ILI Student Blog

Author: HNissenbaum

  • Facebook passwords

    See Catherine Crump (ACLU and PRG member) quoted in this article about employers and prospective employers asking for access to Facebook accounts:
    http://www.cnn.com/2012/03/22/tech/social-media/facebook-password-employers/index.html

  • Twitter, FTC vs. Frostwire, CA and cell phones

    from Joe Lorenzo Hall

    Twitter starts wrapping all hyperlinks through t.co
    http://venturebeat.com/2011/10/10/twitter-url-wrapping/

    “Twitter has various reason for forcing all hyperlinks through t.co.
    It eliminates the security risk posed by third-party short link
    services (like Tinyurl and bit.ly) that don’t allow the company to
    screen for malicious links. But more importantly, t.co URL wrapping is
    central to Twitter’s new web traffic analytics service unveiled in
    September.”

    —-

    FTC vs. Frostwire (filed: 10/7/2011)

    http://www.ftc.gov/os/caselist/1123041/111011frostwirecmpt.pdf

    Interesting because as opposed to much of FTC action lately in this
    space, the violations not only include deceptive practices but *also*
    unfair practices, indicating that not only was Frostwire not
    forthcoming with how their filesharing application works, but also
    that they caused substantial harm to consumers (by default sharing
    private files — “pictures, videos, unprotected applications,
    documents, music and audio files, and ringtones.” — publicly, and
    making it difficult for users to do otherwise).

    —-

    CA Gov. vetos bill that would require warrant to search cell phones of arrestees
    http://www.wired.com/threatlevel/2011/10/warrantless-phone-searches/

  • Message from Verizon

    by Helen Nissenbaum

    Over the weekend, I received this message from Verizon. Naturally, it caused me great consternation though, for the life of me, I could not figure out what it really meant. Is this something worse than everyone else is doing. Note: since I have many ongoing relationships with Verizon, I would have liked to know which one it meant, but could not see this:

    Dear Valued Customer, en español

    Your privacy is an important priority at Verizon. We want to let you know that Verizon will soon participate in a program that will improve the ability of advertisers to reach our Verizon Online customers based on your physical address. The goal is to provide online ads that may be more relevant to you.

    This program uses your address to determine whether you reside in a local area an advertiser is trying to reach. However, Verizon won’t share your address with advertisers as part of this process. Advertisers won’t know it’s you specifically or where you actually live. If you do not want us to allow advertisers to send you ads based on your geographic area you can let us know by selecting here.

    What does this mean for you?

    Certain ads you’ll see while browsing the Internet may be directed to you and other Verizon Online customers in your area, so these ads may be of more interest to you. For example, a pizza chain may want to deliver their ad to give a special offer to people living in a particular area. Using this program, national brands and local businesses can tailor their offers, coupons, and incentives to your local area.

    Protection of Your Personal Information

    Verizon protects your personal information as described in our privacy policy. You can learn about Verizon’s ad practices or let us know that you do not want to participate by selecting here. If you don’t want to participate, you will need your User ID and Password to access the opt-out page. Please note that declining to participate won’t impact the number of ads you see, just their potential relevance to you.

    For answers to your frequently asked questions, select here.

    Sincerely,

    Verizon

  • Online Privacy NY Times Saturday Editorial

    http://www.nytimes.com/2011/03/19/opinion/19sat2.html

    The New York Times

    March 18, 2011
    A New Internet Privacy Law?

    Considering how much information we entrust to the Internet every
    day, it is hard to believe there is no general law to protect
    people’s privacy online. Companies harvest data about people as they
    surf the Net, assemble it into detailed profiles and sell it to
    advertisers or others without ever asking permission.

    So it is good to see a groundswell of support emerging for minimum
    standards of privacy, online and off. This week, the Obama
    administration called for legislation to protect consumers’ privacy.
    In the Senate, John Kerry is trying to draft a privacy bill of
    rights with the across-the-aisle support of John McCain.

    Microsoft, which runs one of the biggest Internet advertising
    networks, said it supports a broad-based privacy law. It has just
    introduced a version of its Explorer browser that allows surfers to
    block some tools advertisers use to track consumers’ activities
    online.

    It is crucial that lawmakers get this right. There is strong
    pressure from the advertising industry to water down rules aimed at
    limiting the data companies can collect and what they can do with
    it.

    Most oppose a sensible proposal by the Federal Trade Commission for
    a do-not-track option — likely embedded in Web browsers. They have
    proposed self-regulation instead, and we applaud their desire to do
    that, but the zeal to self-regulate tends to wane when it is not
    backed by government rules and enforcement.

    Senator Kerry has not yet proposed specific legislation, but he has
    laid out sound principles. Companies that track people’s activities
    online must obtain people’s consent first. They must specify what
    data they are collecting and how they will use it. They need
    consumers’ go-ahead to use data for any new purpose. They are
    responsible for the data’s integrity. And consumers should have the
    right to sever their relationship with data collectors and ask for
    their file to be deleted.

    But there are potential areas of concern. Senator Kerry so far has
    not called for a do-not-track option. He would allow companies to
    write their own privacy plans and submit them to the F.T.C. for
    approval.

    That would give companies flexibility to adapt their solutions as
    technology evolved, but it lacks the simplicity and universality of
    a do-not-track feature. It could yield a dizzying array of solutions
    that would confuse consumers about their rights and options and make
    it more difficult to enforce clear standards. Moreover, it would
    make it tougher for consumers to keep track of how their information
    is used and to whom it is sold.

    Advertising firms still argue that privacy protections could
    undermine the free Internet, depriving it of ad revenue by reducing
    advertisers’ ability to target consumers. This is overstated.
    Advertisers will still need to advertise. If many people opt out of
    behavioral targeting, the firms will find other ways to do it.

    Privacy protections are long overdue. We hope the swell of support
    will lead to significant legislation.

  • Data Protection @ CSLS University of Oxford

    At a recent conference on information ethics, organized by the Uehiro Center at Oxford University, I met David Erdos, who presented work on challenges confronting the EU approach to data protection. Really interesting, particularly for those who believe that the EU has all the answers on privacy protection. Here is some background on the project and its institutional home:

    DP@CSLS is a research strand within Oxford University’s Centre for Socio-Legal Studies which brings together scholars and practitioners interested in data protection, privacy and the regulation of information. The Centre hosts the three-year Data Protection and the Open Society (DPOS) project funded by the Leverhulme Trust. This project explores and seeks to help resolve the tension between data protection and the fundamental values of freedom of expression and information. Four overlapping sub-projects within DPOS look at data protection foundations, media and internet, research governance and transparency initiatives. Student projects on social networking sites and surveillance are also ongoing. These projects examine the relationship technology, privacy and copyright as well the interaction between data protection and general human rights law. In addition, DP@CSLS organizes seminars, study groups and other initiatives designed to promote dialogue on these emerging issues. Currently our events are focused on making a contribution to the debate surrounding the rewriting of the European Data Protection Directive. For further information please visit http://www.csls.ox.ac.uk/dataprotection and http://www.twitter.com/oxondataprotect. To get in touch with DP@CSLS please contact Dr. David Erdos at david[.]erdosATcsls[.]ox[.]ac[.]uk.

  • Washington Post on Domestic Spying

    A in-depth report Monday in the Washington Post describes the expanding apparatus of US domestic intelligence since the September 11th Terrorist Attacks, including fusion centers, the new Suspicious Activity Reporting Initiative and the FBI’s Guardian Database. The article is well worth reading, but it is missing a bit of legal context that is important to an understanding the government policy that is driving the change.

    US domestic intelligence is being expanded under the authority of the Intelligence Reform and Terrorism Prevention Act (IRTPA) of 2004. This was the first and most comprehensive legal response to the recommendations of the 9/11 Commission. It outlined a wholesale rewiring of the domestic intelligence apparatus and the establishment of an Information Sharing Environment (ISE). The nationwide suspicious activity reporting initiative (NSI), which journalists Dana Priest and William M Arkin mention briefly, is the primary focus of the ISE today. It includes its own federal data standard. The “See something say something” campaign which has been getting so much press recently is simply one facet of the NSI, the focus of which up until recently has been training local and state police to be intelligence agents. For a wide range of public documents that provide coverage of the NSI and ISE, see post-doc Kenneth Farrall’s isesar.us web site, developed with the support of NYU’s Department of Media, Culture and Communication and a grant from the Department of Defense.

  • Commerce Department Report

    On December 16, 2010, the U.S. Commerce Department released its report, Policy Framework for Protecting Consumer Privacy Online While Supporting Innovation. It will be interesting to compare and contrast.

  • Wall Street Journal contin.

    A new set of stories relating to Facebook and MySpace apps and identifiable information they share: Read about it here.