This is the web version of Data Sheet, Fortune’s daily newsletter on the top tech news. To get it delivered daily to your in-box, sign up here.
A couple weeks ago, I wrote about why I opt out of facial recognition at Fortune’s offices. That newsletter garnered many, many replies. Today, I’m sharing and answering questions people sent in. Here’s a sampling of the mailbag, lightly edited for context and clarity.
The building already has your face on your badge. Wouldn’t the bad guys have access to the same information you’re trying to keep them away from? — Michael Schneider, Fortune’s chief revenue officer
While the building indeed has a 2D image of my face, it doesn’t have a higher fidelity 3D scan (that I know about). Since I’m still not clear on how exactly this data gets stored, I prefer not to submit to—and relinquish—that deeper, digital profiling for now.
To build on Schneider’s point, an even stronger criticism of my stance might be that, as a journalist, live event moderator, and show host, my face and name are publicly posted all over the Internet. Isn’t it futile to assume that I can protect these aspects of my privacy? Honestly…maybe! But I stand by my decision to opt out in this instance. It’s a matter of principle for me, if nothing else.
Curious, do you use FaceID on an iPhone? Is that something we should be concerned with as well (asking as I type from my phone that I just opened with my face 🤔)? — M.P.
I am not opposed to using FaceID, though I don’t currently use it. I’m more comfortable with Apple’s stated security practices than with situations where the data-handling practices are less certain. Apple is quite clear that people’s biometric data are stored locally on their phones, in an isolated and encrypted compartment called the “secure enclave.” It’s not invulnerable, but it does satisfy my own personal risk vs. reward calculus.
“I’m struck by how quickly the narrative around tech has shifted from a fluffy maximizing-human-potential vibe to a greased-up slide to dystopianism on which all of society is rocketing.” — J.C.
“I’m not convinced that there are any secrets anymore. Anyone can find information about anyone else at this point. So, while I respect your decision not to join the ‘club,’ I’m not so sure you have gained any additional privacy.” — M.A.
“Your reasoning below is exactly why I haven’t used a DNA test that I received as a gift… it concerns me that private companies can do anything they want with my DNA without my consent. I am curious for the results, but I can’t bring myself to open it.” — K.R.
“The reality is that passwords, tokens and physical ID cards are simply not secure—and I’m not sure consumers today realize to what extent that’s true. Not only is biometrics more secure than other means of security, the data is much more difficult to hack. Especially in the case of voice—a voiceprint file is useless when things like synthetic detection are in place.” — Brett Beranek, head of security and biometrics at software firm Nuance
***
I want to be clear: I am not a flat-out rejector of facial recognition technologies. But I default to “No” in cases where I don’t have enough information about how my data is being handled. Knowledge is power.
Robert Hackett
Twitter: @rhhackett
Email: robert.hackett@fortune.com
THREATS
Watching the watchers. An inspector-general report analyzing the FBI's Russia investigation uncovered considerable sloppiness in how the law enforcement agency conducts national security surveillance requests. The bureau failed to provide complete information to the courts when seeking permission to wiretap a Trump associate. Longtime supporters of the FBI's surveillance powers are now criticizing the bureau for its lapses.
The Ludovico technique. The Verge has an inside look at the trials and travails of content moderators at Google's YouTube. The work—which involves screening and censoring videos that depict unconscionable depravity—can cause lasting mental health damage. Many of the moderators are outside contractors who are not offered the same benefits as full-time Googlers.
Ring around the rosie. The home-security camera business Ring, owned by Amazon, continues to come under fire for its lax security practices. Ring devices lack basic protections, such as restricting camera access to authorized IP addresses and preventing double account log-ins, Vice reports. The company defended its record in a blog post while instructing people to change default passwords. Security pros have shot back that Ring's stance smacks of victim-blaming.
And stay out. China has been clamping down on its internal information management in the wake of multiple high-profile leaks relating to its mass detention of Uighurs, an ethnic Turkic minority, the Associated Press reports. Officials are directing people to delete documents and restrict people's access to databases. Meanwhile, the U.S. apparently expelled two alleged Chinese spies from the country after they attempted to break into a sensitive military base in Virginia, per the New York Times.
How to make your online reputation squeaky clean.
ACCESS GRANTED
What do the Dalai Lama, Mexican druglord El Chapo, and assassinated Saudi Arabia critic Jamal Khashoggi have in common? They have all been purported targets of spyware. The Toronto Star recently profiled Citizen Lab, a Canadian security research group devoted to exposing the shadowy digital tools used by governments and intelligence agencies. The Citizen Lab team perseveres, despite persistent death threats, in its mission to help civil rights activists, journalists, and political dissidents, many of whom find themselves targets of state surveillance.
(Something I learned while reading this story: Soviet spies used to sprinkle radioactive dust on targets' clothes so they could track them with Geiger counters.)
Since Ron Deibert founded the University of Toronto lab in 2001, his team of cybersecurity watchdogs have reverse-engineered their way to the forefront of a battle against digital espionage—a growing, unregulated industry of private corporations selling spying software to authoritarian regimes.
“It’s an epidemic,” Deibert says. “What we’re seeing is a proliferation globally of this technology being used—implicated in murder, implicated in all sorts of blackmail—and helping to empower some of the world’s most corrupt rulers and autocrats. “It’s a real crisis for democracy and civil society. And there are literally no controls over this right now.”
FORTUNE RECON
New California Law Giving Consumers Control Over Their Data Sets Off a Scramble by Jeff John Roberts
The Emerging Disconnect Between Business and Academic Interests in A.I. by Jeremy Kahn
Smith & Wesson Sued by Mass Shooting Victims for Failure to Install ‘Smart Gun’ Technology by Paula Sambo
‘Tis the Season for Holiday Movies—and Hallmark and Lifetime Aren’t Afraid of Netflix by Jessica Klein
‘Seek Immediate Shelter.’ Remember Hawaii’s False Missile Alert? This Bill Aims to Prevent It From Happening Again by Audrey McAvoy
Your Top Business Predictions for 2020 by Polina Marinova
ONE MORE THING
What do you look like in "true face"? That's spy-speak for "undisguised." The Wall Street Journal has a piquant profile of Jonna Mendez, a former CIA agent who created hyper-realistic masks and other identity-obscuring prosthetics to disguise her colleagues. On one occasion, she even donned a different face to trick the late former President George H. W. Bush.
