Tag Archives: Privacy

Apple releases first transparency report on government requests for user data

Apple, one of the least transparent companies in the world, has released a transparency report on government requests for user data.(PDF). Requests from the United States of America dwarf the rest of the world — and that’s without including the ones that Apple cannot tell us about, due to gag orders and National Security Letters.

apple-transparency-table

Notably, Apple has indicated that it will join other tech companies in seeking the ability to disclose such requests:

“We believe that dialogue and advocacy are the most productive way to bring about a change in these policies, rather than filing a lawsuit against the U.S. government. Concurrent with the release of this report, we have filed an Amicus brief at the Foreign Intelligence Surveillance Court (FISA Court) in support of a group of cases requesting greater transparency. Later this year, we will file a second Amicus brief at the Ninth Circuit in support of a case seeking greater transparency with respect to National Security Letters. We feel strongly that the government should lift the gag order and permit companies to disclose complete and accurate numbers regarding FISA requests and National Security Letters. We will continue to aggressively pursue our ability to be more transparent.”

Apple did break new ground with the report, as FT reporter Tim Bradshaw observed: it was the first to disclose requests for device data.

device-data-requst

The U.S. government leads the rest of the world in device data requests by law enforcement as well, though not by as wide a margin: Australia, the United Kingdom, Singapore and Germany have all made more than 1000 requests, according to the disclosure.

Be careful about what you put in that iCloud, folks.

Apple’s transparency report ends with an interesting footnote: “Apple has never received an order under Section 215 of the USA Patriot Act. We would expect to challenge such an order if served on us.”

For those unfamiliar with that part of the law, it has been the subject of intense criticism for years from privacy and civil liberties advocates, particularly since the disclosures of mass surveillance of U.S. telecomm data by the NSA entered the public sphere this past summer.

3 Comments

Filed under journalism, security, technology

“Internal evidence of harm has a lot to do with freedom of speech”

“Remember that privacy harm is not only a question of reputation – that’s external harms – but internal harm. if you’re concerned about your reading or watching habits could be watched, you could be chilled. To me, knowing that other people might know, we might say it’s a privacy invasion that could be chilling.

Internal evidence of harm has a lot to do with freedom of speech. If we don’t have a right to read or watch something in a way that can’t be monitored, it goes to free speech.” -Danielle Keats Citron, Professor of Law, University of Maryland School of Law, commenting on an iTunes privacy hole.

[Image Credit: Rob Pongsajapan]

Leave a comment

Filed under technology

Looking Back: The Best Interviews of 2010 [VIDEO]

2010 was full of amazing stories and experiences, both personal and professional. I’m grateful for the many opportunities I had speak to brilliant, fascinating people about technology, government, media and civil society. I’ve learned a tremendous amount from my interviews this year, many of which were captured on video. Some were filmed with my iPhone 4, others with a Canon 110si, others by O’Reilly Media’s professional video team after I joined the company as its new Gov 2.0 Washington Correspondent.

Regardless of the quality of light, image or sound, each interview taught me something new, and I’m proud they’re all available on the Web to the public. The list below isn’t exhaustive, either. There are easily a dozen other excellent interviews on my channel on YouTube, O’Reilly Media’s YouTube channel, uStream and Livestream. Thank you to each and every person who took time to talk to me this past year.

20. Professor Fred Cate on electronic privacy protections and email

19. Google Open Advocate Chris Messina on Internet freedom

18. Foursquare Creator Dennis Crowley on the NASA Tweetup and #IVoted

17. Co-Chairman of the Future of Privacy Forum Jules Polonetsky

16. NASA CTO Chris Kemp on cloud computing and open source

15. Portland Mayor Sam Adams on open data

14. Former Xerox Chief Scientist and PARC Director John Seely Brown on education

13. NPR’s Andy Carvin on CrisisWiki

12. ISE Founder Claire Lockhart on government accountability

11. Cisco CTO Padmasree Warrior on the evolution of smarter cities

10. Ushahidi Co-Founder Ory Okolloh on crowdsourcing

9. Senator Kate Lundy on Gov 2.0 in Australia

8. Intellipedia: Moving from a culture of “need to know” to “need to share” using wikis

7. ESRI Co-Founder Jack Dangermond on mapping

6. Sunlight Foundation Co-Founder Ellen Miller on Open Government

5. HHS CTO Todd Park on Open Health Data

4. FCC Tech Cast with Expert Lab’s Gina Trapani

3. Apple Co-founder Steve Wozniak on the Open Internet

2. United States CTO Aneesh Chopra on Open Government

1. Tim Berners-Lee on Open Linked Data

Leave a comment

Filed under cyberlaw, education, government 2.0, journalism, social media, technology, video

Privacy Camp DC 2010: 3 words [#privacy2010]

Today I’m at the 2010 Privacy Camp unconference in Washington, D.C.

As with every unconference, it kicked off with each participant introducing him or herself with three words that offer insight into their work, identity, passion or wit. Combining them all created the “word cloud” above.

You can follow DC Privacy Camp 2010 in real-time on Twazzup on Twitter.

Leave a comment

Filed under poll, social media, technology

Google reacts to negative Buzz, improves privacy settings. Will it be enough?

As the Wall Street Journal reported today, Google’s development team has been working “feverishly” to tweak Buzz privacy settings. Earlier tonight, Google responded to widespread privacy concerns about Buzz, its new social messaging platform.

Todd Jackson, Buzz product manager, annouced on the Gmail blog that Google will make three updates to Buzz users’ startup experience to address the negative feedback it has received concerning its new social network. The previously announced Buzz improvements based upon user feedback simply did not go far enough to address legitimate privacy flaws or the uglier critiques in the blogosphere.

What has Google done?

  1. Google will add a tab specifically for Buzz in Gmail. While Google has not chosen to separate Buzz entirely from Gmail, as many readers thought might be the case after reading a story in SearchEngineLand.  Instead, as Danny Sullivan reports there, Google may offer Buzz independently from gmail in the future. This move addresses user experience, creating a clear means to configure the social messaging platform or disable it.

  2. Buzz will no longer automatically connect Google Reader or Picassa. Both of these environments could be limited to closed networks of friends or contacts.  When someone wrote “F*** You, Google,” its development team was apparently listening. According to the New York Times story on Buzz privacy settings, Google reached out to the aggrieved user and made changes to address some of her concerns.
  3. Crucially, Google Buzz will move from auto-follow to auto-suggest. Instead of simply connecting a new user to existing gmail contacts, Buzz will now present the user with suggested users from within that social network.

In other words, Google took Harry McCracken (and others) up on a simple solution to Buzz privacy problems: start with users following nobody by default.

Will it be enough to address the concerns of aggrieved users and convince bystanders to try Buzz? As Neil Gaiman tweeted, “Google DID work late. And DID fix it. I don’t think I’ll ever turn it on now, but good on them.” Or as Jay Rosen put it, “I waited, read the news about Google Buzz, absorbed the accounts and experiences of people I trust, and disabled it before ever opening it.”

Whatever the impact of tonight’s changes, Google has moved quickly to improve the areas of Buzz that have caused such angst online. As Gina Trapani, a self-described “Google fangirl” tweeted,  “no doubt Buzz’s privacy issues are seriously problematic, but at least they’re iterating quickly and openly.”

The question that remains is why none of these privacy concerns were clear at the outset. “Google addressed most concerns – good job,” tweeted Evgeny Morozov. “But strange they hadn’t expected the backlash. What were they really thinking?”

Morozov, whose trenchant analysis of the “wrong kind of buzz around Google Buzz,”  has been an prominent voice in highlighting the risks of using public social networks for citizens in countries where voicing dissent can carry a death penalty. As he wrote, “I am extremely concerned about hundreds of activists in authoritarian countries who would never want to reveal a list of their interlocutors to the outside world.”

This change may address that concern, though an “evil genie” may already be out of the bottle if intelligence services have already mined activists’ social networks. It’s not just citizens within authoritarian governments that had much to lose, after all. As danah boyd observed, “automated connections (a la Google Buzz) are particularly dangerous for at-risk populations.” Lawyers have other concerns: exposing clients through email addresses could violate confidentiality agreements.

Another tweak will help a bit with some of the above. As Jason Kincaid wrote at TechCrunch, “private e-mail addresses that were exposed in Buzz @replies are now covered up by asterisks.

That said, Google has now followed Facebook in making a major change to user privacy without testing it first or, crucially, allowing its users to opt out. Instead of making joining Buzz an option, Gmail users were added by default. And the only means users had to disable Buzz completely was akin to a nuclear option: deleting a Google profile.

I haven’t found the algorithmic authority or relevancy in Buzz that I’d expected yet. As Zach Seward tweeted, there’s “something to be said for Google Buzz: When @robinsloan hosts a fascinating discussion, you can link to it.”  Buzz support for open data standards may prove to be both disruptive and beneficial for the open Web. Now that I’ve taken steps to hide my contact, I plan to continue using Google Reader to share news to my Google Profile and Buzz to participate in discussions.

That said, this brush with privacy may have tainted the launch of Buzz in much the same way that the death of a luger in Vancouver put a pall over the beginning of the Winter Olympics. Google may have more information about online users that any entity on the planet. By exposing those relationships without offering users the opportunity to opt-out of the new service on launch, the Internet giant has put trust in privacy at risk, an existential worry given that data that Google has about so many.

As Stan Lee put it, “with great power, there must also come great responsibility.” The past week’s backlash has reminded millions of the stakes for such trust.

3 Comments

Filed under blogging, social bookmarking, technology

MIT Panel: “Machines with eyes & texting spies” [privacy]

"Spies and texting eyes panel at MIT"

"Spies and texting eyes panel at MIT"

“Big Brother has nothing on growing up as a minister’s daughter in a small town.”

Shava Nerad, Development Director / former Executive Director of the Tor Project, offered that trenchant observation in the context of a panel on privacy held at the MIT Museum earlier this month,”Machines with spies & texting eyes: The shifting lines of public/private.” As she noted, she’s been writing provocative things on the Internet since 1982 so this isn’t exactly out of character.

Jonathan Zittrain, co-founder of the Berkman Center for Internet & Society at Harvard University, moderated the panel.  Judith Donath (Director of the Sociable Media Group), Aaron Swartz (Founder of watchdog.net and reddit.com) and Benjamin Waber, (Researcher, Human Dynamics Group at the MIT Media Lab) joined Nerad behind the table.

The event put special focus on the MIT Media Lab‘s Sociable Media Group’s exhibition, “Connections.” When asked about the purpose of the exhibit, Donath said that “We wanted people to step back and think about privacy. One mundane step after another has brought us to a deeply transformed world.”

Shava noted that “mischaracterizations of your identity are more likely to result than the real thing at the exhibit.” That result is “an artifact of scraping,” where data is pulled from many pools online without context or interpolation.

In general, the exhibit is meant to pull into focus Donath’s central question: “What is the cost we have to pay in terms of privacy to cement society together?”

You can take a virtual tour of the museum (from 2008) below:

Using the dry wit that makes his public appearances so enjoyable, Zittrain kicked off the panel with an explication of prurient. As he noted, prurient is a “funny word.” It refers to something that attracts you and then a moment later disgusts you. It’s wholly applicable and useful to our relationship with privacy in our changing world, as lifestreaming, Twitter, Facebook and mobile technology rapidly intermingle our public and private selves.

As Norath noted, “we’re all leaving trails of data…email, every time we comment, when we go through FastLane, when we go shopping. Some we’re aware of, some we’re not. There’s a growing shadow behind us.

The privacy panel recognized that the data trails left by teens online may be particularly meaningful for future employment or educational opportunities. Is acting out on Facebook a way of showing off imperviousness?

Nerad noted just how how persistent data is. In reply, @zittrain suggested declaring “reputational bankruptcy” at 18. Hilarity ensued. Shava suggested extending the age to 25.

Regardless, a “data shadow” is a useful metaphor for these data trails that accompany our online activity, especially when combined with the work of the Sunlight Foundation and Watchdog.net, the “good government site with teeth” project started by Swartz. It’s safe to say that we’re all watching each other now. Adding to the lighthearted but thoughtful tone of the discussion, @aaronsw recalled the day @EFF‘s Kevin Bankston was caught smoking by Google Street View.

Benjamin Waber noted that with Bluetooth scans on cellphones you might be able to accurately track who might be infected by a disease. As Zittrain quipped on one case, referring to swine flu, you could even epidemiologically trace it back to “Pig Zero.”

Waber makes the comparison to the membership cards offered by Shaws that enable consumers to receive discounts in return for registering. “If we owned our Bluetooth data, could we sell it? You get something for your data, for giving up your purchasing patterns. If your cellphone distributed certain information, would you be willing to trade it?”

The panel took note of the cultural differences between Japan and the U.S. with regards to @Google Street View. Protections around privacy and awareness of the impact of mobile video on it are greater there, perhaps by virtue of the technological edge that exists with Japanese society. Does greater tech penetration result in greater awareness of privacy issues? An Aussie in the audience notes that this privacy discussion appeared to be predicated by being held in the U.S. “When you’re a net importer of culture, you’re used to skirting around things.”

sociometer

sociometer

In Waber’s case, certainly, one would have to note that the privacy discussion is both academic and our in the real world. He passed around the “sociometer” that Waber and others are using to conduct research with at the Media Lab. Zittrain quipped that it “reminds me of an alithiometer” — a reference to Pullman’s “His Dark Materials” epic fantasy trilogy. This geek guffawed. To be fair,  in many ways, this device is downright magical, at least when its simple form factor is compared to its function. A sociometer is a wearable sensor package for measuring face-to-face interactions between people.

Afterwards, I was lucky enough to go out for Chinese with the panelists , where@zittrain further moderated a “roundtable” on the potential for malicious use of@Amazon‘s Mechanical Turk. @aaronsw @bwaber and @zephyrteachout and others contributed to a vigorous discussion of Google’s role in privacy, dominance of search and the role of citizens and law in encouraging more transparent government and corporate practices.

There’s more on electronic privacy and online governance at the Complexity and Social Networks Blog at Harvard and some thoughtful comments on the event page on Facebook.

Readers interested in privacy may also find WeLiveInPublicTheMovie.com of interest.

Reblog this post [with Zemanta]

Leave a comment

Filed under blogging, research, Twitter, video

“Massachusetts Senate seeks to amend, weaken data protection law” [new article]

We had to respond to a bit of a curveball this morning on the Mass. data protection law. A MA Senate Bill significantly alters certain provisions. I reported on it today and will be reviewing it further tomorrow.

Massachusetts Senate seeks to amend, weaken, data protection law
13 May 2009 | SearchCompliance.com

Reblog this post [with Zemanta]

Leave a comment

Filed under article, journalism

Biometrics, privacy and compliance [new article]

biometric birthday
Image by striatic via Flickr

It was deeply satisfying to see the piece on biometrics I’ve been working on go live today. It turned out well, especially with the usual polish that my brilliant copy editor put on the prose, formatting and pull quote.

Biometric security data adds layer of privacy compliance risk
30 Apr 2009 | SearchCompliance.com

Reblog this post [with Zemanta]

Leave a comment

Filed under article, journalism, technology