Categories
Links

Drupal in the Age of Surveillance

Drupal in the Age of Surveillance:

“Contemporary websites have almost innumerable places where information can be entered, logged, and accessed, by either the first party or third parties.”

That’s the frank assessment of Chris Parsons, a postdoctoral fellow at The Citizen Lab at the University of Toronto’s Munk School of Global Affairs. Parsons’ current research focus is on state access to telecommunications data, through both overt mechanisms and signals intelligence – covert surveillance.

Parsons recommends an approach to user data protection called threat modeling. “So who are you concerned about, what do you believe your ethical duties of care are, and then how do you both defend against your perceived attackers and apply your duty of care?”

Parsons suggests, “The first step is really just information inventory: what’s collected, why, where’s it going, for how long.”

For Parsons, having strong protections for user data is critical, and not merely from a privacy perspective. Rather, privacy protection is just sound business practice. Imagine this scenario, he suggests: “One of your core databases with customer information gets compromised.” Then, “If you have an auditor that comes in, or if you have the press pounding on your door, you don’t want to be telling either of those parties, ‘Yeah, that’s a good question. I don’t know where any of our data is. We don’t know what we lost.’”

Parsons is more pragmatic, acknowledging that when it comes to analytics the battle has already been lost, if it even happened at all. Still, he points to the practical advantages of maintaining your own statistics. “I often avoid using Google Analytics, in part because more and more people are blocking Doubleclick [and other Google] cookies.” Instead, Parsons opts for self-hosted solutions because, “I find that the truth that comes through them can be more useful.”

Parsons similarly recommends a tool called Social Share Privacy, which has an associated Drupal module. Like Mytube, Social Share Privacy communicates with the third party website only if a user first clicks a link. Parson comments, “If your content is really great – and most people hope it is – I don’t think that one extra click is going to doom the ability to share [it].”

Burdett explains that while standard encryption uses a single key that’s used across a server, there is a newer method called forward secrecy: “[It] means that a unique key is generated for each HTTPS session.” If you run an e-commerce bookshop and receive a law enforcement subpoena relating to a particular customer, Parsons says, “You as a bookshop seller do not want to be in a situation where you’re disclosing the decryption key for every person – or every IP address, rather – that has looked at your website and what books they’ve looked at.” Forward secrecy ensures there is no single key that decrypts all users’ communications.

For Parsons, once you’ve completed your information inventory and determined what you’re gathering – and how and why – a key next step is writing a detailed and appropriate privacy policy.

“You can usually tell it’s a bad privacy policy,” Parsons says, “as soon as you get stuff like, ‘In the provision of this service, we may provide information to third parties.’ Whereas you, as the site owner, know damn well that you’re using Google Analytics, you’re using Twitter, you’re using Facebook.”

A privacy policy is also a good place to point people to ways they can opt out. “I personally like seeing links or notices about ‘this is how you can avoid this if you want,’” Parsons says. “So you link someone out to Ghostery (a browser plugin used to block tracking software), or whatever you want to link them out to.”

As well as being specific, a privacy policy should be readable. Parsons notes, “You go and read the ‘disclosures’ that people make – their terms of service, their privacy policies – and you get this horrible language. No human in their right mind would ever know what was going on. And indeed, when I spoke with some businesses, they don’t know where that data is going.”

To Parsons, protecting user information should be anything but an afterthought. “Certainly, if there’s any sort of commercial or business interest involved, I think this just flows out of the business plan that you’ve probably developed.”