Archive
They’ve Your Data, Whether You’re on Facebook or Not!
(c) Facebook
Yes, there are still some people out there who refuse to join Facebook. And they refuse for good reasons, such as their personal privacy. However, it seems like Facebook has grown so big already, that staying off of it won’t protect your privacy as much as you think. According to a recent publication at the University of Heidelberg / Germany, it is possible to determine with an accuracy of at least 85% (!) if two people know each other, even if both are not on Facebook! Using machine learning methods, which analyze common friends of members as well as email contacts, scientists could deduct common friends of non-members and guess if two non-members know each other. And this does not even factor in such questionable practices as uploading cellphone contacts to social networks!
This is a quite significant finding, which shows that social networks like Facebook have become so ubiquitous that they have significant information about us, even if we never agreed to that. In many cases we cannot decide anymore what happens with our data, our “friends” or social networks decide for us!
“Spying Lamp Posts” Not So Scary After All
Not believing everything you read on the Internet is generally good advice and this is just another good example.
In October 2011 Infowars, among many other blogs, reported about new “spying lamp posts” that covertly record videos and audio of citizens on streets and parks and are even able to “talk back” using integrated microphones. They called it “Big Brother on steroids” and something that not even Orwell dreamed of.
Now, the first of these lamp posts are being deployed in several cities in the US and accordingly the blogosphere is raging again, scaring us about secret spying lamp posts. However, instead of just re-blogging this, granted, very nice story, I would like to take it as an example how some things we read on the Internet are just bullshit. It is a good example how someone just read what he/she wanted to read about a product and made a “scandal” out of it. Because if you look at the “incriminating” company video (below this post) or just the company website of the developer Intellistreets there is no mention of people being filmed or otherwise surveilled (their statement following this story is interesting as well). Actually, these lamp posts sound pretty cool, intelligently saving energy and money and providing safety features in case of an incident.
Unfortunately, sometimes people just hear what they want to hear and make a flashy headline. It is important to check at least basic facts before re-blogging such a story. Reporting facts might be more important than a headline, which gets many clicks. Maybe the world is not as bad as many think!
A Solution to Internet Snooping in the EU
Starting from April 1st, the so called “Vorratsdatenspeicherung” (VDS, data retention) took effect in Austria (after being sued by the EU for non-compliance in 2010). Basically, this law requires telecommunication providers (telcos, ISPs) to store all communication data (though no content of calls and emails etc.) for six months. There is much controversy about this law and a growing opposition against it. But rather than writing about VDS, which has been discussed in numerous places before, I find it much more interesting to look at the situation in other countries.
Generally, the EU Data Retention Directive requires member states to store Internet information for at least six months. Some member states, such as France, Bulgaria and the Netherlands, already implemented the directive, some resisted and got sued by the EU, such as Sweden or Austria and implement it now. Germany implemented it 2008 but stopped in 2010 following a court ruling that stated that VDS is unconstitutional.
Further, most notably, in the UK there is currently a proposal for a bill making the rounds, which would allow somewhat of an extension to VDS. The big difference to Austria is that in the UK this bill would allow real-time government surveillance and surveillance without any warrant. For the time being, no content of any messages would be surveilled, but, as this article points out, in a time of crisis this is just a small step to take. This is especially interesting since the current UK government pledged in its coalition agreement that they would stop storage of Internet data without reason! But I would have been surprised if they actually stopped it. I find it rather surprising that they didn’t manage to pass such a bill well before the Olympics 2012 for which security and surveillance systems were upgraded significantly.
I believe that generally there is no reason why ISPs and telcos should not store connection data (not content). I would be surprised if they don’t do that already anyway. And I think it is okay to use this data in criminal investigations.
However, I do see a problem if this data can be accessed at any time, without any warrant and without explaining yourself to anyone. In Austria, police does need a warrant and is only allowed to access this data if the charge for the crime committed is over two years prison time. But this is not enough, there needs to be stricter regulation. I propose an external, independent institution (ideally directly elected) that controls police who access this data. In Austria, this might be the “Datenschutzkommission” (DSK, data protection agency). The police would regularly have to report, which data they accessed and, more importantly, why. This institution would have to have the authority and political independence to stop access and inform the public. This institution in return has to publish regular public reports on their work. Of course, this institution has to be adequately funded with enough people to check and regulate. This is something that is definitely not the fact right now at the DSK. I believe it is only fair to provide more financial ressources for this since these new regulations cost the telcos and ISPs significantly more money, which they will collect from their customers.
A true democracy can only work if for every power there is an opposition. This is an ancient concept and works in Parlament and between the different powers of the state. So if one institution has the power to surveil communication data, there should be an opposition to hold the balance. This is how it works in a democracy and I think this where all of us want to live.
Privacy Bill of Rights: Toothless Election Stunt or Clever Way to Make an Impact?
Obamas “Consumer Data Privacy in a Networked World: A Framework For Protecting Privacy and Promoting Innovation in the Global Economy”, better known as simply “privacy bill of rights” has made some headlines this year. Recently, since it was one of the topics at the EU Conference on Privacy and Protection of Personal Data held on March 19th, both in Washington DC and Brussels. The aim of the bill is to increase the privacy of consumers on the Internet and get closer to a common international privacy standard. Currently, the EU is known to have much stricter privacy regulation laws than the US and is working on a proposal for new data protection regulations. Now, the Obama administration created a draft for a new kind of privacy regulation to protect the privacy of consumers. However, critics state one major problem with the plan: It won’t become a law anytime soon. Instead, it is planned to create a more or less voluntary code of conduct that big corporations should commit themselves to. If they do, the FTC has the authority to enforce this commitment. This shows fundamentally different approaches to privacy protection in the US and EU. In the EU privacy is a human right while in the US it is more of a consumer right than anything.
However, I do find arguments in favor of this approach, this code of conduct, interesting. In an interview with a US civil liberty group it is argued that in an election year, it is hard to pass a law, which brings tougher regulations to corporations. Further, one problem with European privacy law, it is stated, is avoided: European law stated “protect peoples privacy” and nobody knows what that exactly means. Instead, the US approach gives this responsibility to the corporations: They have to define what it exactly means and then stick to it. And this is enforceable by the FTC. I personally think it is a nice touch that they want a “do not track button” in browsers, so consumers can turn off cookie tracking. This is one of the few, very concrete measures for privacy protection. I think that this bill is a big step forward in privacy protection in the US and that eventually it will find its way into a law. Until then, this privacy bill of rights is a good start: Amazon, Apple, Google, HP, Microsoft, and Research In Motion already confirmed that they would abide by new privacy principles. And it is definitely not the worst kind of press Obama can wish for in his election year.
Link: Full text of the privacy bill of rights
Link: Full text of the EU proposal
The Outrageous Practice of Asking Employees for Facebook Passwords
Facebook recently publicly threatened employers who ask (potential) employees for their Facebook password to perform a “background check”. Facebook stresses that legal action against these employers is possible. And rightly so.
This increasing practice is simply outrageous. Private social media accounts should be off limits for anyone. Do employees get the password to their employers accounting software? No.
Some things just should be kept private. And access to a social media account should be among them.
How body worn cameras help police as well as the public
(c) Glogger
Following my last post about complete transparency of information to increase privacy the idea to record everything in our lives is intriguing. Something like surveillance of our personal lives. In police work this seems to be the near future, similar to Charles Stross‘s description in his novel Halting State (which is set in 2018). There, everything a police officer sees is recorded, wirelessly uploaded and indexed for future reference and proof. Body worn cameras are already used by police in the US and UK and there is a number of producers of such devices (e.g. TASER recently introduced stylish new Oakley glasses with cameras). From a police point of view it makes sense to have proof of all events for later use. However, it surprised me to read that human right groups endorse such measures and even demand that police wear such cameras. The campaigning group whennooneswatching.org with their four fingers campaign demand that all police officers must have cameras attached, that these must be switched on when interacting with the public and that this data must be made available on request. The aim is to reduce police brutality and to have proof of brutal police officers. However, as IPVM points out(subscription-based access), opponents argue that body worn cameras might cause officer hesitation due to fear of scrutiny and thus risk his or her life. I think this argument is flawed. If certain actions are necessary in police work they should be regulated within reason and if not they should be forbidden. In any case, police officers have to act within the law and thus should not be afraid of scrutiny. But body worn systems still have some drawbacks that have to be solved before they can be used to protect victims as the four fingers campaign envisions it:
- They have to be “always on”: Due to low battery life these systems have to be switched on when the officer sees fit. This has two disadvantages: First, the officer cannot concentrate on his job and instead has to deal with the device. Second, it is very likely that an officer will turn off the device if he or she thinks the video might incriminate him.
- They have to be “live”: Today, the videos can only be used forensically and are not uploaded on the fly (LTE might change that). Thus, the material can easily be altered afterwards.
- Access to videos: Access to videos for persons involved in an incident has to be allowed and have to be easy to manage.
I believe body worn cameras for police are just the first step. It gets really exciting when everyone records every event in their lives (does anyone remember justin.tv? Yes, it still exists!). Thus, no one has an advantage or disadvantage of information. In fact, anyone can do that already today, lifeloggers even made somewhat of a sport out of it. This concept is generally referred to as sousveillance, i.e. the inverse of surveillance (which deserves a blog post by itself). So if you are motivated to start lifelogging now, there are a number of products available that offer functionality to record everything we see (check out this not-so-cool device). However, I doubt that it is legally ok to film strangers without informing them.
More Privacy through Maximum Transparency?
Banksy, kissing police man, photo (c) Pete Barr-Watson
I read an interesting interview in Wired online with David Brin, an award-winning sci-fi author who deals in his book The Transparent Society with how privacy in our society might look like in the future. His concept states that it is unrealistic to try to stop surveillance of all parts of our lives and privacy protection laws just create the illusion of privacy. Because by passing privacy laws you restrict access to surveillance information and have to trust powerful authorities to abide to these laws. However, the powerful have no incentive not to break the laws; there is no measure in place to avoid usage of the available data (though I think there are technological solutions to that) – this reminds me of yesterdays story of how the richer you are the more likely your are to break rules.
In order to offer true privacy, Brin states, everyone needs freedom of access to all information, i.e. to level the playing field. If everyone of us has access to all video surveillance feeds, to Facebook data, to phone data, all the time, everyone has the same level of privacy and the freedom to know everything. In a way, this is like everyone is your Facebook friend.
I find this concept fascinating but cannot picture how society might work if this actually happens. It would mean that anyone can spy on their neighbors, that you can never be sure if your neighbor watches you. This would create a state where each of us watches themselves because who knows who is watching (in the sense of Foucaults Panopticon). Further, criminals can use it to determine when to rob a bank or a store or break in a building. For this reason, in our society today, power is not divided equally (and access to information is part of this power). For example, not everyone is allowed to carry guns, but the police is. And this makes sense in a way, otherwise we cannot have an executive branch of our government if it does not have the power to execute laws. So in practice it might be quite difficult to implement Brin’s concept. It would require a complete shift of how our society works today.
By the way, the Wired article is from 1996, where David Brin states that “in a decade, you’ll never know the cameras are there”. Well, clearly 16 years later we still know they are there and CCTV use has not yet exploded the way he might have predicted. However, through new technology, his transparent society already happens in a way, e.g. during protests, where both protesters as well as police use cameras to record events.
Digital Privacy 