Posts tagged & Privacy
Google has agreed to several concessions after an investigation by Canada’s Office of the Privacy Commissioner found Google in violation of Canada’s privacy rights for the use of sensitive health history in remarketing campaigns. The investigation began last January, when a man…
Please visit Search Engine Land for the full article.
View full post on Search Engine Watch – Latest
Lost in the furor over government spying on its citizens is an inconvenient truth: personal data is the new currency of the 21st century, and until we rein in our desire to spend it we can’t really stop others’ desires to spy on it.
Paying With Our Data
While not exactly a new thought, Evgeny Morozov highlights just how far we’ve gone toward making data the new virtual currency, showcasing the “disturbing trend whereby our personal information—rather than money—becomes the chief way in which we pay for services—and soon, perhaps, everyday objects—that we use.” In our attempts to get something for nothing—be it email or banking services or any number of different online activities— we have charged willy nilly into a world where we have zero privacy … by design.
John Naughton of The Guardian grumbles that we’ve been “conned” into giving up our personal data for free services (like Google and Facebook) and that the only resolution is through political solutions. This is wishful thinking, at best, because it overlooks the biggest problem in the data privacy debate: we can’t keep private what we’re so eager to sell.
No laws and tools will protect citizens who, inspired by the empowerment fairy tales of Silicon Valley, are rushing to become data entrepreneurs, always on the lookout for new, quicker, more profitable ways to monetise their own data – be it information about their shopping or copies of their genome. These citizens want tools for disclosing their data, not guarding it. Now that every piece of data, no matter how trivial, is also an asset in disguise, they just need to find the right buyer. Or the buyer might find them, offering to create a convenient service paid for by their data – which seems to be Google’s model with Gmail, its email service.
The problem, however, is that while the benefits to consumers are obvious—free email and storage!—the risks are not. Nor is it clear to many of us that while we may be fine using our privacy as currency to “buy” goods and services, we also implicate the people with whom we’re communicating, who may be far less interested in selling their privacy so that we can have free online services.
Overreach All Around
Back in the go-go days of 1999, then Sun CEO Scott McNealy told a group of analysts and reporters that consumer privacy issues were a “red herring,” avowing that “You have zero privacy anyway. Get over it.” To many, his words were callous. To others, they were reality.
But few likely understood then, as we’re slowly beginning to see, that privacy concerns aren’t caused by someone else. They’re caused by us.
The minute we opened the doors to advertising to pay for our online world, we didn’t merely grudgingly give up our privacy. We sold it. Willingly. And we shouldn’t therefore be surprised that governments have eagerly been supping at the honeypots we’ve eagerly enabled to entrap ourselves.
Yes, we have the Web companies to thank for making it seem so appealing, as I’ve argued. Google, Facebook et al. are hypocritical in the extreme whenever they open their mouths to chide the U.S. government for its collection and use of data.
But we are the ones happily selling ourselves for a few more gigabytes of storage, or a way to talk with friends. We used to pay for such things with money. Now we pay with our private details through our personal details. Governments can impose laws to try to curb this (which would also strike a hypocritical tone, since they are so eager to spy on our data as well), but until it becomes less appealing for us to sell ourselves for free online services, there’s little that any government regulation can do. We are the authors of our own stories and we make those stories available to any company or government willing to take a look.
The public has to ask itself a hard question: Do we care? Or are we happy to sell little pieces of our online selves in the name of ease and convenience?
Top image courtesy Shutterstock
View full post on ReadWrite
In a moment of unabashed hypocrisy, this week eight leading tech titans chastised the U.S. government for daring to do what each of them does on a daily basis. Namely, spy on people. Companies like Facebook and Google make billions of dollars by prying into every corner of our increasingly digital lives, then manipulating that data to convince us to do things we might not otherwise do.
Sure, it’s all in harmless advertising fun, and the governments (of course!) have nefarious plans. But the truth is not so neat and tidy. Regardless of intentions, it’s hard to see how the Web giants could believe they could create a massive ocean of data without any governments or unscrupulous actors wanting to take a swim is equally baffling.
Spies, after all, are spies.
Shifting The Burden Of Compliance To Uncle Sam
The Web giants’ manifesto is as self-serving as it is naïve. As the Financial Times’ John Gapper points out, “[T]hey advocate nothing that would be inconvenient or difficult for themselves. On the contrary, under the heading ‘respecting the free flow of information’, they sneak in a demand that governments must not force companies to ‘locate infrastructure within a country’s borders or operate locally’.”
Why? Well, there are clearly noble reasons to resist. For one thing, once infrastructure sits within a country’s jurisdiction it becomes easier to both monitor and censor information flowing into or out of that country.
But there’s another, far less noble reason, which is that it costs money to do what the offline world has had to do for decades: comply with local regulations. I’m sure banks would love to run unfettered through the streets of Brazil. But financial regulation doesn’t allow it. It’s not surprising that countries would want to protect their citizens’ privacy as assiduously as they protect their money.
Especially given how amazingly poor Silicon Valley’s Web giants have been about protecting privacy.
Silicon Valley’s Shoddy Reputation On Privacy Controls
This is an industry that has bastardized Tim O’Reilly’s Web 2.0 principle of “architectures of participation” to be “architectures of forced participation.” Where your data defaults to public and open, not because it’s in your interest, but because it’s in the interest of Facebook’s or Google’s advertising aspirations.
When did the web companies become freedom fighters for user privacy? As the Wall Street Journal suggests of Google, “The breadth of Google’s information gathering about Internet users rivals that of any single entity, government or corporate.” Facebook, for its part, regularly changes privacy settings, and rarely in ways that help users shutter their lives from public view.
This is, after all, the company run by the man who declared “privacy is dead.”
Regardless of their moralistic raging against the government machine, however, the reality is that the burden of privacy falls on the Web companies, not governments. Spies are spies: that’s what they do. Asking the NSA not to use Google’s treasure trove of information, for example, is a pipe dream. Nor is there a technical solution to this: better encryption won’t hinder spies. Not even quantum cryptography, as Serge Malenkovich of Kaspersky Systems argues.
Putting Data Back In Its Place
Facebook CEO Mark Zuckerberg says all this is “really bad” for his international business. Well, there’s a solution for that: keep data in the countries where it originates. This would require additional infrastructure costs and would hinder Facebook’s ability to analyze and monetize global user data, but it would go a long way toward minimizing the movement of user data. Given the unlikelihood of truly securing data in transit, this is a real option, if an imperfect one.
But of course, it would be inconvenient for companies who want to ask governments to respect user privacy … so that they don’t have to. Cheeky. Naive. And almost certain to fail.
View full post on ReadWrite
Google has just removed a new privacy feature in the latest update to Android KitKat that briefly let users control exactly how individual apps access their information and various phone functions. Google apparently hadn’t intended to release the feature in the first place, and now it’s gone. Predictably, users are up in arms over the whole thing.
The app-permission feature was first rolled out as experimental code in the Jelly Bean 4.3 release of Android in July. It wasn’t ever accessible via the standard Android interface, so most casual users likely never knew it existed. Some developers noticed it, however, and created several popular app-style shortcuts that unveiled the permissions manager functional. For instance, “AppOps Launcher” by developer Pixel Monster was downloaded between 5,000 and 10,000 times according to its Google Play page.
But if your phone is now running the newest Android KitKat 4.4.2 update, these shortcuts will no longer work—and you can no longer exercise fine-grained control over the liberties that apps take with your devices and information.
The experimental Google code basically allowed users to prevent apps from accessing certain phone functions and stored data. If you didn’t want a game app to look at your contacts list, you could use the permissions manager to block that access for that particular app and no others—theoretically without otherwise affecting the game. That was a big step forward for Android users, who otherwise have to grant every permission an app requests if they want to install it.
Such permissions are a big deal in app-land. If an app needs access to a data connection (Wi-Fi or cellular) to download information from the Internet, it needs permission. If an app needs access to your location (like Foursquare) through GPS, it needs permission. Common app permissions allow access to the device’s camera, user contacts or calendar, phone status, storage, social information and accounts. An app like Facebook needs many of these permissions and more to run effectively.
The Electronic Frontier Foundation took Google to task for killing the permissions manager. When EFF asked Google about killing the permission manager it was told that the feature was experimental and released by accident. Google disabled it because it broke some of the apps that it policed.
EFF technology projects director Peter Eckersley wrote on the group’s website about the disappearance of the permissions manager:
The disappearance of App Ops is alarming news for Android users. The fact that they cannot turn off app permissions is a Stygian hole in the Android security model, and a billion people’s data is being sucked through. Embarrassingly, it is also one that Apple managed to fix in iOS years ago.
Google has independently confirmed to ReadWrite that that permissions manager was indeed an accidental release. In this case, Google had left in experimental and untested code that modified aspects of Android permission system. This happened first with the Jelly Bean 4.3 release. This experimental code was removed with the Android 4.4.2 update. Google never supplied documentation for developers to use the feature that was unsupported when it was originally released.
Since Google never supplied documentation for the accidental release of the permissions manager, Android developers had no opportunity to prepare for the possibility that users might be withholding individual permissions, or to warn users about the possibility that an app might break if they did so.
So while the permissions manager technically existed in the source code of Android, Google had never purposefully released it. By taking it away, Google is not acting in some nefarious manner. Eckersley and the EFF can make a significant amount of noise about the permissions manager being taken away, the fact of the matter is that for most users it hardly ever existed in the first place.
A Brief History Of Permissions
Android was the first major mobile operating systems to show users what permissions its app were using in the first place. When you download an app from Google Play right now, it will show you what permissions the app is requesting. Astute users won’t download apps that require permissions that are not core to the functionality of an app.
When apps are updated, Android will ask for the user to accept any new permissions the app is using. For the most part, Google has been very straightforward with users by showing them what their app is actually doing.
Some apps, of course, don’t play nice. For instance, the Federal Trade Commission just settled a complaint against an Android app called “Brightest Flashlight Free” from Goldenshore Technologies that harvested user location data and unique device identifier information that it then passed onto advertisers. A flashlight app does not need a data connection or access to … anything really. It’s a flashlight. Users need to be wary that many apps ask for permissions that could ultimately lead to their data being siphoned off and sold to advertisers.
That being said, the ability to turn off certain permissions or network access entirely (as the EFF points out) would be a highly desired feature in Android going forward. (In fact, that capability already exists in CyanogenMod and other popular Android variants.)
The fact that code exists to be able to manage permissions shows that this is something that Google has been working on, even if it is not necessarily ready for developers or users quite yet. When contacted, Google said that it had no plans to share if and when the permissions manager system that the AppOps shortcut enabled would be available as a standard feature.
Image by Dan Rowinsky for ReadWrite
View full post on ReadWrite