Tag: privacy

Privacy is not someone else’s problem

Modern technology tools have made privacy an issue for everyone

Early this year a storm broke out about privacy in the United States when a computer rental company was caught spying on its customers.

Technology website Ars Technica has an excellent story describing what the company was doing and the software they were using.

What the story of PC Rental agent shows is that even small businesses have the tools to run serious surveillance on their customers and some will do so simply because they can.

The days when privacy could be dismissed as the concern for a few sensitive celebrities, sports people and politicians with something to hide are over – privacy is now your problem.

Are executives taking privacy seriously?

Executives and boards need to start taking privacy seriously before their businesses’ reputations are damaged and restrictive laws enacted.

In an article for Business Spectator on Lord Justice Leveson’s Sydney speech last week, I looked at the commercial aspects of privacy, an area that was overlooked in the reporting of the two Australian lectures by the British jurist.

Privacy is a serious issue which is also being overlooked by boardrooms, possibly because it’s often conflated with IT security and so it’s seen as a technology problem and, to be honest, executives see it as being a bit ‘soft’ and airy-fairy.

Sony’s humiliations in 2011 with a series of embarrassing privacy breaches that left the company’s reputation in tatters show the real and embarrassing risks in not taking privacy seriously.

The UK prank phone call scandal is another example of poor privacy policies which have real world impacts on both the hospital’s patients and staff, whether the management there is held to account or even learns any lessons remains to be seen.

In California, the US state with the strongest privacy laws, Delta Airlines is being sued over its smartphone app’s policies however the state itself isn’t immune from serious breaches.

Giving away social security numbers opens up all sort of identity theft opportunities although any privacy breach exposes the victims to potentially serious consequences, some of that pain is going to be passed onto those who give the information away.

The worry for businesses is that in the absence of serious action by governments and the private sector, the evolution of privacy law is going to take place in the courts with unpredictable and inconsistent results.

As we now have the tools to gather, store and process huge amounts of data about our customers and staff, we also have an obligation to protect it. This is something managements need to understand and take seriously.

Tracks in the ether

Smartphones, the web and tracking technologies are giving governments and businesses more power than ever.

Bureaucrats dream of tracking every person or asset under their purview and the rise of technologies like smartphones,  Global Positioning Systems (GPS) and Radio Frequency IDentity (RFID) chips are giving them more power than ever.

Two stories in the last week illustrated how these technologies are being used by authorities to monitor people; a school district in the United States is fighting a student who refuses to wear an RFID enabled identity card and Saudi immigration authorities are now sending text messages to guardians of travellers, mainly women, leaving the country.

In Saudi Arabia, the law prohibits minors and women from leaving the country without the permission of their adult male guardians. As the Riyadh Bureau website explains, to streamline the permission process Saudi authorities enabled online pre-registration for travellers so now male guardians can grant assent through a website rather than dealing with the immigration department’s paperwork every time their spouse or children wants to travel.

When the spouse or child passes through immigration, the guardian receives an SMS message saying their ward is about to leave the country. One assumes the male can withdraw that approval on receipt of the text.

The Saudi application is an interesting use of the web and smartphones to deliver government services and probably not what Western e-gov advocates are thinking of when they agitate for agencies to move more functions online.

More ominous is the story from the US where Wired Magazine reports Andrea Hernandez, a Texan student, is fighting her local school over the use of RFID enabled identity cards that track pupils’ attendance.

John Jay High School’s use of RFID tags is a classic case of bureaucrat convenience as electronic cards are far easier to manage and monitor than roll calls or sign-ins.

Incidentally John Jay High School has over 200 CCTV cameras monitoring students’ movements, as district spokesman Pascual Gonzalez says, “the kids are used to being monitored.”

The problem is that RFID raises a range of privacy and security issues which the bureaucrats either haven’t thought through or have decided don’t apply to their department.

Notable among those issues is that “has a bar code associated with a student’s Social Security number”. It never ceases to amaze just how, despite decades of evidence, US agencies and businesses keep using an identifier that has proved totally unsuited for the purposes it was developed for.

Probably the most worrying point from the Texan story is how school officials tried to suppress the story, offering Ms Hernandez’s father a compromise on the condition he “agree to stop criticizing the program and publicly support it.”

That urge to control criticism and dissent is probably the thing all of us should worry about when governments and businesses have the ability to track our movements.

In this respects, the Texas education officials are even more oppressive than Saudi anti-women laws. Something we should consider as more of our behaviour is tracked.

Posting without permissions

Facebook’s groups feature can be dangerous if you don’t check before adding people.

A client of mine once had a angry worker scream at him when she found out he’d posted photographs of all his staff on the company’s website.

“My ex is a psycho, he doesn’t know where I live or work. If he finds this, he might come around here and kill us all,” she cried.

The photos went down immediately and Kevin made sure he got explicit consent before he posted any details of his staff onto the website.

It was a valuable lesson on why you shouldn’t just post people’s details online without first asking them. We all have reasons why we’d like to keep certain facts out of the public light.

A Texan gay choir’s organiser posting the details of members onto Facebook is another reminder of why it’s a bad idea to put someone else’s details online without asking them first.

For two members of the Queer Chorus at the University of Texas, having their sexual orientation pasted on their Facebook feeds caused terrible damage with their families and it should serve as lesson to every manager, business owner or community group leader that this stuff matters.

One of the worrying features with Facebook is how other people can add you to groups without your permission – almost certainly a recipe for misunderstanding and mischief.

What’s even more unforgivable with Facebook’s conduct is the privacy settings for those groups overrides an individual’s own privacy settings.

As one of the victims said in the Wall Street Journal of when his father saw the status update, “I have him hidden from my updates, but he saw this,” she said. “He saw it.”

So even though both the individuals had chosen to lock their profiles away from public view, Facebook and the organiser of the group decided they knew better.

We shouldn’t let the administrator of the Facebook off the hook on this lapse, Christopher Acosta decided to make the group open and public. “I was so gung-ho about the chorus being unashamedly loud and proud,” he’s quoted as saying.

That’s nice when you have a tolerant family and you’re from a liberal community but for others that ‘transparency’ can lead to damaging family relations for years, if not lifetimes. In some communities the consequences could be far worse.

“I do take some responsibility,” says Mr Acosta. Which is a nice way of accepting you might have screwed somebody’s life up by doing something you didn’t understand.

Ultimately responsibility lies with the person who presses the button which causes the email or status post to be published. In this case Christopher Acosta was responsible.

To be fair to Mr Acosta, the ability to add people to Facebook groups without their permission is a deeply flawed as are those groups’ setting overriding an individual’s privacy preferences.

Facebook have to understand there are real life consequences to ‘transparency’ which can ruin careers and even cost the lives of people. The damage to families and communities can be immense.

Coming from a secure upper middle class white background, Mark Zuckerberg probably doesn’t quite understand the risks his company’s policies pose to people in vulnerable situations, hopefully some of his older and wiser advisers will explain why ‘transparency’ and ‘openness’ are not always a good idea.

Guarding your words

Mitt Romney and Alan Jones show how smartphones are changing politics and business

US presidential candidate Mitt Romney and Australian radio commentator Alan Jones have in one thing in common – not understanding that almost every person they know is carrying a listening device.

The smartphone is a powerful tool and one of its great features is how it makes a great dictation device, you can use the built in recording applications to jot down ideas or make a record of important conversations.

Political events are a great opportunity to record the candidates’ or speakers’ talks and this is what has caught both Jones and Romney.

The 47% dependent on welfare slur has probably sunk Romney’s presidential campaign. At the very least it’s exposed the contradictions at the heart of the Republican agenda as they try to demonise those receiving government entitlements while trying to win the votes of older Americans who rely on state subsidies to survive.

In many ways the US Republicans are facing the problem of electorates that believe their entitlements are sacred that all Western politicians will be grappling with over the next quarter century.

This contradiction isn’t something either the media or the Western political classes have the intellectual capacity to deal with, so there is little chance of a rational debate on the economic sustainability of the entitlement culture.

For Romney, this contradiction now threatens to sink his campaign.

The Jones problem is somewhat different, this nasty little man was speaking to the next generation of Australian Liberal Party apparatchiks and the controversy about his tasteless comments will probably improve his standing in the sewer in which he floats. In the wider community outside Jones’ increasingly narrow circle of influence his comments only confirm the low opinion decent people have of this man.

Jones though is not naive when using the media, the real naivety is among his guests. It’s been reported that before the event the audience were asked “if there were any journalists present”.

That question being asked betrays any claim that the organisers didn’t know Jones’ comments would be offensive. It also shows how the modern political fixer misunderstands the nature of today’s media. It’s likely a recording of proceedings would have leaked out through an enthusiastic supporter showing off.

What’s really instructive is how the kindergarten apparatchiks of the Young Liberals believe that shutting down recording devices will remove the risk of being held accountable. That mentality is pervasive through government and politics – shut down discussion and lie about what happened.

All of these politicians have to understand something Alan Jones has known all along; that a microphone should be treated like a loaded weapon and never assumed to be turned off and safe.

The days of what was said to the Poughkeepsie Chamber of Commerce or the Cootamundra Country Womens Association not being reported outside the local community are long gone. If you don’t want something broadcast nationally, then don’t say it.

On balance, this is good for democracy and leadership as it makes all politicians – and business leaders – far more accountable and transparent.

Accountability and transparency are anathema to the apparatchiks who run the political parties of the Western world. These people, despite their access to power, are ultimately going to be found wanting in a world where there is a recording device in almost every person’s pocket.

There are genuine privacy concerns with smartphones but for business and political leaders the days of “speaking with a forked tongue” are over. This is not a bad thing.

Facebook’s final fail

Has Facebook gone to far with its address changes

We’ve come to expect Facebook storing and manipulating our personal data, but is changing our contacts’ email addresses the final straw for the social media service?

Last week Facebook started changing users’ default email addresses to their inbuilt @facebook accounts.

This was irritating for many users, but now it appears the social media service has gone too far with changing the address books of their users.

If you have connected your iPhone, Android or Windows smartphone address books to the Facebook App, there is a chance that your contacts’ email addresses are now set to send to the user’s Facebook address rather than their “normal” email account.

When you synch your phone with your PC or laptop these changes will also be made in your main address book.

Given most people don’t use their Facebook supplied email this means many people won’t see messages sent to that address. This is a serious problem

You can check if your address book has been changed by simply looking at your contacts’ email addresses.

If it has, let your contacts know their addresses may have been changed as they can change the settings on their accounts. Read Write Web has instructions on fixing the address book problem.

Facebook’s behaviour on this is seriously worrying, it’s bad enough they store all of our data but altering our personal information is for me a bridge too far.

Given most mobile phone users would rather have their wallet stolen than lose their handset, Facebook’s messing with phones address book is going to shake their confidence in the service far more than the myriad privacy issues.

If the IPO was Facebook’s peak, it could well be this poorly thought out tactic that marks the beginning of the company’s decline.

Triangulating privacy out of our lives

Social media sites will have to deal with increased government regulation.

Lost among the noise of Facebook’s rumoured plans to launch a kids’ network, there’s quiet pressures developing as consumers start to realise the value of their data – the pressure to regulate social media.

In his Rethinking Privacy in an Era of Big Data, New York Times writer Quentin Hardy raises some of the issues about the data which is being collected about us.

One of the big areas is triangulation – building a picture of somebody based upon seemingly unrelated data. Quentin explains it in the example of somebody who might be looking for a job.

There other ways in which we can lose control of our privacy now. By triangulating different sets of data (you are suddenly asking lots of people on LinkedIn for endorsements on you as a worker, and on Foursquare you seem to be checking in at midday near a competitor’s location), people can now conclude things about you (you’re probably interviewing for a job there) that are radically different from either set of public information.

The key word of course is “conclude” – we base an assumption on what we think we know. It could turn out those LinkedIn endorsements could be part of a performance review and the competitor’s location could right next door to a hot new lunch spot.

We should also keep in mind the value of this data is asymmetric as the value of this data to a third party is low, if anything. But to the individual it could mean losing a job and other major consequences.

A good example of this is the story of how a UK hospital trust lost highly sensitive health records of thousands of patients, including those being treated for HIV.

The trust ended up being fined £325,000 but that fine is trivial compared to the massive individual cost from just one of those records being released.

Fines are a lousy way of enforcing privacy anyway, as the financial penalties are just passed onto shareholders or taxpayers.

The only meaningful sanction for failures like the Brighton General Hospital breach are holding individuals, particularly managers, personally responsible.

As we saw in the successive Sony security breaches last year, most organisations aren’t interested in holding their senior managers responsible for even the most egregious data failures.

This failure of the corporate sector to protect consumer data will almost certainly drive calls for government regulation and sanctions.

Microsoft researcher Danah Boyd  flags this regulation issue in Quentin Hardy’s New York Times piece, saying “Regulation is coming,” she says. “You may not like it, you may close your eyes and hold your nose, but it is coming.”

Danah also makes an important point that users – particularly kids – have developed tactics to obscure their ‘digital footprints’.

For Danah, and others trying to understand what is happening online, this causes a problem, “When I started doing my fieldwork I could tell you what people were talking about. Now I can’t.”

These tactics of creating dummy social media profiles and using euphemisms are a huge threat to the business plans of social media services and the “identity services” desired by Google’s Eric Schmidt.

As data becomes less reliable, or more difficult to triangulate, the value of it to advertisers falls.

It may well be that regulation of social media and web services ends up not being necessary as users become more net savvy. For medical and other personal data though, it’s clear we have to rethink the way we use and store it.

Do you want to be the personal lubricant guy?

A reminder why you need to be careful with your Facebook likes.

Nick Bergas is a multimedia producer in Iowa City, but to Facebook he’s a live advertisement for personal lubricant.

As the New York Times reports, last Valentines Day Nick saw an Amazon listing for a 55 gallon drum of personal lubricant, ticked the product’s Facebook “Like” button  and added a witty comment to his friends.

Shortly afterwards, Nick’s face started appearing in Facebook sponsored posts for big drums of personal lubricant.

Last year I wrote The Privacy Processors on how Facebook is using our personal data and Nick’s story is a good example of how every like, relationship or comment is potential fodder for Facebook’s marketing platform.

While Nick seems pretty chilled about his Facebook celebrity, for some it might not be so benign.

As we’ve seen for student teachers and others, an innocent or even funny posting may be a problem to those without perspective or a sense of humour.

For Facebook and other social media services, Nick’s story also illustrates a problem – that of “Garbage In, Garbage Out”.

While one of Facebook’s major assets is its huge user database, there’s no guarantee the data is accurate or useful.

Selling Nick’s details to a bulk medical lubricant wholesaler is pretty pointless, but that sort of intelligence is key to the future value of Facebook.

That much of the data gathered is the flaw at the heart of Facebook’s bid data aspirations and Google’s hopes to become an identity engine with Google+.

For us mere individuals, the lesson is we need to be a little bit careful about pressing those “like” buttons; explaining your affinity with bulk lubricants could be a bit tricky with your mum or partner.

Undermining the cloud

Google’s broad claim on users’ data risks the viability of their services

Whenever I do a presentation on cloud computing and social media for business, I focus on one important area – The Terms Of Service.

Google’s relaunch of their Cloud Drive product has reminded us of the risks that hide in these terms, particularly with the one clause;

When you upload or otherwise submit content to our Services, you give Google (and those we work with) a worldwide license to use, host, store, reproduce, modify, create derivative works (such as those resulting from translations, adaptations or other changes we make so that your content works better with our Services), communicate, publish, publicly perform, publicly display and distribute such content. The rights you grant in this license are for the limited purpose of operating, promoting, and improving our Services, and to develop new ones. This license continues even if you stop using our Services (for example, for a business listing you have added to Google Maps). Some Services may offer you ways to access and remove content that has been provided to that Service. Also, in some of our Services, there are terms or settings that narrow the scope of our use of the content submitted in those Services. Make sure you have the necessary rights to grant us this license for any content that you submit to our Services.

This is an almost identical clause to that introduced – and quickly dropped by file sharing Dropbox – last year. It’s also pretty well standard in the social media services including Facebook.

Basically it means that while you retain ownership of anything you post to Google Drive, or most of other Google’s services including Google Docs you’re giving the corporation the rights to use the data in any way they choose.

While the offending clause does go onto say this term is “for the limited purpose of operating, promoting, and improving our Services, and to develop new ones” there is no definition of what operating, promoting or improving their services actually means.

Not that it matters anyway, as one of the later terms says they reserve the right to change any clause at any time they choose. So if Google decided that selling your client spreadsheets to the highest bidder will improve the service for their shareholders, then so be it.

If you’re a photographer then the pictures you upload to Facebook or Google+ now are licensed to these organisations as are all the documents stored on Cloud Drive.

To be fair this is not just a Google issue, Facebook has similar terms as do many others. Surprisingly just as many premium, paid for services have these conditions as free ones.

Because these Terms Of Service are about establishing a power relationship, there’s usually an over-reach by large companies with these terms.

While an over-reach is understandable, its not healthy where the customer has to trust that the big corporation will do the right thing.

Right now, if you’re using a cloud or social media service for important business information you may want to check that service doesn’t have terms that grant them a license to your intellectual property.

Leaving Facebook

Shutting down an account with the popular social media service isn’t easy but can be done.

In our social media segment for December 2011’s ABC Nightlife a listener asked about closing down their Facebook account.

Leaving Facebook isn’t easy, but it can be done and we’ve covered closing down a Facebook profile on the Netsmarts website.

The December Nightlife spot looked at a lot of social media issues and answered other listener’s questions about some of the challenges online. Some of those questions are listed on the page and the program

December’s spot was the last for 2011 and next scheduled Nightlife spot will be on February 9 however we will probably have some segments over the Christmas period and we’ll let newsletter subscribers know as we find out.

Technology with Carol Duncan on ABC Newcastle

On ABC 1233 Newcastle with Carol Duncan we discuss privacy and security on social media after Facebook’s privacy changes.

In the occasional tech spot with Carol Duncan, we looked at Facebook’s new changes and what they mean to users.

The immediate changes to Facebook are the News Feed at the top of the page where updates and posts will be ranked according to what Facebook thinks are your interests, to the left of the screen is “the ticker” which will give summaries of updates.

Coming in the next few weeks will be the Timeline feature which will give show the history of all your posts.

A great summary of the changes with a hands on review is Jason Kincaid’s article on the Facebook changes in Tech Crunch. The official Facebook blog goes into the detail of all the new features.

The purpose of these changes is to increase Facebook’s value as an advertising platform and it raises the question of the viability of these networks.

One of the interesting features of these changes is that users will start seeing increased advertising, if you’re not happy with this our Netsmarts site goes through the process of shutting down your Facebook account.

Join us on ABC Newcastle with Carol Duncan to discuss these issues and more.

Is the social media business model dying?

Have the social media companies reached their peak?

Is the social media business model dead?

The frenzied rush to release new features such as Facebook’s latest changes, along with Google’s updates to their Plus platform, may be the first indication the big social media business model is broken.

Driving the adoption of social media services has been the value they add to people’s lives; MySpace was a great place to share interests like bands and music, Facebook’s is to hear what was happening with their families and friends, LinkedIn is for displaying our professional background and Twitter keeps track on what’s happening in the world.

Now the social media services want to be something else, Facebook wants to become “a platform for human storytelling” where you’ll share your story with friends and friends of friends (not to mention the friends of your mad cousin in Milwaukee) while Google+ wants to become an “identity service”.

The fundamental problem for social media services is their sky high valuations require them squeezing more information and value out of time poor users by adding the features on other platforms; so Facebook tries to become Twitter while Google+ desperately tries to ape Facebook and Quora.

Adopting other services’ features is not necessarily what the users want or need; you may be happy to follow a Reuters or New York Times journalist on Twitter for breaking news but you, and them, are probably not particularly keen on being Facebook friends or professionally associated on LinkedIn.

If it turns out we don’t want to share a timeline of our lives with the entire world but just know how our relatives or old school friends in another city are doing, then the underpinnings of the social media giants value may not be worth the billions of dollars we currently believe.

This isn’t to say social media services themselves aren’t going away, it could just be that the grandiose dreams of the online tycoons where they become an identity service or a mini-Internet are just a classic case of overreach.

For Google and Salesforce, whose core businesses aren’t in social media, this could be merely an expensive distraction, but for those businesses like Facebook it could be that Myspace’s failure was the indicator that making money out of people’s friendships isn’t quite the money maker some people think.