In lieu of a final exam, students authored an original research paper on a privacy related topic. As with past years, the student papers this year are of high quality and evidence thoughtful analyses on highly topical subjects. One student, with my permission, elected to write a series of poems that addressed each of the weekly privacy topics discussed in class. It is a very creative way to look at privacy. In no particular order, the titles of the papers are listed below and are hyperlinked to Scribd.com where they may be downloaded and/or read. Each of the papers is well worth reading and offers a unique insight into what is on the mind of today's millennials. Enjoy!
Privacy Through Poetry: A Poetic Journey Through Privacy in a Digital Age, by Diana Kelly. https://www.scribd.com/doc/311504061/Privacy-Through-Poetry-a-Poetic-Journey-Through-Privacy-in-a-Digital-Age
The Privacy Rights of Minors in the U.S. Health System, by Steffi Lietzke https://www.scribd.com/doc/311504253/The-Privacy-Rights-of-Minors-in-the-U-S-Health-System
Why Tor Matters To Ordinary People, by Tara Godwin https://www.scribd.com/doc/311504396/Why-Tor-Matters-to-Ordinary-People
The Internet of Things and Privacy Concerns, by Charles Joseph Koronkowski https://www.scribd.com/doc/311504446/The-Internet-of-Things-and-Privacy-Concerns
The Need For Strong Encryption, by Junkang XIE
https://www.scribd.com/doc/311505290/The-Need-For-Strong-Encryption
Has the Internet Replaced God?, by Mary Palmer
https://www.scribd.com/doc/311506078/Has-the-Internet-Replaced-God
Get Out Of My Face(book), by Anne McEwan
https://www.scribd.com/doc/311506174/Get-Out-Of-My-Face-book
On the Regulation of Data Brokers: Why Regulation is Necessary and Relevant to Privacy in a Digital Age, by Michael Behan
https://www.scribd.com/doc/311506281/On-the-Regulation-of-Data-Brokers
Why Free Source Software is the Best Choice for Maintaining User Privacy, by Joshua Christensen
https://www.scribd.com/doc/311506602/Why-Free-Source-Software-is-the-Best-Choice-for-Maintaining-User-Privacy
On the Importance of Encryption for Those Who Have Nothing to Hide, by Sheyne Anderson
https://www.scribd.com/doc/311506809/On-the-Imprtance-of-Encryption-for-Those-Who-Have-Nothing-to-Hide
Wednesday, May 4, 2016
Course Evaluation---Course Knowledge Objectives and Learning Outcomes
Course Evaluation--Course Knowledge Objectives and Learning Outcomes
1. Understand the underlying legal and policy concepts of a right of personal privacy.
__10__YES __0__NO
2. Understand the role of the various institutional actors (legislators, judges, regulators, lawyers, NGO’s) in the development of privacy policy and law.
3. Understand how technology may be both a threat and an aid to modern privacy protection.
4. Appreciate the privacy trade-offs that accompany increased personal safety, national security, convenience, financial benefit and social connection.
5. Have an understanding of privacy issues in specific contexts such as national security, targeted advertising, home, school and health care.
Please indicate whether you strongly agree, agree, disagree or strongly disagree with the following statements:
_5__strongly agree
_3__strongly agree
3. I have improved my oral communications skills as a result of the classroom discussions.
_5__strongly agree
4. I have learned to apply and transfer the principles and ideas learned in class to life situations and experiences outside the classroom.
5. I believe I am now better equipped with the necessary knowledge and tools to more effectively safeguard my personal privacy if I so choose.
_5__strongly agree
6. I have learned that the subject of privacy implicates multiple laws, public policies, personal values and both public and private institutions and I believe I have a better understanding of how to identify and weigh these multiple interests in addressing any personal privacy issues I may encounter in my personal and/or work life.
_4__strongly agree
The University has a general course evaluation which is generic and not course specific. Accordingly, I supplement the general course evaluation with an assessment of whether the specific course knowledge objectives and desired learning outcomes were achieved. On the last day of class, each of the 10 students enrolled in the class completed an anonymous evaluation on these two topics. The questions and tabulated results are set out below.
•There were six substantive knowledge objectives identified in the course syllabus. Please indicate below whether you believe these course objectives were or were not achieved.
After completing this course, I:
1. Understand the underlying legal and policy concepts of a right of personal privacy.
__10__YES __0__NO
2. Understand the role of the various institutional actors (legislators, judges, regulators, lawyers, NGO’s) in the development of privacy policy and law.
__8__YES __2__NO
3. Understand how technology may be both a threat and an aid to modern privacy protection.
__10__YES __0__NO
4. Appreciate the privacy trade-offs that accompany increased personal safety, national security, convenience, financial benefit and social connection.
__10__YES __0__NO
5. Have an understanding of privacy issues in specific contexts such as national security, targeted advertising, home, school and health care.
__10__YES __0__NO
Please indicate whether you strongly agree, agree, disagree or strongly disagree with the following statements:
1. I have learned to think critically about the often competing paradigms of privacy and transparency.
_5__strongly agree
_5__agree
___disagree
___strongly disagree
2. I have improved my written communication skills through the required blog posts, comments and final research paper.
_3__strongly agree
_6__agree
_1__disagree
___strongly disagree
3. I have improved my oral communications skills as a result of the classroom discussions.
_5__strongly agree
_5__ agree
___ disagree
____ strongly disagree
_2__strongly agree
_ 8__agree
___ disagree
____strongly disagree
_5__strongly agree
_5_ agree
___ disagree
___ strongly disagree
_4__strongly agree
_6__agree
___ disagree
___ strongly disagree
Thursday, April 14, 2016
Question of the Week No. 13
A home may be searched without a warrant if consent is given. Should police be allowed to conduct a warrantless search if one resident, the wife, consents, but the other resident, the husband objects?
Friday, April 8, 2016
Week 11 Takeaways
- The FCC ruled that ISPs which gather lots of information would be required to get explicit “opt-in” consent before they can share information with a third party. Internal purposes wont require “opt-in” consent, but do require an option to opt out. These rules are proposed and will be implemented pending public comment period.
- The question of the week was about monitoring the social media accounts of K12 students by school administrators to protect against cyber bullying. None of the class considered such monitoring to be appropriate. Some claimed that the program would not be effective because students use so many social media platforms that the bullies would always migrate to unmonitored services. This was countered with the question, "If this at least stops "casual" bullies, is it not a success?" In a similar vein, some said that students would switch to old fashioned bullying such as beating other students up, and asked the question, "Is it not a judgement call? Deciding whether physical or emotional violence is worse." Finally we discussed whether this is an appropriate role for school administrators, some arguing that this opens up more avenues for creepy abuse by school admins.
-
YikYak is an anonymous social media platform in which users can post in their current geographical area. The app is self regulating, as users can up vote and down vote content to increase or decrease visibility. If a post receives a total score of
-5or less, it is removed. In order to combat hate speech, threats of violence, and other objectionable content YikYak automatically warns users if the post that they are about to submit contains certain keyword (ensuring users think twice before posting unsavory content). YikYak also cooperates with law enforcement if physical threats are posted. - FBI/Apple case the issue if now mooted, as the FBI has accessed the data on Farook's phone. The FBI has said that they will aid other law enforcement agencies in decrypting other iPhones. There is still some legal question as to whether the FBI has a legal obligation to turn over the flaw which they used to unlock the Farook phone. This flaw or 0-day is still technically a backdoor and it still effects millions of iPhone users work wide. It is unlikely the the FBI will hand it over without a trial, and the results of such a trial are hard to predict.
-
In class we discussed a hypothetical where a girl named Sally is being harassed by a boy named John using school provided iPads that the students can take home. Sally doesn't bring the issue up with school officials or her parents and finally takes her life in the school cafeteria.
The above plot shows how the class awarded the blame. Note that this is a box an whisker plot. For each of the parties, the percents are divided into 4 sections (the two colored rectangles and each of the whiskers. Each of the 4 regions contains 1/4 of the votes for that percentage of blame. This means that we were fairly evenly split from 50% to 80% for the amount of blame John deserved, while most of us attributed zero to 5% blame on Sally and her parents, some of us attributed as high as 10% of the blame to Sally. It was suggested in class that the blame for Sally might be higher, but that no one wanted to blame the victim.
DNA Databases
DNA stores
genetic information and is unique to each person, with the exception of
identical twins. It is, some might argue, some of the most personal
information, both because it is so unique and it carries so much information. A
DNA database is a massive collection of this personal information and is used
in criminal investigations, medical research, missing persons cases, and more.
Current laws on DNA Databases
The types
of offenders required to submit DNA samples to a database varies by state, as
well as nationally. Utah’s database, established in 1994 by Utah State Code 53-10-403, has evolved from only including murder and sexual assault to including
Felony 1, 2, 3, and Class A misdemeanor convictions, any felony booking, and
any convection that includes the offender being added to the sex offender
registry. Laws also govern the use of these
databases. The majority of states allow databases to be used for any criminal
investigation, but Washington and North Carolina have restricted use of their
databases, possibly in an effort to decrease potential for misuse.
At the
national level, the National DNA Index System (NDIS) was established by the DNA
Identification Act of 1994. The act created the database and regulates its use,
access, and security. The Supreme Court recently upheld the inclusion of arrestees
in DNA databases in Maryland vs. King, stating that it was a reasonable search
under the fourth amendment.
Many other
countries have enacted a national DNA database, with various levels of
inclusion. For example, Great Britan, with the world’s largest database includes far more people than criminals. A 2012 law did serve to decrease the
amount of profiles of innocent people in order to better balance the privacy of individuals with the needs of law
enforcement.
DNA databases currently
DNA
databases are maintained by many agencies, both law enforcement and not. In the
US, the largest database in CODIS (Combined DNA Index System), which connects local, state, and national DNA databases, including NDIS. CODIS
is not limited to those convicted of crimes – it also includes people who are
arrested, missing persons, and unidentified persons. Additional DNA databases
exist that are not associated with law enforcement, run by the branches of the
military, genealogical organizations, and medical organizations.
CODIS
contains DNA profiles that consist of one of both alleles on 13 genetic loci.
Only profiles with 10 loci are included in the database, meaning degraded or
incomplete profiles are not included. Criminal profiles are removed after a
court document is issued stating that a conviction has been overturned, charges
have been dismissed, or that person was acquitted. Database confidentiality is
regulated by federal law (DNA Identification Act of 1994) and breaking this is punishable
by a fine of up to $250,000. Data is secured by using a physically restricted
terminals and protected, limited access servers.
Genetic Markers and Discrimination
While only
13 alleles are currently stored in CODIS, with advances in large data storage,
as well as the potential benefits of more stringent matches (including
epigenetic markers to differentiate twins), there is the potential for entire genomes to be stored and analyzed. Some
genetic markers that have been identified include schizophrenia, bipolardisorder,
and the so called “warrior gene”. All three of these genes carry
the potential for discrimination – schizophrenia and bipolar disorder because
they are falsely associated with violence and the “warrior gene” because it is
linked with aggression. While discrimination on the basis of genetics is
illegal in the context of hiring and health insurance, there is no such law preventing this discrimination in a legal context. A
genetic marker indicates a possible predisposition, not a causation or even 100%
correlation, giving an unfounded basis for profiling, constituting
discrimination based on an uncontrolled trait.
Genetic discrimination would need to be accounted for when creating a
database. One method would be legislating non-discrimination acts. Another
would be prohibiting the use of genetic screening on samples or the storage of
and access to entire genetic profiles by law enforcement.
Logistics
The
logistics of such a program create a variety of problems. The cost of such a
program would be huge, and would be an ongoing expense. Who would pay for this?
And when would samples be collected? At birth? Not everyone is born in a
hospital and parental permission would be needed for testing of the minors. There
are also the problems of secure storage, both in the form of digital profiles
and the actual samples. The argument could be made for retaining samples in
case they need to be retested. However this leads to the need for physical security,
increasing costs significantly. Data security, in the form of access to the
data and storage of the profiles is also a problem, as such personally
identifying information would need to be stored with the highest level of
security.
My Thoughts
There are
both benefits and drawbacks to the formation of a DNA database that includes all
citizens. The main benefit that I can see is helping solve current and past
crimes. Another is identification of remains. One of the concerns that sticks
out to me is the potential for genetic discrimination and profiling. People
can’t help having a genetic marker for an illness or trait, and shouldn’t be
punished for having such a trait. Another is access to these profiles. Such a
massive amount of personally identifying information would need stringent
safeguards to prevent abuse and misuse.
Overall, I
believe that the costs of such a program, from both a privacy and a logistics
stand point out weigh the potential benefits. The potential for abuse and data
compromise are greater than the potential of benefits in criminal
investigations, therefore making a universal DNA database not sound public
policy.
Thursday, April 7, 2016
Question of the Week No. 12
Healthcare providers are moving to a system of
electronic health records where an individual’s entire medical history,
diagnoses, treatments, medications and other health information are maintained
in a digital form. In order to provide
better and more timely health care to individuals, should physicians and other healthcare
providers be able to freely access and share this information with each other
without a patient’s consent?
Thursday, March 31, 2016
Social Media Surveillance
What is Social Media?
Ever since the advent of the Internet, human communication has drastically changed. The networking potential created by the Internet has allowed people from all across the globe to communicate instantaneously in ways that seemed impossible only 25-30 years ago. With the rise of the Internet social media sites have emerged: websites with the specific purpose of communicating with others, sharing ideas and information, and creating interactive communities to share user-generated content. Facebook, the most popular social media site, as of the fourth quarter of 2015 had 1.59 billion monthly active users.
Social media can take many different shapes and sizes, and can feature registered and anonymous users. Such social media outlets, such as the app Yik Yak, have come under fire recently for the content that has been posted on the app. Users posting anonymously have made racist, sexist, and otherwise offensive posts, as well as threats about shootings and terrorism. With the constant threat of terrorism and school shootings at the forefront of the minds of law enforcement and school administrators, postings about threats of violence and other offensive posts are not taken lightly. A survey of college officials in April 2015 showed that a majority of those responding monitored such public social media feeds. The question becomes: should school officials and law enforcement monitor public social media posts, and should they actively seek out those who make offensive or threatening posts?
Pros
On the surface, the benefits to social media monitoring are obvious: should there be threatening, offensive, or other questionable posts, school officials, law enforcement, and other positions of authority will be able see the posts, and act on them. In today’s world, potential attackers with strong social media presences may post about an attack, or hint at it. Even in cases where the poster isn’t serious about the threats they are making, it is impossible to tell someone’s intent without further follow up. Some of these threats can be made over social media sites like Facebook and Twitter, where users are required to register and disclose information in order to make an account, which makes tracking down the poster easier. However, apps like Yik Yak, where users are able to post anonymously, have been hotbeds for offensive speech, and threats of violence as well. In cases where threats do occur, the anonymous nature of Yik Yak has not protected the identities of posters. Police have arrested multiple people who have used the app to threaten violence. While the police are required to provide a subpoena to get information about the posters, as they are otherwise anonymous, the timing of the arrests (hours after the post itself happens) shows that those running Yik Yak do not take these threats lightly. While the seriousness of the threats remains unknown, the proactivity of law enforcement has likely saved lives.
Cons
The proponents against such monitoring and the subsequent follow-ups cite free speech as the main reason postings should be left alone. On Yik Yak, aside from a legitimate threat or other call of violence, the app self regulates through an upvoting/downvoting system. If a post gets a score of negative five, it is removed. Much of the offensive or otherwise negative content gets filtered and self regulated through the community in this way. With this system in place, many offensive or otherwise unpopular posts will not last long. Obviously, trolls and those with hateful opinions aside, many people do not approve of hate speech. Policies like this keep the community a more regulated space, without additional involvement.
For example, to prevent the app from infiltrating the high school community, “geo-fences” have been placed around about 90 percent of high schools and middle schools – effectively preventing anyone from accessing the app from a location near a high school or middle school. This helps to prevent those who aren’t mature enough to handle it from getting to it. Cyberbullying is much more prevalent in middle schools and high schools than it is in college, so the anonymous nature of this app becomes all the more dangerous in the hands of those more likely to abuse it. Taking steps such as these helps to keep the app as it was intended, while still keeping some precautions to prevent it from getting out of hand.
Even in spaces like college campuses, where users can be deemed mature enough to access the app, there is still evidence of hateful speech. However, hateful speech is not illegal. Though it may not be encouraged or condoned by the app developers, its users, or third parties to the situation, people are still free to speak their minds. Were school administrators or law enforcement to seek out those who were making racist, misogynistic, or otherwise offensive posts, there is little they could do to enforce it. The app can be banned via school’s wifi networks, but it is mostly a symbolic gesture, as the app would still be available through cellular data. At state schools, freedom of speech is protected under the first amendment of the constitution.
This also sets a potentially dangerous precedent, and could start a slippery slope. If one part of speech is censored, what will come next?
My Opinion
I see both sides of the argument, and I think there are merits to both sides. I am definitely a proponent of identifying those who make threats of violence and terror threats. As mentioned in the post, there is no way to know if the threats are serious or not, and I don’t think that we can afford to err on the side of leniency with regard to these posts. I think that public social media can be monitored, and not intervened on unless the situation calls for it. Especially when it comes to younger, less mature users of social media sites. However, I think that free speech in all other circumstances should be honored. I don’t approve of hate speech, but I do not think it is right to censor it. I also think that in this age of Internet trolls it would be a waste of resources to go after anyone who says something offensive over the Internet. The Internet is home to so many controversial posts, opinions, and people, and I think it’s important to understand that not everyone will say or do nice things, especially if they are under the veil of anonymity. However, just because someone’s feelings are hurt does not mean we need to seek out and reprimand the offender. What are your thoughts?
Ever since the advent of the Internet, human communication has drastically changed. The networking potential created by the Internet has allowed people from all across the globe to communicate instantaneously in ways that seemed impossible only 25-30 years ago. With the rise of the Internet social media sites have emerged: websites with the specific purpose of communicating with others, sharing ideas and information, and creating interactive communities to share user-generated content. Facebook, the most popular social media site, as of the fourth quarter of 2015 had 1.59 billion monthly active users.
Social media can take many different shapes and sizes, and can feature registered and anonymous users. Such social media outlets, such as the app Yik Yak, have come under fire recently for the content that has been posted on the app. Users posting anonymously have made racist, sexist, and otherwise offensive posts, as well as threats about shootings and terrorism. With the constant threat of terrorism and school shootings at the forefront of the minds of law enforcement and school administrators, postings about threats of violence and other offensive posts are not taken lightly. A survey of college officials in April 2015 showed that a majority of those responding monitored such public social media feeds. The question becomes: should school officials and law enforcement monitor public social media posts, and should they actively seek out those who make offensive or threatening posts?
Pros
On the surface, the benefits to social media monitoring are obvious: should there be threatening, offensive, or other questionable posts, school officials, law enforcement, and other positions of authority will be able see the posts, and act on them. In today’s world, potential attackers with strong social media presences may post about an attack, or hint at it. Even in cases where the poster isn’t serious about the threats they are making, it is impossible to tell someone’s intent without further follow up. Some of these threats can be made over social media sites like Facebook and Twitter, where users are required to register and disclose information in order to make an account, which makes tracking down the poster easier. However, apps like Yik Yak, where users are able to post anonymously, have been hotbeds for offensive speech, and threats of violence as well. In cases where threats do occur, the anonymous nature of Yik Yak has not protected the identities of posters. Police have arrested multiple people who have used the app to threaten violence. While the police are required to provide a subpoena to get information about the posters, as they are otherwise anonymous, the timing of the arrests (hours after the post itself happens) shows that those running Yik Yak do not take these threats lightly. While the seriousness of the threats remains unknown, the proactivity of law enforcement has likely saved lives.
The benefits to monitoring social media are broader than just preventing violence and terrorism threats. Between September 2012 and September 2013, nine suicides in teenagers were linked to the last.fm social media site alone. Monitoring the social media and Internet activity of teenagers is one way to keep them safe. The Internet is a large, open space. As such, it may not be unreasonable to make sure that teenagers are not getting mixed up in trouble that they shouldn’t be. Additionally, the anonymity provided by the Internet can encourage people to say things that they wouldn’t in real life. This could be even worse for teenagers, as it gives an additional outlet for bullies to harass their victims. Being able to spot harassing posts, and posts about depression, self harm, and other red flags, and then intervene is something that could help prevent further incidents in the future.
Cons
The proponents against such monitoring and the subsequent follow-ups cite free speech as the main reason postings should be left alone. On Yik Yak, aside from a legitimate threat or other call of violence, the app self regulates through an upvoting/downvoting system. If a post gets a score of negative five, it is removed. Much of the offensive or otherwise negative content gets filtered and self regulated through the community in this way. With this system in place, many offensive or otherwise unpopular posts will not last long. Obviously, trolls and those with hateful opinions aside, many people do not approve of hate speech. Policies like this keep the community a more regulated space, without additional involvement.
For example, to prevent the app from infiltrating the high school community, “geo-fences” have been placed around about 90 percent of high schools and middle schools – effectively preventing anyone from accessing the app from a location near a high school or middle school. This helps to prevent those who aren’t mature enough to handle it from getting to it. Cyberbullying is much more prevalent in middle schools and high schools than it is in college, so the anonymous nature of this app becomes all the more dangerous in the hands of those more likely to abuse it. Taking steps such as these helps to keep the app as it was intended, while still keeping some precautions to prevent it from getting out of hand.
Even in spaces like college campuses, where users can be deemed mature enough to access the app, there is still evidence of hateful speech. However, hateful speech is not illegal. Though it may not be encouraged or condoned by the app developers, its users, or third parties to the situation, people are still free to speak their minds. Were school administrators or law enforcement to seek out those who were making racist, misogynistic, or otherwise offensive posts, there is little they could do to enforce it. The app can be banned via school’s wifi networks, but it is mostly a symbolic gesture, as the app would still be available through cellular data. At state schools, freedom of speech is protected under the first amendment of the constitution.
This also sets a potentially dangerous precedent, and could start a slippery slope. If one part of speech is censored, what will come next?
My Opinion
I see both sides of the argument, and I think there are merits to both sides. I am definitely a proponent of identifying those who make threats of violence and terror threats. As mentioned in the post, there is no way to know if the threats are serious or not, and I don’t think that we can afford to err on the side of leniency with regard to these posts. I think that public social media can be monitored, and not intervened on unless the situation calls for it. Especially when it comes to younger, less mature users of social media sites. However, I think that free speech in all other circumstances should be honored. I don’t approve of hate speech, but I do not think it is right to censor it. I also think that in this age of Internet trolls it would be a waste of resources to go after anyone who says something offensive over the Internet. The Internet is home to so many controversial posts, opinions, and people, and I think it’s important to understand that not everyone will say or do nice things, especially if they are under the veil of anonymity. However, just because someone’s feelings are hurt does not mean we need to seek out and reprimand the offender. What are your thoughts?
Question of the Week No. 11
Cyber bullying, student violence at school and
teenage suicide is a growing concern in grades K-12 in schools across the
nation. Some schools are monitoring the
social media posts of students in an effort to combat these problems and
require students to disclose their social network passwords to school
officials. Many students and parents
oppose such monitoring, citing an invasion of student privacy. Is such monitoring sound public policy in
today’s digital world?
Friday, March 25, 2016
Week 10 Takeaways
1.
A jury awarded Hulk Hogan $150 million in his sex tape
case. $55 million for economic harm, $60 million for emotional distress, and
$25 million for punitive damages against Gawker and Nick Denson, the owner of
Gawker. It’s likely that the judge will reduce the amount of money given to him
because Gawker will argue that the amount the jury awarded is far in excess of
how much the tape actually hurt him and because there was some evidence that
was not displayed in court. I didn’t know that judges could reduce the amount
of money given to someone by a jury.
2.
An Exabyte is the largest unit of information that we
have. It is equal to 1 billion gigabytes. Up until 2003, we had produced 5
exabytes total. Now we produce 5 exabytes every ten minutes. That number will
keep increasing as more and more things become internet based like our cars,
houses, thermostats, etc. Maybe we will even have to come up with another
“byte” measurement larger than exabytes.
3.
A study done with nameless Facebook posts was able to
reidentify people with a 95% accuracy, given 3 other data points about the
person combined with their Facebook posts. This is important because we have
been talking in class a lot about whether or not data can accurately be linked
back to people and what kind of protection/anonymization that data needs. We
also learned that there is a difference between information that personally
identifies you as an individual and aggregate data that is not linked directly
with a person.
4.
HB 300 passed which states that law enforcement must
come up with written policies about their use of body cameras within their
work. There are minimum standards about their usage based off the legislation,
beyond that the cities must come up with their own. According to the bill, the
footage is not classified as public or private and law enforcement must balance
between public and private interest on a case by case basis.
5.
HB 358 passed as well. This recognized that the
existing laws in regards to student privacy are insufficiently protective. It requires
the state board of education to develop a data governance plan mainly focused
on security. The educational institution must have a data management plan and
the vendors they utilize must have adequate privacy safeguards as well. It also
creates a state student data officer and recognizes that individually
identifiable data is owned by the individual student.
6.
We discussed the challenges that go into creating
regulations for data brokers like what exactly are data brokers, transparency between
the brokers and the consumers, access to the data, sensitive information,
inferences made based off the data, incorrect inferences, data security
standards, consent, consumer education, and enforcement. The Data Broker Access
and Transparency Act is a federal bill that is designed to get the ball rolling
as far as regulating data brokers goes. A lot of their solution is based around
a website that outlines standards and punishments for data brokers, as well as
a consumer education section for the public.
Thursday, March 24, 2016
Do Not Track
Do Not Track
In many of our modern browsers, we see the option of “Ask websites not to track me” (Safari v9) or “Send a ‘Do Not Track’ request with your browsing traffic” (Chrome v48) but what does this option do?
Do Not Track (DNT) is a small piece of information that is sent along your HTTP request when you click on a webpage. This is a single DNT signal to be maintained on a browser so it does not require you to get DNT cookie from each individual advertiser. Do Not Track tells the website and their third party content providers (such as advertisers) that you wish to not be tracked for advertising purposes.
Do Not Track (DNT) is a small piece of information that is sent along your HTTP request when you click on a webpage. This is a single DNT signal to be maintained on a browser so it does not require you to get DNT cookie from each individual advertiser. Do Not Track tells the website and their third party content providers (such as advertisers) that you wish to not be tracked for advertising purposes.
What is Web Tracking
Web tracking is when the website uses special software and cookies to keep tabs on their visitors. These tracking services can be used to improve the online experience to tailor ads to the consumer. While visiting the website of Opentracker, a company that provides tracking tools and other analytical tools, there was a little widget that shows the potential information that can be tracked, such as your location, the website you came from, number of visits, and total pages viewed.
Websites like Amazon can then take this information and use it to predict and suggest products to you. First party tracking are tracking done by the website you are on. Many websites like Facebook, Amazon, Google, etc. will store cookies, or small text files assigned to your browser once you've visited the website. These cookies are helpful to ensure that you are logged in to your online account or your settings are restored. However, tracking by a third party, like an ad server, uses cookies to recognize the same user across different websites. When you visit the New York Times, you might get ads for shoes if you had searched for it earlier.
Websites like Amazon can then take this information and use it to predict and suggest products to you. First party tracking are tracking done by the website you are on. Many websites like Facebook, Amazon, Google, etc. will store cookies, or small text files assigned to your browser once you've visited the website. These cookies are helpful to ensure that you are logged in to your online account or your settings are restored. However, tracking by a third party, like an ad server, uses cookies to recognize the same user across different websites. When you visit the New York Times, you might get ads for shoes if you had searched for it earlier.
Implementation of Do Not Track
In 2007, several public interest groups, including the World Privacy Forum, CDT, and the EFF asked the FTC to create a Do Not Track list for online advertising. In their proposal, the interest groups asked the FTC to "Create a national Do Not Track List similar to the national Do Not Call List." Nothing came from the request until 2010 when the FTC Chairman Leibowitz tells Senate committee that FTC is considering a DNT list. Later that year, the idea of using a HTTP header instead of cookies or a list gained widespread acceptance. In 2011, Mozilla Firefox was the first browser to implement the DNT header and shortly after, Microsoft Internet Explorer, Google Chrome, and Apple Safari shortly followed. In 2012, support for DNT came from the FTC, the White House, and the Digital Alliance Surveillance. The W3C, a international Internet setting group comprised of all interested stake holders gathered to formulate an agreed upon international standard for a header based DNT standard. However, there were arguments amongst the members and a consensus could not be reached. After nearly 4 years, the group issued a modest proposal in 2015 that calls for networks and companies to honor a Do Not Track request in limited circumstances.
The implementation of Do Not Track has been riddled with issues. In 2012, users who used the "Express" setting while installing Windows 8 enabled a Do Not Track option by default for Internet Explorer 10 and Windows 8. Advertisers bashed Microsoft for setting it as default and quickly announced that they would ignore the DNT request because it makes the consumer's choice for them. The W3C also criticized Microsoft's decision. In 2015, Microsoft announced that as of Windows 10, it would not default to Do Not Track while using the express settings. However, the damage has done and many privacy advocates say that the backfire from Windows 8's default opt-out approach killed DNT.
The implementation of Do Not Track has been riddled with issues. In 2012, users who used the "Express" setting while installing Windows 8 enabled a Do Not Track option by default for Internet Explorer 10 and Windows 8. Advertisers bashed Microsoft for setting it as default and quickly announced that they would ignore the DNT request because it makes the consumer's choice for them. The W3C also criticized Microsoft's decision. In 2015, Microsoft announced that as of Windows 10, it would not default to Do Not Track while using the express settings. However, the damage has done and many privacy advocates say that the backfire from Windows 8's default opt-out approach killed DNT.
Effectiveness of Do Not Track
Most major browsers include a Do Not Track option, however, website owners or advertisers can ignore the request minimizing its effectiveness. A majority of websites on the Internet does not honor the DNT signal. However, some major sites like Twitter and Pinterest have committed to honor DNT signal (click here for a list of sites that honor DNT).
In 2011, the Digital Advertising Alliance developed a Do Not Track system of their own which allows users to affirmatively opt-out of targeted advertising by logging in to the AdChoices and clicking on an icon. The icon links to video about the values of interest based advertising and then displays another link which the users can click to opt out receiving interested based ads from some or all DAA members. However, a study conducted by Parks Associates found that three years after the introduction of the AdChoices icon, most consumers were unaware of it, and awareness had grown only to 6% in 2013 from 5% in 2011.
In June of 2015, Consumer Watchdog petitioned the FCC to require edge providers (like Google, Facebook, YouTube, Pandora, Netflix, and LinkedIn) to honor Do Not Track Requests from consumers. However, the FCC ruled that they will not force the edge providers to honor consumer Do Not Track requests saying that they don't intend to "relate the Internet, per se, or any Internet applications or content."
What Can You Do as a Consumer
There are many options for consumers to protect their privacy from trackers. Many browsers offer the possibility of installing extensions to enhance the browser's function. Some extensions can be used to block any traffic from trackers.
Ad blockers such as uBlock (Origin), AdBlock, and Adblock Plus allows users to block out ads and filter out trackers. Extensions like Ghostery and Disconnect automatically blocks third-party scripts used for tracking you, like google Analytics, Intercom, social sharing buttons and more. The EFF's Privacy Badger is "born out of [EFF's] desire to be able to recommend a single extension that would automatically analyze and block any tracker or ad that violated the principle of user consent."
Author's Thoughts
I think that we can't rely on organizations to protect our privacy, we have to take the first step. In my browser I have uBlock and Ghostery set up to block any intrusive ads and trackers. I believe that while DNT is a great idea on paper, it's implantation has been lackluster. With advertisers not honoring requests and no incentives or real purpose for them to do so, DNT is slowly dying.
Question of the Week No. 10
Should data brokers be legally required to
disclose to consumers what information they have compiled on an individual and
to whom the information has been sold?
Friday, March 18, 2016
Data Broker Legislation
Data brokers, who are they and how do they impact your privacy?
Data brokers work for companies that collect information about people from a wide range of sources in order to make a personal profile. These profiles are then sold to companies that desire personal information in order to market product.
Data brokers sell complied personal data to other companies (including other data brokers), organizations, government agencies, or other persons. In some cases, they exchange this information under cooperative arrangements rather than sell it. In other instances, they provide the information at no cost, making money through advertising or referrals.
The Federal Trade Commission (FTC) has defined data brokers as “companies that collect information, including personal information about consumers, from a wide variety of sources for the purpose of reselling such information to their customers for various purposes, including verifying an individual’s identity, differentiating records, marketing products, and preventing financial fraud.” Protecting Consumer Privacy in an Era of Rapid Change (March 2012) at page 68.
Where do data brokers get your personal information?
- Data brokers can get information from a wide range of public records such as court filings, real property and tax assessor records; mortgages, driver’s license records, motor vehicle records, voter registrations, telephone directories, real estate listings, birth, marriage, divorce and death records, professional license filings, recreational (hunting and fishing) licenses, and census demographic information.
- Self reported information such as contest entries, sweepstakes and warranty cards.
- Social media such as Facebook. Data brokers can use these sites to gain access to a user's name, gender, location, and level of education.
- Cooperative arrangements in which companies will exchange existing information about their customer for additional information gathered by data brokers.
- Buying information from other data brokers, retailer or financial institutions. This may include consumer's’ web browsing activities from online advertising networks, data about purchases from retailers, catalog companies and magazines and data from websites where consumers register or login to obtain services, such as retail, news, and travel sites
Privacy concerns
The general population is largely unaware that their data is being collected and stored. Data broker companies prefer it this way. Data brokers are largely unregulated. If the population had a better understanding of what was being done with their data, it is likely there would be more concern.
A good example a data brokers company is Ebureau. This is a company you may remember from a video by Professor Dryer. This company is one of the top data collecting companies. Before this class I had never heard of it. Ebureau knows everything about us. Ebureau creates what is called an Escore, an Escore is like a credit score, except a Escore contains a lot more information. This information is then sold to companies who use it to decide if someone will be a profitable customer.
Companies can use this information to discriminate against users. They don’t just use cold hard facts either. Data brokers are notorious for inferring details based on the information gathered. Here is an example: if a user belongs to a data segment called “Biker Enthusiasts” that offers motorcycle related coupons to its customers, an insurance company using that same segment might infer that the consumer engages in risky behavior. Thus, information compiled by data brokers can seriously affect someone's life yet only one of the major data broking companies allows users to correct inaccurate data that has been compiled about them.
There are benefits of data brokers. Data brokers help create targeted ads which are efficient to both the company and the consumer. Data brokers also help prevent fraud. Four of the major data broking companies sell risk mitigation products. These products help companies ensure that Jane Doe of 123 Main street who wants to buy a boat is actually Jane Doe.
What is being done to protect user privacy?
The FTC first became concerned with the inner workings of data brokers in 1990. After conducting a thorough investigation the FTC suggested to congress that something should be done to increase transparency in the data broking business. Despite this, no legislations was enacted.
In 2012 the FTC tried to redirect interest in data brokers by issuing a report. This report called for more transparency in the data broker business, this report suggested that data brokers create a centralized website that anyone could access. This website would identify data broker companies, detailing their data gathering methods, as well as how the data are being used. This website would also give users the opportunity to correct incorrect data on them or opt out of having their information used completely.
The FTC also issued administrative subpoenas to nine data broker companies: Acxiom, Corelogic, Datalogix, eBureau, ID Analytics, Intelius, PeekYou, Rapleaf, and Recorded Future. This subpoena requires these companies to respond to a detailed set of information requests. The Orders requested detailed information regarding the data brokers’ practices, including the nature and sources of consumer data they collect; how they use, maintain, and disseminate the data; and the extent to which the data brokers allow consumers to access and correct data about them or to opt out of having their personal information sold or shared. Their response has not yet been made public.
Congress has had a much more proactive responses to the FTC’s latest findings then it did in 1990. In 2014 a bill was introduced in an effort to protect consumer privacy. This bill did not make it through the Senate but a similar bill was introduced in 2015 by Edward Markey.
The “Data Broker Accountability and Transparency Act of 2015.”
“Prohibits data brokers from obtaining or causing to be disclosed personal information or any other information relating to any person by making a false, fictitious, or fraudulent statement or representation, including by providing any document that the broker knows or should know to: (1) be forged, counterfeit, lost, stolen, or fraudulently obtained; or (2) contain a false, fictitious, or fraudulent statement or representation.”
Senator Markey stats that the data broker industry is a "shadow industry of surreptitious data collection that has amassed covert dossiers on hundreds of millions of Americans, Data brokers seem to believe that there is no such thing as privacy." In addition, co-sponsoring Senator Richard Blumenthal (D - Conn) thinks that brokers are "insidious, invisible threats" to privacy.
The Direct Marketing Association, a trade group that represent data brokers, believes that brokers are taking steps on their own to improve transparency and that the industry should be self-regulating.
While the Data Broker Accountability and Transparency Act requires that the FTC set up a website for consumers to make some decisions regarding their personal data, it requires the FTC to proffer specific rules about how this is done. This is a standard method used by the Congress to get things done. The Congress lays out concepts and a plan of action and then requires a department of the executive branch to specify regulations through a public process.
There are two failings to this approach. The first is that the public process involved in rulemaking favors industry. In order for consumers to contribute to the making of rules and statutes through a public process, they must be involved and knowledgeable. This is difficult for individual consumers. On the other hand, industry has resources and can hire analysts and lobbyist to engage in these processes, follow process and influence the making of statutes.
The second failing is that industry self-regulation is an historic myth. The history of industry in the United States is that of aggressive marketing and innovation. This has led to centuries of economic growth. Occasionally however, government regulation is necessary. Information is a commodity and can be privately owned and traded on the market. But personal informations is naturally owned by individuals and should be traded at the behest of the owner and under conditions the owner specifies.
The Data Broker Accountability and Transparency Act, therefore is flawed in that it doesn’t specifically recognize that individuals own their own data. The act should require that data be kept by the individual unless contracted for otherwise.
Subscribe to:
Comments (Atom)