A persistent fear throughout all of the Internet’s operation is the Internet’s treatment of a person’s own privacy. We have a hard enough time defining the term, much less determining what role it should play in deciding the whos, whats, and hows of Internet governance. Nevertheless, the Internet’s present evolution indicates that unless we spend time contemplating the reinforcing privacy online it way succumb to the interests of profitability, online behavior regulation, cybersecurity, and law enforcement. Today’s class will set a framework for classifying privacy issues and explore how these issues play out in online spaces.
We have a granted a one week extension to the rough draft in light of last week's events. Please have those uploaded before class on April 30th.
- Hal Abelson, Ken Ledeen, and Harry Lewis, Blown to Bits (Chapter 2) (focus on pages 36-42: “Why We Lost Our Privacy, Or Gave it All Away”)
- Lawrence Lessig, Code 2.0 (Chapter 7) (read “Solutions” through “Rules to Enable Choice About Privacy”)
- Arvind Narayanan and Vitaly Shmatikov, Robust De-anonymization of Large Datasets (How to Break Anonymity of the Netflix Prize Dataset) (Arxiv)
Videos Watched in Class
Links from Adobe Connect Session
The Warren/Brandeis article on Privacy: http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html
An 1890s Kodak: http://www.kodaksefke.nl/4-folding-kodak.html
Congress recently passed a revision to the Video Privacy Protection Act: http://news.cnet.com/8301-1023_3-57563408-93/obama-signs-netflix-backed-amendment-to-video-privacy-law/
Text of the amendment to the Video Privacy Protection Act: http://www.govtrack.us/congress/bills/112/hr6671/text
Big Data: https://en.wikipedia.org/wiki/Big_Data
California OPPA: http://oag.ca.gov/privacy/COPPA
Article on Apple keeping Siri data for 2 years: http://blogs.computerworld.com/privacy/22084/apple-siri-spies-you-secretly-keeps-data-years-itbwcw
The cloud service that Amazon runs is called Amazon Web Services: http://en.wikipedia.org/wiki/Amazon_Web_Services
The exponential growth of computing was mentioned in Zittrain's reading as well and is shorthanded to "Moore's law" - https://en.wikipedia.org/wiki/Moore%27s_law
Metcalfe's law: http://en.wikipedia.org/wiki/Metcalfe's_law
The verizon data breach report: http://www.verizonenterprise.com/DBIR/2013/
Sony had a terrible breach in 2011: http://www.reuters.com/article/2011/04/26/us-sony-stoldendata-idUSTRE73P6WB20110426
Symantec/Ponemon Report on Breaches: http://www.symantec.com/about/news/release/article.jsp?prid=20120320_02
Fraley v Facebook: http://en.wikipedia.org/wiki/Fraley_v._Facebook,_Inc.
PCI data security standards: http://en.wikipedia.org/wiki/Payment_Card_Industry_Data_Security_Standard
Chronology of Data Breaches: http://www.privacyrights.org/data-breach
Mass. regulations on handling of data: http://www.mass.gov/ocabr/docs/idtheft/201cmr1700reg.pdf
Heartland cases are still kicking around: http://threatpost.com/heartland-data-breach-suit-back-dead-021313/
Stored Communications Act: http://en.wikipedia.org/wiki/Stored_Communications_Act
Google Buzz: http://en.wikipedia.org/wiki/Google_Buzz
EEOC sample settlement including language about no admission of wrongdoing: http://www.eeoc.gov/federal/adr/fsms-settlement.cfm
Sandra Cortesi: https://cyber.law.harvard.edu/people/scortesi
Youth and Media: http://youthandmedia.org/
Born Digital book: http://www.borndigitalbook.com/
Berkman Executive Director Urs Gasser: https://cyber.law.harvard.edu/people/ugasser
Former Berkman ED John Palfrey https://cyber.law.harvard.edu/people/jpalfrey
Some of their YaM's research with Pew is available here: https://cyber.law.harvard.edu/publications/2013/teens_and_technology
Pew's Teens and Internet study: http://www.pewinternet.org/Reports/2013/Teens-and-Tech.aspx
YaM video: http://www.youtube.com/watch?v=Ye3vZJmdqpM
Some of YaM's publications are here: http://youthandmedia.org/publications/papers/
YaM literature review on bullying in collaboration with the Born This Way Foundation: http://youthandmedia.org/projects/born-this-way-foundation-partnership/report-bullying-in-a-networked-era/
Daniel Solove concisely and accurately summarized the areas of consensus with regards to the definition of privacy when he stated that it encompasses, "(among other things) freedom of thought, control over one’s body, solitude in one’s home, control over personal information, freedom from surveillance, protection of one’s reputation, and protection from searches and interrogations." He also went on to point out that, “Privacy is a value so complex, so entangled in competing and contradictory dimensions, so engorged with various and distinct meanings, that I sometimes despair whether it can be usefully addressed at all.” These two statements probably best summarize where current thought on privacy is at this moment in world history. He goes on to emphasize how important privacy is, "Thus privacy is a fundamental right, essential for freedom, democracy, psychological well-being, individuality, and creativity. It is proclaimed inviolable but decried as detrimental, antisocial, and even pathological."
I see less problems with the actual definition of the core values which comprise privacy and more issues with drawing the borders of where privacy begins and ends. It can (more or less) be defined as the individual having his or her behavior, personal information and life protected from disclosure to anyone whom they wish to not share such information. One solution is to go back to the old paradigm of the good of the individual vs. the good of the collective. With this mindset, I believe there would be a constant shift towards the eroding away at individual privacy for the benefit of society, either real or perceived. Therefore, one must seek a minimal set of privacy rights which can either never be infringed upon, or can only be infringed upon after some sort of mechanism for "due process" has been put in place and followed and properly justified.
There are some who are criticizing police for their recent cordoning off and going house-to-house and searching for one of the suspects of the Boston Marathon bombings in Watertown Massachusetts. There are also those who believe, that while so many cameras in the city of Boston gave law enforcement an advantage in identifying the bombers, the sheer quantity of cameras allows the government too much power. I thought the crowd sourcing effort that the government used (posting pictures of who they strongly believed were involved in the bombing and then allowing the public to voluntarily come forward was an interesting and perhaps good example of a balance between privacy and security that can be struck in the future. With the popularity of social media such as Facebook and Twitter, such efforts have the potential to be very effective, although surely not without critics. Technology certainly makes the issue of privacy much more complicated. Data gathering via the internet, data mining tools and technologies, surveillance drones and public cameras all add further complications to the issue. CyberRalph 20:22, 21 April 2013 (EDT)
In my wiki post two weeks ago, on April 9th, I addressed issues surrounding online privacy. I noted that everything we do today is online, and as a result, we may all be hacked at some point in time. The assigned chapter this week by Abelson et al., Why We Lost Our Privacy, Or Gave It Away, further supports my claim with additional examples and relevant quotes.
"Technology creates opportunities and risks, and people, as individuals and as societies, decide how to live in the changed landscape of new possibilities [i.e., new technology]....We give away information about ourselves—voluntarily leave visible footprints of our daily lives—because we judge, perhaps without thinking about it very much, that the benefits outweigh the costs."
These two statements are equally relevant for this week’s discussion. A) Technology does indeed create opportunities and risks, and we as the users primarily see things from an opportunistic perspective—quite often, we don’t contemplate the risks. B) Based on our optimism and trust in the technological advancements that surround us, we give our personal information away continuously. Why? Because the benefits outweigh the costs: we need to pay our bills online, manage our finances online, purchase products online, sign-up for services online, and the list goes on. In some circumstances—when one is hacked, for example—the costs trump the benefits; yet, we remain optimistic overall, not because we necessarily want to, but because we need to.
Privacy today impacts all walks of life. RFID technologies, credit cards, supermarket loyalty programs, and beyond, capture personal data for countless reasons. As the consumers, we not only let this happen, but we don’t have a choice, unless we choose to live in a remote reality. Abelson et al. further states that, "we give up data about ourselves because we don’t have the time, patience, or single-mindedness about privacy that would be required to live our daily lives in another way." Privacy norms will inevitably continue to evolve in-line with technological advancements, and we as the ultimate users must therefore adapt accordingly.
The final quote worth highlighting comes from Zittrain’s article: "It is no wonder that people have come to distrust computer-based record-keeping operations. Even in non-governmental settings, an individual’s control over the personal information that he gives to an organization, or that an organization obtains about him, is lessening as the relationship between the giver and receiver of personal data grows more attenuated, impersonal, and diffused....Often [an individual] may not see [a record about him/her], much less contest its accuracy, control its dissemination, or challenge its use by others" (Report from the Blue-Ribbon Panel to the U.S. Secretary of Health, Education, and Welfare on computers and privacy).
I like this quote because it foreshadows today’s reality, from 40 years ago. Will this same reality be consistent 40 years from now? Will privacy take on new meanings as hacking becomes more prevalent? Will new industries emerge to protect online communications? How will we, as users, continue to adapt to ensure our own privacy across diverse online frontiers?
I look forward to hearing your insights! Zak Paster 09:48, 23 April 2013 (EDT)
I enjoyed our readings for today’s class in regards to the Internet privacy. With information systems, in my view privacy deals with the collection of misuse of data and information within the cyber arena. More and more information of users is being collected, stored, used, and shared among ample organizations. Who owns this information and knowledge? And what is the limit of the privacy? In my view, privacy is a status wherein an individual can work on his/her information in seclusion, resulting in a selective revelation of one's identity, which can mean anonymity in case a person wants to remain unidentified. Privacy can also be related to the security aspect of an individual or information. While using the Internet, it mainly comprises the use of social networking sites, email facilities and the browse of various other websites. Internet privacy comes on the scene when it comes to website users giving out their personal details on the Internet. For certain websites, which facilitate online shopping, the users are made to input their credit card numbers, the privacy security is limited as the card numbers are being stolen and/or forwarded to the 3rd parties. In case of emailing sites, there are issues about whether third parties should be allowed to store or read emails without informed consent. Whether or not, the third parties should be permitted to track user’s information, which is viewed as another major privacy concern. The other important Internet privacy issue in my view is whether the sites that gather personally identifiable information from the users should store or share it. user777 12:09, 23 April 2013 (EDT)
Reflecting upon this week's readings, the discussion on privacy seems so much bigger than a question of laws and regulations. It fully encompasses the ethics and morals of individuals and of their cultures. The current privacy situation forces a person to constantly be ready to defend their reputation. It seems to hold human behavior to a higher standard, which might not be bad. Privacy while participating in online activity seems more like part of "playing the game", however when it comes to secret surveillance or someone else taking photographic images or videos of me and disseminating those images without my consent is another story. It is like living in a glass house or a fish bowl. We've all had bad days and made mistakes, but we do not desire for those to be captured and forever worn like a scarlet letter. This is of particular concern to me, as children are growing and hopefully learning from their mistakes, not permanently labeled for them. Zittrain's chapter brought many additional thoughts to mind such as his example about "good" customers and "bad" customers in a home improvement store. This type of behavior on the part of businesses could perpetuate economic discrimination.
Striking a balance between government control and individual/ non-state actor control is important. Technological advancements often come laden with unintended consequences but that is part of innovation and progress. As the debate and discussion continue, acceptable solutions will emerge. Question: Does COPPA or another law cover anything about photos or videos being taken of minor children (clothed, not pornographic) and disseminated online without parental consent? --Dear Alice 12:20, 23 April 2013 (EDT)
I'm very interested in two points Dear Alice makes above, the first, that the question of privacy seems much bigger than a question of laws and regulations. I'd just expand this to say that perhaps much or all of what we've discussed this semester depends so much on what view we take of what government is for, how big it should be, and (something we haven't really discussed) how this enforcement will occur and who will pay for it.
The other point Dear Alice makes that I find compelling is that we all have said and done things, which, upon reflection, we'd prefer we hadn't. None of us would like to wear a list of these things on a sign around our neck, nor have them attached to our name when someone looks up our resume, or listing on a social network. Much has been made of the privilege the rich and politically connected have, just in their ability to keep their behavior behind closed doors. Now that these areas of privacy are becoming fewer and fewer, will this further equalize society or further expand the privileges of those that can afford to socialize and work in areas that remain free from cameras or other public oversight?
Finally, we've been using the words discipline and punish in our discussions, at times, perhaps loosely, when what our intentions are perhaps to prevent or discourage behavior, or even encourage alternate behaviors. I wonder if we've spent enough time thinking about whether discipline and punishment actually deter the behaviors many of us have been discussing. Or if we've thought through the implications of a society so quick to jump to discipline and punishment, when prevention and discouragement might be more desirable.
As a footnote to this discussion, there is a Wall Street Journal article which discusses an attempt to count the number of federal criminal laws, and an article on the Library of Congress's website that discusses the WSJ article and expands upon it. blogs.loc.gov/law/2013/03/frequent-reference-question-how-many-federal-laws-are-there/ online.wsj.com/article/SB10001424052702304319804576389601079728920.html
I've pasted the second to last paragraph from the Library of Congress website article here:
"In an example of a failed attempt to tally up the number of laws on a specific subject area, in 1982 the Justice Department tried to determine the total number of criminal laws. In a project that lasted two years, the Department compiled a list of approximately 3,000 criminal offenses. This effort, headed by Ronald Gainer, a Justice Department official, is considered the most exhaustive attempt to count the number of federal criminal laws. In a Wall Street Journal article about this project, “this effort came as part of a long and ultimately failed campaign to persuade Congress to revise the criminal code, which by the 1980s was scattered among 50 titles and 23,000 pages of federal law.” Or as Mr. Gainer characterized this fruitless project: “[y]ou will have died and [been] resurrected three times,” and still not have an answer to this question."
Here is the final paragraph of the WSJ article:
"There is no one in the United States over the age of 18 who cannot be indicted for some federal crime," said John Baker, a retired Louisiana State University law professor who has also tried counting the number of new federal crimes created in recent years. "That is not an exaggeration."
And here is James Madison, from The Federalist Papers, The Senate (#62):
"It will be of little avail to the people, that the laws are made by men of their own choice, if the laws be so voluminous that they cannot be read, or so incoherent that they cannot be understood; if they be repealed or revised before they are promulgated, or undergo such incessant changes that no man, who knows what the law is to-day, can guess what it will be to-morrow. Law is defined to be a rule of action; but how can that be a rule, which is little known, and less fixed?"
Raven 16:16, 23 April 2013 (EDT)
Are all telephone calls recorded and accessible to the US government? A former FBI counterterrorism agent claims on CNN that this is the case www.guardian.co.uk/commentisfree/2013/may/04/telephone-calls-recorded-fbi-boston May 4th, 2013 Raven 17:47, 5 May 2013 (EDT)
Privacy is a difficult topic to get legal and moral arms around. Reading the different perspectives for this week, it becomes clear that there aren't any real clear guidelines on how to approach this difficult topic. Protected by a constitutionality? Yes... enforced thoroughly? No.
I pulled up to my drive through bank machine yesterday. The three cameras there recorded my licence plate, a wide angle of my car and my face (finally noticed the small camera next to the key pad.) Was all that really necessary for me to pull 100 dollars? With the readings in mind, I started reviewing how many times I am photographed and cataloged in some obscure (to me) database. Yesterday alone was over 50 (that I know of) and I do not frequent high profile areas. I have no secret clearance or celebrity profile that could possible make these numbers justified yet in a normal course of events during my day I was like an animal that had been tagged with an ear chip for migration observation.
In the Jonathan Zittrain piece, I found the following excerpt to incapsulate the true issues of today. ...."Nowadays an individual must increasingly give information about himself to large and relatively faceless institutions, for handling and use by strangers—unknown, unseen and, all too frequently..." How do we as a society protect against that information being used in a way that we would never think of?.
Another example....here is an article on how software analyzing all the CCTV cameras will be able to alert authorities to behaviour ... http://blogs.scientificamerican.com/observations/2013/04/18/httpblogs-scientificamerican-comobservationswp-adminpost-new-phppost_typepost/?WT_mc_id=SA_CAT_TECH_20130423
Caroline 15:43, 23 April 2013 (EDT)Caroline
Instead of commenting on a specific article today, I thought I would give a big old mea culpa. I am probably the raison d'etre that people should take more care of their privacy settings on facebook. In addition to being a personal injury lawyer, I also run a quite a few insurance defence files that run the gamut from wrongful death to BS whiplash type claims. A MAJOR aspect of a successful defence among most young lawyers in this field of work is to do a full work-up of the plaintiff's lawsuit on the internet. This includes searching, facebook, myspace, twitter, linkedin, and general google searches etc. People think that just because they have their facebook set to private people like me will not be able to access their records. Unfortunately they are quite wrong. Many people have their settings set to share with others in the Network or their friends and open their profile that way. Alternatively, the vast majority of people list their friends for everyone to see. While I won't actually become their false friends to search their profile, if the case is serious enough, I will find meticulously search through their family members profiles (listed in their friends list) and collect all sorts of photos and comments that the plaintiff doesn't think I can get. Alternatively, if I can't get any serious information that way I will bring a motion to the court forcing them to disclose all portions of their facebook photos except their private messages. This motion will almost certainly succeed in Ontario. The moral of the story is that what you post on facebook and online is not private if someone is determined enough to get it. Many plaintiffs have lost tens of thousands if not hundreds of thousands because they had a false sense of security in their online privacy. Joshywonder 17:06, 23 April 2013 (EDT)