從而侵犯隱私。2019年4月至5月，約兩周時間內，該問題導致至少1400名用戶的手機被黑客攻擊。

據報道，已確認身份的受害者中，相當大一部分是來自至少20個國家的高級政府官員。初步調查工作未能確認使用NSO集團工具的犯罪者身份。

（譯者單位：華中科技大學）