Tuesday, December 15, 2009

US Supreme Court Looks At Employee Privacy Rights

"An Ontario, Calif., police officer sued the city for violating his privacy rights when it went through personal messages sent from his department-issued pager. The Supreme Court is taking up the case."

"The US Supreme Court has agreed to take up a case examining to what extent employees have an expectation of privacy in personal communications conducted on employer-issued communications equipment.

Workplace privacy is becoming an increasingly thorny issue with a broadening array of office technology used to aid efficiency and job performance but that can also provide a paper trail of intimate and potentially embarrassing details of a worker’s personal life.

That’s what happened to Police Sgt. Jeff Quon.

As a member of the Ontario, Calif., Police Department’s SWAT team he was issued a digital pager.

The city maintains a policy for computer, Internet, and e-mail use that barred personal use. It says employees should have no expectation of privacy or confidentiality.

When the city purchased pagers in April 2002, it announced that they, too, would be covered by the city’s e-mail policy. But this instruction was not expressed as a formal amendment to the written policy.

Instead, day-to-day practice evolved into an informal policy on the use of pagers. The contract with the city’s service provider allowed 25,000 characters of use each month. If an officer went over that limit, a department official would contact the officer and obtain payment for any overage.

This informal policy suggests that the city understood and accepted the fact that many department members were using their official pagers to send and receive personal messages.

Then in August 2002, the police chief, without notice, ordered an audit of pager use. The city contacted the pager service and requested transcripts of communications from pagers that had exceed the 25,000 character limit. Sergeant Quon’s was among them."

Christian Science Monitor - Supreme Court to look at employees' privacy rights

Saturday, December 12, 2009

Facebook Pushing Users To Stop Being So Private

"Facebook is pushing users to stop being so private with their information, and from the looks of it, founder Mark Zuckerberg is leading the charge by sharing photos of himself at parties and with his girlfriend.

Facebook execs have in the past largely kept their profiles locked down, even as 80 percent of Facebook users stick with the default privacy settings that have long made all pictures public. But now Facebook wants to push users into a brave new Twitter-like world with changes to its privacy settings rolling out this week. The more public profiles are intended to help Facebook outstrip Google as the net’s top information source and, of course, bring in more ad revenue.

In a bit of very interesting timing, Zuckerberg’s photos have been made public to the entire internet, mostly through a post from gossip blog Gawker, after Kashmir Hill at True/Slant discovered and reported that Zuckerberg was sharing photos with a wide circle — friends of friends — and his event calendar with everyone."

Wired - Facebook’s Zuckerberg Becomes Poster Child for New Privacy Settings

Tuesday, December 1, 2009

UK: 7 In 10 Parents Want Compulsory Online Privacy Lessons

"Parents would like the government to introduce lessons to improve young people’s understanding of online privacy and the value of their personal reputation, with 69 per cent of parents calling for compulsory lessons to be introduced as part of compulsory school lessons, according the Digital Literacy Report 2009.

There is a growing concern among parents about their children’s online activities , according to the YouGov poll of 2,050 adults.

Almost half (48 per cent) said they were worried that their children’s online actions of social networking sites like Facebook , Bebo and YouTube will “destroy their future chances of getting into a chosen university or getting their first job” and more should be done by the government and schools to help young people safeguard their future prospects."

Telegraph - Seven in 10 parents demand compulsory online privacy lessons

----

EDITORIAL COMMENT: LAZY DIPSHIT PARENTS SHOULD LEARN HOW TO USE A COMPUTER AND TEACH THEIR KIDS THEMSELVES

As above.

I've taught an awful lot of adult computer education courses and one the things that strikes me the most is how lazy adults are about learning how to use the 2 most profoundly affecting tools of our time: computers and the internet.

- J. Burton

Friday, November 20, 2009

Swiss Data Protection Authority Sues Google

"Swiss officials said Friday that they had sued Google to try to require it to tighten privacy safeguards on its Street View online service. It is the latest of a series of European objections to the company’s handling of personal information.

The Swiss data protection authority said it had filed a complaint with the Federal Administrative Court after Google balked at its demand for additional measures to make obscure the images of people who appear in Street View, particularly in areas around hospitals, schools and prisons.

Street View provides ground-level panoramas of streets across the United States, Europe and other regions, searchable via Google’s mapping service. Google compiles the scenes with camera-equipped cars."

"Google said it had met with the data protection commissioner, Hanspeter Thür, before the introduction of the Swiss version of Street View and received “the green light to launch the product” in August. After the authorities raised objections, Google said it had offered other protective measures, but said the commissioner rejected them as inadequate."

New York Times - Swiss Say Google’s Street View Is Too Revealing

Monday, November 9, 2009

Unified Google Control Panel Said To Increase Privacy Control

"In conjunction with the 31st International Conference of Data Protection and Privacy Commissioners, which occurred this week in Madrid, Spain, both Google and Microsoft took steps to express their respective commitment to privacy.

Microsoft's announcement took the form of a policy paper that said the company's established privacy principles would apply to cloud computing and called for regulatory harmony around the globe.

Google introduced Google Dashboard, a Web page that provides a summary of the information Google users have stored online and a set of links for modifying data storage settings.

"In an effort to provide you with greater transparency and control over [your] own data, we've built the Google Dashboard," a Google blog post explains. "Designed to be simple and useful, the Dashboard summarizes data for each product that you use (when signed in to your account) and provides you direct links to control your personal settings."

The Dashboard provides data details for over 20 Google services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, Latitude, Profiles, and Voice, among others. "

Information Week - Google Dashboard Enhances Privacy Control

Monday, November 2, 2009

Google Latitude Location-Sharing Service: Gift To Stalkers?

"Google's new Latitude location-sharing service "could be a gift to stalkers, prying employers, jealous partners, and obsessive friends," Privacy International warned Thursday.

Google introduced Latitude on Wednesday. It's a new Google Maps feature that lets users share location data with friends, using either a mobile phone or Google Gears-equipped computer."

"To dispel anticipated privacy concerns, Vic Gundotra, VP of engineering on Google's mobile team, tried to reassure potential Latitude users that Google designed the service so that users are in control. "Fun aside, we recognize the sensitivity of location data, so we've built fine-grained privacy controls right into the application," he said. "Everything about Latitude is opt-in. You not only control exactly who gets to see your location, but you also decide the location that they see."

Nonetheless, Privacy International said it had identified "a major security flaw in Google's global phone tracking system.""

"Privacy International concedes that Google had made some effort to address privacy concerns. But it considers these safeguards useless "if Latitude could be enabled by a second party without a user's knowledge or consent."

As the organization puts it, the "danger arises when a second party can gain physical access to a user's phone and enable Latitude without the owner's knowledge.""

Information Week - Google Latitude Spurs Privacy Backlash

Thursday, October 29, 2009

US Homeland Security Privacy Office Seen To Be Enabling, Not Curbing Privacy Violations

"Privacy advocates have asked lawmakers to investigate the Department of Homeland Security office in charge of protecting Americans' privacy, saying it has shown "an extraordinary disregard" for its duty.

In a letter sent Friday to the House Homeland Security Committee, 21 organizations and seven people belonging to the Privacy Coalition say the department's chief privacy officer has seen its role as enabling, rather than curbing, government surveillance and intelligence programs.

"The job of Chief Privacy Officer is not to provide public relations for the Department of Homeland Security," stated the coalition letter, whose signers included the American Civil Liberties Union, Gun Owners of America, former congressman Robert L. Barr Jr. (R-Ga.) and libertarians inspired by Rep. Ron Paul (R-Tex.), a former presidential candidate. The Electronic Privacy Information Center, a public interest group in Washington, organized the coalition. "

Washington Post - Probe of Homeland Security privacy office sought. Group says chief is enabling, not curbing, surveillance

Monday, October 26, 2009

"Privacy and the Patriot Act"

"In the aftermath of 9/11, legislators cut legal corners to protect the nation. Congress should amend that now by revising certain expiring provisions of the law.
October 25, 2009

Along with the Guantanamo Bay detention facility and the Bush administration's illegal eavesdropping on U.S. citizens, the USA Patriot Act came to symbolize the excesses of the post-9/11 war on terrorism. Now, as it weighs the extension of three expiring provisions, the Democratic-controlled Congress has an opportunity to restore key privacy protections that were forgotten in the aftermath of the attacks."

"The Patriot Act's greatest threat to personal privacy lies not in any of the provisions set to expire but in the law's expansion of the use of national security letters, subpoenas that allow the FBI to obtain records without a warrant. In 2008, the FBI issued 24,744 letters involving the records of 7,225 people. Not surprisingly, there have been abuses. In 2007, after an investigation of four FBI offices, the Justice Department's inspector general found irregularities in 22% of documents related to the issuance of national security letters."

"The other problem with national security letters is that the companies or other institutions that receive them are not allowed to reveal that fact publicly, though they can appeal them in a closed hearing in federal District Court."

LA Times Editorial - Privacy and the Patriot Act

Sunday, October 25, 2009

Healthcare IT Complaint: Senior Management Does Not View Privacy And Data Security As A Priority

"Healthcare providers aren't adequately protecting patient privacy in implementing e-health records, according to a recent survey of healthcare IT managers. Some 80% of healthcare organizations have experienced at least one incident of lost or stolen health information in the past year.

The study from security management company LogLogic and the Ponemon Institute, which conducts privacy and information management research, found that patient privacy is at risk in the nationwide push to implement e-health records.

"The majority of IT practitioners in our study don't believe that their organizations have adequate resources to protect patients' sensitive or confidential information," said Dr. Larry Ponemon, chairman and founder of The Ponemon Institute, in a statement about this month's study, released Tuesday. "The lack of resources and support from senior management is putting electronic health information at risk."

Some 70% of IT managers surveyed said that senior management does not view privacy and data security as a priority. [my bold]"

Information Week - E-Health Records Put Patient Privacy At Risk

----

EDITORIAL COMMENT: SENIOR MANAGERS, LIKE MANY PARENTS, ARE TOO LAZY OR FRIGHTENED TO INFORM THEMSELVES OF THE DATA AND TECHNOLOGY ISSUES THEY ARE FACED WITH

In my experience IT personnel pull the rabbit out of the hat one too many times for senior managers that just don't give a shit about things like data security.

IT people often give that extra bit of effort for managers that chronically under resource data safety, fixing problems that should have never happened in the first place. Managers who make decisions on IT based on the colour of the computers and whether or not it matches their decor. Managers who think that having the biggest monitor is a sign of their technological prowess.

Data security is unsexy. I can only hope a few criminal charges and lawsuits from now managers will start to get with the program.

- J. Burton

Friday, October 16, 2009

Does The Lack Of Privacy Rule Out Public Office For Many?

"Our belief that senior politicians have forgone their right to privacy makes leadership impossible in a modern democracy"

"That’s the life of the modern democratic leader for you, as illustrated by two statesmen in the space of a fortnight. You start off your career by being given the Nobel Peace Prize, and you finish up being quizzed about whether or not you pop pills."

"Gordon Brown came to it on The Andrew Marr Show, to my suprise. Although I knew there was loose-ish optimistic talk about his eyesight being used as a pretext for resignation, I had somehow not registered the flood of rumours about the Prime Minister’s supposed pill dependency. In Marr’s words: “Let me ask you about something else which everybody has been talking about out there in the Westminster village, which is a lot of people in this country use prescription painkillers and pills to help them get through. Are you one of those people?” No, said Mr Brown.

The journalistic world divided over Marr’s question. Some said he shouldn’t have asked it, some said it was a valid line of inquiry. Had not David Owen recently written a book in which he argued (and remember that Dr Owen is a proper stethoscope Dr and not a John Reid read-my-thesis kind of Dr) that we have had bad decisions as a result of undiagnosed or undisclosed illnesses on the part of leading politicians going back a ways?"

"An unsubstantiated allegation, but so what? It’s a reasonable thing to ask you, Mr Brown, to which you may answer yes or no, because the public have an interest in knowing. As they do in such questions as: do you drink? Did you have your son immunised? How much does your wife earn? Do you get depressed? Is there a history of depression in your family? Did your spouse rent an adult movie and claim it back on expenses, unwittingly or not? What movie was it? Was it arousing? Do the children know about it? (Well, they do now.) And because it’s you, none of the privacy protection people turn a hair. You are fair game. You don’t have privacy. Your lack of it is the price you pay for power, the equivalent of, in Patrick Marber’s words, the “fame tax” that celebrities pay." [my bold]

Times Online - The price of the ‘power tax’ is far too high

Saturday, October 10, 2009

Dark Side Of Social Networking And Intelligent Usage Tracking

"There is a dark side to some of the impressive new online technologies that are appearing, from social networking to behavioural advertising to RFID 'smart chips', the European Commission's internet chief has warned.

While such technologies offer great vistas of opportunity, the commission is monitoring their development "closely" for the very real potential threats to privacy they contain, information society commissioner Viviane Reding said on Monday at a debate on the future of the internet in Brussels."

"...she worries about all users of social networking, not just children, and fears that most users of such sites are unaware of the dangers to their privacy.

"Social networking has a strong potential for a new form of communication and for bringing people together, wherever they are," she said. "But is every social networker really aware that all pictures and information uploaded on social networking profiles can be accessed and used by anyone on the web?""

"The EU's internet chief also said that behavioural advertising – those ads that appear that seem to know exactly the sort of books or vacations or concerts you would be interested in – was "another privacy concern repeatedly mentioned to the European Commission these days."

Behavioural adverts are able to do this by keeping track of internet users' web browsing to better target them with advertisements."

Business Week - Future Internet Privacy Worries Europe

Sunday, September 27, 2009

Facebook Changes Privacy Policy

"Facebook has agreed to make worldwide changes to its privacy policy as a result of negotiations with Canada's privacy commissioner.

Last month the social network was found to breach Canadian law by holding on to users' personal data indefinitely.

Facebook has now agreed to make changes to the way it handles this information and be more transparent about what data it collects and why.

It will also make it clear that users can deactivate or delete their account."

BBC - Facebook changes privacy policy

Wednesday, August 19, 2009

anonymity is not quite so anonymous anymore

From CTV:

"In August 2008, Cohen ran across a blog on Blogger.com, called "Skanks in NYC." The now defunct blog included five anonymous postings that read "I would have to say the first-place award for 'Skankiest in NYC' would have to go to Liskula Gentile Cohen.""

"On Tuesday, New York Supreme Court Judge Joan Madden agreed that Cohen was entitled to information about the blogger and ordered Google to turn it over.

In her ruling, Madden cited a Virginia court decision in a similar case that found that online bullies should be held accountable when they cause injury.

"The protection of the right to communicate anonymously must be balanced against the need to assure that those persons who choose to abuse the opportunities presented by this medium can be made to answer for such transgressions," the judge said, quoting the Virginia decision.

Google complied with the ruling Tuesday evening, submitting the creator's IP address and e-mail address -- all that is required to register for a blog on Blogger.com."


This ruling, I think, is a reasonable response to someone being libeled. Just because you can be anonymous doesn't mean you can attack people publicly with impunity. Opinions are protected, damaging someone is not. The judge's ruling itself states (and I think reasonably):

"The court also rejects the Anonymous Bloggers's argument that this court should find as a matter of law that Internet blogs serve as a modern day forum for conveying personal opinions, including invective and ranting, and that the statements in this action when considered in that context, cannot be reasonably understood as factual assertions. To the contrary, as one court in Virginia has articulated: "In that the Internet provides a virtually unlimited, inexpensive, and almost immediate means of communication with tens, of not hundreds of millions of people, the dangers of its misuse cannot be ignored.... Those who suffer damages as a result of tortious or other actionable communications on the Internet should be able to seek appropriate redress by preventing the wrongdoers from hiding behind an illusory shield of purported First Amendment rights. In re Subpoena Duces Tecum to America Online, Inc., 2000 WL 1210372 (Va. Cir. Ct.), rev'd on other grounds, 261 Va. 350 (Va. Sup. Ct. 2001)."
(ruling quote and styling ripped off from Ben Sheffner's blog Copyrights & Campaigns)

The story goes on to say:

"Cohen told ABC's "Good Morning America" Wednesday that she immediately recognized the blogger, describing her as an acquaintance who was a regular fixture at dinners and parties. Cohen has not revealed the blogger's name publicly."

The CTV story also tells us:

"The posts included pictures of 5-foot-10 blond Cohen and an unidentified man in sexually suggestive positions, with captions describing her as a "skanky ho'" and "a psychotic, lying, whoring skank.""

Cohen and her lawyer contended in court that the photos and statements might damage her career as a model.

All of this suggests to me (my opinion) that there was enough personal information to give Cohen an idea of who posted the pics - and that prompted the action, not so much concern that the photos or statements would really damage her career (again, my opinion - there is also plenty of suggestion that Ms. Cohen feels otherwise, though).

John Timmer at Ars Technica makes the following comment:

"Given the long legal odds, it's difficult not to consider why Cohen has chosen to file this case in the first place, especially since it is drawing attention to a site nobody is likely to have visited and probably would have continued to languish in silence after its last post in August. My suspicion is that it has something to do with the personal nature of the photographs hosted there; Cohen may simply be attempting to get something out of the discovery process that might clue her in as to who's gotten access to these images."

Copyrights & Campaigns (a blog: Ben Sheffner is a copyright/First Amendment/media/entertainment attorney and former journalist) tells us:

"The "Skanks in NYC" bloggers fought hard to remain anonymous, hiring a lawyer to oppose Cohen's motion for an "order for pre-action disclosure" under CPLR § 3102(c). (Google did not oppose the motion.) The bloggers argued that the comments about Cohen were "non-actionable opinion and/or hyperbole" and "have become a popular form of 'trash talk' ubiquitous across the Internet and network television and should be treated no differently than 'jerk' or any other form of loose and vague insults that the Constitution protects." And they asserted that the forum of a blog "negates any impression that a verifiable factual assertion was intended" since "blogs have evolved as a modern-day soapbox for one's personal opinions" by "providing an excessively popular medium not only for conveying ideas, but also for mere venting purposes, affording the less outspoken, a protected forum for venting gripes, leveling invective, and ranting about anything at all.""

Cohen herself provides insight to her motivations (from the New York Post):

"Cohen is no stranger to pain.

In January 2007, she was at the club Ultra on West 26th Street when she got into an argument with a man named Samir Dervisevic, who'd tried helping himself to a bottle of vodka on Cohen's table.

He ended the spat by stabbing her in the face with a broken glass, disfiguring her.

"I went to the bathroom and I saw my whole career go down the drain. I looked in the mirror and saw a hole in my face the size of a quarter. I've been a model my whole life, and I've never had another job," she told The Post last year.

Her career skidded to a halt while she had to undergo plastic surgery to repair the damage, and her filing says she doesn't need any more agony.

"Defamatory statements describing me as a 'skank' and a 'ho' affect my reputation and desirability for endorsing products," and are "hurtful, potentially damaging to my reputation, and, significantly, they are flatly untrue," her affidavit says."


The Citizen Media Law Project has an interesting review of the legal elements of the defamation case.

I wish Ms. Cohen all the best in her career, and will be watching to see the success or not of the actual defamation case.




EDITORIAL COMMENT: And now for a little tech guy snobbery

As for the blogger who put up the original blog... all I can say is "What kind of an idiot are you?"

You defame someone without knowing how to truly make yourself anonymous on the internet?

Moron.

You deserve all you get.

- J. Burton

Tuesday, July 21, 2009

Robots Feeding On The Dead?

I know this isn't really about information, but I had to post this story:

Wired - Company Denies its Robots Feed on the Dead

The money quote:

"“We completely understand the public’s concern about futuristic robots feeding on the human population, but that is not our mission,” stated Harry Schoell, Cyclone’s CEO. “We are focused on demonstrating that our engines can create usable, green power from plentiful, renewable plant matter. The commercial applications alone for this earth-friendly energy solution are enormous.” (emphasis in the original)"

[heh!]

Friday, July 10, 2009

Data Ownership

The following linked story discusses an interesting point:

Who owns your login information?


Power.com Sues Facebook: Data Ownership War Breaks Out

"Power.com, for those unfamiliar, allows you to log into all your social media accounts simultaneously via the Power.com interface. This means that you can use your MySpace, Twitter, LinkedIn, Orkut, and Hi5 accounts all at the same time. Facebook though, is noticeably absent from the list of supported accounts due to its December lawsuit with the social networking giant. Their big objection was the storage of user credentials on Power.com, and in turn they requested that the service use a solution involving Facebook Connect instead."

Facebook Is No Friend of Power.com

Power.com countersues Facebook over user data

google news search: Power.com facebook lawsuit

----

Normally, I think, a person would assume that their login information belongs to them, and that if they want to share it, they would be able to.

Not necessarily - terms of service for many services can prohibit login sharing. Your bank card PIN is login information - by the terms of agreement there you are expressly prohibited from sharing the information with anyone else. Sharing your PIN is a violation of the terms of service for use of the bank card - remember, the card also remains the property of the issuer - and could result in the revocation of services provided through the use of the card.

This court case will make new law. Watch for how it turns out.

http://www.power.com/

http://www.facebook.com/

What's my deal (about me)

I am James M. Burton - a computing and internet professional with substantial interest in computing and networking, privacy issues, politics, and governmental policy

I have previously worked as political staff in a provincial government, and have been a long time political and community activist. I teach at a government funded post-secondary institution. I have served as a Students' Union President (some 20 years ago), on the Board of Governors of a major University, and served on many university committees. I have run my own business, worked for telcos, cable companies, engineering firms, and research consortia. I have been President and board member of a provincial new media industry association, and have served many years as a juror for the Canadian New Media Awards.

I am currently the Information Technology Officer and designated Privacy Officer for a large medical clinic - grappling with privacy and information sharing issues has become a daily occurrence.

This blog is an attempt to share some of the stories and issues I run across.