Sounds suspiciously familiar to the way questionable data have been represented about money lost due to piracy in other industries (software, movies, music). I am very skeptical about those types of claims.
I don't think anyone is arguing that they shouldn't be enforcing their rights. But that they shouldn't use use people's phones as listening devices to do so.
> The broadcasting of football matches in public places without a paid licence cost the game an estimated 150 euros (£132; $177) a year, it said.
would not be anywhere near as convincing as a statement with monetary values multiplied by a million. Focusing on the unfairness of what unlicensed streamers are doing avoids that issue.
The Spanish regulator, AEPD, has stated that preliminary steps to begin an official investigation are being conducted already: https://twitter.com/AEPD_es/status/1006115567227559936
For those who understand Spanish, here's a good technical analysis: https://reversecodes.wordpress.com/2018/06/12/analizando-la-...
The app uses rot(4) to obscure data, includes a debug link with the collected data, and has the Fluzo service api key hardcoded, among other gems.
Your hardcoded credential could then become a cryptographic key that you could rotate on app upfates.
I am not sure how many apps actually go through this trouble.
Now that they need your consent, they have named this feature "protect your team!" since the teams get royalties from bar licenses...
Edit: The official statement actually answers this
>The codes will not refer to your name, but to your IP address and the specific ID assigned by the PPP when you register.
However, that by itself doesn't mean you can't collect it, just that you need to have specifically asked for their informed consent and not hidden this purpose away in a changelog.
Does GDPR generally allow you or your apps to collect information that helps identify legal and moral transgressions around you?
What if you are watching the game at a friend's house? The collection is definitely going to have some false positives.
In that case the coordinates would identify your friend.
It seems like deputizing devices to spy on others. Regardless if those others may be doing something wrong or are caught up by accident, it seems like the sort of thing data protection would prevent.
This will be a good test of real competing interests. I don't know that privacy should win in the end here, but both sides actually have powerful prima facie cases to make.
You could do better by sending out the fingerprint you are looking for and compare it against the past couple of seconds or minutes on the phone so that you could only report a match if one occurred. This would avoid leaking what music you are listening to or what you are watching on TV unless it is what they are looking for. If you report a match with GPS coordinates, the server could throw away everything but the position so that the position is not easily linked to a user.
This still reveals all the living rooms in which someone watched the match and used the app, so it's not perfect. If you have a map of all relevant businesses, you could just count matches in the proximity for each or you could only keep matches from locations from which a certain minimum number of matches were reported which should also get rid of most living rooms. This is still not perfect, it, for example, potentially leaks how popular different places are but from a privacy perspective of app users it seems acceptable to me, at least given you trust them to do it right.
The real issue, at least in my opinion, is that they turn the app users against the business owners of the places they like to watch matches at. I am not against them trying to track the ones down that are not paying, they have a legitimate interest in that. But the way they are trying to do it seems wrong to me. There are probably some app users that would welcome if everyone had to pay but I guess most don't really care whether their favorite sports bar pays or not and even more would not want to cause trouble for the business owner even if they think they should pay. In consequence this is a feature that many if not most app users would not want to use even if there were no privacy issues. They still put it in hoping that nobody would take notice and that they could get away with it, at least for some time.
Actually, thinking about this you wouldn't even really need the users to report the venues - just shaming the venue to their customers with a banner in the app might well be enough.
What I would find infuriating is they get away with it. Data Protection laws are very strict for the little guy, we will see what they do with the 500 pound gorilla.
I'm not optimist. These laws did nothing to curb "legal spam" until GDPR. I'm very satisfied with how all the idiots that flooded us with spam are now begging me to allow them to keep doing it. Good riddance!
Imagine if your shovel from Home Depot contained a little gps unit and connected to your phone via bluetooth to allow you to license it for usage at different sites with different rates and terms and packages you could sign up for. Buy the homeowner package for only 9.99 a year for one site. Buy the groundskeeper package for 24.99 a year for any site within a 3 mile radius of a given point. Licence unlimited locations for only 49.99 a year!
Want to lend your shovel to your friend no problem just login to your account and share a link and ensure your friend pays the 4.99 fee!
If it doesn't make sense for a shovel I'm not sure why it makes sense for anything else.
Market segmentation certainly means money but I don't see why we as consumers should buy into it or care if its violated.
Here is an OS and permission system that works against its users based on open source technology by a surveillance loving company actively involved in building a techno dystopia. That summarizes everything wrong with tech today.
But even worse is the army of short sighted and self serving apologists happy to hand wave and diminish everything when not muddying the waters. If this is what a football league is doing one can only imagine what governments and other nefarious interests are upto with Android. When surveillance infrastructure is there it will be used exactly for that.
Granted, the Apple App Store review process would probably have shot down this app.
I'm assuming la liga app is background audio.
For English Premier League there was initially just Sky bidding. Prices got pretty ridiculous for the matches as the football association could keep on putting price up and as so many people take Sky just for sports, they had no option to accept.
It then has got even more loopy. BT under the ex-CEO got into the fray, with BT and Sky bidding against each other for matches. Fees skyrocketed even more.
Now Amazon is bidding for live matches, so there is a 3 way bid driving prices even higher.
Even buying Sky Sports by itself is still really expensive, about £35/$50/month via NowTV. Plus you'd need BT Sports (~£10/month) and now Amazon Prime (~£8/month) to watch all the matches.
Sports are just going to keep on getting more and more expensive until the end customer stops paying, as the market will just work that way.
This approach would make sense if the games are on paid channels and the nominal fee for those only covers viewing for one person (in which case it makes sense for establishments to pay more, given they're showing it to more people).
But if the games are broadcast on free channels, then there shouldn't be any difference whether or not a person is watching it at home or a bar is showing the game - in either case, the TV advertisers are the ones paying for the game, and this revenue depends on how many people watch the channel (so showing off the game in a bar actually benefits everyone).
I feel like in this situation it's the latter, and the people from the football league are just greedy (what a surprise) and any excuse to try and extort money is a good one in their book.
The problem is that this is the business model of broadcast networks in a world of cable TV. The statutory retransmission fees funnel some cable TV revenue back to the broadcasters. It doesn't really make sense from first principles, but it has been a pragmatic compromise.
The messed up thing about Aereo is that after being shot down by the Supreme Court, they tried to get a license to operate as a cable company but were shot down on that front, too.
My guess is the RF tech is a lot easier to deploy when you can plan for some percentile of peak utilization, rather than 1:1 with the user base. Even then, they'd undoubtedly face legal challenges, so they must have made the judgment call that the odds were on their side. Which may have been a reasonable conclusion. A lot of the judgments were actually on their side until the circuit split and the final Supreme Court decision.
After all, one wouldn't imaging that leasing an old-school aerial antenna would be a legal issue.
It was a hot topic on HN several years back. I may be biased, as my wife did PR for Aereo through the firm she works for. But I definitely buy the logic that what they were doing was technical a private performance.
But this is probably a good example of why I generally refuse to install apps unless I genuinely need to. Almost all apps that people install can be replaced by using a web browser. Yet I see my friends installing tons of apps for no specific reason. Each one increases your attack surface.
That sounds funnily absurd to me. By that line of argument, even sound is not really audio. After all, it's being encoded as air pressure waves :-)
EDIT: Pardon my ignorance. Based on Google Translate's translation of their statement , it seems that they are using some kind of perceptual hashing which is quite interesting.
>LaLiga has the responsibility to protect clubs and their fans from fraud in the broadcasting of football matches by public institutions (HORECA). These fraudulent activities represent an estimated annual loss of 150 million euros for Spanish football, which translates into direct damage to clubs, operators and fans, among others.
>For this reason, LaLiga has implemented a new functionality in its official app with the sole purpose of detecting these fraudulent exploitations, transparently informing about them and asking users for their express and specific consent, with or without their being able to lend it freely.
>This new functionality for fraud detection is enabled in the app since last Friday, June 8, 2018, only for Android system users and nationally*.
>When a user downloads or updates the APP, the operating system of your mobile device will prompt them through a pop-up window to provide their consent for LaLiga to activate the microphone and geopositioning of their mobile device. Only if you decide to accept it, the microphone will pick up the binary code from audio clips, for the sole purpose of knowing if you are watching football matches played by LaLiga teams, but the content of the recording will never be accessible.
>We protect user privacy
>LaLiga has implemented appropriate technical measures to protect your privacy if you authorize us to use this feature. These measures are detailed below:
>LaLiga will only activate the microphone and geopositioning of the mobile device during the time slots of matches in which LaLiga teams compete.
>LaLiga does not access the audio fragments picked up by the device's microphone, as they are automatically converted into binary code on the device itself. LaLiga only accesses this binary code, which is irreversible and does not allow you to obtain the audio recording again.
>If this code matches a previous control code, LaLiga may know that you are watching a particular match. If it does not match, the code is removed.
>We will periodically remind you that LaLiga may activate your microphone and geo-positioning and ask you to confirm your consent.
>You can revoke your consent at any time in the mobile device settings.
Audio fragments are a "binary code", usually pulse code modulation samples. In this case, JorgeGT's link shows that the app is reading PCM data with Android's AudioRecord API.
If they mean that they are hashing or otherwise obscuring the data (which probably can be reversed or correlated to other data in some situation), they need to say that. This statement could be interpreted that they "only access this binary [PCM samples]", not the "[raw, analog] audio fragments".
>>If this code matches a previous control code
Maybe this is a translation issue, but they seem to be conflating "codes" representing audio patterns with identification codes such as "your IP address and the specific ID assigned by the PPP when you register". The last part also admits they are "referring to your name" that you used when registering. They are simply using a synthetic key as a proxy. This is confirmed by this function in the code:
public void linkUserIds(String fluroId, String adId)
Leaving aside the first part where they try to justify themselves by talking about economic losses and other stories, in the third paragraph they already begin to say things that do not agree with reality.
This new functionality for fraud detection is enabled in the app since last Friday, June 8, 2018, only for Android system users and nationally*.
(....) the microphone will pick up the binary code of audio fragments, with the sole purpose of knowing if you are watching football matches of competitions played by LaLiga teams, but the content of the recording will never be accessed.
Now they tell us how they protect the privacy of the user....
LaLiga will only activate the microphone and geopositioning of the mobile device during the time slots of matches in which LaLiga teams compete.
LaLiga does not access the audio fragments picked up by the device's microphone, as they are automatically converted into binary code on the device itself. LaLiga only accesses this binary code, which is irreversible and does not allow you to obtain the audio recording again.
It is quite clear at this point that what they do is that, but obviously they do not do it locally, but they send the recording to another service to identify it and maybe I have searched wrong, but at no point in the general conditions of use and privacy policies of the application I have seen that it is mentioned that the data collected are sent to another company for analysis, really do not know how these issues go at the legal level, but in the legal notice on privacy and cookies makes a mention to
Your personal data will not be transferred to other persons or companies to be used for their own purposes. However, some entities subcontracted by LaLiga may access Personal Data and information as Processors or Sub-processors to provide LaLiga with a necessary service. In particular, LaLiga receives assistance from:
(a) Service Providers. Sometimes, we share your information with our third party service providers, who help us provide our services. Examples of service providers: hosting, metrics and analytics.
From this point on, the following points already seem to me to be pure rejoicing of those who have written it and those who have approved it as a serious statement.
There's more, and then a technical analysis, thanks JorgeGT!