Private Eye Says Privacy is Dead

This C-Net news article focuses on how simple it is - through social networks, cell phone tracking, security cameras, credit card records, etc. - to learn almost anything about someone being researched or investigated.

I'm actually quite surprised how few TV cop shows or movies about crime solving detectives go into using the web, even though they do quite often show bad guys using technology to hack into places they don't belong and either make their criminal activity easier or to research or commit actual crimes. I always cheer the good guys in their use of the web to solve crimes and stop criminal activity because I'm a technology enthusiast and love that it can be used for good.

Maybe there are just so many times you can show someone tapping away at keyboards and staring at slick user interfaces before television or movie viewers tire of the scene or those inevitably geeky characters doing the typing.

But the point here is not that good-guy/ bad-guy drama of crime-fighting - but how easy it is to access data once it is digitally stored and/or distributed. The ease of access issue is the concern.

We've repeatedly heard the line from data miners and law enforcement that goes something like, "If you have nothing to hide, you have nothing to fear." That is a truism that can't be denied.

The problem for all of us comes when erroneous data or erroneous conclusions are drawn from innocent or incorrect data. The problem comes when that ease of access to data lets bad guys use technology and the web to commit a multitude of crimes.

The problem comes when data is treated with less care than it deserves by those entrusted with it and is either stolen, lost, hacked or otherwise abused due to neglect or bad policy. The problem comes when the public fails to understand how widely distributed their private data can become when posted to the web or sent digitally to anyone, anywhere.

Save To Del.icio.us    Digg This!

Privacy Capitulation: Where Do We Go From Here?

The idea that we have any privacy left is becoming sort of a naive and quaint concept. Nearly all services we use routinely can be monitored in real-time or mined from data stored in a multitude of digital storage farms - making digital record of all traffic and content. Phone service has moved to IP telephony, whether that is through Skype, business, home cable or call routers at the phone companies.

Corporate networks monitor employee activity through their computers and phone calls. Your internet service provider knows every web site you visit, every email you send/receive and every file you download and sells all of that data to marketers (in aggregate we are assured - so not just yours - everyone at once) to as many sources as they can find to pay for it. Your bank and/or credit card companies know all details of every electronic transaction immediately.

So that laundry list of potential breaches, security holes, hacks and thefts by both internal and external bad guys grows longer each day.

Recently I've been tempted to sign up for a half-dozen free web services, and due to my very unusual habit of actually reading those long "terms of service" pages presented during sign-up for web-based services or those software "End User License Agreement" (EULA) - which most of us click right past during download or installation to our machines - I stumble across one very common and unacceptable line.

... you automatically grant (or warrant that the owner of such rights has expressly granted) us an irrevocable, royalty-free, transferable and worldwide non-exclusive right and license to use, copy, modify, adapt, publish, translate, create derivative works from and sell and distribute such materials or incorporate such materials into any form, medium or technology without compensation to you. In addition, you warrant that all so-called moral rights in those materials have been waived. None of the materials shall be subject to any obligation ...

Now the above line, along with many variations on the theme, means you are giving up your right to any content you contribute using that web service or software if it comes under the provisions of the contract - yes I said contract, which you are signing by clicking "Agree" during signup or installation of any software carrying that language.

So I've signed up for a couple, realizing that anything I post, record or upload can be recorded, stored and sold. I resolve not to put anything there that I'm not willing to lose or lose money on by selling myself. But my point here is that most users fail, not only to read, but to care about the loss of privacy or content or money due to that ridiculous provision that has become standard for most web services and many EULA's signed by millions of users.

So if nobody knows they are signing away their privacy and sometimes their profits - and even fewer care when they do know - where do we go from here? I don't have an answer and don't expect others to either. It seems we've traded privacy for convenience and in most cases, are willing to make that trade-off in order to use free or ad-supported services or software.

I've given up hope that people will begin to care about privacy until they experience identity theft or get fired from their job or lose their potential profit from great ideas because they traded away their privacy and content rights for that convenience. It's just plain sad.

Scott McNealy of Sun Microsystems said it in January of 1999 - "You have no privacy - Get over it!"

Save To Del.icio.us    Digg This!

Understanding Privacy: Book from Daniel J. Solove

Understanding Privacy a new book introduced last month by Harvard University Press, written by George Washington University Law School professor Daniel J. Solove The first chapter is available for free download (PDF) I may have the opportunity to review this in the near future. Watch this space ...

Save To Del.icio.us    Digg This!

Computers, Freedom, and Privacy Conference 2008

Below is the announcement email from - well as you can see:

COMPUTERS, FREEDOM, AND PRIVACY: TECHNOLOGY POLICY '08
http://cfp2008.org/
18th Annual CFP conference
May 20-23, 2008
Omni Hotel
New Haven, CT

DEADLINES this Week:
Early Bird Registration: Fri., May 2, 2008
YJoLT Tech Policy Essay Contest: Mon., May 5, 2008

Conference Blog: http://cfp08.blogspot.com/
Facebook Group: http://www.facebook.com/group.php?gid=10926816973

ABOUT CFP: TECHNOLOGY POLICY `08

What should the technology policy priorities of the next administration
be?

As the choice of presidential candidates becomes clearer and election
year moves towards a comparison of the candidates' platforms on the
issues, technology policy is increasingly relevant to the forefront of
public debate. In the areas of privacy, intellectual property,
cybersecurity, telecommunications, and freedom of speech, topics that
were once confined to experts now appear in the mainstream of political
issues. We now know that our decisions about technology policy are being
made at a time as the architectures of our information and communication
technologies are still being built.

This year, the 18th annual Computers, Freedom, and Privacy conference is
focusing on those issues at the forefront of technology policy this
election year. With plenary panels on the "National Security State and
the Next Administration" and "The 21st Century Panopticon?" the
discussions taking place look towards our present and future priorities.

CFP: Technology Policy '08 is an opportunity to participate in shaping
those issues being made into laws and regulations and those technological
infrastructures being developed. Policies ranging from spyware and
national security, to ISP filtering and patent reform, e-voting to
electronic medical records, and more will be addressed by expert panels
of technologists, policymakers, business leaders, and activists. The
panel topics are listed below and full panel descriptions are available
on the conference website at:

http://www.cfp2008.org/wiki/index.php/Program.

The CFP: Technology Policy `08 conversation has already begun in the
virtual spaces connected to the conference. Even if you are unable to
attend the conference this year, there are several opportunities to
participate remotely. The guiding principles that ought to guide our
policies are being debated on the conference blog. Social networking
groups on Facebook and LinkedIn are providing new spaces for the CFP
community to meet and discuss. The Yale Journal of Law and Technology is
hosting a call for essays, on the priorities of the next administration,
with more details below.

We look forward to seeing you in New Haven on May 20-23.

CONFERENCE PROGRAM

Plenary Sessions
Presidential Technology Policy: Priorities for the Next Executive
The 21st Century Panopticon?
The National Security State and the Next Adminstration

Tutorials
A Short History of Privacy
Constitutional Law in Cyberspace
e-Deceptive Campaign Practices: Elections 2.0
Maintaining Privacy While Accessing On-line Information

Panel Sessions
Activism and Education Using Social Networks
Breaking the Silence: Iranians Find a Voice on the Internet
Charismatic Content: Wikis, Social Networks, and the Future of
User-Generated Content
Filtering Out Copyright Infringement: Possibilities, Practicalities, and
Legalities
Filtering and Censorship in Europe
Hate Speech and Oppression in Cyberspace
Interoperability at the Crossroads?: The "Liberal Order" versus
Fragmentation
Law, Regulation, and Software Licensing for the Electronic Medical Record
Measuring Global Threats to Internet Freedom
Network Neutrality: Beyond the Slogans
New Challenges for Spyware Policy
Patents: The Bleeding Edge of Technology Policy
Privacy, Reputation, and the Management of Online Communities
Rights & Responsibilities for Software Programs?
States as Incubators of Change
"The Transparent Society:" Ten Years Later
Towards Trustworthy e-Voting: An Open Source Approach?

CALL FOR ESSAYS

Yale Journal of Law & Technology Call for Essays on the Technology Policy
of the New Administration
Deadline: Monday, May 5th

The Yale Journal of Law & Technology (YJoLT) is seeking essay-length
submissions concerning the technology policy platform of the new American
presidential administration. Essays selected for publication will appear
in the Fall Issue of YJoLT (publication date November 2008).

Ideal submissions will discuss the priorities and guiding principles that
American technology policy should follow. Submissions analyzing a
particular technology policy issue in depth will also be accepted.

Essays of less than 5,000 words are preferred. Please submit all essays
to yjolt.submissions@gmail.com. Please include the text "CFP Essay"
in the subject line of the email. The authors of essays selected for
publication will be notified on a rolling basis. Any questions can be
directed to Lara Rogers, lara.rogers@yale.edu.

--------------
Eddan Katz
CFP: Technology Policy '08 Program Chair
http://www.cfp2008.org/

International Affairs Director, Electronic Frontier Foundation
http://www.eff.org/
Lecturer and Associate Research Scholar, Yale Law School
Senior Fellow, Yale Information Society Project
http://isp.law.yale.edu/

Save To Del.icio.us    Digg This!

Yahoo Open Strategy (Y!OS) vs Privacy

I attended the O'Reilly Web 2.0 Expo Friday at Moscone West in San Francisco where I attended two sessions I'd like to address here. First was titled "Yahoo and Open Platforms - A Deeper Dive" by Yahoo Chief Architect of Platforms, Neal Sample. The second was a (Yahoo-owned) Flickr presentation on "Casual Privacy" by Kellan Elliot-McCrae. (This Flickr photo sharing tool is aptly titled and the technology consists only of a simplistic use of hard to guess complex URL's - once posted to a blog they become exposed to search engines and lose all privacy.)

I often come away from sessions like the first one mentioned above thinking "Wow! There are some scary smart people working on some really incredible things out there." But when looked at through the filter of personal privacy, the "Scary" part stands out for me.

Scary simply because the "Yahoo Open Strategy" takes personal data and distributes Yahoo user profiles across a multitude of Yahoo properties and makes it available to all Yahoo services once a user is logged in. Scary only because it means this database of personally identifiable information on anyone who opts-in becomes distributed widely across those Yahoo properties. I hope that user preferences for which services it is shared with come with their own privacy settings - necessarily complex settings to boot.

I had to miss two Web 2.0 sessions, one Wednesday and another on Thursday that I'd wanted to attend when a work project required immediate attention. Those included one with Joseph Smarr from Plaxo titled "Data Portability, Privacy and the Emergence of the Social Web" and I had heard Smarr speak at WebGuild event on OpenSocial launch in November, hosted on the Google campus.

The second session I had to miss was the Yahoo announcement of "Yahoo Open Strategy" by Ari Balogh, Chief Technology Officer at Yahoo! during his keynote on Thursday. This last announcement was major and has been characterized as a move against the Microsoft takeover bid. Personally, I think it's too big and sweeping to not have already been in progress before the bid became public. It involves reworking the entire system to incorporate the "Open Strategy" into most Yahoo properties, including Yahoo Mail, the home page, their Open Search platform, (announced at SMX West in Santa Clara in March). Bits a bytes of this have been leaking out here and there since then.

My reaction at the SMX show was "Wow, sounds cool!" and I'm still excited about how this might change the face of search and usability, and I'll address that elsewhere, but for now I'm pulling back a bit due to Privacy concerns related to this "Openness" because it makes me nervous that all of the aggregation of data (potentially in the hands of Microsoft) has me concerned about willingly providing all my data to one source.

I had my first privacy concerns when I noticed, on (Yahoo-owned) MyBlogLog, a request for extensive (and yes, publicly available) data from all my social sites. Having had a bit more time to digest this all - and now looking at it in the full light of the Yahoo Open Strategy announcement, It's losing its shininess due to privacy concerns.

The commenter on the previous post where I address this concern points to the MyBlogLog Blog discussing the new tools. But nothing is really addressed there except that this data will be offered to users from their own profile and made available to their own "Friends" if they opt-in. Swell, despite the fact that I want to define my "Friends" and what they see, differently based on they kind of friend they are, (marketing, business, true close friends, co-workers, management, family, etc.)

I'm going to leave that for now and look purely at this one fact: Despite the wonderfully friendly UI and utility of this "Openness" I'm not liking the need to gather all my own data and hand it to others to use as they see fit. In this case, Yahoo, in the future, Microhoo and who knows who else if they choose to "Share" it in aggregate or "Ooops" leak it out like AOL did in August of 2006.

I just don't know that I'll ever give Yahoo, or Microhoo - all of my public data to aggregate (and maybe leak) regardless of how convenient it is (and only on Yahoo-owned properties) or how easy it makes my online life. The aggregation and distribution of public social profiles is interesting, but once it starts getting distributed through API's to each social network or service - you've lost all control of who sees what and when.

This only truly matters if you DON'T want family seeing ALL of your Flickr photos or DON'T want your employer looking at resumes posted on job boards on social networks, or DON'T want your clients reviewing your connections with their competitors on business social networks - this list could go on endlessly and with thousands of DON'T wants - because we've already seen people fired from corporations due to private information or photos or personal associations being exposed on social networks.

Some people live their entire lives in full public view - others prefer a bit of control and security of that data. If everyone gave serious thought to how they want this information shared, it would surprise me. But for those who care, fine control of where the information flows should be an option. I doubt that level of control will ever be available, with the full ability to change or delete all data in all places it flows via API's and "Open Strategies."

Save To Del.icio.us    Digg This!

All Your Datas are Belong to Yahoo: Social=NO Privacy

I belong to and use about a dozen social networking sites, including LInkedIn, Facebook, Plaxo, a bunch of Google services and publicly link to profiles on several that I want to be public. But it wasn't until I visited my settings page on MyBlogLog (a Yahoo owned social network) that I realized how companies hope to "mine" that data and use it for their own purposes.

The first annoyance was when I jumped over to MyBlogLog and was asked for my Yahoo ID - which I begrudgingly provided and thought to myself, "Damn! I wish they didn't own so many things!" From there it took me to a screen with tabs across the top, one of which was labeled "Data Collection" - "Well," I thought, "at least they are being honest about that title - most times it is marked something tame like "Your info" or "Details" - but being charmed by their honesty didn't last long after visiting the page. (shown below)

Uploaded with plasq's Skitch!

I noted that I was "Opted-in" by default, realizing that being a part of this community meant sharing my photo or avatar and publicly agreeing to be tracked across the MyBlogLog member communities that I visited. I like this service and use it fairly often. One thing I like is how the service prompts you to "Join Community" after you've visited a blog a preset number of times *(mine is set to 10 visits - but you can choose 5). Alright, I realize they need to track me to make this feature work and I find it useful.

But then I got REALLY disturbed when I clicked on a tab that is benignly labeled "Services" to see a list of over 40 online social sites with those I had previously provided were pre-filled with each of my identities and/or URL's. But then I started to scroll the list to see over 40 other services listed, including OpenID, Plaxo and other aggregators. This is a bit much - what does this do to improve the MyBlogLog user experience? It seems to me that it only helps Yahoo track members of MyBlogLog - no?

Uploaded with plasq's Skitch!

These are hard to read at this size, but click the images to see larger versions. What do you think - is this useful for you as a member of MyBlogLog? How would listing your membership data for all of those services/sites improve your user experience? Am I missing something here? Why are they collecting that data? Why do people provide it willingly? Hmmm.

Save To Del.icio.us    Digg This!

Internet Service Providers Spying on Users

The New York Times has an editorial piece today on ISP tracking of users and selling that information for behavioral targeting. Doesn't mention that the information is already sold to net tracking firms (yes in anonymized aggragate form supposedly) but it is becoming pervasive and nobody seems to care enough to attempt to stop it. The NY Times editorial, by Adam Cohen titled The Already Big Thing on the Internet: Spying on Users quotes the famous New Yorker cartoon

One dog, sitting at a computer, tells another: “On the Internet, nobody knows you’re a dog.” Fifteen years later, that anonymity is gone.

Then says ominously, "It’s not paranoia: they really are spying on you."

Yes, many of us know that and have been complaining about it for years now. The question becomes... What can be done to stop it? The question before that is ... How do you get the public to care?

Save To Del.icio.us    Digg This!