You are here: Home / Archives for privacy

Harvard Law Review: Four principles for surveillance law

3 April 2013 by 3 Comments

Professor Neil M. Richards from Washington University in Saint Louis – School of Law has a paper on The Dangers of Surveillance in the next Harvard Law Review. The abstract’s call-to-action:

I propose a set of four principles that should guide the future development of surveillance law, allowing for a more appropriate balance between the costs and benefits of government surveillance.

First, we must recognize that surveillance transcends the public-private divide. Even if we are ultimately more concerned with government surveillance, any solution must grapple with the complex relationships between government and corporate watchers.

Second, we must recognize that secret surveillance is illegitimate, and prohibit the creation of any domestic surveillance programs whose existence is secret.

Third, we should recognize that total surveillance is illegitimate and reject the idea that it is acceptable for the government to record all Internet activity without authorization.

Fourth, we must recognize that surveillance is harmful. Surveillance menaces intellectual privacy and increases the risk of blackmail, coercion, and discrimination; accordingly, we must recognize surveillance as a harm in constitutional standing doctrine.

[Read more...]

Filed Under: PDEC's Blog Tagged With: , , , , , , ,

There’s a new pain

3 April 2013 by Leave a Comment

There’s a new pain.

The public is redefining “privacy” to include new powers. Rights to access personal data. Scope widened to include data co-created with other people and observed data. FrustrationRights to delete, destroy, redact. Granular control over sharing. Protection from casual inspection by employers, family, and governments. Rights to safe and highly private default policies and behavior. Rights to due process and humane treatment. And we demand these whether the data lives in our homes, on our mobiles or on some company’s servers.

These heightened expectations are ahead of corporate practices, government policy, established law, and software design conventions by years. In some cases by decades.

The gap between raised expectations of what’s right and how businesses and civic institutions deal with them makes people unhappy. Sometimes frustrated. Often angry.

This gap is useful. Pain calls for relief, so policy wonks, business suits, and tech geeks have incentives to innovate.

We’re seeing progress. Startups like those in PDEC’s Startup Circle, projects like those demoing at Thursday night’s Personal Cloud Meetup in San Francisco, and teams doing enterprise pilots are coming at these problems from eery angle. They’re all motivated to close the gap.

We must embrace pain and burn it as fuel for our journey.”
Kenji Miyazawa

Microsoft’s Marc Davis, PDEC’s own Kaliya “Identity Woman” Hamlin and others contributed to World Economic Forum‘s latest report, Unlocking the Value of Personal Data: From Collection to Usage. It’s worth the solid 20 minute reading time dive into how people psychologically value their data, how their behavior is affected by institutional privacy communications and offers, and economic drivers for treating personal data in a socially responsible way.

For a quicker take, see the New York Times’s Big Data and a Renewed Debate Over Privacy from last week.

photo: frustration cc-by-sa Cubmundo.

Related articles

Filed Under: PDEC's Blog Tagged With: , , ,

Anonymous announces #OpBigBrother for 1 June Day of Privacy

20 March 2013 by
OperationBigBrotherPoster2013.png

Anonymous today released a video and poster art for its 1 June 2013 “International Day of Privacy” #OpBigBrother action. The @OpBigBrother twitter account has been active for some time, urging opposition to drone surveillance, US congressional anti-privacy bills, and general government intrusion. Summer should be interesting .

Operation BigBrother poster

#OpBigBrother on twitter

Related articles

Enhanced by Zemanta
Filed Under: Events, PDEC's Blog Tagged With: , , ,

JAMA: A case for community health record banks

14 March 2013 by 1 Comment
jamalogo.png

JAMA

Dr. Bill Yasnoff, our friend from the Health Record Banking Alliance, co-wrote a Viewpoint article in this week’s Journal of the American Medical Association. It says personal clouds specializing in health records are a better path for “Putting Health IT on the Path to Success“ [paywall]. The many isolated pockets of patient data held across every service point creates a system that:  

  • Is complex and expensive.
  • Is prone to error and insecurity. 
  • Increases liability.
  • Isn’t financially sustainable. 
  • Can’t protect privacy as patients define it. 
  • Can’t ensure stakeholder coöperation. 
  • Can’t facilitate robust data searching, 

He argues that health information exchanges (HIE), systems for moving the electronic health records among providers, can’t solve these problems. 

Bill advocates for regional community-based Health Record Banks. HRBs store copies of all your medical records in one place, under a patient’s control. Instead of the HIE many-to-many architecture, HRBs provide single authoritative source for each patient. By being relatively local, they have more opportunities and better incentives for integration with local health care providers. 

Side effects of this simpler architecture are a more complete and accurate picture of the patient, better HIPAA compliance, more patient awareness and engagement, and built-in business models that shift these records from a costly drag to financial self-sufficiency. 

The viewpoint’s call-to-action: 

The idea of HRBs is not new. What is new is appreciating how HRBs can help achieve the HIT [health information technology] vision while most current HIE pursuits cannot. It is time for physicians to insist that HIT be pursued with realistic, achievable, and measurable goals that will produce readily available, comprehensive electronic records that can actually improve patient care. To do so requires implementation of model health record banks and then refinement of those models to allow them to achieve the sustainability and scalability that have prevented the success of distributed HIEs. Otherwise, HIT may become its own sociopolitical, legal, and economic disease.

For me, the timing is right to make this case. To date all the money’s been behind HIEs; they are the typical massive centralized IT project that looks simple on paper but fails to scale despite billions of dollars in software R&D. HRBs, as an alternative, offer proven execution advantages. Regional starts mean it’s easier to reach critical mass, community by community. Smaller scale to start means lower technology risk and faster learning. Increased patient control and engagement may even offer better clinical outcomes. Congratulations to Doctors Yasnoff, Latanya Sweeney, and Edward H. Shortliffe on the article.   

JAMA. 2013;309(10):989-990. doi:10.1001/jama.2013.1474. 

Filed Under: PDEC's Blog Tagged With: , , , , , , , , ,

If you like online privacy, you’re probably a terrorist

3 February 2012 by

The FBI and the Department of Justice thinks that if you use anonymizers, portals, or other means to shield IP address, then you could be engaged in or supporting terrorist activity. According to this flier, anyone who uses https is a potential terrorist, including google.

Download (PDF, 268.61KB)

If you think such policies are fine and don’t have anything to hide, then I would like to know your logins to all your online accounts, forums, and bank details, as well as your Social Security Number, and credit card information. I would also like a record of all your online purchases, you know, for “advertising” purposes. Oh you don’t want me to know that? Then maybe you do have something to hide and fliers like these are meant as scaremongering instead.

TwitterRedditShare

Filed Under: News Tagged With: , ,

Azigo in AdWeek

3 February 2012 by

The January 22 issue of AdWeek features a great story by Ki Mae Heussner titled “Whose Life Is It, Anyway?

In the story, Ki Mae examines the issue of online personal data from many angles.  She examines companies who collect data anonymously and sell it to marketers for targeting purposes, and the consumer and regulatory backlash that has resulted from this increasingly creepy practice.

More importantly, for us at least, she also profiles a few companies who are trying to restore control for consumers to share their personal data only when there’s some associated benefit.  Azigo is featured prominently.  The money quote:

“Facebook is where you go to manage social relationships; LinkedIn is for keeping up with professional networks,” says Steve O’Brien, Azigo’s handsome head of marketing.  ”We think there’s room for a third place online for people to consolidate all their commercial relationships.”

Filed Under: News Tagged With: ,

Busting myths about our approach to privacy

1 February 2012 by

Posted by Betsy Masiello, Policy Manager


*Update: The FairSearch ad referenced below as myth #1 was pulled because it was inaccurate.

A number of myths are being spread about Google’s approach to privacy. We just wanted to give you the facts.

  • Myth: In 2011, Google made $36 billion selling information about users like you. [Fairsearch - PDF]
  • Fact: Google does not sell, trade or rent personally identifiable user information. Advertisers can run ads on Google that are matched to search keywords, or use our services to show ads based on anonymous data, such as your location or the websites you’ve visited.
  • Myth: Google’s Privacy Policy changes make it harder for users to control their personal information. [Microsoft]
  • Fact: Our privacy controls have not changed. Period. Our users can: edit and delete their search history; edit and delete their YouTube viewing history; use many of our services signed in or out; use Google Dashboard and our Ads Preferences Manager to see what data we collect and manage the way it is used; and take advantage of our data liberation efforts if they want to remove information from our services.
  • Myth: Google is changing our Privacy Policy to make the data we collect more valuable to advertisers. [Microsoft]
  • Fact: The vast majority of the product personalization Google does is unrelated to ads—it’s about making our services better for users. Today a signed-in user can instantly add an appointment to their Calendar when a message in Gmail looks like it’s about a meeting, or read Google Docs within their email.
  • Myth: Google reads your email. [Microsoft]
  • Fact: No one reads your email but you. Like most major email providers, our computers scan messages to get rid of spam and malware, as well as show ads that are relevant to you.
  • Myth: Google’s Privacy Policy changes jeopardize government information in Google Apps. [SafeGov.org]
  • Fact: Our new Privacy Policy does not change our contractual agreements, which have always superseded Google’s Privacy Policy for enterprise customers.
  • Myth: Microsoft’s approach to privacy is better than Google’s. [Microsoft]
  • Fact: We don’t make judgments about other people’s policies or controls. But our industry-leading Privacy Dashboard, Ads Preferences Manager and data liberation efforts enable you to understand and control the information we collect and how we use it—and we’ve simplified our privacy policy to make it easier to understand. Microsoft has no data liberation effort or Dashboard-like hub for users. Their privacy policy states that “information collected through one Microsoft service may be combined with information obtained through other Microsoft services.”

We’ve always believed the facts should inform our marketing—and that it’s best to focus on our users rather than negative attacks on other companies. Onwards!

Filed Under: News Tagged With:

Privacy of Personal Identity Data – It’s a Simple Equation

1 February 2012 by

by Andy Land, Vice President of Marketing

Last week I wrote about identity information as the product.  In this post, I am following up with two more interesting happenings.

  1. Google Changing Its Privacy Policy
  2. Facebook and the European Commission Facing Off (Pun Intended) Over Privacy of Personal Data

These stories drive home what I previously mentioned: that identity information is extremely valuable.  Google and Facebook thrive on monetizing identity information, which makes our friends in government worried (see Congressional response to Google in the US and the European Commission mentioned above).  Thus, it might seem that the privacy around identity information is a matter of opinion.  On one side we have the vendors making money off of it, who want the identity data to flow more freely, and on the other side we have the government, worried about the consequences to our society.

These stories bring up one of the core dilemmas in technology  – open vs. secure (or in this case, private).  Security professionals have struggled with this dilemma since the first corporate networks started.   As my colleague Nick Crown says, “convenience wins.”  We’re seeing that today in the enterprise, as IT is learning to deal with devices they previously did not support, plus lots of cloud-based applications.  In the consumer world, the choice for all of us is: do we want to give up the privacy of our data in exchange for convenience?  With the success of the social networking services, it seems as if many of us are voting “yes”.

Does it have to be this way?  As I mentioned in my previous post, I believe we can make this economy around identity information even bigger and more successful if we can involve the user in an open, transparent fashion in the sharing of identity information.  At UnboundID, our vision for identity information is for the information to be used to grow the overall economy while respecting the user’s desires around privacy.  We believe knowledge gained via trust generates user loyalty.  User loyalty equals more revenue for vendors, who create fans and advocates for their brands and products, and in the process create a better product experience for users overall.  We believe this new economy can be a win-win for users and vendors.

Filed Under: News Tagged With: , , , , , , , , ,

2011 Year in Review (Part 1)

21 November 2011 by 1 Comment

Part 1: We were busy!

Personal Data Ecosystem Consortium had a busy 12 months. Here we are at the end of the year, and we wanted to catch you up. This is Part I, a recap through the first half of 2011. PDEC people and Startup Circle companies are in bold.

PDEC Events, Publications and Speaking Activities

[Read more...]

Filed Under: Newsletter, PDEC's Blog Tagged With: , , , , , ,

Should an Actress be Suing IMDB Because She Doesn’t Want Her Age Posted?

14 November 2011 by Leave a Comment

(This post is cross-posted at Napsterization.org/stories, my personal blog on disruptive technologies.)

gretagarbarosurveilancephoto.pngBrad McCarty of The Next Web thinks the IMDb: Age-publishing lawsuit is “a frivolous abuse” and should be dropped.

Reading his piece, I can see that on first glance, it sounds silly. An actress anonymously sues the Amazon-owned IMDB folks because they won’t remove her birthdate, claiming that it will adversely affect her career. And now, IMBD has asked the judge to only allow the lawsuit to move forward if her name is made public:

“Truth and justice are philosophical pillars of this Court. The perpetuation of fraud, even for an actor’s career, is inconsistent with these principals. Plaintiff’s attempt to manipulate the federal court system so she can censor iMDb’s display of her birth date and pretend to the world that she is not 40 years old is selfish, contrary to the public interest and a frivolous abuse of this Court’s resources.”

But this argument between IMDB and the actress points to a much bigger issue, and it’s not the one about IMDB making its living trading on other’s data, whether from Hollywood or the users who add to the IMDB system for free, which I would understand is a fairly selfish undertaking by IMDB.

Why should IMDB be able to operate “selfishly” by publishing people’s personal data, outside their discretion, and the actress in question not be able to “selfishly” make a living by trading in her looks for salary? I would say IMDB is pretty hypocritical here. And do they really think the Judge, the public, or the Hollywood set they make money from, are that stupid that we wouldn’t understand that IMDB is selfish too?

I understand from reading the Hollywood Reporter article that the IMDB believes she may be the same actress that years ago tried to change her birthday, submitted by a previous agent to IMDB. Since IMDB believes this is an issue of fraud (they have no proof), they now want the identity of the actress made public. But since the old information isn’t part of the case, does it really matter? Yes, I get that actresses have lied about their ages for a long time, but is it really “in the public interest” to out this woman? It’s definitely in her economic interest not to out her, so i just think Amazon-IMDB are being nasty and frankly it seems frivolous of them to try to out her.

But this is really beside the point.

The Larger Issue

I believe people should be able to choose what personal information is shown about them on websites.. especially data that isn’t or wasn’t before the past 10 years, public. It’s easy to dismiss this as vanity or frivolous.. but as more and more personal data is out there, and as people lose control of it.. it points to a much larger issue: how do individuals control information about them that doesn’t really need to be public?

I can see that by having her age obscured, the people who hire her would just think of her age based upon appearance.. which is actually for an actress or actor, probably a good measure. Giving the specific age will plant that in producer’s and public’s heads. So I can see her point.

Rather than get into a discussion of harms and “how bad is it” about one or another data breaches, I think the real question is:

What kind of society do we want to have, where everyone’s data is public and out of their control? What does it do to us, to devolve into a totalitarian model where everyone is afraid because frankly, everyone has something to hide? Or maybe their friends do.

Right now, life and health insurance companies are telling the press and their investors that they are screening people in Facebook. And it’s not just you under scrutiny. It’s your friends. This was covered extensively in the Wall Street Journal “what they know” series a year ago. There are also finance companies that are telling users to “unfriend” anyone they are connected to in Facebook with bad credit… because when you are reviewed, friends with bad credit will reflect on you.

This issue of personal data and control is much larger than an actress and her age being displayed without her consent.

It’s about how we allow others to show information about us, verses having control of it ourselves. I think for a civil and democratic society to work, we can’t leave that up to companies with no oversight and a big profit motive, but instead need to think about giving the individual ultimate control over certain types of personal data.

So while the actress may be vain, may be trying to gloss over her age, or may just be reflecting the economic realities of her profession, which i do think are real, and we may poo-poo this as silly, this lawsuit reflects the much greater tension about personal data and control and actually could be a really interesting test case, given that we don’t have much privacy law in the US.

Filed Under: News, PDEC's Blog Tagged With: , , ,
«Older Posts