Friday, December 17, 2010

Technological Innovation and Privacy

A common theme of this blog has been the trend of technology vastly outpacing privacy. We see this when it comes to social networking like Facebook and we certainly see it when it comes to behavioral tracking of our web usage, particularly in light of what has become a new, powerful, data collection industry.

The fact that we have next to no privacy standards as related to these technological innovations and trends has become an issue of interest of late, both among privacy groups (obviously), and now finally, the government itself.

Some of the key questions that remain unanswered is just what kind of control do we have over our own data? And, what kind of tools should be available for us to protect it? What about ownership of our data? Should we be compensated for the billions of dollars being made by corporations from their tracking of us? And of course, what of the government's access to this new world of data storage?

The argument by some, such as Time's person of the year Mark Zuckerberg, is that all information should be public, and as time goes on we'll only be sharing more of it. In addition, we all will benefit from this communal sharing of private information in ways yet to even be discovered. Already, from this sharing, we forge more online friendships and connections, old friends are reconnected, distant parents see pictures of their kids' day-to-day activities, jobs might be more easily found due to our profiles being more public, internet services improve as companies like Facebook and Google learn about peoples' Web browsing histories, sites are able to tailor content to the user, and so on, and so forth.

It is hard to argue that there aren't benefits to this new world of open access to information. But there are downsides too - downsides that warrant protections, and "dot rights" (ACLU's term).

As privacy advocates argue, shared information can also jeopardize personal safety, including identity theft. As laid out in a recent CNN article, "earlier this year, a widely publicized site called PleaseRobMe.com collected status updates from Twitter and Foursquare that indicated a person was away from home. That info, in theory, could help burglars figure out the best time to break into a person's house or apartment -- when no one's there. That happened to Beny Rubinstein last year when a hacker compromised his friend's Facebook page and falsely asked his Facebook friends for help. Rubinstein wired the hacker more than $1,100, thinking his real friend was in trouble in a foreign country.

There's also the issue of informed consent. Most internet users don't realize how much information they're giving up just by browsing the Web, nor do they know what is being done with that information.

Digital marketers like RapLeaf, for example, are getting better at sniffing through people's Web-browsing histories and online identities to compile user profiles that can be sold to advertisers. Finally, these kinds of targeted behavioral marketers are now being taken on in Congress and at the U.S. Federal Trade Commission, which, as I detailed last week on this blog, are calling for a "do not track" list for the internet, which would let users essentially opt out from all targeted marketing and tracking.

This leads to the issue of having the necessary tools available so internet users can have greater control over their web using habits, and increased protection from those that might seek to do them harm (or just so they can keep private information private!.

AS the CNN also points out, some of these tools exist already, but they falls short in some critical areas:

Users can opt out of tracking by certain marketers, clamp down access to their social networking sites and employ online pseudonyms as a way to keep some info relatively private. Privacy controls like these are widely used, especially by younger generations. A Pew Internet & American Life survey of people age 18 to 29 found more than 70 percent of them had changed the privacy settings on their social networking profiles. But these tools only go so far.

Virtually any information posted online can become public in an instant. An info-thief easily could take a screen grab of a private Facebook message and post it on a public blog. Private Twitter feeds -- viewable only by people who the author approves -- can be "retweeted," or re-posted, onto the public internet. And third-party Facebook apps have admitted to taking information from app users, against Facebook's rules, and selling that data to advertisers.

Privacy settings on sites like Facebook have become so confusing that some users feel they've lost control of their privacy, said Sherry Turkle, an MIT professor and author of the upcoming book, "Alone Together: Why We Expect More from Technology and Less from Each Other."

Internet users these days have a "sense of always being tracked and always being watched," she said. That leads to people censoring themselves and presenting a version of their life that is "kind of inauthentic" -- much like they're performing in a play they know everyone will see, she said. In the long term, these performance-based communications are dangerous for our personal relationships and for society, she said. They make us less human.
That last point, has particular resonance with me. What concerns me is what are the side effects of living in a society without privacy? Not just on the next, about our personal habits, but from the watchful eye of government, be it the knowledge that we could be wiretapped, that smart grid monitors are daily in home habits, that our emails can be intercepted, that our naked bodies must be viewed at airports, that our book purchases can be accessed (particularly if Google gets its way and everything goes electronic), that street corner cameras are watching our every move, that RFID tags allow for the tracking of clothes, cars, and phones...and the list goes on.

AS I said in a presentation to the CA PUC:

The endless accumulation of our personal data – combined with the outlandish profits being made off it and growing government demand for it – represents a direct assault on our right to privacy. We would do well to contemplate the steady erosion of this right and its long-term implications.

Corporations, by definition, care about profit, not reducing energy usage, and certainly not protecting privacy, just as governments, particularly federal, care more about access and control.

Evidence of this abounds: Social networking sites store and publicly share unprecedented private details about their users without telling them what they are doing with that information. A recent study found that the 43 leading sites made privacy control settings difficult to find and to understand; and the defaults were almost always set to allow maximum dispersal of data.

Google’s CEO, Steve Schmidt recently stated "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

As you let that sink in, he also said: "… the reality is that search engines including Google do retain this information for some time, and it's important, for example that we are all subject in the United States to the Patriot Act. It is possible that that information could be made available to the authorities."

The facts bear witness to Mr. Schmidt’s worldview, as one Google product after another – from Google Buzz to Google Books - has been a virtual privacy train wreck. The company’s refusal to make public how often information about their users is demanded by, or disclosed to the government, is all the more disconcerting.

Facebook reportedly receives up to 100 demands from the government each week for information about its users. AOL reportedly receives 1,000 demands a month. In 2006, a U.S. Attorney demanded book purchase records of 24,000 Amazon.com customers. Sprint recently disclosed that law enforcement made 8 million requests in 2008 alone for its customer’s cell phone GPS data for purposes of locational tracking.

It wasn’t long ago that the idea of our government wiretapping American citizens without warrants for purposes other than national security would have been revolting. Now its official Government policy – and the telecom companies that participated in these crimes have been given retroactive immunity while continuing to make billions off overcharging the same customers they betrayed.

Nor was it long ago that we would have been rightly outraged by Patriot Act provisions – recently renewed – that allow for broad warrants to be issued by a secretive court for any type of record, without the government having to declare that the information sought is connected to a terrorism investigation; or that allow a secret court to issue warrants for the electronic monitoring of a person for whatever reason — even without showing that the suspect is an agent of a foreign power or a terrorist; and of course, that allow the government to search your home as long as it doesn't tell you it did.

The trend line is all too clear. More concerning than any single threat posed by any single technology is this larger pattern indicating that privacy as both a right and an idea is under siege. As young people grow up with so much of their information so public and accessible to all, including government, I fear their sense, appreciation and understanding of privacy will continue to fade away. The consequences of such a loss would be profound.
So I would disagree a bit with Zuckerberg, I think people do care about privacy, particularly when they understand the inherent costs of giving it up. Today social networking and internet communications are ubiquitous tools. Opting out of using them would be like opting out of using a telephone - it won't happen, nor should people be expected to do so.

The key is establishing rules of the road with real protections and the tools needed to give consumers more control over their data.

With that, I want to provide a few clips from a New York Times article entitled "Technology Outpaces Privacy" that also delves into this critical topic:

HOW far does consumer privacy protection lag behind data-collection systems, those advanced technologies that media companies use to gather, share and profit from our personal information? Too far, according to two privacy advocates. On the one hand, consumers often benefit from newfangled gizmos — be they cameras, tape recorders or cellphones. On the other hand, the widespread adoption of technology has often left legislators and regulators racing to play catch up.
In a similar fashion, the F.T.C.’s report recommends that Internet and mobile app users receive better control over who sees, collects and shares information about their electronic behavior — like, say, the Web sites they peruse or the terms they plug into search engines. Indeed, the commission proposed a “do not track” mechanism that would allow consumers to opt out of “behavioral advertising,” the kind of marketing that tailors ads to a consumer’s personal track record.

Take the Video Privacy Protection Act, enacted by Congress in 1988, after a local newspaper in Washington obtained and published the video rental records of Robert Bork, a Supreme Court nominee. The so-called Bork law, one of the country’s strongest privacy statutes, prohibits the disclosure of personally identifiable rental information without consumer consent.

...

Indeed, over time Congress has increased privacy regulation in different industries, he says. There’s the Health Insurance Portability and Accountability Act, for one, that in 1996 established certain federal protections for personal health information. And the Gramm-Leach-Bliley Act of 1999, which required financial service companies to notify customers about their information policies and allow them to opt out from having their data shared with unaffiliated parties.

...

The trade commission’s report proposes new industry practices to enhance online privacy choices for consumers. For those to take effect, however, either the interactive advertising industry would have to increase self-regulation or Congress would have to enact a law enabling the commission to enforce new rules. But Christopher Soghoian, a privacy researcher and graduate student at Indiana University, says most Web sites don’t allow consumers to opt out of tracking. Companies “promise they won’t use the data they collect for the purpose of picking the individual ads they are showing you,” he says, “but they don’t actually offer to stop collecting data about you.”

...

Web sites often deposit cookies on consumers’ computers to track online preferences and activities. The F.T.C.’s recommendation for an opt-out mechanism would play on that idea with a privacy cookie, encoded in people’s browsers, that would alert advertising networks to users’ privacy choices. But a few smaller companies have already moved beyond cookies, Mr. Soghoian says, with a technique called “device fingerprinting.” That advanced technology can follow online behavior — not by using cookies but by tracking signals that are specific to a person’s individual laptop or mobile device.
Click here for the rest of the article.

For 5 recommendations on how to better protect your online privacy check this article out.

No comments: