Archive

Archive for the ‘Online Privacy’ Category

Twitter Gov Requests Doubled in 2012

July 16, 2012 1 comment

Twitter recently released their first transparency report, outlining how often in the first half of 2012 government or copyright holders requested Twitter account information and how often this information was produced. The majority of information requests (679) came from the United States but also a significant number came from Japan (98). US requests were followed in 75% of the cases while in Japans case only 20% of the requests were fulfilled. Interestingly, only 3 requests to remove a Twitter account by court orders were received (Greece and Turkey) but none of them was followed!

In total, Twitter received in the first half of 2012 as many requests as in all of 2011, which is a much bigger increase than overall Twitter growth (which was at about 20% in the US).

All in all, these numbers do not surprise me that much, taking all of the 140 million active users into account. And it is reassuring that Twitter does not seem eager to give out user data (Twitter already took a stand for an Occupy Wall Street protester at the beginning of this year).

Twitters transparency report is a perfect example on how to build users trust: by making the companies actions transparent. They should be a glowing example for other web companies who basically store all the information of our lives online.

If you are interested in what Facebook sends if they get a subpoena for a user, you can see an example online (it’s 62 pages of Facebook data …).

“Do Not Track” Not So Good After All?

June 12, 2012 Leave a comment

Source: Slashgear

The “Do Not Track” header in websites is a feature that states if a user wishes to be tracked by websites (mainly for advertising purposes through cookies) or not. However, it is optional for the websites if they respect the user’s decision or not. Today, most browsers support this feature (the Chrome browser will support it by the end of 2012), Microsoft recently even announced that it will be turned on by default in IE10. From a privacy perspective this is a very welcome development, which gives power back to the users. However, two recent articles focused on the economical implications of restricting technology that funds big parts of our (free) Internet as we know it. Without ads, websites such as Google or Facebook would have a hard time financing themselves. In Technology Review, Antonio Regalado asks if this feature will kill off innovation in online advertisement, with serious implications for the $40B online ad industry and as such for us as users as well.

Another reason I find the article quite interesting is that it points out the positive sides of tracking the user to deliver highly targeted ads. You might even get relevant information out of ads instead of useless spam.

In order to better understand online tracking I highly recommend the guide from the Guardian. Also check out their nice graph about the biggest advertising companies and websites that use them.

Posting Pics of Cash on Facebook: Not a Good Idea!

June 1, 2012 Leave a comment

This is just a symbol photo, not actually the girl (it is Tamara Ecclestone), (c) Petra Ecclestone

This story reminds us that we should think before we post something on Facebook. An Australian 17 year old posted a picture of a pile of cash to Facebook after helping her grandmother to count her money. Just hours afterwards, two robbers with masks, a knife and a club turned up at the house of the girl. Luckily, neither the girl nor the cash was there anymore and nobody got hurt. They just took a “small amount of cash” and left. This incident caused the local police to issue a warning about being cautious when posting something to social media.

The only real possibility how this could have happened is that this girl has some really shady people in her friends list. Not only is it your responsibility to choose what to post online but also whom you be-friend. This shows that not only criminals can be caught by the fotos they post online but criminals can get a good idea of whom to rob next.

Twitter Fights for Occupy Protester: Data Belongs to User!

May 16, 2012 1 comment

Last October an Occupy Wall Street protester was arrested for “disorderly conduct” in New York City. As part of his prosecution Twitter received a court order, requiring it to hand over 3 months of Twitter data to the court. The prosecutors obviously hoped that he sent some infringing direct messages since usual Twitter messages are public anyway. It wouldn’t have surprised anyone if Twitter would have handed over the data without complaining. However, recently the company refused! And not only that, the amazing part is that they did this because they state that the data belongs to their users! Thus, the court has to ask the user to hand over the data (who is not very willing either). This is an astounding development, given that generally Internet companies make their privacy policies stricter so they can do whatever they want with their users data.

These are the cases when companies can show how serious they take their privacy policy and, essentially, on which side they are on.

Reading Privacy Policies Would Cost us 250 hours per year

May 2, 2012 1 comment

Google's unified privacy policy

A paper, already published in 2008, by Aleecia McDonald and Lorrie Cranor of the Carnegie Mellon University, suggests that the time needed to read all privacy policies we accept in our daily online lives amounts to 250 hours of “work” in a year and the cost of reading these policies amounts to $781 Billion per year. It is obvious that no one can spare the time to read these policies and I do not know anyone who does. It is also obvious that these are not there to inform the user in any way but to create legal protection for the companies against lawsuits. As a result, it is claimed that only 3% percent of users read the policies carefully (though this number still sounds quite high to me, the original study does not seem to be available anymore).

Even though quite controversial, I believe the new Google Privacy Policy, which unifies privacy policies from all Google services, is a step in the right direction. At least they try to explain to the user what it means. Also Facebook recently proposed to update their policies in order to be easier to understand for users. And since a large portion of services we use are Google or Facebook anyway, we save a big chunk from those 250 hours per year…

A Solution to Internet Snooping in the EU

April 23, 2012 Leave a comment

Starting from April 1st, the so called “Vorratsdatenspeicherung” (VDS, data retention) took effect in Austria (after being sued by the EU for non-compliance in 2010). Basically, this law requires telecommunication providers (telcos, ISPs) to store all communication data (though no content of calls and emails etc.) for six months. There is much controversy about this law and a growing opposition against it. But rather than writing about VDS, which has been discussed in numerous places before, I find it much more interesting to look at the situation in other countries.

Generally, the EU Data Retention Directive requires member states to store Internet information for at least six months. Some member states, such as France, Bulgaria and the Netherlands, already implemented the directive, some resisted and got sued by the EU, such as Sweden or Austria and implement it now. Germany implemented it 2008 but stopped in 2010 following a court ruling that stated that VDS is unconstitutional.

Further, most notably, in the UK there is currently a proposal for a bill making the rounds, which would allow somewhat of an extension to VDS. The big difference to Austria is that in the UK this bill would allow real-time government surveillance and surveillance without any warrant. For the time being, no content of any messages would be surveilled, but, as this article points out, in a time of crisis this is just a small step to take. This is especially interesting since the current UK government pledged in its coalition agreement that they would stop storage of Internet data without reason! But I would have been surprised if they actually stopped it. I find it rather surprising that they didn’t manage to pass such a bill well before the Olympics 2012 for which security and surveillance systems were upgraded significantly.

I believe that generally there is no reason why ISPs and telcos should not store connection data (not content). I would be surprised if they don’t do that already anyway. And I think it is okay to use this data in criminal investigations.

However, I do see a problem if this data can be accessed at any time, without any warrant and without explaining yourself to anyone. In Austria, police does need a warrant and is only allowed to access this data if the charge for the crime committed is over two years prison time. But this is not enough, there needs to be stricter regulation. I propose an external, independent institution (ideally directly elected) that controls police who access this data. In Austria, this might be the “Datenschutzkommission” (DSK, data protection agency). The police would regularly have to report, which data they accessed and, more importantly, why. This institution would have to have the authority and political independence to stop access and inform the public. This institution in return has to publish regular public reports on their work. Of course, this institution has to be adequately funded with enough people to check and regulate. This is something that is definitely not the fact right now at the DSK. I believe it is only fair to provide more financial ressources for this since these new regulations cost the telcos and ISPs significantly more money, which they will collect from their customers.

A true democracy can only work if for every power there is an opposition. This is an ancient concept and works in Parlament and between the different powers of the state. So if one institution has the power to surveil communication data, there should be an opposition to hold the balance. This is how it works in a democracy and I think this where all of us want to live.

Privacy Bill of Rights: Toothless Election Stunt or Clever Way to Make an Impact?

March 26, 2012 Leave a comment

Obamas “Consumer Data Privacy in a Networked World: A Framework For Protecting Privacy and Promoting Innovation in the Global Economy”, better known as simply “privacy bill of rights” has made some headlines this year. Recently, since it was one of the topics at the EU Conference on Privacy and Protection of Personal Data held on March 19th, both in Washington DC and Brussels. The aim of the bill is to increase the privacy of consumers on the Internet and get closer to a common international privacy standard. Currently, the EU is known to have much stricter privacy regulation laws than the US and is working on a proposal for new data protection regulations. Now, the Obama administration created a draft for a new kind of privacy regulation to protect the privacy of consumers. However, critics state one major problem with the plan: It won’t become a law anytime soon. Instead, it is planned to create a more or less voluntary code of conduct that big corporations should commit themselves to. If they do, the FTC has the authority to enforce this commitment. This shows fundamentally different approaches to privacy protection in the US and EU. In the EU privacy is a human right while in the US it is more of a consumer right than anything.

However, I do find arguments in favor of this approach, this code of conduct, interesting. In an interview with a US civil liberty group it is argued that in an election year, it is hard to pass a law, which brings tougher regulations to corporations. Further, one problem with European privacy law, it is stated, is avoided: European law stated “protect peoples privacy” and nobody knows what that exactly means. Instead, the US approach gives this responsibility to the corporations: They have to define what it exactly means and then stick to it. And this is enforceable by the FTC. I personally think it is a nice touch that they want a “do not track button” in browsers, so consumers can turn off cookie tracking. This is one of the few, very concrete measures for privacy protection. I think that this bill is a big step forward in privacy protection in the US and that eventually it will find its way into a law. Until then, this privacy bill of rights is a good start: Amazon, Apple, Google, HP, Microsoft, and Research In Motion already confirmed that they would abide by new privacy principles. And it is definitely not the worst kind of press Obama can wish for in his election year.

Link: Full text of the privacy bill of rights
Link: Full text of the EU proposal

%d bloggers like this: