Source: Global Coalition Of NGOs Call To Investigate & Disable FinFisher’s Espionage Equipment in Pakistan
Tag: Privacy
Via Techdirt:
Good news, everyone. The terrorists will win and New York City Mayor Michael Bloomberg wants to help. Of course, his speech is all about not letting the terrorists win. But he’s giving them exactly what they want.
Bloomberg is an incredibly worrying political figure. He’s gone from earlier this year stating the privacy is important, but cannot be maintained in the face of expanding police surveillance, to this:
“The people who are worried about privacy have a legitimate worry,” Mr. Bloomberg said during a press conference in Midtown. “But we live in a complex word where you’re going to have to have a level of security greater than you did back in the olden days, if you will. And our laws and our interpretation of the Constitution, I think, have to change.”
This is the second time in very recent memory that he, on the one hand, supports a notion of privacy while, on the other, asserts that privacy has to be increasingly limited to enjoy ‘security’. This is an absolutely false dichotomy, and is often linked to blasé efforts to ‘secure’ a population in ineffective, inefficient, or incorrect ways. Strong security protections can and should be accompanied by equally strong privacy protections; we need to escape the dichotomy and recognize that privacy and security tend to be mutually supportive of one another, at least when security solutions are appropriately designed and implemented.
Own a Google Glass? Perhaps this is the shirt you should be wearing at all times.
So, I use two factor authentication for a variety of services. It’s great for security.
It’s also a royal pain in the ass to be (re)inputting secondary authentication information all the time. That basic ‘pain point’ is sufficient to dissuade most people from setting it up. I support Twitter adopting this, and for some people it’ll be awesome. For most people it’ll just be a pain in the ass.
Matt Green has a really excellent post on why Bitcoin isn’t as anonymous as people think, and how to ‘fix’ that problem. If this is something that you’re interested in then his (very) detailed writeup (and link to his paper!) is worth the time and effort.
Categories
2013.4.13
Lawyers are trained in reading, understanding, interpreting and advising on laws and legal compliance programs, and defending their clients from litigants and regulators. Privacy laws, everywhere in the world, are vague, so they leave much room for legal interpretations. The lawyers’ skill set is becoming more and more central to the role of privacy leadership. Moreover, lawyers benefit from attorney-client privileged communications internally, which is becoming an absolutely essential mechanism for privacy lawyers to have deep, unfettered, unfiltered exchanges of information and advice with their clients.
Of course, non-legal disciplines will always play an essential role in safeguarding privacy at companies, e.g., the vital role played by security engineers. Privacy will always be a cross-disciplinary project. I’m not saying that the rise of the lawyer-privacy-leader is necessarily the best thing for “privacy”. Yet in the face of rampant litigation, discovery orders, vague laws, political debates, regulatory actions, threats of billion dollar fines, companies will be looking to their privacy lawyers for a lot more than drafting a privacy policy. It’s a great profession, if you like stretch goals.
Peter Fleischer, “Stretch Goals for Privacy Lawyers”
Cunningham writes that AeroFS,
If you want access to the best features of Dropbox or one of its many competitors—automated file syncing between computers, a way to automatically keep old versions of your synced files, etc.—but you don’t want to keep your stuff in someone else’s cloud, AeroFS is a promising service. It can provide file syncing for many clients using your own local server (or, for businesses, Amazon S3 storage that you have more direct control over).
These are the kinds of projects that are really interesting to see come to fruition. In British Columbia there is pretty intense law that largely precludes public institutions from storing BC residents’ information outside of the province. The law has created a lot of consternation, especially amongst educators, who believe they can’t use ‘next generation’ tools in their classrooms.
Solutions like AeroFS start to bridge that divide, insofar as more and more ‘cloud’ services can be localized within the province and, as a result, be used by teachers and their students. In effect, such products can satisfy users’ demands while also complying with provincial law. Everyone wins.
Categories
2013.4.11
CryptDB, a project out of MIT’s Computer Science and Artificial Intelligence Lab, (CSAIL) may be a solution for this problem. In theory, it would let you glean insights from your data without letting even your own personnel “see” that data at all, said Dr. Sam Madden, CSAIL director, on Friday.
“The goal is to run SQL on encrypted data, you don’t even allow your admin to decrypt any of that data and that’s important in cloud storage, Madden said at an SAP-sponsored event at Hack/reduce in Cambridge, Mass.
Barb Darrow, “You want to crunch top-secret data securely? CryptDB may be the app for that”
This is super interesting work that, if successful, could open a lot of sensitive data to mining. However, it needs to be extensively tested.
One thing that is baked into this product, however, is the assumption that large-scale data mining is good or appropriate. I’m not taking a position that it’s wrong, but note that there isn’t any discussion – that I can find – where journalists are thinking through whether such sensitive information should even be mined in the first place. We (seemingly) are foreclosing this basic and very important question and, in the process, eliding a whole series of important social and normative questions.
Google’s intrusion into the physical world means that, were its privacy policy to stay in place and cover self-driving cars and Google Glass, our internet searches might be linked to our driving routes, while our favourite cat videos might be linked to the actual cats we see in the streets. It also means that everything that Google already knows about us based on our search, email and calendar would enable it to serve us ads linked to the actual physical products and establishments we encounter via Google Glass.
For many this may be a very enticing future. We can have it, but we must also find a way to know – in great detail, not just in summary form – what happens to our data once we share it with Google, and to retain some control over what it can track and for how long.
It would also help if one could drive through the neighbourhood in one of Google’s autonomous vehicles without having to log into Google Plus, the company’s social network, or any other Google service.
The European regulators are not planning to thwart Google’s agenda or nip innovation in the bud. This is an unflattering portrayal that might benefit Google’s lobbying efforts but has no bearing in reality. Quite the opposite: it is only by taking full stock of the revolutionary nature of Google’s agenda that we can get the company to act more responsibly towards its users.
I think that it’s critically important to recognize just what the regulators are trying to establish: some kind of line in the sand, a line that identifies practices that move against the ethos and civil culture of particular nations. There isn’t anythingnecessarily wrong with this approach to governance. The EU’s approach suggests a deeper engagement with technology than some other nations, insofar as some regulators are questioning technical developments and potentialities on the basis of a legally-instantiated series of normative rights.
Winner, writing all the way back 1986 in his book The whale and the reactor: a search for limits in an age of high technology, recognized that frank discussions around technology and the socio-political norms embedded in it are critical to a functioning democracy. The decisions we make with regards to technical systems can have far-reaching consequences, insofar as (some) technologies become ‘necessary’ over time because of sunk costs, network effects, and their relative positioning compared to competing products. Critically, technologies aren’t neutral: they are shaped within a social framework that is crusted with power relationships. As a consequence, it behooves us to think about how technologies enable particular power relations and whether they are relates that we’re comfortable asserting anew, or reaffirming again.
(If you’re interested in reading some of Winner’s stuff, check out his essay, “Do Artifacts Have Politics.”)
Peter Fleischer has a good summary piece on the (miserable) state of online privacy policies today. As he writes:
Today, privacy policies are being written to try to do two contradictory things. Like most things in life, if you try to do two contradictory things at the same time, you end up doing neither well. Here’s the contradiction: should a privacy policy be a short, simple, readable notice that the average end-user could understand? Or should it be a long, detailed, legalistic disclosure document written for regulators? Since average users and expert regulators have different expectations about what should be disclosed, the privacy policies in use today largely disappoint both groups.
(…)
The time has come for a global reflection on what, exactly, a privacy policy should look like. Today, there is no consensus. I don’t just mean consensus amongst regulators and lawyers. My suggestion would be to start by doing some serious user-research, and actually ask Johnny and Jean and Johann.
I entirely, fully, wholeheartedly agree: most policies today are absolute garbage. I actually read a lot of them – and research on social media policies will be online and available soon! – and they are more often than not an elaborate act of obfuscation than something that explains, specifically and precisely, what a service does or is doing with the data that is collected.
The thing is, these policies don’t need to be as bad as they are. It really is possible to bridge ‘accessible’ and ‘legalese’ but doing so takes time, care, and effort.
And fewer lawyers.
As a good example of how this can be done check out how Tunnelbear has written their privacy policy: it’s reasonably accessible and lacks a lot of the ‘weasel phrases’ you’ll find in most privacy policies. Even better, read the company’s Terms of Service document; I cannot express how much ‘win’ is captured in their simultaneously legal and layperson disclosure of how and why their service functions as it does.
Excited Pixels 