Privacy Part 1: Corporate Data Gathering

From Technologies and Politics of Control
Jump to navigation Jump to search

Syllabus


April 1

A persistent fear throughout all of the Internet’s operation is the Internet’s treatment of a person’s own privacy. We have a hard time defining the term, much less determining what role it should play in deciding the whos, whats, and hows of Internet governance. Nevertheless, the Internet’s present evolution indicates that unless we spend time contemplating the reinforcing privacy online, our interests may fall to the interests of profitability, online behavior regulation, and cybersecurity.

Over the next two weeks we'll look at privacy, beginning with general concepts of privacy, how data is measured and gathered on the web, and some specific legal responses to privacy concerns. Next week we'll build on these concepts with an eye toward government surveillance and law enforcement.

Our own David O'Brien will be leading the class discussion this week.

Assignments

The deadline for Assignment 3 moved from March 25th to today, April 1st. Please upload your assignment prior to class today.


Readings

Conceptualizing privacy
Privacy and data
Corporate data practices

Optional Readings


Videos Watched in Class

Links

Robert Post: https://en.wikipedia.org/wiki/Robert_Post_%28law_professor%29

Alan Westin: https://en.wikipedia.org/wiki/Alan_Westin

Solove's Nothing to Hide: http://www.amazon.com/Nothing-Hide-Tradeoff-between-Security/dp/0300172338/ref=sr_1_3?ie=UTF8&qid=1396388362&sr=8-3&keywords=nothing+to+hide

The Third Amendment: https://en.wikipedia.org/wiki/Third_Amendment_to_the_United_States_Constitution

Fourth Amendment: https://en.wikipedia.org/wiki/Fourth_Amendment_to_the_United_States_Constitution

Only Third Amendmnet case: https://en.wikipedia.org/wiki/Engblom_v._Carey

Samuel Warren: https://en.wikipedia.org/wiki/Samuel_D._Warren

Louis Brandeis: https://en.wikipedia.org/wiki/Louis_Brandeis

Right to Privacy Article: http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/Privacy_brand_warr2.html

Olmstead v. United States: http://en.wikipedia.org/wiki/Olmstead_v._United_States

article about FBI wiretapping of MLK jr: http://www.theatlantic.com/magazine/archive/2002/07/the-fbi-and-martin-luther-king/302537/

NGram Viewer: https://books.google.com/ngrams

William Prosser: https://en.wikipedia.org/wiki/William_Prosser

Griswold: https://en.wikipedia.org/wiki/Griswold_v._connecticut

Roe v. Wade: https://en.wikipedia.org/wiki/Roe_v._wade

Whalen v. Roe: https://en.wikipedia.org/wiki/Whalen_v._Roe

Katz v United States: http://en.wikipedia.org/wiki/Katz_v._United_States

US v Miller: http://en.wikipedia.org/wiki/United_States_v._Miller

Arthur Miller's the Assualt on Privacy, from 1971: http://www.amazon.com/The-Assault-Privacy-Arthur-Miller/dp/0451612841

More on FERPA in this report by Berkman's Cyberlaw Clinic: https://cyber.law.harvard.edu/publications/2013/privacy_and_childrens_data

The OECD guidelines: http://www.oecd.org/internet/ieconomy/oecdguidelinesontheprotectionofprivacyandtransborderflowsofpersonaldata.htm

Robert Bork: http://en.wikipedia.org/wiki/Robert_Bork

ECPA: http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

XKCD Comic: https://xkcd.com/1269/

commercial internet traffic wasnt legal until the 90s: http://en.wikipedia.org/wiki/History_of_the_Internet#Opening_the_network_to_commerce

HTTP cookie: http://en.wikipedia.org/wiki/HTTP_cookie

flash cookies: http://en.wikipedia.org/wiki/Local_shared_object

old browser simulator: http://www.dejavu.org/emulator.htm

A bit ont he history of the term "cloud": http://en.wikipedia.org/wiki/Cloud_computing#Origin_of_the_term

Microsoft was caught reading hotmail e-mails of people they thought were stealing: http://www.informationweek.com/software/productivity-collaboration-apps/microsoft-clarifies-email-snooping-policy/d/d-id/1141596

dropbox searches your data for copyrighted content: http://arstechnica.com/tech-policy/2014/03/dropbox-clarifies-its-policy-on-reviewing-shared-files-for-dmca-issues/

David's paper on Cloud Computing with our Executive Director, Urs Gasser: http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2410270

Paopticlick: https://panopticlick.eff.org

Web beacon: http://en.wikipedia.org/wiki/Web_bug

Deep packet inspection: http://en.wikipedia.org/wiki/Deep_packet_inspection

FTC Section 5: http://itlaw.wikia.com/wiki/Section_5_of_the_FTC_Act

ToS Help: http://tosdr.org

Latanya Sweeney was named FTC technologist in residence just a few months ago: http://www.iq.harvard.edu/news/latanya-sweeney-appointed-ftc

Ashkan Soltani has been helping break snowden stories for the Washington Post: http://www.washingtonpost.com/world/national-security/nsa-surveillance-program-reaches-into-the-past-to-retrieve-replay-phone-calls/2014/03/18/226d2646-ade9-11e3-a49e-76adc9210f19_story.html

Try Lightbeam if you want to see who is tracking you: https://www.mozilla.org/en-US/lightbeam/

If you want some more (denser) reading about a harvard project that looks at privacy issues and reidentification, there's some interesting stuff here: http://privacytools.seas.harvard.edu

Class Discussion

Please remember to sign your postings by adding four tildes (~~~~) to the end of your contribution. This will automatically add your username and the date/time of your post, like so: Andy 15:12, 7 November 2013 (EST)

Chris Anderson’s article brings up how technology enables research to move away from samples and sample sizes can now equal entire populations (n=all). However, I believe context still and must always matter. Yes we can “view the data mathematically first and establish a context it for later”, but I believe that to avoid data from dehumanizing phenomena and to more specifically to avoid privacy breaches it is best to never lose sight of the context.

Luciagamboaso 16:36, 1 April 2014 (EDT)

This week's readings on privacy have been really thought provoking. Whether we have a 'right' to internet privacy is a tough subject to ponder, as we have no obligation to use the internet, thus making our use subject to a company's terms, yet there are also a number of other factors to consider. Some of the biggest concerns are that the "data collection" isn't merely studied but disseminated, and also that that collection doesn't end at internet usage. It infiltrates every aspect of our lives, with surveillance footage being taken unbeknownst to those being viewed. I'm not sure if it was in this class or in another discussion, but supposedly we're not far away from a kind of optical monitoring whereby stores can track what a shopper looks at most intently to cater advertising to them specifically. Where does this invasion of privacy end?

Adding to the links above, I found this article linked in one of the above articles. It's very informative and interesting.

http://query.nytimes.com/gst/fullpage.html?res=9E0CE3DD1F3FF93AA3575BC0A9609C8B63

Sidebar- loved the article by Veldt on LinkedIn... I, too, have always wondered HOW they can suggest people who I know in real life but with whom I haven't had any connection with via social networks or even e-mail.

Castille 16:33, 29 March 2014 (EDT)

Great questions on privacy, Castille, just to piggy-back on what you've brought up….
Data gathering will become more intrusive, especially as we advance technologically. This will impede on personal privacy to a point where it becomes a major issue. For example, Google glasses will open many avenues for companies to gather personal data.
But where do ethics come in?
Companies don't have moral ethics if it means they can convert personal data into potential profits. It may already be too late to legislate laws and then how do we enforce them? Its actually quite alarming how much personal information is available digitally and more to come as new devices (such as wearables) make it easier for companies (and other individuals) to exploit. Marissa1989 02:09, 31 March 2014 (EDT)
I agree, Castille, that thinking about online privacy is complicated by the fact that users agree to certain terms of use and are not truly compelled to use the Internet, though it is undoubtedly next to impossible for some of us to avoid. I think that in spite of this (in spite of the fact that we automatically check the box agreeing to these terms of use), people will always feel that they have the right to privacy at least in the sense of having the right to be left alone. The mentality may be that if I'm not doing something wrong, if my behavior doesn't effect other people, then I shouldn't be bothered, shouldn't be observed without very explicit consent, and shouldn't have to feel like I'm being watched. Jkelly 23:11, 31 March 2014 (EDT)

The data we can gather through automation is undoubtedly incredible. The weakness with big data lies in the quality - relying too much on the results spit out from the tools could lead to numerous mistakes. That’s when human intellect comes into play; real-time observation and analysis will be critical for spotting errors. Human ingenuity is the source of progress. Any company can better leverage the data available to them and generate a competitive advantage, as long as they’re equipped with inquisitive minds and critical thinkers who can best apply the data presented. Marissa1989 02:01, 31 March 2014 (EDT)

I too enjoyed the article by Veldt on LinkedIn. I am an active LinkedIn user but like Castille have been troubled by the connection- generating ability of a site that I have not linked to other social networks or connected to my email. LinkedIn use has led many friends and colleagues of mine to tangible professional benefits and opportunities- headhunters and recruiters rely increasingly on the LinkedIn pool for scouting talent. In the contexts of other readings this week, and the question of whether it is truly possible to "opt-out"- LinkedIn is one platform that I feel is worth the privacy trade-off. Indeed, as a recent college graduate, in the early stages of my career, I often find myself faced with the unsettling truth that limiting my internet presence and enhancing security features on social media platforms with an aim to preserve my privacy is actually detrimental to my professional, educational and personal goals. In the name of upward mobility and maximizing exposure to opportunities, we choose not too think to hard about just how LinkedIn knows "People You May Know." Indeed, as highlighted in an NYT article late last year [1], opting not to include a photo, complete a full profile and maximize the public reach of your profile in many ways defeats the purpose of being on LinkedIn in the first place. --Akk22 10:25, 1 April 2014 (EDT)

I guess that's the main question we're faced with at the moment-- what's worth the privacy trade-off. I suppose as we move into the future, we'll be given less and less choice in that matter, though. As things like Google Glass's NameTag app become widely used, which will allow people to identify strangers in real life by syncing to social media, we may completely lose our privacy.

[2] Castille 12:55, 5 April 2014 (EDT)

Not related to this week's lecture, but for those interested, a major revamp is in the works for copyright law in the UK, including the addition of a US-like fair use clause - Modernising Copyright: A modern, robust and flexible framework --Seifip 17:43, 31 March 2014 (EDT)


I ran across an article shared through Reddit this week and I think it relates somewhat to the topic this week. It describes how Dropbox is able to know when copyrighted content is being shared, without infringing on a person's privacy. It is able to do this by "file hashing against a blacklist." It's an interesting read, especially for someone like me who isn't too familiar with computer technicalities. You can find the article here: http://techcrunch.com/2014/03/30/how-dropbox-knows-when-youre-sharing-copyrighted-stuff-without-actually-looking-at-your-stuff/

Lpereira 19:58, 31 March 2014 (EDT)

I also saw a write up about this on Slate. What's interesting to me is this snippet: "It's almost impossible to find a service that stores your data but doesn't have a way to look at it with either human eyes or algorithms." People have concerns about actual employees at Dropbox looking at their stuff, but even the idea of algorithms "looking" can be unsettling. I wonder how much of this has to do with being uncomfortable with the idea that someone out there is rifling through your files and how much has to do with concern about computer programs, algorithms, etc. being presented as an impersonal solution to privacy problems. But even if there's not a who looking at your stuff, there's still a what, and the principle doesn't seem too different if you think of it abstractly. Jkelly 07:43, 1 April 2014 (EDT)

I can't say I was surprised by anything in Schneier piece ("Why 'Anonymous' Data Sometimes Isn't") about how easy it is to take "anonymous" information and attach it to a specific individual. The ease with which I can find someone online (on Twitter, Facebook, or other social media) with just two or three pieces of identifying information-- name, college he/she graduated from, workplace, username, etc.-- long ago left me assuming that anyone could do the same. When you factor in huge amounts of data and more sophisticated techniques to leverage that data, I wouldn't imagine anything would remain hidden. A few seemingly trivial bits of information can certainly add up very quickly. Jkelly 23:01, 31 March 2014 (EDT)

I really enjoyed the chapter from Daniel Solove's book in which he tries to develop a new understanding of privacy. One of the bits that resonated the most with me is where he writes "Instead of attempting to locate the common denominator of these activities [that are disrupted by violations of privacy], we should conceptualize privacy by focusing on the specific types of disruption." It's interesting to approach privacy based on the problems violations cause rather than the type of information or behavior associated with those violations. So, it's not about whether or not giving out my phone number violates my privacy but whether that generates an innocuous or malicious outcome. I think this dovetails nicely with the idea (from the article about variable online pricing, I think) that there's not one answer to the privacy problem because there isn't one reason it's happening. Conceptualizing privacy in such a way that it can apply to all situations and problems could easily abstract it to a point that the theories are vague to a point of meaninglessness. Jkelly 23:17, 31 March 2014 (EDT)

I really love the article "LINKEDIN: THE CREEPIEST SOCIAL NETWORK" that's written by David Veldt. I always wonder how social networks like facebook or linkedin know that I in fact know that person. And the advertisements that are on the right side of the facebook page are things that I am interested in. It is interesting how Linkedin is trying not to disclose to the users that they are tracking our search histories and might even our emails. Frankly speaking, I am not surprised that Facebook, Linkedin or even Google are tracking our personal information, as this is how their business work. Data gathering is a very important part for them to make money. -Jolie

Is anything done or seen today on the Internet really private? With the introduction of “N=ALL” data and the “datafication” of various parts of life, information previously never even thought of being capable of quantification is now not only being able to be studied but also put into good use. The usefulness and practicality of Big Data is beyond what people can even imagine, from translating languages, fire prevention, to new ways of security, and even making it easier to rent a bicycle. Quantifying or the "datafication" of information can transform the way we operate as a society. Big Data can be described in terms of Petabytes. Then you have the different ways that Big data is collected; logging information such as mouse clicks (as Dataium does), analyzing census data, or CSS history sniffing are all methods of collection. Then you have companies like LinkedIn, Staples, and Amazon who provide different services or prices by utilizing peoples various “browsing history, geolocation" and other personal information.


While big data is extremely useful, one for the biggest downsides is the almost complete lost of privacy when searching on the web. But how does one define privacy? Its’ strewed across vague lines as when one uploads all their personal information, pictures, videos and what they are thinking are on Facebook, Twitter, and Google’s servers for them to survey and classify. Emmanuelsurillo 14:52, 1 April 2014 (EDT)

Bruce Schneier has another great piece that may be of interest: The Public-Private Surveillance Partnership. http://www.bloombergview.com/articles/2013-07-31/the-public-private-surveillance-partnership I'm always amazed at the level of detail you can gather about an individual from freely given information in exchange for grocery or gas discounts. The reality of today certainly seems to demonstrate that we value our privacy and data much less than we claim. VACYBER 14:59, 1 April 2014 (EDT)

Bruce has a number of great articles and books in the space – and he's our guest lecturer next week! So be sure to think of some good questions to ask him about his research. Andy 16:03, 1 April 2014 (EDT)

I believe that Internet privacy will continue to be a great topic of discussion for years to come. I had the chance to learn about big data and cyber security companies such as Fireeye and what they do from a control and commercial perspectives. Personally, I think that there is much interest in profitability as there is in control. Both governments and corporations want some sort of control in their populations' and users' information respectively.

cheikhmbacke 15:59, 1 April 2014 (EDT)

On a related note, am I the only one who approaches online privacy from the standpoint "anything I post online, I assume is public"? Most people find it crazy that I don't sit and change privacy settings for every single item I publish online, yet I find this the absolute best method as 1. I save time and stress by not having to think about privacy settings 2. I can't make a mistake by mislabeling something 3. If some site is hacked or Facebook developers make everything public through some bug there's no risk of anything confidential leaking out 4. It makes me think about every action I make, so that I have an explanation to stand by anything I do. If I don't want someone to see something I did, and I can't argument my choice, do I really want to do it in the first place? and 5. As I assume everyone, of course including the government and related parties, have access to everything I publish, I simply won't publish something I wouldn't want them to see... as they say, a secret is no longer a secret once it is uttered.--Seifip 16:14, 1 April 2014 (EDT)


This week's readings on privacy tied well into my research for our final project. I am studying Ripoffreport.com.com (ROP), and the organization makes a rather large statement in concerns to privacy on their respective site-you don’t have any on the Internet.

Invasion of privacy often conflicts with our thoughts on the First Amendment. Understanding the differences can be tricky. --Melissaluke 16:51, 1 April 2014 (EDT)

Retrieved from "http://cyber.harvard.edu/is2014/?title=Privacy_Part_1:_Corporate_Data_Gathering&oldid=3360"