Tag: Privacy

Categories
Writing

Why I’m quitting Facebook

I left Facebook a long time ago, before many of the current realities of that ecosystem. Rushkoff didn’t leave for the same reasons I did (which stemmed from philosophical conceptions of temporality, time, and privacy) but his reasons echo those I keep hearing from undergrads. It isn’t just that Facebook isn’t ‘cool’; they’re spending less time on the site because the company is increasingly seen as manipulative, secretive, and portrays users in ways antithetical to how the users perceive themselves.

What is perhaps most concerning is what will happen to all the data the company has amassed if/when it implodes like MySpace did. What if, in five or seven years, Facebook effectively closes shop: who will get the mass of data that the company has collected, and how will they subsequently disseminate or manipulate it? It’s this broader concern about long-term use of incredibly intimate data that leaves me most leery of corporate-hosted social media platforms, and it’s an issue that I really don’t think people appreciate. But, then, I guess not a lot of people really remember the dot com crash…

Categories
Quotations

2013.2.21

The 27 regulators, led by France’s CNIL, gave Google three to four months to make changes to its privacy policy — or face “more contentious” action. In a statement on its website today, the CNIL said that four months on from that report Google has failed “to come into compliance” so will now face additional action.

“On 18 February, the European authorities find that Google does not give a precise answer and operational recommendations. Under these circumstances, they are determined to act and pursue their investigations,” the CNIL said in its statement (translated from French with Google Translate).

According to the statement, the European regulators intend to set up a working group, led by CNIL, to “coordinate their enforcement action” against Google — with the working group due to be established before the summer. An action plan for tackling the issue was drawn up at a meeting of the regulators late last month, and will be “submitted for validation” later this month, they added.

Natasha Lomas, “Google’s Consolidated Privacy Policy Draws Fresh Fire In Europe
Categories
Aside Links

What Canadian Political Parties Know About You

Colin J. Bennett, writing in Policy Options, explains how Canadian political parties collect and use voters’ personal information. It’s a quick, and valuable, read; highly recommended.

Categories
Links Writing

Facebook: Yes, it can get more invasive

Grace Nasri has a good – if worrying – story that walks through how Facebook could soon use geolocational information to advance its digital platform. One item that she focuses on is Facebook’s existing terms of service, which are vague enough to permit the harvesting of such information already. As much as it’s non-scientific I think that the company’s focus on knowing where its users are is really, really creepy.

I left Facebook after seeing they’d added phone numbers to my Facebook contacts for people who’d never been on Facebook, who didn’t own computers, and for who I didn’t even have the phone numbers. Seeing that Facebook had the landline numbers for my 80+ year old grandparents was the straw that broke my back several years ago; I wonder if this degree of tracking will encourage other Facebook users to flee.

Categories
Writing

Policy Matters Too

Nadim Kobeissi recently wrote about Do Not Track, and effectively restated the engineering-based reasons why the proposed standard will fail. The standard, generally, would let users set their web browser to ask websites not to deposit tracking cookies on their computers. Specifically, Nadim wrote:

Do Not Track is not only ineffective: it’s dangerous, both to the users it lulls into a false belief of privacy, and towards the implementation of proper privacy engineering practice. Privacy isn’t achieved by asking those who have the power to violate your privacy to politely not do so — and thus sacrifice advertising revenue — it’s achieved by implementing client-side preventative measures. For browsers, these are available in examples such as EFF’s HTTPS Everywhere, Abine’s DoNotTrackMe, AdBlock, and so on. Those are proper measures from an engineering perspective, since they attempt to guard your privacy whether the website you’re visiting likes it or not.

He is writing as an engineer and, from that perspective, he’s not wrong. Unfortunately, as an engineer he’s entirely missing the broader implications of DNT: specifically, it lets users proactively inform a site that they do not give consent to being tracked. This proactive declaration can suddenly activate a whole host of privacy protections that are established under law; individuals don’t necessarily have to have their declarations respected for them to be legally actionable.

Now, will most users have any clue if their positions are being upheld? No, of course not. This is generally true of any number of laws. However, advocates, activists, academic researchers, and lawyers smelling class-action lawsuits will monitor to see if websites are intentionally dismissing users’ choice to refuse being tracked. As successful regulatory/legal challenges are mounted website owners will have to engage in a rational calculus: is the intelligence or monies gained from tracking worth the potential regulatory or legal risk? If initial punishments are high enough then major players may decide that it is economically rational to abide by DNT headers, whereas smaller sites (perhaps with less to lose/less knowledge of DNT) may continue to track regardless of what a browser declares to the web server. If we’re lucky, these large players will include analytics engine providers as well as advertiser networks.

Now, does this mean that DNT will necessarily succeed? No, not at all. The process is absolutely mired in confusion and problems – advertisers are trying to water down what DNT ‘means’, and some browser manufacturers are making things harder by trying to be ‘pro-privacy’ and designing DNT as a default setting for their browsers. Moreover, past efforts to technically demonstrate users’ privacy have failed (e.g. P3P), and chances are good that DNT will fail as well. However, simply because there are technical weaknesses associated with the standard does not mean that the protocol, more broadly, will fail: what is coded into standards can facilitate subsequent legal and regulatory defences of users’ privacy, and these defences may significantly improve users’ privacy online.

Categories
Aside

StopSpying.ca Timeline

StopSpying.ca Timeline

Categories
Aside

Slashdotted!

It’s always nice to see my writing highlighted amongst my peers 🙂

Categories
Writing

Attention shoppers: Retailers can now track you across the mall

While the technology that the IT World article discusses isn’t terribly novel – I was given a paper conducted by grad students on this topic a few years ago, and they had a working prototype of similar systems – I find it incredibly worrying that ambient information that smartphones expel is being used for purposes in excess of why the information is transmitted in the first place. We don’t live in a (Western) world where lacking a cell phone is common; for many people a mobile phone is critical to their business or livelihood. Indeed, when you go to other areas of the world where mobile penetration is even higher because of exorbitant costs associated with laying down fibre, mobiles are even more important on a daily basis.

As such, and any suggestion like “if you don’t want to be tracked, don’t own a phone” misses the point around privacy concerns related to mobile phone tracking. In effect, it shouldn’t be up to the individual to unilaterally defend themselves from further expansions of private surveillance capabilities. Instead, those capabilities should be limited by law, by regulation, and by a minimalistic sense of ethics. Tracking where people are walking, and giving them an option to opt-out of tracking by visiting a website they’ve never heard of and digging into its depths is not a sufficient way to ‘empower’ individuals.

Categories
Links Writing

Lawful Access is Dead, Long Live Lawful Intercept!

So, the takeaway from this post is that Industry Canada’s proposed modifications significantly expand the volume and types of communications that ISPs must be able to intercept and preserve. Further, the Department is considering expanding interception requirements across all wireless spectrum holders; it needn’t just affect the LTE spectrum. We also know that Public Safety is modifying how ISPs have to preserve information related to geolocational, communications content, or transmission data. Together, these Departments’ actions are expanding government surveillance capacities in the absence of the lawful access legislation.

Industry Canada’s and Public Safety’s changes to how communications are intercepted should be put on hold until the government can convince Canadians about the need for these powers, and pass legislation authorizing the expansion of government surveillance. Decisions that are made surrounding interception capabilities are not easily reversed because once the technology is in place it is challenging to remove; as such, the government’s proposed modifications to intercept capabilities should be democratically legitimated before they are instantiated in practice.

Categories
Links Writing

EU citizen warned not to use US cloud services over spying fears

shonelikethesun:

What the title says, basically. I had missed this.

The warning should be heard by non-EU citizen too, with the Cloud, privacy is fucking dead. And what’s sadder is that 90% of people simply don’t care.
Unless it makes more probable for your significant other to see your transsexual porn browser history…

The EU Report is well worth a full read (available here in .pdf). Things to keep in mind that aren’t all that being well discussed:

  • you know about this report – media is covering it – because of the tireless efforts of Caspar Bowden, one of the authors and a noted global privacy advocate. It was out for months before it hit the media.
  • everyone is focused on US intelligence (good) but missing the significance of the FISAAA amendments: it’s not just that you can be spied on. It’s that the spying does not have to happen for national security reasons. No, it’s sufficient to conduct surveillance for political (read: espionage) reasons.
  • a huge aspect of the report – which isn’t touched on, even in the European media that much – is its call for the European Parliament to given EUROPOL and ENISA a direct mandate.

The second point is particularly important for non-Europeans. While it’s a lesser spoken about part of the intelligence world, spooks are routinely engaged in industrial espionage on the grounds that such acts assist the nation-state’s finances. This can include the theft of foreign corporations’ information, or (in extreme cases) the deletion of the same information. It seems that FISAAA’s amendments would only permit the former, and not the latter. However, as a result of these amendments corporations should be more wary of outsourcing their document storage to US-based cloud services, content creation to US hosts and online services, or communications systems to (you guessed it!) American firms. Placing such data in the hands of the Americans is rife with potential economic harms and, no matter how much you like Dropbox, Google, or other cloud provider, they’re all likely to turn on you if the NSA comes knocking.

Source: EU citizen warned not to use US cloud services over spying fears