Tag: privacy

In tech we trust

How much can we trust technology? A World Economic Forum panel discusses the issues.

“There is a big problem with trust today,” says cable operator Liberty Global’s Micheal T. Fries.

He was sitting on a fascinating panel at the World Economic Forum this week with Yahoo! CEO Marissa Mayer, Salesforce founder Marc Benioff and World Wide Web creator Tim Berners-Lee looks at the issue of trust in the tech world.

In a world where everyone wants access to our data, it’s a pertinent and timely discussion from people at the front line of where these issues of ethics and privacy are being dealt with.

Burning user trust

How Whisper burned its users trust with false security and privacy promises

The Guardian today has a stunning expose on the Whisper social media network and its practice of tracking users.

In trying to sell its services to the Guardian, the company showed that it was betraying their promises of anonymity to its users.

Whisper’s behaviour is particularly disgraceful given the service’s promise of user confidentiality and their changing of their terms of service only shows the company’s struggle to understand ethics.

No social media service can afford to burn user trust in the way Whisper has.

If you’re going to promise users anonymity and security then you better deliver. Whisper has failed

 

You’re being scanned

Recognition technology is advancing rapidly, creating opportunities for marketers and privacy concerns for consumers.

A  cute little story appeared on the BBC website today about the Teatreneu club, a comedy venue in Barcelona using facial recognition technology to charge for laughs.

In a related story, the Wall Street Journal reports on how marketers are scanning online pictures to identify the people engaging with their brands and the context they’re being used.

With the advances in recognition technology and deeper, faster analytics it’s now becoming feasible that anything you do that’s posted online or being monitored by things like CCTV is now quite possibly recognise you, the products your using and the place you’re using them in.

Throw all of the data gathered by these technologies into the stew of information that marketers, companies and governments are already collecting and there a myriad of  good and bad applications which could be used.

What both stories show is that technology is moving fast, certainly faster than regulatory agencies and the bulk of the public realise. This is going to present challenges in the near future, not least with privacy issues.

For the Teatreneu club, the experiment should be interesting given rich people tend to laugh less; they may find the folk who laugh the most are the people least able to pay 3o Euro cents a giggle.

Metadata and privacy on ABC overnights

On ABC Radio Overnights we discussed privacy and metadata

In the early hours of this morning I spoke with Rod Quinn on ABC Overnights about what exactly is metadata in light of current Australian government plans to mandate a data retention law for internet service providers.

Part of the problem in the debate is defining exactly what metadata is, something I’ve attempted to do previously.

The attempt to bring clarity to the discussion isn’t being helped by the confusing explanations of politicians as shown in this interview with Malcolm Turnbull, the communications minister, shows.

One of the things that kept coming up in the conversation, which we hope to have available shortly, was people who have nothing to hide should have nothing to fear.

These two videos — Don’t Talk To Cops Parts I and II — feature a law professor and police prosecutor speaking about how innocent people can be caught out by the law.

First the law professor;

Then the police prosecutor;

A question the law professor asks, “did you know it’s a Federal offence to posses a lobster?” The answer is ‘yes’ and in every country there’s almost no way any individual can be confident they haven’t committed a crime under some obscure or archaic law.

This is why an adult discussion on laws that change the burden of proof and how government agencies conduct themselves is important.

Another key point from this morning’s conversation is how we need to reconsider the boundaries of privacy and personal information.

The messy business of metadata

At present we’ve defined metadata too broadly and private information too narrowly which allow governments and businesses to overreach

“We kill people based on metadata,” former US National Security Agency director Michael Hayden told a panel at John Hopkins University last year.

That statement brings sharply into focus the current Australian debate about Telcos being mandated to retain metadata. This information is powerful and can be used in ways not expected by the community.

How metadata is used depends upon how it is defined; one of the worrying parts of the Australian debate is just how nebulous the definition of ‘metadata’ is.

Defining metadata

The basic definition of metadata is that it is ‘data about data’, every packet of data that’s transmitted across the internet is wrapped in information to help the network deliver it to its intended location in a useful form.

Strictly speaking this is where the glib ‘address on the envelope’ line so beloved by clueless politicians promoting data retention comes in; this information is useful but not private as anyone can see it.

That view underlies the defining metadata case, the 1979 US Supreme Court’s Smith v Maryland case, that held telephone numbers are not private information as they’ve been disclosed to the phone company.

Metadata everywhere

With the rise of digital technologies, metadata became much more than just phone numbers and addresses; digital cameras encode photographs with EXIF information that includes details of the date, time camera, shutter speed, focal length and increasingly the location where the photo was taken.

The smartphone you might take that photo with is logging into base stations which telcos are tracking, this is one of the applications law enforcement agencies regularly use to catch criminals, and increasingly near field communications like BlueTooth are being logged by everything from toll gates to bus shelters to track phone usage.

Every email sent has dozens of lines of metadata describing the servers, routing and software used in sending it. Only a tiny fraction of a Twitter message is the 140 character content, the rest is metadata.

This site has hundreds of lines of metadata to tell your browser how to display it and your browser itself is storing dozens of cookies that tell other sites where you’ve been – all of this is metadata.

When we add the Internet of Things to the metadata debate things get even more complex. As home devices, smartcars and wearable technology generating packets of data, it becomes far easier for governments and private enterprise to stitch together a complete picture of an individual even without looking at the actual content of the packets.

The risks for service providers

As Australian ISP iiNet raised in an excellent submission to the Senate committee on data retention, collecting all of this data creates costs and risks for service providers as they have to store, manage and protect massive amounts of data.

Most of that data will never be looked at, but agencies want the information stored because they can. The bizarre thing is that under Australian law, specifically section 313 of the Telecommunications Act, is that a public servant – not just a a law enforcement officer – only has to ask for the information.

For most people the dangers of government surveillance are remote however all of this information is also available to private organisations ranging from health insurers to credit checking bureaus; the real debate is just how much data do we want others to have on our private lives.

At present we’ve defined metadata too broadly and private information too narrowly.

What’s notable in every discussion about increasing government or police powers is the mantra of getting the laws to catch up with technology.

In the case of metadata it may well be the definition of individual rights has to catch up with modern technology, not the powers of government.

Splitting apps

Splitting apps is a big risk for online services

Much to the irritation of many users both Foursquare and Facebook have split their apps into separate tools.

Fred Wilson of Union Square Ventures, one of the investors in Foursquare, explains the reason for this are that different patterns meant the service had to cater for privacy models which threatened to confuse users.

The risk for both Facebook and Foursquare is that irritated users might give up on the service, it’s a tough balancing act.

Respecting the user – Drummond Reed of the Respect Network

The Respect Network’s Drummond Reed sees personal clouds as the future of online privacy

Drummond Reed, CEO of the Respect Network, is the latest guest on the Decoding the New Economy channel.

The Respect Network offers ‘private clouds’ for individuals and companies where users can choose to trust others to share information.

After over twenty years of working in the IT security industry, Drummond founded the Respect Network after becoming worried at the power social networks are having over individuals’ privacy.

Drummond explains how a network designed to be private may be the future of online services.

“The internet is only 18 years old,” says Drummond. “We want to bring it into adulthood.”

Privacy and mutual respect

Privacy and mutual respect – the assumption underlying the Respect Network and online trust

Tonight was the Australian launch of the Respect Network in Sydney which followed similar events in London and San Francisco. I’ll be writing more on this over the next few days.

One of the key questions when considering the Respect Network is how much the average internet user values privacy; the business model of the service relies upon people being prepared to pay to preserve their privacy.

Another question is how many lies people will tell to get free or cheap stuff – respect is a two way thing.

Staying healthy with Big Data

Doctors are starting to match shopping patterns to health problems

US medical centre chain Carolinas HealthCare has started mining patients’ credit card data to predict health outcomes reports Bloomberg Businessweek.

The idea is that by looking at credit information and purchasing records, doctors can anticipate what ailments their patients will present with.

Carolinas Healthcare’s matching of spending patterns to healthy is an obvious application of Big Data which illustrates some of the benefits that mining information can deliver for individuals and the community.

Should the project overcome patients’ valid privacy concerns, this is the sort of application that is going to be increasingly common as organisations figure out how to apply software to their mountains of information.

Insurers and the internet of things

Microsoft’s partnership with American Family Insurance shows how insurers are adopting the Internet of Things, is the community ready for real time monitoring of risk?

Earlier this week, Microsoft Ventures announced a partnership with American Family Insurance in an accelerator for home automation services.

The insurance industry has an obvious interest in the Internet of Things (IoT) as constant monitoring allows them to make more accurate assessments of risk and quickly adjust policies or premiums when circumstances change.

“We are focused on helping early stage companies bring new products and services to market that can make our policyholders’ homes and lives safer,” Microsoft’s media release quotes Dan Reed, American Family Ventures’ Managing Director as saying.

For consumers and the public at large, there a serious implications of constant monitoring by insurance companies, marketers and government agencies.

As Business Insider points out, Google already holds a massive amount of data on us all with Apple, Amazon, Facebook and Microsoft not far behind.

One of the key questions of the next decade is ‘do we we want our smart smoke detectors spying on us?’ and, if so, do we want it giving that data straight to the insurance company?

The online security pains of a growing business

Stratfor’s humiliating computer hack is a lesson for all businesses about IT security

Possibly the most embarrassing of the outbreak of computer hacks in late 2011 was the breaching of prominent geopolitical analysts Strategic Consulting, also known as Stratfor.

The Daily Dot dissects what went wrong for Stratfor based on a leaked report from Verizon Business who carried out a “forensic investigation” of the hack which the company claims cost them $3.8 million in damages.

While the monetary damages were substantial for a relatively small company, Stratfor’s reputation was probably the greatest casualty as customers’ credit card details were exposed and the firm’s confidential files were distributed by Wikileaks.

The tragic thing is that none of this would have happened had Stratfor followed basic IT security practices, something that every business should be following.

Don’t store credit card details

Probably Stratfor’s biggest mistake was storing customers’ credit card details – there is no reason for saving your clients’ payment details. Ever.

If you’re accepting credit cards, organise a payment service to handle that work for you as they know what they are doing and take most of the management hassles, security and fraud risks.

In most cases, these companies’ fees are no more than manual processing fees that Stratfor and most businesses manually processing payments get hit with anyway.

Password policies

Another basic mistake was that passwords were shared and kept simple; there is no excuse for giving staff the same password to access confidential or critical files and systems.

Similarly, there wasn’t a ‘need to know’ policy; that is, that an analyst has no reason to have access to HR files and the receptionist no need to be looking at sales figures. Sensitive data should only be accessible to those who need it for their day-to-day work.

Remarkably, Stratfor didn’t have any properly configured firewalls and on many computers didn’t have up to data anti-virus protection. All of this made it easy for hackers to get into the network and access confidential information.

The online pains of growing a business

In some respects it’s possible to feel sorry for Stratfor’s management, the report is a classic example of a business that outgrew the IT structure for a one or two person operation founded by men who didn’t understand the risks of the internet.

Today there’s no excuse not to have systems locked down or to lack a company culture that recognises data security as being essential in the modern business world.

Stratfor’s hack was a spectacular example of what could go wrong, but it’s a warning for all businesses about the importance of security in a connected world.

Building an internet we’re not ashamed of

How do we build an internet we’re not ashamed of asks developer and writer Maciej Ceglowski

Late last month writer, painter and software developer Maciej Ceglowski spoke at the design and technology conference, Beyond Tallerand in Dusseldorf.

The Internet with a Human Face is his closing keynote for the conference – let’s try to kill that kill that awful term ‘locknote’ for closing presentations – and is a wonderful overview of the unintended consequences of the internet we’re now seeing emerge.

Maciej compares the internet’s effects with that of the motor car in the Twentieth Century – the rise of the automobile totally changed society in ways our great grandparents couldn’t have expected.

Unexpected consequences

In many respects the changes were positive; the age of the motor car saw massive increases in living standards through the second half of the century. However the immediate downside of those efficient supply chains were equally massive increases in obesity rates, suburban alienation and urban sprawl.

A similar thing is happening with this wave of technological changes; as Maciej describes in our presentation, our views of how the web was going to evolve is turning out to be very different to what we expected.

One great example is in small business advertising where we expected online channels would democratise marketing. Instead the exact opposite has happened.

Maciej’s view is far broader than just the relatively trivial problem of small business advertising, particularly with the ‘Internet never forgetting’ with the concentration of the industry in one of the world’s great earthquake zones as another major risk.

Building an internet we’re not ashamed of

Ultimately, though Maciej sees the problems facing the internet industry as a design problem.

“I have no idea how to fix it. I’m hoping you’ll tell me how to fix it. But we should do something to fix it. We can try a hundred different things. You people are designers; treat it as a design problem! How do we change this industry to make it wonderful again? How do we build an Internet we’re not ashamed of?”

While being ashamed is a big call, and probably unfair in that it’s like blaming Henry Ford for 2014 childhood obesity rates in Minnesota, Maciej has flagged that there are real adverse unintended consequences to the way the internet is evolving.

All of us involved in the industry need to recognise those adverse effects and start acting to fix these problems.