Privacy & ICTs

Privacy and ICTs

So, let me start by making a big assumption here that most of you are NPR listeners, and that you’ve heard the recent series of reports by Martin Kaste, “ The End of Privacy .” If you have, then you know that you (and me and everybody else) are leaving a trail of data everywhere you go, both online and off.

Whether it’s credit card purchases, cell phone calls, the GPS in your car, the cookies from that website you visited, or all those photos you posted to Facebook or Flikr, there is a lot of data out there, and a lot of it is easier for other people to get their hands on than we ever could have imagined in our lives before the advent of the World Wide Web, as it used to be known before we all decided that talking in acronyms was an acceptable form of human discourse.

Leaving aside, for the moment, the question of whether the intent behind all of this data gathering—though at this point it’s as much about the data mining as it is the gathering—is malicious or beneficent, there remains the question of what ever happened to privacy—or, as Kaste asks, does such a thing still even exist?

I, for one, would argue that it must, otherwise we wouldn’t be so interested in hearing Kaste talk about it on the radio; happily, I’m not alone in this: there are a number of organizations such as The Electronic Privacy Information Center (EPIC) and the World Privacy Forum (WPF), who are advocating for our right to privacy, both online and off.

Of course, our definitions of privacy aren’t necessarily all the same—though I like Introna and Paloudi’s definition of it in their article “Freedom in the information age” as freedom from the judgement of others, I don’t think that entirely encompasses the various aspects of privacy. Most certainly the legal protections for privacy—say the privacy of emails , for example—don’t seem to coincide with the popular conception of it, as has been made clear by a number of cases where emails that people assumed were private turned out not to be so. Though we ought to note that a recent case has seemingly reopened this.

Indeed, scholars like Mizutani, Dorsey, and Moor have asked whether there is even a universal set of assumptions about privacy that could be used as the basis for an international agreement on online privacy standards—something that is clearly necessary given the transnational character of modern telecommunications, and has motivated a number of privacy advocates to push Congress to act on this issue, as recently noted in SC Magazine .

Since privacy is such a big issue and it touches on our lives in so many different ways, our group has broken off a couple of bite-sized chunks for us to nibble at this week:

• Privacy and Social Networks will be covered by Leslie
• Privacy and Cloud Computing will be covered by Rob
• Privacy and Security will be covered by Gabriela

Marc Rotenburg, the Executive Director of the Electronic Privacy Information Center (EPIC) recently wrote:

“Modern privacy begins with the understanding that personal information will be widely accessible…Modern privacy is about what happens to information once it’s held by others — whether it’s a government agency, a bank, a cell phone company, or a social network site. We give up personal information all the time, but that doesn’t end the discussion over privacy. That’s where it begins.”

He believes that privacy is not keeping information away from individuals or companies but making sure that the information we do give out is used appropriately and ethically.

Related Link
http://www.huffingtonpost.com/marc-rotenberg/whats-privacy-in-the-age_b_299466.html&cp

Some new and not-so-new online privacy tools: 

Scr.im

Basically, Scr.im allows you to create a link to your email address so that you can semi-publically post it: someone who wants to contact you clicks on the link and has to enter a “capcha” in order to access your email address, preventing spammers from using bots to locate and records that address—at least from those sites where you use Scr.im.

Vanish

Vanish allows people who author and publish data to add a timed self-destruct key to that data, be it an email message or a website with time-sensitive information.  This technology is still in prototype, but its developers are convinced it is an important part of the future of data security and privacy.

SpyBot SD

This application, primarily for Windows computers (though it allows works with some other mobile platforms), allows you to locate and remove malware from your computer.  It also notifies you of and asks you to sign off on changes to your registry, which helps experienced users to block malicious attacks on their computer.

NoScript

NoScript is an add-on application for FireFox (for both Macs and PCs) that allows users to control what websites are allowed to run scripts in their browsers.  If you give it a try, you’ll see how script-dependent the internet is these days—practically no site will display unless you add it to a “white list” of allowed websites.  You’ll also get a sense of how many sources there are for the little bits and pieces that go together to make up a commercial website these days: many have scripts from over ten or fifteen sites running simultaneously, gathering data about your computer, deciding what ad to show you, expanding the add if you mouse over it, tracking whether or not you click on it, etc.

Google is the go-to provider of many things online-search, email, maps, and more. But have you ever stopped to consider all of the information you’re sharing with Google? Read on, and find out all of the dirt that Google has on you.

1. What you’re searching for: Google is used by millions of people worldwide-and they know what every user is searching for, even if it’s not personally identifiable.
2. The web pages you visit: Google AdSense is used by many web pages for online advertising, and Google’s cookies record your visits to web pages with their ad program on them.
3. The blogs you read: If you use Google Reader, Google knows the blogs you subscribe to. Even if you’re not on Google Reader, Google knows all of the Blogger pages you visit.
4. Your financial information: Users of AdSense and/or Google Checkout share financial information, addresses, and other personal information with Google.
5. The strength and popularity of your website or blog: For users of Google Analytics, Google knows what sites you control, how they are doing, and their trends.
6. Who and what you’re emailing: GMail users, and those who send mail to GMail users share a variety of personal and business information with Google.
7. What’s on your PC: If you’re using Google Desktop, Google knows everything that you keep on your computer.
8. Your research paper, bills, upcoming blog post, etc.: Docs and Spreadsheets are great web-based office tools, but using them means exposing the information in your documents to Google.
9. Your schedule: Google Calendar opens your personal and business schedule up to the prying eyes of Google.
10. Your social network and interests: Google indexes sites like Orkut, Facebook, and Digg, and as such, has access to information about what you’re interested in online.
11. When you’re going to get the flu: Google can track flu related searches to find out where and when the flu happens.
12. Where you and your friends are: Using Google Latitude, cell phone users can share their location with others. Even if you’re not using Latitude, Google Maps for mobile can approximate your location.
13. What you’re watching on YouTube: Google owns YouTube, and knows about all the dirty videos you’ve been watching.
14. What and where you study: Google Books, Scholar, and University Search are tools that can reveal your academic life online.
15. Everything you’re looking at online: Users of the browser Google Chrome allow Google to see all of the web pages they are visiting.
16. Your problems: Asking a question or giving an answer on Google Answers will reveal your problems and personal life to Google.
17. Your medical issues: Do you use Google Health? If so, you’re sharing your entire medical history with Google.
18. Your home address: Use Google Maps, AdSense, or Checkout, and there’s a good chance Google has your home address.
19. Mobile number: On SMS, Google Mobile, and Gmail, you can reveal your mobile number to Google.
20. How your voice sounds: Using Google Talk will share the sound of your voice with Google.
21. What you, your friends and family look like and do: With the photo editor Picasa, you’re revealing your photographs, friends, and moments to Google.
22. Everything you do online: Google Secure Access encrypts your data, so everything you’re doing online for school or work is recordable.
23. What you want to buy and have bought: Product search and Catalog search can reveal what you’re buying and shopping for.
24. What your business is about: Keywords and purchasing patterns on Adwords share information about your business with Google.
25. What’s important to you: If you’ve set up Google Alerts, Google knows all of the things that are most important for you to know about online.

http://www.criminaljusticeusa.com/blog/2009/25-surprising-things-that-google-knows-about-you/

After September 11, 2001, both national security and privacy garnered a lot of press and became huge issues relatively quickly. Initially, there was a fair deal of support in favor of measures that were believed to strengthen national security in the United States. However, as more time passed more an increasing number of people began to question if too much of our privacy as citizens was being infringed upon in the name of national security.

The Bush administration adamantly defended their position, saying that the “Average Joe” wasn’t being monitored. Measures taken in the name of national security, such as the Patriot Act and the creation of the Department of Homeland Security, were said to have been created to protect the interests of the U.S. and gain information about any potential threats to the U.S. Only people who were suspected of being involved in terrorist activities or anti-U.S. plots were monitored.

That didn’t quell the fears of dissidents though. While these measures were taken tended for unique situations and the information gathered was only to be used by government officials for official purposes, it was feared that those privileges would be abused and would expand into the everyday person’s life. Many concerns, often controversial, revolving around national security and privacy were brought up:

• How exactly was a “threat” determined?
• What about the possibility of fear clouding the judgment of those who were monitoring? Getting power hungry?
• And the possibility of limitations on freedom and privacy made in the name of national security laying the groundwork or eventually leading to the suppression of unfavorable ideas?
• If all the information available before 9/11 was known, would the outcome have been different?
• What information specifically will be the most useful in national security matters?
• How should relevant information be used?
• Should the same limitations on a person’s right to privacy be applied to both citizens and non-citizens?

Opponents of the measures that were taken by the government, which were viewed as extreme, held that the level of fear when making these decisions should be accounted for and carefully considered when making decisions regarding national security and privacy. Making sure the real threats were addressed, and not special interests of the administration. Also, it should not be assumed that all Americans are okay with diminishing levels of privacy and distinguishing citizens from non-citizens in relation to fair treatment, and that national security always trumps privacy and freedom.

While it is important for a nation to protect itself, scrutiny of national security measures is important to ensure that liberties and privacy aren’t unnecessarily being restricted. Surrendering freedom is no guarantee of safety.

Web Sites of Interest:

http://www.dhs.gov/index.shtm

http://thomas.loc.gov/cgi-bin/bdquery/z?d107:hr03162 :]

http://www.nsa.gov/

http://www.whitehouse.gov/omb/e-gov/

http://millercenter.org/public/debates/privacy

http://www.sanford.duke.edu/centers/tcths/DataPrivacyDay.html

As you may well have seen during the course of this semester, one of the biggest buzz terms in the world of ICTs is something called “ubiquitous computing”—which means, at least in part, the internet that’s always-on, available wherever you go (so long as you have a smartphone), but also products—and credit cards—with RFID tags that are sending out information constantly, something like those retinal-scan ads from Minority Report.

A big part of this movement to ubiquitous computing depends on a related concept known as “cloud computing” —basically, the idea being that you store your data in one of these always-on data centers managed by big, well-known companies, such as Google, Microsoft, Amazon, Adobe, Cisco, and IBM, or by some lesser known players: had anyone ever heard of Danger, for example, before the recent Sidekick data disaster?

Of course, David Linthicum argues that this data wasn’t really in the “cloud” because the people at Danger weren’t using a cloud infrastructure, so it can’t be used as an example of cloud computing gone wrong, but I think he misses the point here: from the end-user perspective a cloud is a bunch of connected data centers, so why should we regard an isolated data center going down as merely an unrelated glitch?  After all, if the White House is moving to Google Docs, especially after the recent hacking of Twitter‘s own Google Docs account, don’t we really need a sense that information in the cloud can be kept secure and private?

Needless to say, the whole concept of the data cloud makes people nervous, for a variety of reasons.  Angela Moscaritolo of SC Magazine notes, for example, in her discussion of Robert Gellner’s report on cloud computing for the World Privacy Forum, that “information stored in the cloud is much more accessible by a private litigant or the government” because they don’t have to come to you to get it, which means there isn’t any chance for you to put up a fight to keep it private.  Jonathan Strickland even raises the possibility of a client being denied access to data they loaded into the cloud, since the ownership status of that data is, as yet, legally unresolved.  Perhaps summing it all up, Bret Hartman, CTO at RSA, is quoted in an earlier SC Magazine article as saying that the issues with cloud computing include: “authentication, access controls, encryption, data leakage protections, and regulatory reporting across multiple geographic boundaries”—yikes!

And yet, in the face of all this, TechCrunch’s take on the issue is that EPIC “wants to take your Gmail away”!  At least they posted a scan of the filed legal complaint.

One concern that isn’t addressed as such in any of these pieces, though, is that the absolute best privacy and data security measure you can take when your home computer or your network has been compromised is to simply take it offline.  Are your IT people ready to tell Google to unplug their data farm just because somebody hacked your Google Docs?  And what about the fact that you can’t simply take information down from one place and expect it to be gone?

You will be happy to know that there are a variety of technological solutions in the works, as evidenced by some recent articles in Computer Science journals: Carl Hewitt, emeritus Professor at MIT, for example, charts out the possibilities of multi-core chips to enable robust key encryption protections for an organization’s data while it resides in the cloud.  

Some privacy and security solutions are really quite novel, and we’ve posted some here .  Still, quite frighteningly to my mind, the biggest push among people in the industry is that privacy and security are simply a question of trust: that is, so long as consumers trust the big companies like Google with their information, then there really isn’t a privacy or security problem.  Is it just me, or is that a really creepy idea?