Online Privacy

Online Privacy and the Invisible Market for Our Data.

Abstract: Consumers constantly enter into blind bargains online. We trade our personal information for free websites and apps, without knowing exactly what will be done with our data. There is nominally a notice and choice regime in place via lengthy privacy policies. However, virtually no one reads them. In this ill-informed environment, companies can gather and exploit as much data as technologically possible, with very few legal boundaries. The consequences for consumers are often far-removed from their actions, or entirely invisible to them. Americans deserve a rigorous notice and choice regime. Such a regime would allow consumers to make informed decisions and regain some measure of control over their personal information. This article explores the problems with the current marketplace for our digital data, and explains how we can make a robust notice and choice regime work for consumers.

From Notice and Consent - Schneier on Security You can read the Paper Here.

IFLA issues Statement on Right to be Forgotten

IFLA urges library professionals to participate in policy discussions about the right to be forgotten, while both supporting the right to privacy for individual citizens and assisting individuals in their searches for information.  To this effect, library professionals should:

Raise awareness among policy makers to ensure that the right to be forgotten does not apply where retaining links in search engine results is necessary for historical, statistical and research purposes; for reasons of public interest; or for the exercise of the right of freedom of expression.

From IFLA issues Statement on Right to be Forgotten

Don't Panic Making Progress On The "Going Dark" Debate

We’re not being asked to choose between security and privacy. We’re being asked to choose between less security and more security.

This trade-off isn’t new. In the mid-1990s, cryptographers argued that escrowing encryption keys with central authorities would weaken security. In 2011, cybersecurity researcher Susan Landau published her excellent book Surveillance or Security?, which deftly parsed the details of this trade-off and concluded that security is far more important. Ubiquitous encryption protects us much more from bulk surveillance than from targeted surveillance. For a variety of technical reasons, computer security is extraordinarily weak.

If a sufficiently skilled, funded, and motivated attacker wants in to your computer, they’re in. If they’re not, it’s because you’re not high enough on their priority list to bother with. Widespread encryption forces the listener – whether a foreign government, criminal, or terrorist – to target. And this hurts repressive governments much more than it hurts terrorists and criminals.

From Don't Panic Making Progress On The "Going Dark" Debate [PDF]

Georgia Tech Discovers How Mobile Ads Leak Personal Data

Researchers found that 73 percent of ad impressions for 92 percent of users are correctly aligned with their demographic profiles. Researchers also found that, based on ads shown, a mobile app developer could learn a user’s:

gender with 75 percent accuracy,
parental status with 66 percent accuracy,
age group with 54 percent accuracy, and
could also predict income, political affiliation, marital status, with higher accuracy than random guesses.

From Georgia Tech Discovers How Mobile Ads Leak Personal Data

LIBRARIES NEED TO PRIORITIZE PATRON PRIVACY & SECURITY IN A DIGITAL WORLD

Over the past few months, we have been approached by groups leading a charge to recognize patron security and privacy as an important part of library purchasing responsibility. The facts are that many of the platforms licensed by libraries today do not prioritize and sometimes neglect basic steps to ensure libraries can protect patron security and privacy. The reason is simple: Libraries do not demand it.

From LIBRARIES NEED TO PRIORITIZE PATRON PRIVACY & SECURITY IN A DIGITAL WORLD — Medium

Congress Starts to Get Serious About Online Privacy

Congress could soon vote on a bill that would require law enforcement agencies to get a search warrant from a judge to obtain emails, photographs and other documents Americans have stored online. This important legislation would update the law to reflect how people use the Internet today.

Under the Electronic Communications Privacy Act of 1986, government agents need a warrant if they want access to email stored on the servers of companies like Google and Yahoo, but only if the messages are less than 180 days old. For older messages and other digital files, law enforcement officials can issue subpoenas to technology companies without going to a judge.

From Congress Starts to Get Serious About Online Privacy - The New York Times

How Big a Problem Is It for Google and Facebook That Consumers Don’t Trust Them?

People don't trust them.
According to a survey just released by consultancy Prophet, neither Facebook nor Google is among the top 10 most relevant brands as ranked by consumers. Nor are they in the top 50. In fact, Facebook barely made the top 100. That's not because consumers don't find these platforms useful or even inspirational—they do. But when it comes to faith and confidence in what happens to people's personal information, everything falls apart.
"These platforms are so enjoyable—Facebook is in the top 20 to 30 brands in making people happy, and it meets an important need," said Jesse Purewal, associate partner at Prophet. "But being able to depend on it? It's not a brand people trust."

From How Big a Problem Is It for Google and Facebook That Consumers Don’t Trust Them? | Adweek

The state of privacy in America | Pew Research Center

After the June 2013 leaks by government contractor Edward Snowden about National Security Agency surveillance of Americans’ online and phone communications, Pew Research Center began an in-depth exploration of people’s views and behaviors related to privacy. Our recent report about how Americans think about privacy and sharing personal information was a capstone of this two-and-a-half-year effort that examined how people viewed not only government surveillance but also commercial transactions involving the capture of personal information.

Here are some of the key findings that emerged from this work:

From The state of privacy in America | Pew Research Center

NISO Releases a Set of Principles to Address Privacy of User Data in Library, Content-Provider, and Software-Supplier Systems

The National Information Standards Organization (NISO) has published a set of consensus principles for the library, content-provider and software-provider communities to address privacy issues related to the use of library and library-related systems.  This set of principles developed over the past 8 months focus on balancing the expectations library users have regarding their intellectual freedoms and their privacy with the operational needs of systems providers. 
 
The NISO Privacy Principles, available at http://www.niso.org/topics/tl/patron_privacy/, set forth a core set of guidelines by which libraries, systems providers and publishers can foster respect for patron privacy throughout their operations.  The Principles outline at a high level basic concepts and areas which need to be addressed to support a greater understanding for and respect of privacy-related concerns in systems development, deployment, and user interactions.  The twelve principles covered in the document address the following topics: Shared Privacy Responsibilities; Transparency and Facilitating Privacy Awareness; Security; Data Collection and Use; Anonymization; Options and Informed Consent; Sharing Data with Others; Notification of Privacy Policies and Practices; Supporting Anonymous Use; Access to One’s Own User Data; Continuous Improvement and Accountability.
 
The Preamble of the Principles notes that, "Certain personal data are often required in order for digital systems to deliver information, particularly subscribed content. Additionally, user activity data can provide useful insights on how to improve collections and services. However, the gathering, storage, and use of these data must respect the trust users place in libraries and their partners. There are ways to address these operational needs while also respecting the user’s rights and expectations of privacy."
 
"Working collaboratively through a set of open meetings and discussion forums, a team of librarians, publishers and systems providers crafted these principles,” said Todd Carpenter, NISO's Executive Director.  “This fact distinguishes this effort from other privacy-related efforts in our community.  By working together to deeply grasp the foundational nature of respect for patron privacy among suppliers as well as to understand the operational needs and product development process among the library community, the team was able to come to a nuanced understanding of the related issues.  This joint effort allowed for the creation of a balanced set of principles, which achieve the common goal of providing the best possible user experience built from its core with respect for privacy.”
 
Organizations and individuals are encouraged to provide public comments on the NISO Privacy Principles, as well as register their support for the principles, on the NISO website.  Additional work in the coming year is envisioned to make these high-level principles operational for publishers, content-providers and software suppliers.
 

Everything you need to know about encryption: Hint, you’re already using it.

In a televised address on Sunday, President Obama even alluded to the issue, saying he "will urge high-tech and law enforcement leaders to make it harder for terrorists to use technology to escape from justice." And now, the chairman of the House Homeland Security Committee is calling for a commission on encryption and security threats.

So let's take a step back and talk about this technology and why it's in the spotlight.

From Everything you need to know about encryption: Hint, you’re already using it. - The Washington Post

Pages

Subscribe to Online Privacy