Own a Google Glass? Perhaps this is the shirt you should be wearing at all times.
Tag: Privacy
So, I use two factor authentication for a variety of services. It’s great for security.
It’s also a royal pain in the ass to be (re)inputting secondary authentication information all the time. That basic ‘pain point’ is sufficient to dissuade most people from setting it up. I support Twitter adopting this, and for some people it’ll be awesome. For most people it’ll just be a pain in the ass.
Matt Green has a really excellent post on why Bitcoin isn’t as anonymous as people think, and how to ‘fix’ that problem. If this is something that you’re interested in then his (very) detailed writeup (and link to his paper!) is worth the time and effort.
Categories
2013.4.13
Lawyers are trained in reading, understanding, interpreting and advising on laws and legal compliance programs, and defending their clients from litigants and regulators. Privacy laws, everywhere in the world, are vague, so they leave much room for legal interpretations. The lawyers’ skill set is becoming more and more central to the role of privacy leadership. Moreover, lawyers benefit from attorney-client privileged communications internally, which is becoming an absolutely essential mechanism for privacy lawyers to have deep, unfettered, unfiltered exchanges of information and advice with their clients.
Of course, non-legal disciplines will always play an essential role in safeguarding privacy at companies, e.g., the vital role played by security engineers. Privacy will always be a cross-disciplinary project. I’m not saying that the rise of the lawyer-privacy-leader is necessarily the best thing for “privacy”. Yet in the face of rampant litigation, discovery orders, vague laws, political debates, regulatory actions, threats of billion dollar fines, companies will be looking to their privacy lawyers for a lot more than drafting a privacy policy. It’s a great profession, if you like stretch goals.
Peter Fleischer, “Stretch Goals for Privacy Lawyers”
Cunningham writes that AeroFS,
If you want access to the best features of Dropbox or one of its many competitors—automated file syncing between computers, a way to automatically keep old versions of your synced files, etc.—but you don’t want to keep your stuff in someone else’s cloud, AeroFS is a promising service. It can provide file syncing for many clients using your own local server (or, for businesses, Amazon S3 storage that you have more direct control over).
These are the kinds of projects that are really interesting to see come to fruition. In British Columbia there is pretty intense law that largely precludes public institutions from storing BC residents’ information outside of the province. The law has created a lot of consternation, especially amongst educators, who believe they can’t use ‘next generation’ tools in their classrooms.
Solutions like AeroFS start to bridge that divide, insofar as more and more ‘cloud’ services can be localized within the province and, as a result, be used by teachers and their students. In effect, such products can satisfy users’ demands while also complying with provincial law. Everyone wins.
Categories
2013.4.11
CryptDB, a project out of MIT’s Computer Science and Artificial Intelligence Lab, (CSAIL) may be a solution for this problem. In theory, it would let you glean insights from your data without letting even your own personnel “see” that data at all, said Dr. Sam Madden, CSAIL director, on Friday.
“The goal is to run SQL on encrypted data, you don’t even allow your admin to decrypt any of that data and that’s important in cloud storage, Madden said at an SAP-sponsored event at Hack/reduce in Cambridge, Mass.
Barb Darrow, “You want to crunch top-secret data securely? CryptDB may be the app for that”
This is super interesting work that, if successful, could open a lot of sensitive data to mining. However, it needs to be extensively tested.
One thing that is baked into this product, however, is the assumption that large-scale data mining is good or appropriate. I’m not taking a position that it’s wrong, but note that there isn’t any discussion – that I can find – where journalists are thinking through whether such sensitive information should even be mined in the first place. We (seemingly) are foreclosing this basic and very important question and, in the process, eliding a whole series of important social and normative questions.
Google’s intrusion into the physical world means that, were its privacy policy to stay in place and cover self-driving cars and Google Glass, our internet searches might be linked to our driving routes, while our favourite cat videos might be linked to the actual cats we see in the streets. It also means that everything that Google already knows about us based on our search, email and calendar would enable it to serve us ads linked to the actual physical products and establishments we encounter via Google Glass.
For many this may be a very enticing future. We can have it, but we must also find a way to know – in great detail, not just in summary form – what happens to our data once we share it with Google, and to retain some control over what it can track and for how long.
It would also help if one could drive through the neighbourhood in one of Google’s autonomous vehicles without having to log into Google Plus, the company’s social network, or any other Google service.
The European regulators are not planning to thwart Google’s agenda or nip innovation in the bud. This is an unflattering portrayal that might benefit Google’s lobbying efforts but has no bearing in reality. Quite the opposite: it is only by taking full stock of the revolutionary nature of Google’s agenda that we can get the company to act more responsibly towards its users.
I think that it’s critically important to recognize just what the regulators are trying to establish: some kind of line in the sand, a line that identifies practices that move against the ethos and civil culture of particular nations. There isn’t anythingnecessarily wrong with this approach to governance. The EU’s approach suggests a deeper engagement with technology than some other nations, insofar as some regulators are questioning technical developments and potentialities on the basis of a legally-instantiated series of normative rights.
Winner, writing all the way back 1986 in his book The whale and the reactor: a search for limits in an age of high technology, recognized that frank discussions around technology and the socio-political norms embedded in it are critical to a functioning democracy. The decisions we make with regards to technical systems can have far-reaching consequences, insofar as (some) technologies become ‘necessary’ over time because of sunk costs, network effects, and their relative positioning compared to competing products. Critically, technologies aren’t neutral: they are shaped within a social framework that is crusted with power relationships. As a consequence, it behooves us to think about how technologies enable particular power relations and whether they are relates that we’re comfortable asserting anew, or reaffirming again.
(If you’re interested in reading some of Winner’s stuff, check out his essay, “Do Artifacts Have Politics.”)
Peter Fleischer has a good summary piece on the (miserable) state of online privacy policies today. As he writes:
Today, privacy policies are being written to try to do two contradictory things. Like most things in life, if you try to do two contradictory things at the same time, you end up doing neither well. Here’s the contradiction: should a privacy policy be a short, simple, readable notice that the average end-user could understand? Or should it be a long, detailed, legalistic disclosure document written for regulators? Since average users and expert regulators have different expectations about what should be disclosed, the privacy policies in use today largely disappoint both groups.
(…)
The time has come for a global reflection on what, exactly, a privacy policy should look like. Today, there is no consensus. I don’t just mean consensus amongst regulators and lawyers. My suggestion would be to start by doing some serious user-research, and actually ask Johnny and Jean and Johann.
I entirely, fully, wholeheartedly agree: most policies today are absolute garbage. I actually read a lot of them – and research on social media policies will be online and available soon! – and they are more often than not an elaborate act of obfuscation than something that explains, specifically and precisely, what a service does or is doing with the data that is collected.
The thing is, these policies don’t need to be as bad as they are. It really is possible to bridge ‘accessible’ and ‘legalese’ but doing so takes time, care, and effort.
And fewer lawyers.
As a good example of how this can be done check out how Tunnelbear has written their privacy policy: it’s reasonably accessible and lacks a lot of the ‘weasel phrases’ you’ll find in most privacy policies. Even better, read the company’s Terms of Service document; I cannot express how much ‘win’ is captured in their simultaneously legal and layperson disclosure of how and why their service functions as it does.
Categories
2013.4.5
The new Home app/UX/quasi-OS is deeply integrated into the Android environment. It takes an effort to shut it down, because Home’s whole premise is to be always on and be the dashboard to your social world. It wants to be the start button for apps that are on your Android device, which in turn will give Facebook a deep insight on what is popular. And of course, it can build an app that mimics the functionality of that popular, fast-growing mobile app. I have seen it done before, both on other platforms and on Facebook.
But there is a bigger worry. The phone’s GPS can send constant information back to the Facebook servers, telling it your whereabouts at any time.
(…)
And most importantly it is Facebook, a company that is known to have played loose-and-easy with consumer privacy and data since its very inception, asking for forgiveness whenever we caught them with its hand in the cookie jar. I don’t think we can be that forgiving or reactive with Facebook on mobile.
Om Malik, “Why Facebook Home bothers me: It destroys any notion of privacy”
Categories
More Visibility, Less Privacy
While admitting that increased surveillance was “scary” and that governments will have to be thoughtful with their laws, [Bloomberg] seemed to side with prioritizing radical transparency, especially through the use of automated drones, “but what’s the difference whether the drone is up in the air or on the building? I mean intellectually I have trouble making a distinction.”
…
Lest Bloomberg be labeled as a surveillience hawk, the interview took on a tone of inevitability, rather than advocacy: “Everybody wants their privacy, but I don’t know how you’re going to maintain it.”
Gregory Ferenstein, “Bloomberg: ‘We’re Going To Have More Visibility And Less Privacy,’ Drones And Surveillance Coming”
Correct me if I’m wrong, but his sentence “Everybody wants their privacy, but I don’t know how you’re going to maintain it” indicates a failure to understand his role as a politician. If everybody – including, one presumes, residents of New York city – “wants their privacy” then it is his job, and that of council, to protect and preserve those constituents’ privacy.
To be clear: it is not his job to authorize enhanced surveillance, and then throw his hands up and say that he doesn’t get how his constituents are going to realize their wishes as he and council march against those interests.
Excited Pixels 