More Than You Wanted To Know

Wine spillThis blog has looked at and gone down many privacy avenues. Usually they are related to your online identity or your online privacy. Avenues firmly routed in a world that this company exists in. But for many people their online world and their real lives are colliding. What has long been known as “our private lives” is quickly losing ground and becoming far more public than we would like despite our best attempts compartmentalize our world.

This February CBS did an article about a teacher, her Facebook, and what happens when public life meets private life. You can read the full article here. To summarize the article: A school teacher went on a summer vacation to travel Europe. She (like so many other people) took photos to chronicle her journey. You know the kind of photos, they are what you share with friends to show that little café in Italy that made the best gelato you have ever had, or just what the Eiffel Tower looks like looking up from the base. So that you have images when words aren’t enough. But the problem didn’t stem from those photos. It stemmed from her time in Ireland where she got a photo of herself with a glass of wine and Guinness.

She took that photo, as well as all of the others, and put in on her Facebook to share with friends and family. She even set her Facebook to private to avoid the collision of her two worlds. Despite all of those conscientious precautions a student’s family member saw the photo and reported the teacher to the administration. Shockingly the teacher was then offered the choice of being suspended or resigning. She resigned and is now fighting for her job.

So why do we find this worth writing about? Why did that article make it to this blog? Because it is a prime example of our shrinking world. Our online identities as well as the details of our private lives are making it into the public eye (and by proxy our public lives) quite often and definitely more than we want, like, or expect.

The problem is that it is getting to the point that it is impossible to keep anything personal or private. The only way would be to never share our stories, photos, moments, or lives with other people. This is in direct opposition to the fact that we are not solitary creatures. Our doctors, our nurses, our teachers, our police, our judges, psychiatrists, and everyone else you can think of are normal people. They have normal impulses, and outside of work lead normal lives. These same people are at a crossroads. Do they stay behind the times, have no online identity, and live in fear of when personal meets private? Or do they fight like this teacher is doing and push for privacy and the right to exist and be normal outside of the workplace? Where do you stand? How important is your privacy to you? Is it worth protecting?

FTC Calls for Privacy Legislation

The Federal Trade Commission (FTC), the arm of the government responsible for creating and enforcing national privacy policy, has published a report about how American businesses should protect the privacy of consumers and recommends the ways companies should give consumers greater control over the data that is collected about them. As part of the report, called “Protecting Consumer Privacy in an Era of Rapid Change: Recommendations For Businesses and Policymakers,” the FTC also calls for Congress to consider creating general privacy legislation, data security and breach notification legislation, and data broker legislation.

The report calls on American businesses to use best practices when it comes to privacy, specifically it calls for :

  • Privacy by Design - companies should build in consumers’ privacy protections at every stage in developing their products. These include reasonable security for consumer data, limited collection and retention of such data, and reasonable procedures to promote data accuracy;
  • Simplified Choice for Businesses and Consumers - companies should give consumers the option to decide what information is shared about them, and with whom. This should include a Do-Not-Track mechanism that would provide a simple, easy way for consumers to control the tracking of their online activities.
  • Greater Transparency - companies should disclose details about their collection and use of consumers’ information, and provide consumers access to the data collected about them.
In an attempt to not burden small businesses, the report concludes that these recommendations should not apply to companies that collect non-sensitive data from less than 5,000 consumers a year.

“If companies adopt our final recommendations for best practices – and many of them already have – they will be able to innovate and deliver creative new services that consumers can enjoy without sacrificing their privacy,” said Jon Leibowitz, Chairman of the FTC. “We are confident that consumers will have an easy to use and effective Do Not Track option by the end of the year because companies are moving forward expeditiously to make it happen and because lawmakers will want to enact legislation if they don’t.”

Data Brokers

The report takes a swipe at data brokers – who exist solely to buy, collate, and sell highly personal information about consumers, often without consumer consent or their knowledge about how this data is being used. The FTC reminds data brokers that existing legislation already gives consumers the right to access information held about them by data brokers. But it also recommends that data brokers make their operations more transparent and create a centralized website where consumers can get information about their practices and their options for controlling data use.

Concerns over data brokers rose last year after an investigation by The Associated Press which found that many such brokers frequently store incorrect or outdated information, including criminal records. The investigation found that some people were denied jobs because a data broker had incorrectly reported them as a convicted felon. Last year the data broker HireRight Solutions Inc. was forced to settle a class-action lawsuit for $28.4 million after widespread complaints about inaccurate records led to legal action against the company.


The work done by the major browsers (like Firefox and Chrome) to develop do-not-track technology has been commended by the FTC. With DNT users have a choice about whether to be tracked by third parties as they move across the web. The World Wide Web Consortium, the group which defines the various technology standards for the Internet, are currently developing a universal web protocol for Do Not Track. “The Commission will work with these groups to complete implementation of an easy-to-use, persistent, and effective Do Not Track system,” the report says.

Monetising Privacy – Would You Reveal Private Information to Buy Something Cheaper?

‘Everyone has a price’ is the old saying and it is certainly true today where privacy is concerned. In a world where personal data is traded like any other commodity, the European Network and Information Security Agency (ENISA) – a centre of network and information security expertise for the EU – has published a study about consumer behavior in relation to the disclosure of personal information during a purchase or transaction.

In a set of controlled experiments, Dr Nicola Jentzsch and his team discovered that people have a natural built-in mechanism to protect their privacy but only if it doesn’t cost them anything. Under the experiments the participants simulated buying tickets for a movie from one of two sellers. One of the sellers asked for more personal data (e.g. their cell phone number) than the other. If the price was the same at both sellers, the majority of purchases were made with the privacy-friendly service (about 83% of all tickets sold). But, if there was a price difference (where the vendor asking for more information was cheaper) most of the participants (more than two-thirds) happily revealed the information to get the tickets cheaper.

Another interesting aspect of the study is that of those who opted to go with the privacy-unfriendly service, some participants tried to cheat the system by supplying false information (like giving their name as Donald Duck) in an attempt to get the discount. To offset this tendency the researchers used a lie detector to ensure only truthful information was given! After buying the tickets the participants were asked if they had concerns about whether the ticket seller would protect their information. A majority of users expressed concerns with only about 0.7% of participants saying that they are ‘not interested at all’ if organizations that collect personal data also protect this information.

What is startling about this study is the price difference. Were the tickets, which asked for the mobile phone number, half price? At a 33% discount? No, the difference in the price was just $0.65. Just over half a dollar, that is what private information is worth!

The report make several recommendations, one of which is “Personal data protection and privacy is a human right. The European Commission, EU Member States and data protection authorities should enforce a clear and consistent legal data protection framework.” This should also be true in the USA.

It seems that asking for more personal information than is necessary is becoming a “normal” part of online life. According to the ENISA report “43% of Internet users say they have been asked for more data than necessary when trying to obtain access to or use an online service.” It is essential that online users avoid (as much as is possible) services that request unnecessary amounts of data. Once you have handed over private information there is no way to get it back. Worse still, it seems as if greedy workers are willing to break confidentiality rules (and privacy policies) to make some extra money on the side. An investigation by the UK’s Sunday Times has found “corrupt Indian call center workers” sold confidential personal data of more than 500,000 customers to cyber criminals and marketing firms.”

Use your common sense. Don’t reveal what isn’t necessary. Use privacy friendly services, even if they cost $0.50 more!

Privacy Class Action Started Against 18 Tech Companies While Congress Want to Chat with Apple

In the fight for online freedom and the right to privacy there are three main ways in which action can be taken. The first is for each individual to protect their online identity by using the right privacy software and applying common sense to their online activities. The second is to protest (like the Internet Blackout Day in January) and the third is to use the law. It is this third option which is being used this week by a group of 13 individuals in Texas, who have filed a class action, and by two congressmen who have sent Apple a letter asking Timothy Cook, Apple’s chief executive, to make representatives available to brief an Energy and Commerce subcommittee.

The class action is being brought against 18 tech companies including Facebook, Twitter, Foursquare, Yelp and the makers of the popular game Angry Birds for stealing contacts from Android and iOS powered smart phones without the owner’s permission or knowledge. The lawsuit is in response to a story which broke in February when a blogger noticed that the social networking service Path uploaded a phones entire address book to its servers. This resulted in Path issuing an apology,  deleting its entire collection of user uploaded contact information from its servers and issuing a new version of its app. But it soon turned out that other social networking apps did exactly the same thing and hence the lawsuit.

The plaintiff’s complaint is that the contacts in a mobile phone, which includes physical and e-mail addresses, job titles and birthdays as well as phone numbers, are some of the most personal data that owners carry on their wireless mobile devices. And they claim that the defendants have made, distributed and sold apps that, once installed on a wireless mobile device, surreptitiously harvest, upload and illegally steal the owner’s address book data without the owner’s knowledge or consent.

The complaint then goes on to quote from the New York times: “The address book in smartphones — where some of the user’s most personal data is carried— is free for app developers to take at will, often without the phone owner’s knowledge. . .   Companies that make many of the most popular smartphone apps for Apple and Android devices — Twitter, Foursquare and Instagram among them — routinely gather the information in personal address books on the phone and in some cases store it on their own computers… While Apple says it prohibits and rejects any app that collects or transmits users’ personal data without their permission, that has not stopped some of the most popular applications for the iPhone, iPad and iPod — like Yelp, Gowalla, Hipsterand Foodspotting — from taking users’ contacts and transmitting it without their knowledge.”

“We’re making some fairly serious allegations against the big boys,” the plaintiffs’ attorney, Jeff Edwards, told the Austin American-Statesman. “We’re saying, ‘Hey, you took something that didn’t belong to you, and you’re making a profit off it.’”

Congress it seems is also interested in how apps can get hold of a user’s data. This week Representative Henry A. Waxman, a California Democrat, and Representative G.K. Butterfield, Democrat of North Carolina, sent a letter to Apple’s CEO Timothy Cook asking for further clarification on how applications for the iPhone, iPad and iPod Touch are allowed to access photos without a user’s knowledge. In fact this is the second letter the pair have sent to Apple. Having received Apple’s reply to their first letter, Waxman and Butterfield wrote back to Apple saying that Apple’s reply did “not answer a number of the questions raised about the company’s efforts to protect the privacy and security of its mobile device users.”

Rather than asking for another reply from Apple, this time the two ranking members of the Subcommittee on Commerce, Manufacturing, and Trade are asking Apple to make available representatives to brief staff on the committee.



Twitter Gives Away Your Old Tweets for Market Research

For many, Twitter is a casual, harmless way to publish their musings, moments and mutterings to friends and loved ones. A quick tweet that your cat just had kittens or that your baby just said “Mama” is received with oohs and aahs from grandma. But, Twitter is also a serious Internet phenomena with celebrities and politicians garnering thousands even millions of followers who hang on every word they write. Lady Gaga has now over twenty million (that’s 20,000,000) followers, Barack Obama over twelve million, CNN’s breaking news service over six million and so on. With thousands of tweets being published every minute this huge amount of data is rich for the pickings, especially for marketers.

Until recently only the last 30 days of tweets were available for companies to search and normal users could only search messages from the past seven days. But now Twitter has partnered with a company called Datasift to create a huge, searchable Twitter archive. The new archive will be used by market research companies to search and analyse Twitter updates since January 2010.

The new service, which absorbs and processes 250 million tweets every day, has already attracted lots of customers for Datasift who say that it has almost 1,000 companies who are waiting to access the service.

Datasift are very proud of their new service and are talking about their achievements to overcome the massive technological challenge to processes so much data. But privacy advocates are more concerned with the implications of what Datasift are doing. “People have historically used Twitter to communicate with friends and networks in the belief that their tweets will quickly disappear into the ether,” argued Gus Hosein, executive director of Privacy International in an interview with the BBC. “The fact that two years’ worth of tweets can now be mined for information and the resulting ‘insights’ sold to businesses is a radical shift in the wrong direction. The Electronic Frontier Foundation, an online rights and privacy group, have described the service as “creepy”.

Creepy is the right word… Imagine a friend who records all your conversations and, after two years, sends you an MP3 of a conversation you have while walking in the park. Creepy indeed! Tweets are no longer innocent status messages that soon fade into the ether, soon forgotten and hard to archive. No. Now Tweets are stored, analysed and processed to build up marketing information. Worse still, if you have set your account to add location data to your tweets, this information is also processed and analysed. Fortunately it is fairly easy to switch off the storing of location data with your tweets and Twitter also has the ability to delete location information from old tweets. However Twitters location data support page carries the ominous warning: “It is important to note that deleting location data in your settings does not guarantee the information will be removed from all copies of the data on third-party applications or in external search results.”

One little glimmer of good news is that “private” Twitter accounts (which are not public and only allows followers to see tweets” or tweets that have been deleted are not included in this searchable archive. As with all social networking sites, whether it is Twitter, Facebook or LinkedIn – if you aren’t happy with what you write being completely public then don’t post it.