Category Archives: online privacy

Google reaches agreement with FTC on Buzz privacy concerns

Posted on by

1

Google has agreed to an independent review of its privacy procedures once every two years and to ask it users to give “affirmative consent” before it changes how it shares their personal information. The agreement raises the bar for the way that companies handle user privacy in the digital age.

Alma Whitten, director of privacy, product and engineering, announced that that Google had reached the agreement with the United States Federal Commission in an update in Buzz posted to Google’s official blog this morning.

“The terms of this agreement are strong medicine for Google and will have a far-reaching effect on how industry develops and implements new technologies and services that make personal information public,” said Leslie Harris, president of the Center for Democracy and Technology.  “We expect industry to quickly adopt the new requirement for opt-in consent before launching any new service that will publicly disclose personal information,” Harris said.

In a statement posted to FTC.gov, the FTC charged deceptive privacy practices in Google’s rollout of its buzz social network. (Emphasis is mine):

The agency alleges the practices violate the FTC Act. The proposed settlement bars the company from future privacy misrepresentations, requires it to implement a comprehensive privacy program, and calls for regular, independent privacy audits for the next 20 years. This is the first time an FTC settlement order has required a company to implement a comprehensive privacy program to protect the privacy of consumers’ information. In addition, this is the first time the FTC has alleged violations of the substantive privacy requirements of the U.S.-EU Safe Harbor Framework, which provides a method for U.S. companies to transfer personal data lawfully from the European Union to the United States.

“When companies make privacy pledges, they need to honor them,” said Jon Leibowitz, Chairman of the FTC. “This is a tough settlement that ensures that Google will honor its commitments to consumers and build strong privacy protections into all of its operations.”

The FTC turned to Twitter for a live Q&A with the Web. Here’s a recap of the conversation:

http://storify.com/digiphile/ftc-hosted-privacy-chat-around-google-buzz-settlem.js

In her post, Whitten highlighted the efforts that the search engine has made in this intersection of Google, government and privacy:

For example, Google Dashboard lets you view the data that’s stored in your Google Account and manage your privacy settings for different services. With our Ads Preferences Manager, you can see and edit the data Google uses to tailor ads on our partner websites—or opt out of them entirely. And the Data Liberation Front makes it easy to move your data in and out of Google products. We also recently improved our internal privacy and security procedures.

Looking back at SXSWi and a “Social Networking Bills of Rights”

Posted on by

0

Posts and thoughts on the 2011 South by Southwest Interactive Festival are still making their way out of my hard drive. On the first day of the conference, I moderated a panel on “Social Network Users’ Bill of Rights” that has received continued interest in the press.This correspondent moderated a panel on a “social networking bill of rights” which has continued to receive attention in the days since the festival, including at MSNBC, Mainstreet.com, and PC World, focusing on the responsibility data stewardship. At MemeBurn.com, Alistair Fairweather highlighted a key question to consider for the technology industry to consider in the months ahead: “Why is user data always vested within the networks themselves? Why don’t we host our own data as independent “nodes”, and then allow networks access to it?”

Good questions, and ones that a few startups I talked to at the festival are working hard to answer. Stay tuned. For now, Jon Pincus captured the online conversation about the panel using Storify, below.

http://storify.com/jdp23/snubor-at-sxswi.js[View the story “#snubor at #sxswi” on Storify]

Vint Cerf talks to the CFR about Internet freedom and foreign policy

Posted on by

0

In a new video interview from the Council on Foreign Relations (CFR), Google’s Internet evangelist, Vint Cerf talks with CFR’s Hagit Bachrach about the future of the Internet and what that could mean for international development and foreign policy. He spoke about the importance of an “Internet without borders” last year.

Earlier in the month, Cerf spoke with USAID’s Alex O. Dehgan about technology as a tool for foreign policy, discussing the ability of science and information technology to connect political leaders, diplomats and innovators around the globe.

Last year, Cerf made it clear that he believed that governments shouldn’t control the Web, at least with respect to the governance of ICANN, the organization that has responsibility for the Internet domain system. In the wake of the Internet shutdown in Egypt and ongoing online censorship around the globe, that perspective has gained more prominence.

Visualizing the future of programmable cities

Posted on by

0

Technology is fueling new visions for the future of cities. Today at the South by Southwest Interactive festival, a panel considered “Web Mashup Platforms and Future Programmable Cities. NYC chief digital officer Rachel Sterne (@RachelSterne) joined Christine Outram (@cityinnovation), Vlad Trifa (@vladounet) and Dominique Guinard (@domguinard) in exploring how open data, mobile platforms and citizen engagement will shape what comes next in urban life.

Below, visual notes by OgilvyNotes and ImageThink capture the conversation.

n Web Mashup Platforms and Future Programmable Cities

For more on how cities are embracing new platforms and technologies, learn about citizensourcing smarter government in New York City.

[Hat Tip: Rachel Sterne]

Congress faces challenges in identifying constituents using social media

Posted on by

2

Citizens are becoming more influential through social networks and influencing their peers. Research from the The Pew Research Center’s Internet & American Life Project suggests that government 2.0 an important trend, with respect to our understanding of what it means to be a citizen and how our actions influence those of our fellow citizens. The role of the Internet as a platform for collective action is growing but the authorities that control the levers of power offline still matters immensely.

Today, Politico reported that social media isn’t so hot on the Hill. Or, as FierceGovernmentIT.com reported, “Congress is using social media to talk, not listen.” Both media outlets were reporting on survey results conducted by the Congressional Management Foundation on perceptions of citizen advocacy by Congressional staffers.

A better headline, however, might have been “Twitter isn’t so hot on the hill with lawmakers,” given myriad challenges around identifying constituents online, automated campaigns and what Representative Culberson (R-TX) described as a “lot of trolls on Twitter.” (It’s even worse on YouTube, Congressman.) The question posed at the end of the Politico article — “Are lawmakers putting too much time — or staff resources — into social media?” is followed with Pew stats on *Twitter* use and penetration, not Facebook.

The complaints from numerous anonymous Congressional staffers about the time it takes to maintain social media are likely honest and parallel the experiences of higher-paid contemporaries in private industry, academia, media, fashion and the nonprofit worlds. Managing multiple social media presences can, indeed, be a pain in the a–. And it takes resources, in terms of time, that may be scarcer than ever. That said, social media is now part of the lexicon of Congressional staff trusted with constituent communications. If a Representative or Senator is speaking anywhere in DC, there’s an increasingly good chance that snippets of it may tweeted, unusual pictures will be tagged on Facebook and that any gaffes will be up on YouTube later.

Doing more than trying to fit the 20th century model of broadcasting to these platform requires time, expertise and commitment, along with a thick skin. Opening up these new online channels for Congressional communications created challenges, to be sure, but then so did adding the telegraph, radio, television, fax machines, cellphones and email. It’s not hard to find past news reports of Senators resisting the addition of dial phones to the Hill.

Every new communications technology has had an impact on Congress. In 2011, Twitter, Facebook and YouTube do each come with new wrinkles. YouTube and Twitter can work in concert to share video and share it instantly with the world. At the same time, on the Hill, automated campaigns using social media have followed the path of email and faxes deluges. Carefully edited videos can trim key context from statements, or audio from broadcasts. The risks and rewards for the use of Web 2.0 that pertain to federal and state agencies also pertain to Congress.

Take, for instance, Facebook, which is generally tied to the real identities of citizens. Engaging with citizens carries with it identity and privacy issues for constituents. That’s the rub, and it won’t come out easily. Look at how San Francisco integrated city services with 311 and Facebook for an example of how government can mitigate and address some of those issues. The National Strategy for Trusted Identities in Cyberspace might address some of the challenges as well.

In the meantime, Congresional staffers and citizens alike can hope that new, improved architectures for participatory democracy online come along soon to upgrade the status quo in Washington.

Podcast: IT Security, Internet Freedom and Open Government at Threatpost

Posted on by

0

This morning, I was privileged to join Dennis Fisher on the Digital Underground podcast to talk about IT security, open government, Internet freedom and open data movements, including how they’re affecting IT security.

ListenIT Security, Internet Freedom and Open Government [MP3]

Fisher is a founding editor of the Threatpost blog and is one of the best information security journalists in the industry and a former colleague from TechTarget.

Over the course of the podcast, we discussed the different ways in which Internet freedom and privacy play into the current climate online. (We also talked a bit about Twitter and journalism.) As 2011 matures, legitimate concerns about national security will continue to be balanced with the spirit of open government expressed by the Obama administration.

The issues created between Wikileaks and open government policies are substantial. Open data may be used for accountability, citizen utility and economic opportunity. But as federal CIO Vivek Kundra said to Harvard Business School students studying Data.gov last year, the transparency facet in the Obama administration’s open government initiative has multiple layers of complexity.

Fisher and I explore these issues, along with a number of the complexities involved with improving information sharing between the public and private sector when it comes to vulnerabilities and threats. Currently, over 80% of the nation’s critical infrastructure is in the private sector.

Related stories:

Clinton: There is no silver bullet in the struggle against Internet repression. There’s no “app” for that

Posted on by

0

Today in Washington, Secretary of State Clinton reiterated the State Department’s commitment to an Internet freedom policy in a speech at George Washington University. Rebecca MacKinnon, journalist, free speech activist, and expert on Chinese Internet censorship, provided some on the spot analysis immediately following Clinton’s words. MacKinnon made an interesting, and timely, point: there are limits to directly funding certain groups. “I think one of the reasons that the Egyptian and Tunisian revolutions were successful was that they were really home grown, grass roots. At the end of the day, the people in the countries concerned need to really want change and drive that change.”

MacKinnon parsed the considerable complexity of advocating for Internet freedom in the context of Wikileaks and electronic surveillance in other areas of the federal government. For those interested, she elaborated on the issues inherent in this nexus of government and technology in her Senate testimony last year. At some point this winter, there will be a hearing on “CALEA 2″ in the United States Congress that’s going to be worth paying close attention to for anyone tracking Internet freedom closer to home, so to speak.

Should the U.S. support Internet freedom through technology, whether it’s an “app” or other means? To date, so far the State Department has allocated only $20 million of the total funding it has received from Congress, according to a report on Internet censorship from the Senate Foreign Relations Committee obtained by the AFP. (Hat tip to Nick Kristof on that one).

Clinton defended the slow rollout of funding today in her speech (emphasis is added):

“The United States continues to help people in oppressive Internet environments get around filters, stay one step ahead of the censors, the hackers, and the thugs who beat them up or imprison them for what they say online. While the rights we seek to protect are clear, the various ways that these rights are violated are increasingly complex. Some have criticized us for not pouring funding into a single technology—but there is no silver bullet in the struggle against Internet repression. There’s no “app” for that. And accordingly, we are taking a comprehensive and innovative approach—one that matches our diplomacy with technology, secure distribution networks for tools, and direct support for those on the front lines.”

The caution in spending may well also be driven by the issues that the State Department encountered with Haystack, a much celebrated technology for Internet freedom tool that turned out to be closer to a fraud than a phenomenon.

There may be no silver bullet to deliver Internet freedom to the disconnected or filtered masses, per se, but there are more options beyond the Tor Project that people in repressive regimes can leverage. Today, MIT’s Technology Review reported on an app for dissidents that encrypts phone and text communications:

Two new applications for Android devices, called RedPhone and TextSecure, were released last week by Whisper Systems, a startup created by security researchers Moxie Marlinspike and Stuart Anderson. The apps are offered free of charge to users in Egypt, where protesters opposing ex-president Hosni Mubarak have clashed with police for weeks. The apps use end-to-end encryption and a private proxy server to obfuscate who is communicating with whom, and to secure the contents of messages or phone conversations. “We literally have been working night and day for the last two weeks to get an international server infrastructure set up,” says Anderson.

No word on whether they’ve received funding from State yet. For more on today’s speech, read the full report on the State department’s Internet freedom policy at the Huffington Post, Ethan Zuckerman or the ever sharp Nancy Scola on #NetFreedom, which does, in fact, now look like a “big deal.”

U.S. House to hold online privacy hearings on “Do-Not-Track” legislation

Posted on by

0

Yesterday, the FTC online privacy report endorsed a “do not track” mechanism for Web browsers. This morning, the Subcommittee on Commerce, Trade and Consumer Protection in the United States House of Representatives will hold a hearing on “Do-Not-Track” legislation. The hearing will e”xamine the feasibility of establishing a mechanism that provides Internet users a simple and universal method to opt-out from having their online activity tracked by data-gathering firms (a.k.a. a ‘Do Not Track List’).”

A livestream of the hearing is available, along with testimony:

The subcommittee has posted a memo that sets the stage for the hearing, which is embedded below. Notably, the document heavily references the Wall Street Journal’s excellent “What Do They Know?” series on digital privacy.

In the Internet age, each keystroke or click of a mouse can betray the most mundane or even sensitive details of our lives, and those details are being collected and packaged into profiles by a data-gathering industry with an increasing hunger for information that can be sold and used to target consumers based on their tastes, needs, and even perceived desirability. Many Americans don’t know that the details of their online lives are being gobbled up and used in this way, much less how to stop it in the event that such collection offends their expectations of privacy.

This summer, the Wall Street Journal began reporting about the online gathering of information about Internet users in an ongoing investigative series called “What They Know.” For its first piece, the Journal uncovered the extent to which Internet users’ activity is being tracked. The Journal found that visiting the top 50 most popular websites in the U.S. resulted in the placement on a single test computer of 2,224 files by 131 companies that track Internet users’ activity across the Internet. In addition, not only is tracking of Internet users pervasive, but it has become more invasive through the use by some in the tracking industry of more sophisticated technologies that can keep tabs on an Internet users activity on a website (rather than collecting just the fact that the website was visited) and some can even re-spawn themselves if an Internet user tries to delete them.

If you haven’t read the series, take some time over the weekend or holiday. And if you’re interested in what the federal government is considering in the context of digital privacy, tune in to the livestream and follow the #DNTrack hashtag on Twitter for the live backchannel.
http://widgets.twimg.com/j/2/widget.js //

DNTrack House Briefing memo.12.01 http://d1.scribdassets.com/ScribdViewer.swf

What was the story of the first FTC online privacy chat? 17 questions and answers.

Posted on by

1

http://storify.com/digiphile/the-federal-trade-commissions-first-twitter-chat.js

FTC online privacy report endorses “Do-Not-Track” mechanism for Web browsers

Posted on by

1

The Federal Trade Commission released an online privacy report today that will reshape how companies, consumers and businesses interact on the Internet. The agency will take questions from reporters at 1 PM EST and from the public on Twitter in its first Twitter chat at 3 PM EST. The recommendation that “companies should adopt a ‘privacy by design’ approach by building privacy protections into their everyday business practices” is a key direction to every startup or Global 1000 corporation that comes under the FTC’s purview as the nation’s top consumer protection regulator.

The new FTC privacy report proposes a framework that would “balance the privacy interests of consumers with innovation that relies on consumer information to develop beneficial new products and services,” according to the agency’s statement, and recommends the implementation of a “Do Not Track” mechanism, which the agency describes as “a persistent setting on consumers’ browsers – so consumers can choose whether to allow the collection of data regarding their online searching and browsing activities.”

“Technological and business ingenuity have spawned a whole new online culture and vocabulary – email, IMs, apps and blogs – that consumers have come to expect and enjoy. The FTC wants to help ensure that the growing, changing, thriving information marketplace is built on a framework that promotes privacy, transparency, business innovation and consumer choice. We believe that’s what most Americans want as well,” said FTC Chairman Jon Leibowitz.

The report states that industry efforts to address privacy through self-regulation “have been too slow, and up to now have failed to provide adequate and meaningful protection.” The framework outlined in the report is designed to reduce the burdens on consumers and businesses.

“This proposal is intended to inform policymakers, including Congress, as they develop solutions, policies, and potential laws governing privacy, and guide and motivate industry as it develops more robust and effective best practices and self-regulatory guidelines,” according to the report, which is titled, “Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers.”

“Self-regulation has not kept pace with technology,” said David Vladeck, director of the FTC’s Consumer Protection Bureau, speaking this morning about the proposed online privacy rules. “We have to simplify consumer choice and ‘do not track’ will achieve that goal,” he said. “I don’t think that under the FTC authority we could unilaterally mandate ‘do not track.'”

One of the nation’s top technology policy advocates approved. “The FTC report hits all the right notes. It sets out a modern and forward looking framework for privacy protection that moves beyond a narrow focus on notice and choice toward a full set of fair information practices and accountability measures,” said Center for Democracy and Technology president Leslie Harris. “The FTC has provided the blueprint. Now it is time for Congress and industry to follow suit.”

“We are very pleased to see the FTC exerting strong leadership on privacy,” said CDT Privacy Project Director Justin Brookman. “This report should bolster efforts to enact a privacy bill next Congress. Its recommendations are consistent with what is being discussed on the Hill.”

In a novel move, the FTC tweeted out “key points” from the report, embedded below, using @FTCGov.

“FTC proposes new framework 2 guide policymakers & industry as they develop legislation & other solutions. Self-regulation on privacy has been too slow. Important privacy choices should be presented in relevant context, not buried in privacy policy. Baseline protections of FTC’s proposed framework include reasonable security & accuracy, confidence that data collected or kept only 4 legitimate needs & privacy considered at every stage of product development. Privacy notices should be clearer, shorter & more standardized to better understand privacy practices & promote accountability. Consumers should have reasonable access to data upon request. Commission supports a more uniform mechanism for behavioral advertising: a so-called “Do Not Track”. Do Not Track could signal consumer’s choices about being tracked & receiving targeted ads.”

Below are the prepared remarks of the FTC chairman, followed by a liveblog of the press call. Audio of the FTC online privacy press call is available as an MP3.

FTC Chairman Privacy Report Remarks

FTC Online Privacy Press Conference

FTC Online Privacy Report