Category Archives: Modern Life Risks

A Dangerous Form of Eugenics Is Creeping Back Into Science


Garland Allen– Feb 5, 1989

Most people think we have come a long way from the sordid days of blatant eugenics, when everything from thalassophilia (love of the sea, or nomadism) to prostitution, rebelliousness, criminality, mental illness, and personality traits were thought to be inherited. That was all supposed to have ended when the Nazis revealed the true nightmare of eugenic ideas with their “final solution.” But like the endless number of movie sequels that have overrun our theaters, eugenics is back with a new cast of characters and a slightly different script, but the same tired and dangerous old plot.

No one will admit it, of course, and no honorable scientist will say that current research on the inheritance of social or behavioral traits perpetuates the old notions of eugenics. Yet in the last several years, book after scientific book and paper after paper have reported genetic links to everything from alcoholism and criminality to homosexuality, shyness, “risk taking,” and psychiatric conditions such as manic depression and schizophrenia.

What is even more startling is that these ideas are being popularized at a great rate. Since 1987, Time, U.S. News and World Report, Newsweek, and the Wall Street Journal have all run major stories describing how “new” genetic research has shown that many human social and behavioral traits are to a large extent genetically controlled. The popular accounts have all stressed that the new research is much more “clear-cut” than the eugenics of 50 years ago. They have also stressed that understanding the genetic basis of “antisocial behavior” (meaning such social problems as crime, prostitution, mental retardation, or alcoholism) would be helpful in counseling “at risk” patients and possibly preventing them from carrying out their biological destiny.

There are several reasons for concern about this new rash of “research” and the popular accounts of it. First and foremost, the new results are in most cases no more conclusive than the results of eugenicists 50 years ago. In order to study the inheritance of any trait, it is first necessary to define the trait precisely and unambiguously. Yet human social or behavioral traits are not unambiguous because, by their very definition, they arise in, and take their meaning from, a social context. Whereas blue eyes or physical height are largely independent of the social contexts in which they are defined, crime is not. What is criminal in one context–for example, killing in time of peace–becomes noncriminal, even heroic in another context–wartime. Similarly, what is defined as alcoholism is dependent on social definition and setting.

Thus, the very traits that scientists are trying to show to be genetic are defined in quite varied and subjective ways. If you cannot define a trait unambiguously, you certainly cannot study its inheritance.

Another reason why current claims about genetically determined traits are flawed is that behaviors like criminality or alcoholism are not simple entities like height, hair color, or diabetes. Alcoholism includes not only dependency on a chemical substance, but also the inability to control behavior and to anticipate the consequences of an action. Alcoholics may vary in the degree to which their problem results from one or several of these factors. To dissect out the specific behavioral component behind each individual’s chemical dependency may be impossible. Yet to treat the behavior (even if definable) as arising from the same causes in every person is a gross oversimplification. It would be like trying to determine why people are “bad drivers”.

An additional problem is that human beings, unlike fruit flies or laboratory mice (a few of the common animals used for genetic studies) have social as well as biological inheritance. We transmit to our offspring not only physical characteristics like eye color and skin color but also social characteristics through what we teach. Developmental psychologists have been emphasizing for years the importance of early learning experiences in the growth of personality and social behavior in children. It is thus virtually impossible to disentangle the learned from the biologically determined aspects of human behavior.

While no modern geneticist would deny that there is a genetic basis for general aspects of our behavior (for example, our ability as humans to learn language, or to think abstractly) it is extremely difficult to show genetic influences on such specific traits as ability to learn math, or the risk of becoming dependent on alcohol and other drugs. The only way a modern geneticist can separate genetic from environmental influences is to breed organisms and raise the offspring under highly controlled environmental conditions. Since our ethical standards (thank goodness!) forbid carrying out such experiments with human beings, there is never likely to be any rigorous way to separate such subtle influences as heredity and learning in the development of human personality. What is empirically clear is that human beings have an enormous capability to learn–with far greater flexibility than any other known animal. Thus, if there are genetic tendencies toward one or another specific behavioral trait, they are minuscule by comparison to our overall ability to adopt new behaviors, that is, to learn. After investigating a number of such claims, past and present, I simply have not found any clear-cut or meaningful data to support the claims.

Now what makes all of this so troublesome? Is it not just another academic argument? The answer is an emphatic “no.” As an historian of science, I have noted that genetic explanations for human social problems always seem to recur at times of economic and social crisis. Eugenics rose to prominence in the early 1900s, in association with the economic cutbacks related to World War I and then the Great Depression. They arose again in the early 1970s during the economic crises surrounding the scaling back of President Lyndon B. Johnson’s “Great Society.” Finally, with Reaganomics, we see the theories gaining prominence again. And, of course, the most extreme example was the enormous economic austerity of Nazi Germany and that nation’s virulent eugenic policy.

At all of these times, the hereditarian argument has served to turn attention away from the environmental causes of social behavior–such as cuts in wages and benefits, inflation, stress in the workplace–by focusing on internal, genetic causes. Thus the victim is blamed for having the problem in the first place. There is a perfectly good social explanation for why crime and rates of alcohol abuse increase during these times, but to those in government and private enterprise such conclusions are less than savory. Discontent is easier to control if it can be focused on innate faults (biological, in these cases) rather than faults in our society.

In Germany, belief in the biological inferiority of Jews allowed many citizens to look the other way when racist campaigns were mounted against those of Jewish descent. Fascism feeds on blaming the individual. Thus a climate that promotes the idea that alcohol abuse or criminality is biologically based is a climate in which other Fascist ideologies can take root.

If the genetic studies were clear, there would be no ideological reason to reject claims that certain human behaviors are hereditary. But the science is at best equivocal, and at worst flagrantly wrong–as in the now-famous case of British psychologist Sir Cyril Burt who, earlier in the century, faked much of his data on the inheritance of IQ. The recent Minnesota twin studies, for example, have been widely quoted in the popular press, but only one brief account has ever appeared in a refereed scientific journal. Thus, based on past and present history, there is every reason to oppose the widespread popular dissemination of studies purporting to show genetically based behavioral traits on scientific grounds alone.

But what is most worrisome is how those scientifically questionable views might be used. History shows us that hereditarian arguments have almost always been associated with the idea that biologically “defective” individuals should either not be born at all, or, as in the Nazi case, should be exterminated so as not to be a burden on society. They have provided ammunition for discrimination on the basis of race, sex, and economic status. Scientists now have a responsibility to prevent these dangerous ideas from creeping back into science–and into our society.

Garland E. Allen is professor of biology and history of science at Washington University in St. Louis.

Read More/ Lisez plus sur :

The Spy on Your Phone- Al Jazeera Investigation- and the role of Cyprus


A surveillance technology that can identify the location of a phone anywhere in the world in just seconds with only a telephone number has been detected in 25 countries. Spyware companies claim to sell their wares only to governments fighting crime and terrorism but it is all too easy for these tools to be used by repressive regimes to attack human rights.

NSO Group’s advanced Pegasus spyware was identified on phones of at least 36 journalists and media executives in July and August 2020, according to the University of Toronto-based Citizen Lab, which said the surveillance product was installed via a vulnerability in the iPhone messaging application. Most targets were affiliated with the Qatar-headquartered Al-Jazeera media network, according to Al-Jazeera English; Citizen Lab said a journalist at London-based Al-Araby TV was also targeted.

The tech was supplied by the Israeli business Circles, claimed Citizen Lab, a University of Toronto organization that has long tracked the activities of surveillance companies. Circles is a sister company of NSO Group, an iPhone and Android spyware developer that is currently being sued by Facebook over attacks on the WhatsApp accounts of 1,400 users and has been criticized for selling to nations who went on to spy on activists, journalists and other.

According to Citizen Lab, the Circles tracking tool was detected in both Western, democratic countries, and nations with poor human rights records. The full list, according to Citizen Lab and neither confirmed nor denied by Circles, included:  Australia, Belgium, Botswana, Chile, Denmark, Ecuador, El Salvador, Estonia, Equatorial Guinea, Guatemala, Honduras, Indonesia, Israel, Kenya, Malaysia, Mexico, Morocco, Nigeria, Peru, Serbia, Thailand, the United Arab Emirates (U.A.E.), Vietnam, Zambia, and Zimbabwe.

“Citizen Lab presents mounting evidence that for clients in the Middle East, the ability to spy on journalists and other critics is a feature, rather than a side benefit, of NSO Group’s surveillance products,” said CPJ Middle East and North Africa Program Coordinator Sherif Mansour. “Advanced surveillance tools should not be sold without regulation to governments with a long history of abusing the press.”

CPJ requested comment from the NSO Group by email. Via an intermediary, the company declined to provide a statement that could be attributed to a named spokesperson. In a statement published by the The Guardian newspaper, NSO Group said: “As we have repeatedly stated we do not have access to any information with respect to the identities of individuals our system is used to conduct surveillance on. However, where we receive credible evidence of misuse, combined with the basic identifiers of the alleged targets and timeframes, we take all necessary steps in accordance with our product misuse investigation procedure to review the allegations.”

Spying in Circles

Circles was an independent intelligence agency vendor up until 2014, when it was acquired by private equity company Francisco Partners for $130 million and merged into a larger surveillance company. That umbrella organization also included NSO Group.

But Circles isn’t the only SS7 surveillance provider on the market. Cyprus-based Intellexa, set up by former Circles co-founder Tal Dilian, uses SS7 exploitation as one of its many tools to track a target. Israeli companies Verint, Rayzone and 1rstWAP offer similar services, according to one industry executive. Ability Inc., another Israeli firm, tried to take the tech global, but crashed out of the Nasdaq after failing to secure customers.

Those providers’ days should, in theory, be numbered, if they stick to solely doing SS7 attacks. The flaws that allow SS7 attacks to take place have long been fixable. The attacks are only possible because SS7, in its original form, doesn’t require any authentication to guarantee the legitimacy and safety of messages traversing the network. It would require some effort by global telecoms networks to address the flaws, but some efforts have been made to patch the vulnerabilities.  The U.K., for instance, recently proposed telecommunications security legislation that would grant a regulator the authority to ensure the nation’s networks are secure against SS7 attacks.

Cyprus is a hotbed for surveillance companies that sometimes set up shop in the country and then sell their technology from the region.

Controversial phone hacking company NSO Group has closed the Cyprus office of Circles, a surveillance firm that previously merged with NSO, and fired a number of staff, according to two former NSO employees.

Forbes reports back on 2019 that on a wildflower-lined gravel track off a quiet thoroughfare in Larnaca, Cyprus, Tal Dillian is ensconced in a blacked-out truck. It’s a converted GMC ambulance, pimped out with millions of dollars of surveillance kit, antennas on top reaching out to learn what it can from any smartphone within a 1-kilometer radius and, at the click of a button, empty them of all the content within. WhatsApp messages, Facebook chats, texts, calls, contacts? Everything? “Exactly,” says Dilian, a 24-year Israeli intelligence veteran and multimillionaire spy-tech dealer, though he doesn’t look it; imagine a shabbier, more hirsute George Clooney. Less Hollywood style, more avuncular chic.

He claims such tools are designed to snoop on terrorists, drug cartels and the world’s most egregious criminals. But that’s not always the case. Politicians, human rights activists and journalists have been targeted too. Most infamously, associates of Khashoggi and other Saudi Arabian activists were allegedly targeted by stealth iPhone spyware called Pegasus in the lead-up to his torture and slaughter in Istanbul. The mythically themed malware was coded by NSO Group, a company Dilian is closely associated with: His first surveillance business, Circles, merged with NSO in 2014, when U.S. private equity firm took control of both for a total of $250 million. NSO has since strenuously denied having anything to do with Khashoggi’s death.

Sources :

  • Forbes, Thomas Brewster. This Surveillance Tool Can Find You With Just Your Telephone Number — Did These 25 Countries Buy It, Dec 1, 2020
  • CPJ.org, Committee to Protect Journalists, Dozens of journalists newly identified as NSO Group spyware targets, Dec 21, 2020
  • Forbes, Thomas Brewster :A Multimillionaire Surveillance Dealer Steps Out Of The Shadows . . . And His $9 Million WhatsApp Hacking Van, Aug 5 ,2019

What you have to know about GDPR and how it can breach your private life data


GDPR HISTORY SUMMARIZED

The Data Protection Act 1998 aimed to balance the entitlement of organisations to collect, store and manage various types of personal data, with the privacy rights of the individual about whom the data was held.

The Act covered both manual and computerized records that, when put together with other information, could divulge personal information about an individual. It gave individuals certain rights, and required decision-makers to be open about processing and to comply with the eight data protection principles.

On 25 May 2018, the Data Protection Act was replaced by the General Data Protection Regulation (GDPR). There are no exemptions based on a size or sector — all organisations must comply with its requirements in full or face a hefty potential fine. On the whole, the rights individuals enjoy under the GDPR are the same as before but with some significant enhancements.

Special category data is personal data which the GDPR says is more sensitive, and so needs more protection. Special category data is broadly similar to the concept of sensitive personal data under the Data Protection Act 1998. The requirement to identify a specific condition for processing this type of data is also very similar.

One change is that the GDPR includes genetic data and some biometric data in the definition. Another is that it does not include personal data relating to criminal offences and convictions.

What is the problem with GDPR and privacy ?

Today, more and more companies “repose trust on their employees’ consent” to process their personal data and short consents are often included in employment contracts for that purpose.  The problem comes when big companies with some secret contracts access your private data to fear you without any special reason.

Having personal data stolen can have a significant impact on your mental and physical wellbeing. More and more frequently, come to the light cases from people who are unable to sleep, feel ill, unsettled or confused following a data breach.

It is more and more easy to spy on you using the data you’ve put on a wifi network or through your email. There are spy machines capable to track you wherever you are when they want. And there are many examples of personal data which have been hacked and even sold to companies or given to foreign governments as Al Jazeera documentary revealed some weeks ago.

In papers, under the General Data Protection Regulation (GDPR), the requirements for valid consent have been made much stricter.  Consent must be freely-given, specific, informed and revocable.  The GDPR expressly states that, where there is an imbalance of power between the party giving consent and the party receiving it, consent will not be valid.  In the employment context, it has long been acknowledged that there is such an imbalance between employer and employee.  This means that it will be very difficult indeed for employers to rely on consent to process employees’ personal data under the GDPR.

GDPR as a potential Threat to Personal Life?
GDPR deals with employee records as personal data  such as human resource’s employee files, which can cover, besides all the usual identifiers (name, address and photos), personal details such as health, financial, employee reviews, family contact information, and more.

Unfortunately, due to the actions of some of Europe’s most trusted companies, GDPR has become an essential step in ensuring the protection of EU citizen’s data. For instance, regarding the United Kingdom, on this site are cited eight costly UK data breaches that helped pave the way for new EU legislation.

Before any surveillance can take place under GDPR rules, organisations must create a policy that lets employees know the circumstances of monitoring and their expectations of fair use. The ECHR’s ruling is clear that some personal use must be tolerated, saying: “An employer’s instructions could not reduce private social life in the workplace to zero”.

As private communication meets the definition of personal data (as described in Article 4 of the GDPR), organisations must prove that they have a lawful ground to collect and monitor this information.

According to Article 4 of the GDPR, a personal data breach is a breach of security that leads to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data stored, transmitted or otherwise processed by the organization. This also includes incidents that result in personal data being only temporarily lost or unavailable. It’s critical to understand that this definition differs dramatically from those in other standards, such as HIPAA, which often limit the concept of data breach to unauthorized access and disclosure only.

Breaches of data within the workplace can relate to pay & conditions, sickness & absenteeism, disciplinary & grievance disputes and even private medical information which is shared and/or disclosed inappropriately.

At EU level, the European Network and Information Security Agency (ENISA) has released some practical tips on how to implement homeworking software.

https://www.bankinghub.eu/banking/finance-risk/gdpr-deep-dive-implement-right-forgotten
Major requirements of GDPR (summary)

Employees Have Data Privacy Rights

Typically, an employee has given consent to processing of her data as part of an employment contact. But since the employee likely had no choice but to sign the contract in order to get the job, the GDPR does not consider this freely given.

Many people have mistakenly thought this means getting consent, but not only is consent hard to get and keep, the GDPR says an employee cannot give consent to an employer because of the inherent imbalance of power. In other words, consent can’t be “freely given” if the data subject faces a potential negative effect from not consenting. It’s reasonable to expect that an employee might fear for their job (or at least fear losing favour among their bosses) if they don’t consent to being monitored.

And that also means, with some restrictions, that employees gain privacy rights over their data: they can request, just as a consumers do, access to their personnel files, and have the right to correct errors.

There’s even an employee “right to be forgotten”, but only when the data is no longer necessary for the “purposes for which it was collected”. Obviously, employers have a wide claim to employee data so it’s easy to see that most employee file are protected from being deleted on demand.

CPO Magazine covered a GDPR fine that accompanied a data breach this time in the fashion and prêt à porter industry. The €35,258,707.95 (about $41 million USD) that fashion retailer H&M is on the hook for does not stem from a cloud server misconfiguration, but the massive penalty was levied due to the exposure of something more substantial than customer contact information, as the article analyses. The articles reveals as well, how due to the pandemic lockdown and work from home, some employers can breach some personal data through your own pc.

These potential violations of personal privacy are most often tied to tools that organizations adopt to rapidly scale up remote work capabilities, some of which have not been thoroughly vetted and tested before being deployed.

A 2019 data breach revealed that H&M had been creating highly inappropriate profiles of the private lives of some of its employees for at least five years. The company earned the GDPR fine by recording personal information gleaned from one-on-one conversations: religious beliefs, medical conditions and procedures, family issues and details about trips that they took while on vacation among other items. Supervisors at the company’s Nuremberg service center would take note of these details while conversing with employees and then log them in a database that up to 50 other managers had access to.

Anyone whose personal information has been compromised in a workplace data breach may have grounds to claim compensation. Ultimately, if a workplace has failed to protect your personal data, you have a right also to claim compensation.

The process for data access under GDPR will be mostly the same as it was under the Data Protection Act of 1998, but with a few slight differences. For starters, a person will need to file a subject access request (SAR) that, as noted by the Guardian, is simply “an email, fax or letter asking for their personal data.”

For clear guidelines on submitting an SAR, see the Subject access code of practice from the Information Commissioner’s Office (ICO). There is no particular format required, as long as the request is made in writing.

GDPR Breaches became more frequent during the current lockdowns accross the EU.

Security measures must be in place that are appropriate for the data held, including implementing strong passwords and encrypting electronic data. Workplaces should also strictly control who has access to sensitive data, making sure this is limited to those within the organisation who have a legitimate need to access the data in question.

Controllers and processors must have in place appropriate technical and organisational measures to ensure a level of security for personal data that is commensurate to the risk associated with data processing.  This is not a static analysis, but something to be kept under review as circumstances change.  The mass shift to remote working has inevitably changed the risk profile of certain data processing activities.

Due to covid19 and social distancing measures, has seen a sudden and unprecedented shift from the offline to the online world leads to an ever-increasing collection of personal data concerning employees.

For example, some videoconference platforms allow event hosts to analyse their participants’ attentiveness in real time. Others allow meetings to be recorded. Such recordings may include the participants’ voice, chats, and faces but also their private surroundings at home –as captured via their webcams- as well as the screens shared by the speakers.

According to a FieldFisher.com article, online monitoring is not so obvious for employees and can easily go unnoticed. In such circumstances, the border between lawful and covert surveillance is very thin. The Covid-19 crisis does not alter the principles and rules on which the protection of employees’ privacy is based.

Regardless of the technology, tools and third-party providers that are being used,  companies who offer homeworking tools to their employees must ensure that the processing of their employee data complies with the principles and rules under the General Data Protection Regulation (GDPR) and must also be aware of the specific rules that govern employees’ privacy under national laws.

For instance, regulators have imposed a fine of €10.4 million (roughly £9.3 million) on notebook retailer notebooksbilliger.de AG (NBB) after it was found to have conducted intrusive video surveillance against its employees.

When a personal data breach has occurred, you need to estimate the risks to people’s rights and freedoms. If it’s likely that there will be a risk, then you must notify the regulators; if it’s unlikely then you don’t have to report it.

Assessing the risks involves determining whether there will be negative consequences for individuals. Recital 85 explains that a breach can have various adverse effects on individuals, such as damage to reputation, physical and material damage, and other significant ill effects. If you decide not to inform regulators, you need to be able to justify your decision and prove those risks are unlikely to happen.

Sources on which this article was based :

Photo credit: Licence Creative Commons