To catch a drug thief, hospital secretly recorded births, women’s surgeries

81 women claim their privacy was violated as hospital tried to trap a drug thief.

Not where you want a hidden camera.

Enlarge / Not where you want a hidden camera. (credit: Getty | Brendan Hoffman)

A California hospital faces a lawsuit from 81 women who allege they were secretly filmed by hidden cameras in labor and delivery operating rooms while undergoing extremely intimate procedures, including Caesarean births, sterilizations, and operations to resolve miscarriages.

The women claim that their privacy was egregiously violated by the hospital, Sharp Grossmont Hospital in La Mesa, California, which is run by Sharp HealthCare. The women say they did not consent to be filmed during the procedures—and would not have done so if given the choice.

Moreover, they allege that their sensitive videos were insecurely stored on various desktop computers, some of which were not even password protected, and that numerous non-medical staff members—including security guards and attorneys—were able to watch the videos. The lawsuit further alleges that the hospital made no effort to log or monitor who viewed the footage and did not ensure proper deletion of the data. In all, the lawsuit estimates that the hospital had secret recordings of around 1,800 procedures that took place in the women’s center.

Read 5 remaining paragraphs | Comments

Woman from China, with malware in tow, illegally entered Trump’s Mar-a-Lago

Event raises serious questions about security practices of the US Secret Service.

Large helicopter emblazoned with presidential logos lands at a seaside resort.

Enlarge (credit: The White House / Flickr)

A woman carrying four cellphones, two Chinese passports, and a thumb drive containing malware was arrested over the weekend after gaining access to President Donald Trump’s Mar-a-Lago resort under false pretenses, a court document alleged.

The woman, identified as 32-year-old Yujing Zhang, on Saturday afternoon told a US Secret Service agent she was there to use the pool and produced the passports, a criminal complaint filed in US District Court for the Southern District of Florida alleged. She was admitted past a security checkpoint after a resort security manager verified that her last name matched the surname of a club member. A “potential language-barrier issue” raised the possibility she was the daughter of the member. She didn’t give a definitive answer when asked if she was there to meet anyone and was escorted to a front desk in a golf cart.

When questioned by a receptionist inside the club, Zhang said she was there to attend a United Nations Chinese American Association event later that evening, according to the complaint. The receptionist confirmed that no such event was scheduled and was unable to find Zhang’s name on any list of people approved to be past the security checkpoint.

Read 6 remaining paragraphs | Comments

The rise of tech-worker activism

Video: Leigh Honeywell created Never Again pledge and a company devoted to tech-worker safety.

Video by Chris Schodt, production by Justin Wolfson. (video link)

In this episode of Ars Technica Live, we spoke with Leigh Honeywell, a security engineer who has worked at several large tech companies as well as the ACLU. She's been at the forefront of worker organizing in the tech industry, organizing protests against data-driven profiling and founding Hackerspaces in both Canada and the United States. Recently, she founded the company Tall Poppy to protect tech workers from abuse online.

We began by talking about how she created the Never Again pledge, signed by hundreds of tech workers, which was a direct response to President Trump's openness to tracking Muslims in the US using big data. She said it was a turning point when tech workers realized that the systems they built weren't just helping people. These systems could also be weaponized and used for surveillance and racial profiling. People signing the pledge promised to quit their jobs before designing a database for tracking Muslims or any other vulnerable group.

Read 6 remaining paragraphs | Comments

Bay Area: Join us 1/9 to talk about personal data security in 2019

Researcher Ashkan Soltani will discuss what happens when companies sell your data.

Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments.

Enlarge / Askhan Soltani has worked with the FTC and as an independent researcher, exploring data privacy issues. Recently, he testified about Facebook's privacy policies before the US and UK governments. (credit: Ashkan Soltani)

The Cambridge Analytica scandal. Data breaches at hotels, banks, rideshare companies, and hospitals. Facial recognition. DNA databases. We're living through the data privacy apocalypse and now it's time to figure out what happens next. Here to discuss that with us at the next Ars Technica Live is Ashkan Soltani, an independent researcher and technologist who specializes in data privacy.

Recently, Soltani testified before the US and UK governments about Facebook's privacy practices and how they make user data available to third parties. Soltani also authored the California Consumer Privacy Act of 2018, which regulates large companies that make more than 50 percent of their revenues from selling California residents' personal information. The CCPA was signed into law earlier this year.

Soltani will be in conversation with Ars Technica editors Cyrus Farivar and Annalee Newitz.

Read 4 remaining paragraphs | Comments