Student Privacy and the Fight to Keep Spying Out of Schools: Year in Review 2020

As students were sent home from school in the spring due to the coronavirus pandemic, schools  followed them home with invasive surveillance technology. This trend, spurred by the surge in remote learning, was an opportunistic move by tech companies and schools already in a race to control students through technology.

With millions of students studying from home to stay safe from COVID-19, new threats have popped up.

The Student Surveillance Ecosystem Pre-Pandemic

Before the pandemic, the school panopticon toolkit was already wide-ranging. Many schools relied on cameras and microphones installed in buildings to watch students go about their day. The cameras might be equipped with facial recognition; the microphones might have “aggression detection” capabilities. Facial recognition is a biased technology, and cities have started banning government use of face surveillance because of this issue. Aggression detection technology simply doesn’t work.

Some software scans students’ social media posts, both during and after school hours. Schools can even track students’ personal devices (as opposed to school-issued), by requiring the use of a certain kind of security certificate to use the school Internet, thus giving administrators the ability to monitor browser history and messages students send. These technologies cause real harm, including disproportionately impacting students of color and causing mental health issues. And knowing they might be punished for speaking up like the Georgia student suspended for posting about inadequate coronavirus mitigation measuresis inherently chilling to students’ freedom of expression.

In response to this encroachment of surveillance into schools, EFF created a Surveillance Self-Defense Guide written especially for students. It describes the technologies that students can be subject to, the risks they pose, and how to minimize those risks—and how to make the case to parents, teachers, and school administrators that spy tech doesn’t belong in a place of learning.

This was already an Orwellian situation before the pandemic. Now, with millions of students studying from home to stay safe from COVID-19, new threats have popped up.

The Turbocharging of Remote Proctoring

Remote proctoring refers to a class of monitoring technology that spies on students as they complete exams. It is incredibly invasive, often uses facial recognition software and AI monitoring, collects massive amounts of sensitive data (including in some cases biometric information), and scrutinizes students every facial expression and movement for signs of academic dishonesty. Proctoring software can also have biases against students that do not fit the presumed white, neurotypical, and able-bodied "norm," further exposing the most vulnerable students to harm. Ultimately, these apps cannot keep their promise to stop cheating. Students will always be able to undermine these tools, making this technology merely a further normalization of surveillance in education.

These apps subject students to unnecessary and invasive surveillance, and EFF has been proud to stand with students on this issue. We’ve objected to the California Bar’s required use of ExamSoft in the bar exam and won a partial victory when–shortly after receiving our letter–the Clerk and Executive Officer of the California Supreme Court asked the state bar to propose a timetable within 60 days for the deletion of all the 2020 bar applicants’ personally identifiable information collected via ExamSoft. When ExamSoft flagged over a third of all online test-takers, we pushed for the Bar to give examinees additional time and information necessary to defend themselves against the many likely baseless accusations of cheating.And when five U.S. senators began investigating these apps, we reminded them that the entire business model of proctoring companies is surveillance of students, and that you can’t make spying less invasive.

University App Mandates

Some universities have mandated that students install COVID-19-related technology on their personal devices as a condition for returning to campus or enrolling in classes. EFF has been clear that this is the wrong call. Exposure notification apps, quarantine enforcement programs, and similar new technologies are untested and unproven, and mandating them risks exacerbating existing inequalities in access to technology and education. Schools must remove any such mandates from student agreements or commitments, and further should pledge not to mandate installation of any technology. EFF is urging universities to rethink these mandates and commit to our University App Mandate Pledge: six transparency and privacy-enhancing policies that university officials must adopt to protect the privacy, security, and transparency of their community members. Students, staff, faculty, and university community members can speak up here.

EFF will continue to stand for student privacy. Whether it’s creating resources like our Privacy for Students guide, continuing to write about emerging student privacy issues, or teaching journalism graduate students how to think and write about data privacy issues that affect students, we’ll be here to fight for and reassure students: invasive surveillance is not normal and it has no place in your school. 

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2020.

Read more »

Risky Relationship between Startups and Auto Industry

Intro
The ecosystem disruptions wrought by ADAS and AV development have made the automotive-semiconductor market more hospitable to startups. This four-part series explores the contextual drivers of the recent increase in startup activity, the challenges these new players will face as they build their businesses, strategies for success, and the potential impact of the Covid-19 pandemic on the startup trend going forward. The following is the Part 2 of a four-part series on ‘On-Ramp Widens for Automotive Semiconductor Startup.’

Proof of concept: The first step on the road to traction
While automotive OEMs and Tier 1 vendors are increasingly open to the idea of working with startups, the high development costs, long product lifecycles, and stringent safety requirements of their industry understandably make them risk-averse. The most common way for an OEM or Tier 1 to engage with a startup semiconductor company without actually making a significant commitment is to engage in a proof-of-concept (POC) project.

In the traditional, hierarchical supply chain structure, “winning” a POC with a major Tier 1 or OEM was considered a major vote of confidence by the customer in the promise of the new solution. While there were no guarantees that production volume would follow a successful POC, the commitment of resources on the part of the customer was generally understood to mean that the customer was relatively serious about the solution.


Recommended
On-Ramp Widens for Automotive Semiconductor Startups


However, as the automotive industry acknowledged the need to be nimbler and faster in its ability to innovate, it began to experiment with a variety of riskier technologies. Innovation centers were established that became skilled at running multiple projects simultaneously, with the ability to cut projects on short notice before committing anything to a production program. When these POCs are managed by the innovation centers and not out of the actual platform R&D centers of the car OEMs, in many cases they never find their way into a production program.

This is not to say that such POCs are not immensely valuable to the startups. Potential investors will often take POCs into account when assessing a startup’s traction in the market. Feedback from the POCs can be used to fine-tune the product/market fit. Nonetheless, it is critical that the startups have realistic expectations about the likely outcomes from the project and understand both the risks and the benefits, even for POCs that never result in actual recurring revenue.

The long, winding, risky road from POCs to production platforms
Some startup companies have been able generate a reasonable amount of revenue from engaging in paid POC projects with the automotive industry. This has been especially true of very advanced, very expensive technology such as LiDAR, which needs to be tested out across a substantial number of vehicles. According to research firm Yole Développement, the LiDAR total available market (TAM) approached $1 billion in 2019, with less than 10% of that being in actual platform production vehicles.1 However, sustainable revenue growth and lofty enterprise valuations on the basis of POCs are the exceptions, not the rule. In the vast majority of applications, the real growth will only occur after a solution has been “designed in” to a production vehicle platform.

Semiconductor startups and their investors would be wise not to start banking on revenue from an automotive program until after their POCs have started achieving pre-aligned, customer-approved milestones and customer engagements have broadened to include procurement, supplier quality, and platform engineering. Furthermore, since semiconductor companies are typically Tier 2 suppliers, the transactional customer for doing business will normally be a Tier 1 supplier to the OEM. As such, the startup’s customer will need to ensure that the solution is approved, designed-in, and qualified in a production-vehicle program before actual revenue can begin.

It is not uncommon for the full qualification cycle at the Tier 1 and OEM to take up to three years. Once production does start, the volumes during the first few years may only be a fraction of the anticipated volumes because OEMs tend to roll out new features one or two car platforms at a time.

If the startup is sufficiently well-funded, it may be able to hire the resources it needs to ensure it meets the quality requirements of the automotive industry. This often will require going beyond qualification testing to AEC-Q100 requirements. IATF 16949:2016 specifies the quality management system (QMS) requirements necessary for automotive suppliers, with a focus on continuous improvement, defect prevention, variability reduction, and elimination of waste in the supply chain.

The QMS should include advanced product quality planning (APQP) and a production part approval process (PPAP). The PPAP alone is a remarkably detailed process consisting of up to 18 separate elements, which include establishing an automotive-capable verification and validation (V&V) process, complaint-handling flows, design and process failure-mode–effect analyses, and other requirements.2 Furthermore, depending on the application, the quality requirements may include meeting functional safety standards (ISO 26262).

To make things more challenging, the requirements are still evolving. For example, a consortium of automotive companies, including Aptiv, Audi, BMW, Continental, Daimler, FCA and VW, together with semiconductor companies such as Infineon and Intel, recently published a set of “Safety First for Automated Driving” V&V guidelines and established a new standard: ISO 21448, Safety of the Intended Functionality (SOTIF). Far more comprehensive than ISO 26262, SOTIF includes cybersecurity and software verification as well as the more traditional automotive requirements.3

Startups that lack the resources to address these evolving requirements directly may need to leverage the quality assurance capabilities of their larger ecosystem partners, including foundry suppliers and test subcontractors. This does not mean simply leaving the testing up to the partners and trusting that everything will be accepted by the customer; rather, it means the startup may need to have the ecosystem partner provide certain contractual assurances to the customer. In rare cases, if the startup is a Tier 2 vendor or lower in the value chain but has a particularly strong relationship with a customer higher up in the value chain, that customer may be willing to accept the risk with respect to the OEMs.

While perhaps the most daunting, quality assurance is just one element of the complete set of operational-excellence and contractual requirements that startups must meet. A startup may also need to take steps with its predominantly outsourced supply chain to ensure continuity of supply, second-source requirements, and compliance with hazardous-substance and ethical-sourcing regulations, to name just a few. Startups will also require a strategy to deal with contractual liability clauses that may be thrust upon them by their customers or the OEMs.

Selling into the automotive industry involves risks to the startups besides simply overcoming the barriers to entry. Large companies have been known to engage with startups while simultaneously developing their own solutions, sometimes learning from the startups in the process. Even if the relationship develops well, sometimes the best outcome a startup can realistically hope to achieve is to be “acquihired” by the larger company.4 While this is not necessarily a bad outcome, it may prevent the startup from ever achieving its full potential or the full market potential of the technology it developed. Of course, the more partners the startup has, the less likely it is that the startup will be forced into accepting an unattractive offer from a partner.

OEMs and Tier 1 suppliers face their own risks when they choose to work with startups. Occasionally, the larger companies will be developing their own products in a target market while simultaneously sourcing from a startup. That creates a risk of IP leaks within the larger organization. The established company will be very good at protecting its own assets from the startup but may have insufficient protections in place for the startup’s IP, which could damage the startup’s business and create potential liabilities for the established company down the road.

Perhaps a bigger risk for established players in working with startups is the possibility that the emerging company may go out of business or be acquired by a competitor. However, the most important risk is also the most fundamental: program and schedule risk. If the startup is unable to deliver as promised, Tier 1 or OEM customers could be putting entire programs at risk. Delays in R&D could force a platform design overhaul or require a platform to launch without the features that motivated the relationship with the startup in the first place. Delays during the production phase could result in line stoppages at the OEM at a cost of multiple millions of dollars per day.

When the risks are worth the effort
Given how challenging it can be for startups to meet the production requirements of the automotive industry and how risky it can be for car OEMs to incorporate unproven technology into their production vehicles, an obvious question for both sides of the relationship is why they should even make the effort.

Certainly, for the startups, there may be easier markets to go after with faster “time to money.” However, because the automotive industry has such high barriers to entry, the companies that are able to break through will have fewer competitors with which to share the market, resulting in higher profit margins. Furthermore, once production revenue starts, the product lifecycle in automotive is much longer than in most other markets, ensuring a stable source of revenue and profits. Finally, over the long run, across multiple economic cycles, the automotive industry has demonstrated an ability to maintain a fairly healthy and stable growth rate.

For the OEMs and established Tier 1 suppliers, working with select startups can provide rapid access to new technologies, often at a much lower cost than if they had developed the technology themselves or commissioned it from their traditional supply chain partners. Rather than build and resource their own projects from the ground up and compete internally for limited budget inside their bureaucracies, they can quickly adopt new technology from dedicated, focused, and agile external teams. If the larger company aspires to enter the market that is being evangelized by the startup, establishing a solid supplier relationship early on can make it easier to consider that startup as an acquisition target down the road.

So how can both sides increase their chances of making such a seemingly precarious engagement succeed? Part 3 will present some strategies.

References
1The Automotive LiDAR Market.” Yole Développement, April 2018.

2IATF 16949:2016. International Automotive Task Force (IATF), October 2016.

3Junko Yoshida, “AV Safety Ventures Beyond ISO 26262.” EE Times, March 5, 2019.

4Tanja Kufner, “Automotive startups grow with increasing OEM uncertainty – here is how.” AutomotiveIQ, Oct. 9, 2018.

 

 

The author is Drue Freeman, Board Member, Sand Hill Angels; Adviser Board Member, Silicon Catalyst

 

 

 

 

 

 

 

 

 

The post Risky Relationship between Startups and Auto Industry appeared first on EETimes.

Read more »

Plan C Live: How Maker Educators Adapted During This COVID-19 Semester

Education has been turned on its head this year and the struggle to teach and learn virtually is real for teachers and students of all ages and their families. For educators whose focus is on hands-on learning the disruptions are doubly challenging: They face the same transition to a virtual […]

Read more on MAKE

The post Plan C Live: How Maker Educators Adapted During This COVID-19 Semester appeared first on Make: DIY Projects and Ideas for Makers.

Read more »

The U.S. Government Is Targeting Cryptocurrency to Expand the Reach of Its Financial Surveillance 

One of the most important aspects of cryptocurrencies from a civil liberties perspective is that they can provide privacy protections for their users. But EFF is concerned that the U.S. government has been increasingly taking steps to undermine the anonymity of cryptocurrency transactions and importing the widespread financial surveillance of the traditional banking system to cryptocurrencies.  

On Friday, the Department of the Treasury’s Financial Crimes Enforcement Network (FinCEN) announced a proposed regulation that would require money service businesses (which includes, for example, cryptocurrency exchanges) to collect identity data about people who transact with their customers using self-hosted cryptocurrency wallets or foreign exchanges. The proposed regulation would require them to keep that data and turn it over to the government in some circumstances (such as when the dollar amount of transactions in a day exceeds a certain threshold). 

The proposal appears designed to be a midnight regulation pushed through before the end of the current presidential administration, as its 15-day comment period is unusually short and coincides with the winter holiday. The regulation’s authors write that this abbreviated comment period is required to deal with the “threats to United States national interests” posed by these technologies, but they provide no factual basis for this claim. 

Although EFF is still reviewing the proposal, we have several initial concerns. First, the regulation would mean that people who store cryptocurrency in their own wallets (rather than using a professional service) would effectively be unable to transact anonymously with people who store their cryptocurrency with a money service business. The regulation will likely chill the ability to use self-hosted wallets to transact with the privacy of cash.

Second, for some cryptocurrencies like Bitcoin, transaction data—including users’ Bitcoin addresses—is permanently recorded on a public blockchain. That means that if you know the name of the user associated with a particular Bitcoin address, you can glean information about all of their Bitcoin transactions that use that address. Thus, the proposed regulation’s requirement that money service businesses collect identifying information associated with wallet addresses means that the government may  have access to a massive amount of data beyond just what the regulation purports to cover.

Third, the regulation could hamper broader adoption of self-hosted wallets and technologies that rely on them, or at least make it difficult to integrate these technologies with intermediaries like exchanges. The regulations make it significantly more difficult for self-hosted wallet users to seamlessly interact with other users who have wallets provided by a service subject to the regulations. Under the proposed rules, these hosted wallet services would have to collect certain information about self-hosted wallet users who transact with their customers in some circumstances. That may complicate certain automated transactions, such as smart contracts, or be difficult to implement in scenarios involving decentralized exchanges. Despite the name, “wallets” are not just personal stores of currency: they are a way for individuals and computing systems to hold and dispense money without relying on institutions. Adding friction to these types of transactions undermines the technology’s importance in giving individuals control over their finances. It could also chill the ability of innovators to create decentralized financial platforms with a wide range of lawful uses.

Fourth, although the proposed rules purport to simply apply pre-existing regulations involving cash transactions to cryptocurrencies, they ignore that these digital financial tools exist in part to afford financial privacy and anonymity equal to and perhaps beyond that of traditional cash. In this respect, the proposed regulations are part of a larger troubling trend of the U.S. government extending the financial surveillance of the traditional banking system to cryptocurrencies. This proposal comes just two months after the Department of Justice published its Cryptocurrency Enforcement Framework, which made it abundantly clear that the DOJ wants to undermine the ability of cryptocurrency users to transact anonymously. 

The Framework says, and this regulation repeats, that merely using privacy coins like Zcash and Monero is “indicative of possible criminal conduct.” The Framework also says that people operating mixers and tumblers, which make cryptocurrency transactions harder to trace, can be criminally liable for money laundering. Financial regulators, much like the NSA, apparently suspect that anyone attempting to protect their financial privacy is doing something illegal.

That Framework also targeted decentralized exchanges. Decentralized exchanges are typically open-source software allowing people to exchange cryptocurrency directly with each other, with no other party involved. The DOJ said that those projects have to register with FinCEN and have to “collect and maintain customer and transactional data” or else be subject to civil and criminal penalties.  

Other concerning developments this year include the 5th Circuit’s decision that law enforcement does not need to get a warrant in order to obtain financial transaction data from cryptocurrency exchanges, and FinCEN’s proposal to lower the threshold at which institutions must collect and store transaction data from $3,000 to $250 (in cryptocurrency or fiat currency) to satisfy “Travel Rule” obligations. 

These developments are an assault on the ability to transact privately online and an attempt to extend the widespread financial surveillance of the traditional banking system to cryptocurrency. Financial records contain a trove of sensitive information about people’s personal lives, beliefs, and affiliations. Nonetheless, courts and lawmakers have allowed widespread warrantless financial surveillance in the traditional banking system. The Bank Secrecy Act requires banks to maintain financial records because of their usefulness in investigations, and in 1976, the Supreme Court (in U.S. v. Miller) allowed the government to obtain bank customers’ data without a warrant. EFF is concerned about the U.S. government’s attempts to expand this surveillance to encompass cryptocurrency transactions. 

Cryptocurrency is important for civil liberties because—like cash—it allows for anonymous transactions. Photos from the Hong Kong protests showed long lines at subway stations as protestors waited to purchase tickets with cash so that their electronic purchases would not place them at the scene of the protest. These photos underscore that a cashless society is a surveillance society—and the importance of importing the anonymity of cash to the digital world.

Cryptocurrency is also important because it is censorship resistant. Many traditional financial intermediaries have engaged in arbitrary financial censorship, cutting off access to financial institutions for adult social networks, adult booksellers, and controversial websites, even when these services have not violated the law.

U.S. regulators’ recent actions, including this new proposed rulemaking, threaten to undermine the privacy and civil liberties protections afforded by peer-to-peer technologies. The rulemaking requests comments from the public by January 4, 2021. EFF hopes that the civil liberties community and individuals who want to protect their financial privacy will submit comments opposing this proposed rule, despite—indeed, partly because of—its abrupt deadline.

Read more »

Save the date for Coolest Projects 2021

The year is drawing to a close, and we are so excited for 2021!

More than 700 young people from 39 countries shared their tech creations in the free Coolest Projects online showcase this year! We loved seeing so many young people shine with their creative projects, and we can’t wait to see what the world’s next generation of digital makers will present at Coolest Projects in 2021.

A Coolest Projects participant showing off their tech creation

Mark your calendar for registration opening

Coolest Projects is the world-leading technology fair for young people! It’s our biggest event, and we are running it online again next year so that young people can participate safely and from wherever they are in the world.

Through Coolest Projects, young people are empowered to show the world something they’re making with tech — something THEY are excited about! Anyone up to age 18 can share their creation at Coolest Projects.

On 1 February, we will open registrations for the 2021 online showcase. Mark the date in your calendar! All registered projects will get their very own spot in the Coolest Projects online showcase gallery, where the whole world can discover them.

Taking part is completely free and enormously fun

If a young person in your life — your family, your classroom, your coding club — is making something with tech that they love, we want them to register it for Coolest Projects. It doesn’t matter how small or big their project is, because the Coolest Projects showcase is about celebrating the love we all share for getting creative with tech.

A teenage girl presenting a digital making project on a tablet

Everyone who registers a project becomes part of a worldwide community of peers who express themselves and their interests with creative tech. We will also have special judges pick their favourite projects! Taking part in Coolest Projects is a wonderful way to connect with others, be inspired, and learn from peers.

So if you know a tech-loving young person, get them excited for taking part in Coolest Projects!

“We are so very happy to have reached people who love to code and are enjoying projects from all over the world…everyone’s contributions have blown our minds…we are so so happy ?:woman-cartwheeling:?Thank you to Coolest Projects for hosting the best event EVER :star:?:star:?:star:

– mother of a participant in the 2020 online showcase

Want inspiration for projects? You can still explore all the wonderful projects from the 2020 showcase gallery.

A Coolest Projects participant

Young people can participate with whatever they’re making

Everyone is invited to take part in Coolest Projects — the showcase is for young people with any level of experience. The project they register can be whatever they like, from their very first Scratch animation, to their latest robotics project, website, or phone app. And we invite projects at any stages of the creation process, whether they’re prototypes, finished products, or works-in-progress!

  • To make the youngest participants and complete beginners feel like they belong, we work hard to make sure that taking part is a super welcoming and inspiring experience! In the showcase, they will discover what is possible with technology and how they can use it to shape their world.
  • And for the young creators who are super tech-savvy and make advanced projects, showcasing their creation at Coolest Projects is a great way to get it seen by some amazing people in the STEM sector: this year’s special judges were British astronaut Tim Peake, Adafruit CEO Limor Fried, and other fabulous tech leaders!

Sign up for the latest Coolest Projects news

To be the first to know when registration opens, you only have to sign up for our newsletter:

We will send you regular news about Coolest Projects to keep you up to date and help you inspire the young tech creator in your life!

The post Save the date for Coolest Projects 2021 appeared first on Raspberry Pi.

Read more »

JP’s Product Pick of the Week — 4pm Eastern TODAY! 12/15/20 @adafruit @johnedgarpark #adafruit #newproductpick

PSSSSSSSST — You! Come on by for JP’s Product Pick of the Week! A new product pick will be revealed. The show airs at 4pm ET / 1pm PT, T O D A Y!

Check out the livestream right here inside this product page, which is a hugely huge hint as to which product it’ll be, but you won’t want to miss it because there will be a big BIG BIG 50% OFF DISCOUNT during the show!!!

Tune in for:

  • John Park’s latest product pick
  • Learn how to use it
  • Enjoy the exciting unpredictability of live demonstrations
  • Very sparkly nail polish

The live video will also be on Youtube LIVE, Twitch, Periscope (Twitter) and Facebook. LIVE TEXT CHAT IS HERE in the Adafruit Discord chat! Come on into the chat to participate in the merriment, enjoy a hand crafted beverage, and make fun times. 0……….

000 (I dripped andouille sausage juice on the numpad “0” and “.” keys and had to clean it off. All better now.)

Every Tuesday @ 4pm ET/1pm PT!

Read more »

These side glow fiber optic panels make beautiful wall decor

Side glow fiber optics – unlike their cousins that efficiently transmit light from one point to another – emit a glow along the length of each strand when light is applied. This creates a beautiful effect, which Andrei Erdei implemented nicely in his wall decoration project.

Erdei’s build consists of a series of nine square frames, inside of which 3mm fiber optic strands are connected, looping gracefully from one edge to another. Each strand is lit by an addressable WS2812B LED module, under the control of an Arduino Nano.

You can see this wall installation in action in the video below, and more info on how to build your own is available on the project write-up.

Read more »

App note: Optocouplers in on-board chargers and battery monitoring systems

App note from Vishay on how optocouplers play a role on safety for Electric vehicles. Link here (PDF)

The number of electric vehicles on the roads is steadily growing, increasing the need for safe and reliable battery systems and high efficiency battery chargers. Modern electric vehicles use battery systems with voltages up to 1000 V and charge times down to a few hours. This application note uses two examples to illustrate how optocouplers play a major role in on-board chargers battery monitoring systems, and explores the benefits they provide to designers and drivers.

Read more »

Control your holiday lights with a tap of a Disney MagicBand

If you enjoy all things Disney and would love to bring some of its park magic into your home, then look no further than Dominick Civitano’s recent project.

Because of travel limitations due to the pandemic, Civitano decided to create a replica of a MagicBand reader that uses an NFC card reader module to recognize a programmed MagicBand, which triggers a ring of LEDs, audio output, and a relay for Christmas lighting. This setup could likely be applied to other devices, opening up its possibilities into January and beyond.

Electronics for the build — including an Arduino Mega that runs the show — are hidden inside of a 3D-printed, property-themed enclosure that resembles those found outside of any Disney theme park. This would potentially preserve a sense of wonder at the device, and diffuses the LEDs nicely.

More details on the Civitano’s work can be found on GitHub!

Read more »