Posts filed under ‘Privacy’

Register now!

Mirrored meHoly Gaucamole! As I was hyperventilating over news that the most surveilled people on Earth (that would be the Brits) are now to suffer the possibility of CCTV cams in private homes, I completely missed news from South Africa.

Thank goodness I have alert readers. Prophet Kangnamgu let me know about what’s going on in South Africa. Yeegads! Is there no end to the surveilling, the snooping, the tracking that’s going on in contemporary society?

South African readers – you might wish to reconsider having a cell or mobile phone. Legislators over there have introduced a new law, which requires all cell phones with SIM cards to be registered from July 1, 2009.  Trotting out the usual drivel of combating crime, the Regulation of Interception of Communications and Provision of Communication-Related Information Amendment Act (or RICA), requires service providers to capture the following data before activating a SIM card:

  • cell phone number
  • full name of cell phone owner and address
  • South African identity number
  • whether on contract or pre-paid

Customers will have 18 months from implementation date to register both their pre-paid and contract SIM cards. Cell phone service providers will need to verify all this information by checking an electricity or water bill for example.  So the idea is that the  identity and whereabouts of the owner of a SIM card who uses a cell phone in planning and executing a serious crime is known by law enforcement authorities. Yep, I’m sure now this new Act is in effect, criminals will be burning up the cell phones lines planning their illegal business! Most likely, they’ll all flee to Skype.

So what I hear you say? And before some of you pounce on me, I have family who live in Johannesburg, so have been there and yes, I know that crime is prevalent.  Possibly tracking cell phones is therefore a good idea.

But then possibly it’s just part of what I’ve always been saying – a little bit more of our privacy being eroded.  More Government snooping intruding into our daily lives and tracking our movements – all because some people in society commit crimes.

Cell phone service providers will have comprehensive information about a phone owner. Let’s hope they know how to keep data secured in a central database and that staff don’t misuse said private information. Will the service providers sell the information for targeted advertising?  Will only one SIM card registration be allowed per citizen ID? The big question I think is – will criminals obligingly register giving their real names and place of residence?? What’s to stop clever crims from swapping SIM cards?

All South Africans have to go and register in person and if someone has a temporary residence, they register their address as their local school or church.  I can see it now: police tracking a criminal via the local church. How ridiculous.

And then there’s a little something known as the Bill of Rights. Section 14 of the Bill of Rights in the South African Constitution of 1996 states:  “everyone has a right to privacy, which includes the right not to have…..the privacy of their communications infringed”.

I’d also question whether all South Africans who have cell phones actually have a residence with electricity or water  – to prove their residential address for RICA registration. I know my sister-in-law’s servants (who live in her house but sometimes return to their home) basically have a hut with no water or electricity. But they do have a cell phone because it’s the way they keep in touch with their family.

And how will visitors to South Africa, like me, roam the network? For my next visit, should I stuff my suitcase full of utility bills and rate notices to prove my residential address should I wish to purchase a pre-paid SIM card? And should I whip into a public phone booth, should I leave a note behind with all my private details for police dudes?

Seems to me like crime prevention is being used as a cover-up for intercepting communications and monitoring citizens’ movements.  Next up, we’ll all have to register our iPods! Anyone know anything more?

Advertisements

August 17, 2009 at 2:00 am Leave a comment

Locational privacy

The Electronic Frontier Foundation has released a free report on locational privacy. Locational privacy is the ability for people to move freely in public space without any expectation that one is being tracked, monitored or secretly recorded. Of course, I’m going to suggest to you that our locational privacy is pretty stuffed already – for example, your cell phone can be used to locate you (triangulation can pinpoint a cell phone user’s whereabouts by bouncing signals off three phone masts to establish an exact set of co-ordinates – so turn it off if you don’t want to be found). Just think of the many ways our daily movements can be monitored:

  • your credit card purchases will reveal the city you’ve shopped in, the stores you’ve visited
  • the e-tag you have in your car to pay for bridge and highway tolls records your travel
  • the swipe cards we use to get in and out of our office buildings monitor your comings and goings

Private information is collected by databases and available for analysis. In the not too distant future, perhaps the information collected will be used to answer these types of questions:

  • Did you go to an anti-war rally on Tuesday?
  • A small meeting to plan the rally the week before?
  • At the house of one “Bob Jackson”?
  • Did you walk into an abortion clinic?
  • Did you see an AIDS counselor?
  • Have you been checking into a motel at lunchtimes?
  • Why was your secretary with you?
  • Did you skip lunch to pitch a new invention to a VC? Which one?
  • Were you the person who anonymously tipped off safety regulators about the rusty machines?
  • Did you and your VP for sales meet with ACME Ltd on Monday?
  • Which church do you attend? Which mosque? Which gay bars?
  • Who is my ex-girlfriend going to dinner with?

Years ago, private investigators would be hired to track people. Information collection was expensive and time consuming. Now, it’s cheap and unobtrusive.  Read the report so that you are aware of the ubiquity of tracking and monitoring devices.

August 12, 2009 at 2:00 am Leave a comment

Oops! Facebook

Rosco at 8 weeksWhat a surprise, NOT! Canada and Facebook are having a bit of a cat fight. Canada’s Privacy Commissioner, Jennifer Stoddart, is clearly a wise woman. She has accused Facebook of breaching Canadian privacy law by keeping users’ personal information indefinitely after members close their accounts. The Canadian Internet Policy and Public Interest Clinic (CIPPIC) lodged a 35-page complaint in May 2008 over the privacy practices and policies of Facebook and The Office of the Privacy Commissioner of Canada has been busy investigating. The investigation was conducted under the Personal Information Protection and Electronic Documents Act (PIPEDA), which is the Canadian federal private-sector privacy law. The results of this investigation are the first I’m aware of that really raise significant concerns about a social networking site and if it heads to court, well, that will be VERY interesting.

Basically, there were a number of categories to the complaint: its failure to inform Facebook members of how their personal information is disclosed to third parties; Facebook advertising; deception and misrepresentation. And there were 22 violations of PIPEDA. An aspect of the complaint that was upheld related to Facebook’s disclosure of personal information to third-party developers who create applications, such as games, quizzes and classified ads, that run on the Facebook platform. There are more than 950,000 application developers in some 180 countries. If you use a third-party application, you consent to giving the application’s developer access to some of your personal information, as well as that of your “friends.” In my view, there’s a real concern about personal information being handed over to third-party developers without Facebook policing or disclosing to members the extent of personal information being shared.  I think this aspect of the complaint will cause a cat fight: the Privacy Commissioner has recommended that Facebook implement technological measures to restrict application developers’ access only to the user information essential to run a specific application but Facebook does not agree with this recommendation and has been given 30 days to comply – so watch this space because it could  mean that it will end up in Federal Court.  You can read the detailed findings here.

So there are a number of issues that interest me:

  • Facebook is a privately owned US-registered company – so does Canada have jurisdiction over a foreign company?  The Privacy Commissioner maintains: “Our law says that if you’re operating this service in Canada, you’re subject to Canadian laws. So I think our jurisdiction is fairly clear”. Facebook has a Toronto, Canada “sales office” so are they subject to the commerce law of Canada? The Abika case demonstrated that the Canadian Federal Court has the power to order the Privacy Commissioner to investigate a complaint against a foreign company (Abika being a US registered online data broker, which allegedly collected and used private, personal information in violation of law) and that the Privacy Commissioner has jurisdiction under PIPEDA to investigate transborder data flows.
  • if Facebook refuses to tighten up its privacy controls and gives the finger to Canada, what exactly can be done in the way of enforcement? Facebook has approximately 12 million users in Canada and this is said to be the highest per capita in the world, so I suppose that when Facebook figures out how to make money, any profit made from Canadian users could be confiscated by Canada; or Canadian companies involved as third-party developers could be ordered to cease dealings with Facebook. I think this will be real test of the jurisdiction and reach of countries over a private company that controls a vast global social network. Facebook is also tussling it out with the European Union, which has similar concerns over breaches in privacy.
  • Facebook has grand plans to dominate the internet. What Facebook has that Google doesn’t is the private data of millions of people; their connections and friends; what they do; what they like; and tagged photos of people. Google just has an algorithm. Wired had a great piece recently in which Facebook’s grand vision was articulated: “Facebook CEO, Mark Zuckerberg, envisions a more personalized, humanized Web, where our network of friends, colleagues, peers, and family is our primary source of information, just as it is offline. In Zuckerberg’s vision, users will query this “social graph” to find a doctor, the best camera, or someone to hire—rather than tapping the cold mathematics of a Google search. It is a complete rethinking of how we navigate the online world, one that places Facebook right at the center. In other words, right where Google is now.”

Considering 200 millions users (or one fifth of all Internet users) have Facebook accounts, I am pleased to see Canada asking some serious questions of Facebook. It will be interesting to see just how far the might and power of Facebook can be tested.

July 18, 2009 at 2:17 am 2 comments

NO Google!

You know I’ve ranted and raved about Google Street View before. If not, go here for a start. Google of course has technology that will blur a face or licence plate number but the Google van still patrols streets and areas snapping away despite Privacy International lodging a complaint. Many people in the UK joined that complaint since they felt images led to identifying specific people. One woman for instance moved away from a particular area to escape a violent partner only to find she was recognisable by said partner in an image snapped by Google Street View outside her new home. And residents near Milton Keynes (UK) recently blocked the driver of a Street View car when he started taking photographs of their homes saying the service was “facilitating crime”. Street View is now in nine countries and Google wants to expand the service into Europe.

But seems Greece is saying NO to Google. The Hellenic Data Protection Authority has banned Google from expanding Street View in the country until Google can cough up satisfactory information about how long images will be stored on Google’s database and what measures Google will take to make people aware of privacy rights. Meanwhile the Japanese, who are very respectful of privacy, are also giving Google a hard time and forcing them to reshoot all images taken in that country. And it will reshoot by lowering Street View cameras by 40 cm (16 inches) following complaints of invasion of privacy because cameras were able to shoot images showing private gardens and homes.

Google will try to accommodate by blurring images or lowering camera angles but the issue to me is this – this is private exploitation of public space or a public good. And the law isn’t clear on this as yet. The argument is that what’s in public space is fair game, yet if I roam the streets of Sydney as I have done many times with my camera, I get hauled aside and asked questions about what I’m taking photos of and why. I have even been abused by a man for taking a photo of a public building (a library) and he was just on the street and came over to abuse me.

In the UK, a well-known London photographer, who was going about his business of taking photos of London life, was hauled off by the police under Section 44 (Stop & Search Powers) of the Terrorism Act 2000. So why is it okay for Google to roam city streets and country laneways snapping photos showing homeless people outside a shelter; causing embarrassment and distress between a couple when a woman caught her cheating husband out; showing a man being sick in the street; or a man entering a sex shop in London? I’m sure if I took a photo of any of these people in these situations, my ass would be hauled off by the cops or I’d be abused by the people whose private circumstances I was attempting to capture on an image.

Seems to me that the Google business model is if you’re in public, tough we are going to exploit it. I am pleased to see Greece asking questions and Japan causing Google to adapt Street View to  respect privacy concerns. Now, if the law would just catch up and redefine what can and can’t be done in public space when it comes to private citizens, I’d be very very happy.

May 20, 2009 at 2:00 am 1 comment

Watch what you say

I came across two articles over the last week that remind me why I have decided not to return to Facebook (regular readers would know I joined Facebook a few months ago after much hesitation, only to find Facebook changed its Terms of Service – so I deleted everything). I remember a relative of mine (Russian) told me that during the Communist era, you were very careful who you spoke to and what you said. Might just be that we’re in this situation again.

A piece in the Sydney Morning Herald caught my eye. A Sydney company is being hired by large corporations to (frankly) spy on Facebook users. Corporates are of course always concerned about their reputation and brand risk. I get that. But now that our conversations and connections are increasingly public, it seems we are vulnerable to employers knowing more about us than we might wish. Some people are just plain stupid IMHO. Take the case of Domino pizza employees in the US doing disgusting things to customers’ food and posting a video of themselves to YouTube. They were sacked and arrested. Really, just how dumb can people be!

But there are also times you might update your Facebook page and say “I hate my  job” or “I don’t like working for the Government”. You don’t name the employer. Think you’re safe? Think again. An Australian woman was doing a spot of casual work for a Queensland Government agency. After a long day, she updated her Facebook status and said that she would be “saying no to working for shitty Government departments”.  She did not name the specific agency or any individual. But a colleague and a friend (better watch your friends on Facebook) both saw her update and helpful people that they are – told the boss. When she turned up for work the next day, she was escorted out the door. Personally, I’d be going the employer for unfair dismissal but as a casual she probably can’t.

The second news item demonstrates just how your own personal feelings can be made public and land you and your family into trouble. A US college student, who clearly didn’t like her hometown, ranted about it on her MySpace page. I’m not going to get into what the issues are with the hometown – the point is I think anyone has a right to say what they think (how you say it though needs to be thought about). But this college girl was vilified from pillar to post for her opinion. The local high school principal found her MySpace page (seems her sister was still at the high school) and forwarded the student’s rant to the editor of the local newspaper, who promptly published it as a Letter to the Editor. The student contacted the editor and asked for the rant not to be published but it was copied from her MySpace page and published (hello? isn’t this copyright infringement?!).

Aside from copyright infringement, I would be asking at this point – isn’t this also an invasion of privacy? The girl ranted on her personal MySpace page (I would be interested to know what her privacy settings were) – then the editor publishes it without permission. The backlash was so severe, including death threats and gunshots, that the family had to pack up and flee town. Now, I didn’t read the MySpace rant as it was taken down pretty fast. Perhaps she was silly enough to name individuals and defame them. But the issue to me is why this isn’t an invasion of privacy case. It ended up going to a California State appellate court, which ruled that the publication of the letter did not violate privacy rights.

When I found the judgment (Moreno v Hanford Sentinel), I soon found out why this isn’t an invasion of privacy because the Justice based the decision on this logic:

“Here, (name) publicized her opinions about (hometown) by posting the Ode on myspace.com, a hugely popular internet site. (Her) affirmative act made her article available to any person with a computer and thus opened it to the public eye. Under these circumstances, no reasonable person would have had an expectation of privacy regarding the published material.

In other words, it’s public, it’s fair game. I haven’t seen the brief – possibly the student argued too narrowly (making the case turn on whether or not her rant was a private fact. If her page was only limited to access by a private network of friends and not the whole world, then her case might have been stronger – hence my comment about wondering what her privacy settings were).

Digging further, I found that the student never published her surname on her MySpace page but by some miracle, her surname appeared in the Letter to the Editor. Obviously, this is a small enough town that the editor knew the college student and decided to add the surname. Is her surname not a private fact?  Her MySpace page from what I’ve read only carried her first name and her photo. Clearly, she chose not to publish her surname yet the editor saw fit to do so.

I’d be asking further questions too: was the editor sacked? were the people who made death threats prosecuted? was emotional distress inflicted?

Okay, so I’m not fully conversant with US law but seems to me this particular case has a glaring lesson for all of us: whatever you say on a social network can be found and used by employers (who are increasingly snooping) and possibly waives your right to privacy. This is why I have no MySpace presence and a half-baked Facebook page that says zilch.  If you want to know how to use Facebook safely, go here.

April 27, 2009 at 2:00 am 1 comment

Overstepping the boundary?

ThinkingShift reader, Murali, sent me links to two very interesting news items this week. One I was set to blog on; the other one I didn’t know about. One is about the European Union (EU), the other about China – both are disturbing. I’ll blog on China in my next post.

The first item has me thinking twice about moving to Europe. The EU seems to follow anything the US and its Department of Homeland Snooping Security does in the way of monitoring and surveilling.  Trotting out the usual mantra of “terrorist threats”, an EU telecommunications directive ( 2006/24/EC) will see Internet Service Providers being forced to store details of user emails, internet phone calls, text messages and webpage visits from April 6 2009 for a period of 12 months. The content of emails and calls will not be held but ISPs will record the source and destination of a communication; type of communication; date, time, duration; identities of recipients of the communication; and location of mobile communication equipment. So it’s pretty clear “who sent what to whom” and “who visited what website” would be identifiable and that connections between people could be mapped. What a great way to create a profile of everyone’s relationships and communications. The Stasi would salivate over this.

The Swedes, however, seem to be the most intelligent Europeans – they have chosen to ignore the EU directive and the Germans are going to fight it out in court over constitutionality of the directive. But the Brits – well, what can we expect, they adopted it straight away in their haste to map and monitor everybody’s communications (and it seems without any debate in Parliament). You probably also read recently that the UK had a plan to monitor social networking sites such as Facebook, MySpace and Bebo so they can snoop on the connections between individuals. Is this all just one step towards the UK Government’s dream? – a central database of electronic communications traffic data of the entire UK population (all part of the proposed Intercept Modernisation Programme).

Seems to me that Governments are overstepping their boundaries but, in this case, they’re smart and getting a third-party (ISPs) to do the actual dirty work. Suppose officials identify a terrorist suspect. They get a warrant (one hopes) to force an ISP to divulge data about this individual and all individuals connected to that person via phone calls, text messages, web searches and so on. It’s no stretch of the imagination to say that many an innocent person would probably have unknowingly been in contact with the suspected terrorist, completely unaware that this person is a terrorist (after all, I don’t think terrorists wear a sign around their head that says “terrorist” nor do they begin an email saying “Hi, I’m your local terrorist…”).

What is very underhanded is that this directive was classified as “commercial” rather than classified as a policing and security matter. If the latter, Sweden and Germany’s objections would have vetoed the directive. And what agencies exactly will be sharing this goldmine of information? How many hundreds of public agencies will be snooping? How can we be certain the ISPs won’t lose the data about individual communications or use it inappropriately?

You might be able to bypass all this snooping if you encrypt your emails (although I think the UK has anti-decryption legislation) and use Skype for IM and Internet voice calls (except don’t bother doing that in China because they wiretap Skype IM).

Now, of course, a lot of sheep will bleat “if you have nothing to hide…”. But even if you have nothing to hide, I think we should all be concerned that our conversations (even if deleted) will remain on an ISP’s hardware. And all this data is protected from misuse by what? The ISPs own securities measures, which are out of your control. Furthermore, the EU has agreed to share private data, such as travel plans, website visits and so on with the US.

Let us recall the words of Benjamin Franklin, “Those who would give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.”

You can read the EU Directive here.

April 13, 2009 at 2:00 am 1 comment

Digital trails

Coincidentally, I was reading the other day on collective intelligence and how GPS, your cell phone, credit card information and web surfing habits are just part of the many ways we leave digital trails of ourselves. Then Marc sent me a link to this article from The New York Times.

Some MIT students are swapping their privacy for a smartphone and allowing researchers to track their moves within a dorm of 100 students. So researchers will know all the music listened to, the emails and text messages sent and the location of the students. Clearly, this is a fabulous way to understand a social network and its collective actions. It’s the wisdom of crowds stuff that can ultimately help forecast social trends, financial behaviour and so on. And since we are increasingly choosing to interact with each other through social networks and digital devices, there is a wealth of information in the digital trails we leave behind. So it’s about making the invisible visible.

Citysense, for example, shows the overall activity level of a city, top activity hotspots and places with unexpectedly high activity, all in real-time. The data is derived from Yelp (an online site that provides user reviews and recommendations of restaurants, shopping, night life), Google and cell phone locations. Citysense “senses” the most popular places based on actual real-time activity and displays a live heat map. Pretty cool.

Pachube is another “network sensor” that I really like. I used this to check out Hong Kong (as I’ll be there soon) to see what the pollution is like. Pachube enables you to connect, tag and share real time sensor data from anywhere in the world. So you could connect your electricity meter to Pachube to track energy use over time; you can track pollution or climate data in a particular city; basically it patches the planet.

But (yep, there’s always a but with  me) the article points out (and I’ve said this before) that collective intelligence could be used against us. The big fear in my mind is how insurance companies could use data to identify people in a population suffering from certain diseases and deny them health cover.

Just last week too came news of the UK’s Government latest (and ridiculous) anti-terrorist measure – mass surveillance and tracking of people who use social networking sites including Facebook, MySpace and Bebo (mmm…glad I haven’t restored by Facebook presence after my hissy fit). Even Sir Tim Berners-Lee was recently warning about the dangers of deep packet inspection, which is the monitoring of traffic on the internet and communications networks.

The mind boggles when thinking about how collective intelligence could be used against us. Powerful new technologies make it possible to draw up your profile without you even knowing.  So the privacy challenges will be around protecting individual identity and security of data. And then of course data collected by network sensors could be subject to subpoena.

Collective intelligence is all about the network, the public, the collective. So the future of collective intelligence I think is going to be weighed up against what benefits the public good over individual privacy. Google FluTrends is another example of a sensing network and tracks flu trends across the US. Obviously of great benefit to the public to know that a flu outbreak is happening in say Chicago. But if data is disclosed and linked to a particular user can you imagine what the repercussions might be – the person could be banned from travelling, health insurance companies might deny insurance coverage and so on.

Privacy law has got to keep up with these technology trends otherwise we will be left with no safeguards against our individual data, behaviour and movements being vulnerable to exploitation.

March 30, 2009 at 2:00 am Leave a comment

Older Posts Newer Posts


Search ThinkingShift

   Made in New Zealand
     Thinkingshift is?

ThinkingShift Tweets

Flickr Photos

 
This work is licensed under a Creative Commons Attribution 2.5 Australia License.

ThinkingShift Book Club


Kimmar - Find me on Bloggers.com