Privacy

by Timothy Geigner


Filed Under:
copyright, fotball, gdpr, la liga, privacy, spain, spying

Companies:
la liga



Popular Spanish Soccer Mobile App Has Been Turning Users Into Piracy-Spotters Via Mobile Devices

from the unwitting-spy-network dept

As readers here will already know, the GDPR is now in full swing in Europe, with all of its crippling and stupid regulation in the name of personal privacy. It's a hilariously overly broad law that has had the happy coincidental effect of forcing companies that store personal data to at least be more upfront about how they are using that data. This effect has caused some to embrace the GDPR as wholly good, which is exactly the wrong conclusion to draw. Instead, the GDPR swings way too far in the direction of users controlling their personal data mostly by reaching way too far and keeping its language as vague and broad as possible, something that is already causing chaos in the digital marketplace.

And, yet, it cannot be ignored that the revelations of just how users' data are being abused by some bad actors keep coming. The latest of these concerns the mobile app for La Liga, Spain's most popular soccer league. La Liga recently revealed, having its hand forced by the GDPR, that users of its mobile app were unwittingly part of La Liga's spy network for uncovering unauthorized broadcasts of soccer matches at public venues.

The La Liga app, which is the official streaming app for Spain’s most popular football league, has reportedly been using the microphones on fans’ phones to root out unauthorized broadcasts of matches in public venues like bars and restaurants.

It sounds exactly like the kind of surveillance people are afraid of when it comes to modern technology, but as is often the case, the La Liga app technically asks users in Spain for permission to access their mics, according to Spanish Website El Diario.

Technically, yes, except that this request is buried in the fine print of an opt-in request the app makes for user permissions that nobody ever reads. One need only review the horror of many users of the app at this news to understand that many (most? all?) of the app's users had absolutely no idea that they were serving a soccer league's attempt at ratting out their favorite watering holes and restaurants. It also appears that this technique has been in place for years, and La Liga only drew recent attention to it due to the GDPR being enacted.

La Liga has pushed back on the concerns of its users and the press coverage, stating that it doesn't retain any of this data locally and that it converts the recordings into pure code, which is something of a non-sequitor. Either the data gathered is useful because it combines GPS data and audio recordings in a way that can pinpoint where a user is and what is on the television screens there... or it isn't. Whatever the technical specifics, the end result is a soccer league peeking in on soccer fans as they watch matches, with most of those fans having no idea that this was occurring at all.

Again, the GDPR is not a solution to this problem. For proof of that, you can note that La Liga says in its statements that everything here is above board. This has far more to do with just how much important privacy-implicating notifications are buried in fine print that goes unread by the masses.

Why anyone would download the La Liga app in the future would be a mystery to me.


Reader Comments

Subscribe: RSS

View by: Time | Thread


  • identicon
    Anonymous Coward, 12 Jun 2018 @ 10:54am

    I think you mean Formerly Popular Spanish Soccer Mobile App.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 11:09am

    So, a company has been spying on customers for who knows how long, and the GDPR forced them to admit it? I don't see how that's a bad thing.

    Really, except for that one point, this story doesn't really seem to have much of anything to do with the GDPR. The law has its issues, but in this case I think you might be trying too hard to push a "GDPR bad" narrative.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 11:47am

    GDPR is now in full swing in Europe, with all of its crippling and stupid regulation in the name of personal privacy. It's a hilariously overly broad law that has had the happy coincidental effect of forcing companies that store personal data to at least be more upfront about how they are using that data

    That's a lot of whining about GDPR without substance. What, exactly, is your problem with GDPR? Do its cons outweigh its pros? Why or why not?

    Or maybe keep the hyperbole out of future articles that have nothing to do with target of your complaint.

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 12:08pm

    Nobody ever reads

    Technically, yes, except that this request is buried in the fine print of an opt-in request the app makes for user permissions that nobody ever reads.

    You don't have to "read" the request to simply hit the "don't allow" button. The picture in the article (though of an unrelated "Honey Quest" game) is straightforward, not "fine print". "Would Like to Access the Microphone"—why would anyone ever click OK to that if they're just trying to stream a game?

    Of course, a good phone UI would show an indicator whenever the microphone is on, and allow you to tap it to revoke any permissions.

    reply to this | link to this | view in chronology ]

    • identicon
      I.T. Guy, 12 Jun 2018 @ 12:18pm

      Re: Nobody ever reads

      ""Would Like to Access the Microphone"—why would anyone ever click OK to that if they're just trying to stream a game?"

      I dunno, maybe it supports voice commands. Just like apps ask for permission to access your photos and music. Makes sense if the game has a function to use your photos and music, or to save to those locations.

      Now if the app said explicitly we want to use your microphone at any time for our own purposes to find illegal activity. I doubt anyone would agree.

      reply to this | link to this | view in chronology ]

      • identicon
        Anonymous Coward, 12 Jun 2018 @ 1:21pm

        Re: Re: Nobody ever reads

        I dunno, maybe it supports voice commands.

        Maybe. Unless they've given a reasonable explanation like this ahead of time, people should say no.

        It's still the wrong model to be using. Any app that wants to do this should have to register some "wake word" with a system framework, and only get access for a short time after it's heard—and users should be well aware when the app is receiving audio. If an audio-recording icon was visible the whole time, people would have noticed this.

        Just like apps ask for permission to access your photos and music. Makes sense if the game has a function to use your photos and music, or to save to those locations.

        They shouldn't need to be able to "access" photos to save them. As for viewing them, the powerbox design pattern is well established in capability-system literature.

        reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 12:19pm

    > stating that it doesn't retain any of this data locally and that it converts the recordings into pure code

    Probably, they're trying to dodge allegations that this is recording and retaining human conversations. If they immediately convert it to just a note that the game's audio was detected, and store that + GPS, they have what they need for their claimed purpose of hunting down unauthorized rebroadcasts. It's still an abuse of trust, and depending on local wiretapping law might still be illegal for all the human conversations it captures while hunting for game audio, even if those conversations are not retained or used in any way. Wiretapping laws are not known for their reasonableness.

    reply to this | link to this | view in chronology ]

  • icon
    Jeffrey Nonken (profile), 12 Jun 2018 @ 12:53pm

    I think I'll download the La Liga app and let it listen to me humming the bass line to '70s music and yell at the computer while developing firmware. Then I'll give them a 5-star review that accuses them of spying and links back to this article.

    Used to be when I got an unsolicited robo-call I'd stick the phone in front of the speaker to keep it online as long as possible, in hopes of driving up their costs, while costing me zero effort. Unfortunately their software is too clever to fall for that any more.

    reply to this | link to this | view in chronology ]

  • icon
    Ninja (profile), 12 Jun 2018 @ 12:58pm

    Oh. And where are the fines? I want to see the Euros flying!

    Ahem.

    I do recognize the GDPR has many flaws but it's good that at the very least it is unearthing the widespread bad practices going on. I hope they revisit the law to make it more sensible but it's hard to disagree that a more hard line approach wasn't needed.

    And they say companies can police themselves and behave without govt regulations. Right.

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2018 @ 2:00pm

      Re:

      Oh. And where are the fines?

      For what? They kept it secret while allowed to, and disclosed it when legally required to.

      reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 4:48pm

    So in an effort to combat piracy, the app probably violated wiretap and privacy laws by recording people without their permission?

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 12 Jun 2018 @ 6:26pm

    Remember when average_joe insisted that Sony's rootkit was an anomaly and we shouldn't be allowed to accuse copyright enforcers of installing malware on consumer devices?

    reply to this | link to this | view in chronology ]

    • identicon
      Anonymous Coward, 12 Jun 2018 @ 6:45pm

      Re:

      "Remember when average_joe insisted that Sony's rootkit was an anomaly and we shouldn't be allowed to accuse copyright enforcers of installing malware on consumer devices?"

      He was kinda right, but the anomaly was that they got caught doing it.

      reply to this | link to this | view in chronology ]

  • icon
    That Anonymous Coward (profile), 13 Jun 2018 @ 4:30am

    DOUBLEPLUS GOOD!

    reply to this | link to this | view in chronology ]

  • identicon
    Anonymous Coward, 13 Jun 2018 @ 6:01pm

    "But we were just trying to stop illegal activities"

    So? You can't prevent "bad" stuff from happening by removing people's right to privacy.

    Fuck you, Big Brother, I know you're watching.

    reply to this | link to this | view in chronology ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Use markdown for basic formatting. HTML is no longer supported.
  Save me a cookie
Follow Techdirt
Special Affiliate Offer

Advertisement
Report this ad  |  Hide Techdirt ads
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Chat
Advertisement
Report this ad  |  Hide Techdirt ads
Recent Stories
Advertisement
Report this ad  |  Hide Techdirt ads

Close

Email This

This feature is only available to registered users. Register or sign in to use it.