How Poor Pandemic Management Destroys A Brand

As the rest of the UK started emerging from lockdown, the city of Leicester saw local restrictions reimposed due to a second wave of infections. Leicester’s garment factories, many of which are suppliers to UK-based online fashion retailer boohoowere identified as the most likely cause of the new outbreak. An investigation into employee conditions found that factory workers were forced to work without any social distancing or personal protective equipment and had to go to work even when displaying symptoms of the virus. The retailer is now facing intense backlash: It has lost a third of its market valuation, and some of its reseller partners stopped their contracts. The brand has since launched a public review into its supply chain, but the damage to boohoo’s reputation is done. As businesses resume operations, ensuring workplace safety cannot stop at their own premises. Last month, we advised clients against the risk of partner violations of safe workplace conditions, and this example reinforces the dramatic consequences of underestimating this risk.  

iOS 14 Beta Snitches On Invasive Apps

In February of 2020, researchers revealed a flaw that allowed apps to circumvent Apple’s permission settings and snag data off a user’s clipboard. The scenario outlined is a common one — a user takes a photo and then copies the photo for use in another app. By accessing the clipboard, metadata is also gathered. A video demonstrates how to pilfer the metadata of the photo from the clipboard to determine the user’s location information. New privacy control features in Apple’s iOS 14 beta catch apps red-handed accessing and copying data from the user’s clipboardHigh jinks ensued, as app after app — including TikTok, LinkedIn, and Microsoft Teams — got caught datamining the clipboard without users initiating a copy/paste action. Reddit and LinkedIn apologized and have removed the feature in subsequent releases. We flagged antisurveillance and privacy enhancements as a top security technology trend for 2020. Apple’s actions confirm this trend, and we believe more “trusted” brands will get caught overreaching and invading user privacy. 

Facial Recognition Firm Under Investigation By International Privacy Watchdogs

Clearview AI, the facial recognition firm that calls itself the “search engine for faces,” is now being investigated jointly by two privacy regulatory bodies: the UK’s Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC). The company’s facial recognition app was relatively unknown outside its law enforcement customer base until a New York Times article revealed that Clearview built its app by illegally scraping billions of photos from the internet without consent and was secretly selling its technology to companies beyond law enforcement. While most startups relish media attention and the free publicity it brings, for Clearview AI, the January 2020 piece exposed details of its technology, strategy, and operations that the company tried to keep secret. Today, Clearview AI’s problems continue to pile up, including lawsuits by the ACLU and Vermont AG, cease-and-desist letters from Google and YouTube, and Senate scrutiny of its COVID-19 contact tracing app. The pandemic raises many questions about privacy and cybersecurity versus public safety. Use Forrester’s Privacy Maturity Model to gauge the maturity of your firm’s program.    

When Bad Things Happen With Good Bots

In bot management, bad bots — the ones that do credential stuffing, ad fraud, inventory hoarding, and DDoS attacks — get all the attention. But good bots are just as prevalent, with the combination of good and bad bots accounting for almost 40% of internet traffic. Sites rely on good bots to scrape information for advertising and reselling and ensure that your site information appears correctly in web searches. And last week, a so-called “good” bot from Google frustrated many retailers by creating an abandoned cart problem. The bot was designed to verify prices on eCommerce sites by adding the items to a cart, but once it verified the prices, it abandoned the cart and falsely inflated abandoned cart metrics. Online retailers that work with Google must allow Google crawlers, but they have options when it comes to managing good bots — slowing them down rather than blocking them entirely. It’s not unusual to set bot management rules that limit good bots during particularly busy shopping times, such as Cyber Monday or during flash sales. As you implement bot management solutions, focus on the bad bots, but don’t forget about the “good” ones — especially those that may have unexpected effects.