Privacy law and policy 2 - LIS550
-
Upload
brian-rowe -
Category
Technology
-
view
424 -
download
1
description
Transcript of Privacy law and policy 2 - LIS550
Privacy (Gov’t Surveillance & Online Advertising)Bryce Newell, J.D.Ph.D. student, UW iSchoolJan. 25, 2012
Megaupload.com (privacy issues)•DOJ coordinated an investigation spanning
eight countries•DOJ retrieved private emails:
▫'Gee, aren't we pirating? Isn't this going well? And hey I'm looking for a copy of a movie myself, does anyone know where it is?’ – Jonathan Zittrain (see here)
▫Check out: Megaupoload.com•Articles from Reuters and NPR
•What about legitimate uses of these services?
Fourth Amendment• The right of the people to be secure in their
persons, houses, papers, and effects, against
unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or
affirmation, and particularly describing the place to be searched, and the persons or things to be seized.
US v. Jones (Jan. 23, 2012)
•Facts•Procedural background•9-0 decision (5 majority, 4+1 concur)•Scalia’s opinion:
▫Physical v. non-physical intrusion ▫Property (trespass) v. reasonable
expectations “…Jones’s Fourth Amendment rights do not
rise or fall with the Katz formulation.”
US v. Jones (Jan. 23, 2012)•Alito’s opinion:
▫“I agree—that “we must ‘assur[e] preservation of that degree of privacy against government that existed when the Fourth Amendment was adopted.’ But it is almost impossible to think of late- 18th-century situations that are analogous to what took place in this case. (Is it possible to imagine a case in which a constable secreted himself somewhere in a coach and remained there for a period of time in order to monitor the movements of the coach’s owner?)”
OBA & Online Data Privacy
•Targeted Online Behavioral Advertising▫Discussion of Nehf article▫Facebook Apps▫FTC’s approach to OBA▫Industry coalitions and Congressional
reactions
Nehf (2005)
•FTC history – law/industry self-regulation•Market driven solutions led to widespread
adoption of privacy policies•But policies don’t protect information,
only disclose how it is being sold, used, etc
•“encouraging posting of privacy policies without regulating their content” = less info privacy for consumers “than an efficient market would produce”
Nehf (2005)
•“Until privacy becomes a salient attribute influencing consumer choice, Web site operators will continue to take and share more personal information than consumers would choose to provide in a more transparent exchange.”
Facebook (2)• “Many of the most popular applications, or "apps," on
the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people's names and, in some cases, their friends' names—to dozens of advertising and Internet tracking companies…
• “The issue affects tens of millions of Facebook app users, including people who set their profiles to Facebook's strictest privacy settings. The practice breaks Facebook's rules, and renews questions about its ability to keep identifiable information about its users' activities secure.”
- Wall Street Journal, Oct 18, 2010
Facebook (3)
•Who can see what?▫Public▫Friends▫Apps
•Facebook settles with the FTC: http://www.nytimes.com/2011/11/30/technology/facebook-agrees-to-ftc-settlement-on-privacy.html
Online Behavioral Advertising
•ABC News Story [link]
•For discussion of some of the recently proposed "Do Not Track" legislation in Congress look here, here, and here.
• “…there is no single definition of what it means to be tracked, so expressing a preference does not guarantee users that they will be able to block all web sites and content that they may view as being associated with tracking behavior.”
- From Microsoft.com
• Industry self-regulation does not provide for any enforcement mechanism beyond current FTC powers (e.g. to prosecute for engaging in deceptive practices)
Problems
•Google Dashboard•The Open Data Partnership allows a
glimpse into what information is being collected and by whom.▫http://
www.evidon.com/partners/open_data_partnership - contains list of 1021 companies that engage in online behavioral advertising, many of which also have multiple advertising products.
What Do “They” Know?
Who Knows?
* Ghostery results from NAI’s Opt-Out page.
•FTC report calls for “browser based do-not-track mechanism” in December 2010
• Industry self-regulation ▫Browsers build in do not track options▫Industry groups set up opt-out mechanisms
(DAA, NAI)▫BUT self-regulation has no teeth (enforcement
mechanism) and may only mean you don’t see targeted ads, not that you won’t be tracked.
•FTC sues Chitika, reaches settlement
FTC Report
AdChoices Evolution
LinkedIn Ads
• Rolled out in June 2011, LinkedIn exposed the products and services of interest to members for use with advertising. Advertisers could then display which members “endorsed” products and services from an advertiser. The lack of solicitation from an opt-in process led to a backlash from users and LinkedIn backing down to consumer pressure.
▫Forbes.com
• Europe▫2009 amendments to the EU ePrivacy Directive
require member states to implement by May 25, 2011
• United States▫S. 913: Do-Not-Track Online Act of 2011▫S. 799: Commercial Privacy Bill of Rights Act of 201
1▫H.R
. 1528: Consumer Privacy Protection Act of 2011▫H.R. 654: Do Not Track Me Online Act▫H.R. 1895: Do Not Track Kids Act of 2011▫California: S.B. 761
Recent Legislation
Wikipedia Blackout
•One page remained live: http://en.wikipedia.org/wiki/Wikipedia:SOPA_initiative/Action
1 Last Note: London’s CCTV Cameras
•On London's Surveillance Cameras, Bruce Schneier
•1000 cameras solve one crime, BBC
•England Riots 'Changed Public Attitudes Towards CCTV' Survey Claims