Genebook Security

{o.a.}

Last summer, Federal Chief Information Officer Vivek Kundra asked the National Institute of Standards and Technology (NIST) to help accelerate the federal government’s secure adoption of cloud computing by leading efforts to develop cloud standards and guidelines.

And NIST just delivered. The agency published two new draft documents on cloud computing. The first document, NIST Definition of Cloud Computing (NIST Special Publication (SP) 800-145) defines cloud computing

{o.a.}

Members of Congress chided the U.S. Department of Justice today for suggesting a new law requiring Internet companies to keep records of user activity, but not disclosing details on how it should be crafted to aid criminal investigations.

At a House of Representatives hearing, as CNET was the first to report, the Justice Department endorsed the concept of forcing Internet companies to collect and store data about their customers that they would not normally retain. This echoes the Bush administration’s position under Attorney General Alberto Gonzales.

But Jason Weinstein, deputy assistant attorney general for the criminal division, irked the committee members by saying “the government doesn’t have a specific proposal” at this time.

“When are you going to get a specific proposal?” said Rep. John Conyers, the senior Democrat on the House Judiciary committee. “How many years is this going to take?” Apparently recalling that mandatory data retention proposals have been circulating since 2005, Conyers added: “I’m going to call (attorney general) Eric Holder right after this hearing and see if we can get this moving…I don’t think we need a whole lot of time.”

Rep. Debbie Wasserman Schultz (D-Fla.) said mandatory data retention would help law enforcement “connect the dots” in criminal investigations. “I’m really not understanding why you don’t have a specific proposal,” she said.

So did Rep. Louie Gohmert (R-Tex.), a former judge, who used the lack of specifics to question whether the Justice Department really needed a new law. In court, Gohmert said, “if people don’t want to get specific, it’s not legitimate testimony that will come into evidence.”

This is an odd situation: when the Justice Department asks Congress for a new law, it typically provides draft legislation, or at the very least, an unequivocal endorsement. In 2004, the department explicitly endorsed a pair of copyright bills backed by the entertainment industry. It did not equivocate when lending its support to a proposal to give life sentences to certain hackers in 2002 or a 2007 proposal outlawing “attempted” copyright infringement.

Weinstein did say that the Justice Department was not interested in forcing companies to retain “content information” such as the text of e-mail, text, or SMS messages. He added, in response to questions, that up to two years of data retention “would be a useful starting point,” which echoes what FBI director Robert Mueller told Congress in 2008. (Ideally, to help law enforcement the most, “I’d think the statute of limitations would be the place to start the discussion” in terms of retention periods, he said.)

But he did not address the scope of the law, including whether social network sites and image-uploading sites would be required to record user activities—a proposal that surfaced inside the department four years ago.

“A minimum of six months would be advantageous, more like a year would be best,” said John Douglass, the chief of police for Overland Park, Kansas, who was testifying on behalf of the International Association of Chiefs of Police. In 2006, the IACP adopted a resolution (PDF) calling for a “uniform data retention mandate” for “customer subscriber information and source and destination information,” which apparently means keeping track of what Web sites every Internet user visits. A representative of the IACP said yesterday that the group continues to support the resolution.

Weinstein also took a swipe at the Electronic Frontier Foundation’s June 2008 “best practices” guide for Internet companies, which recommends that they store the “minimum amount” of data necessary for the “minimum time necessary,” and obfuscate, aggregate, or delete unneeded user information.

That represents the “best argument for Congress to intervene,” Weinstein said. “Providers are being guided to conduct themselves” in way that minimizes information available to law enforcement.

Perhaps the most telling comments, though, came from the new chairman of the House Judiciary committee, Rep. Lamar Smith (R-Tex.). He introduced a data retention bill in an earlier session of Congress and is now in a position to push any legislation through the chamber this year.

Smith said that the Internet has become a “virtual playground for sex predators and pedophiles,” and “more robust data retention will certainly assist law enforcement” in tracking down criminals.

Rep. F. James Sensenbrenner (R-Wis.), chairman of the House Judiciary crime subcommittee, told Kate Dean, executive director of the U.S. Internet Service Provider Association, that the industry must develop voluntary standards or risk being thwapped with the “stick” of federal legislation. “If you aren’t a good rabbit and don’t start eating the carrot, I’m afraid we’re all going to be throwing the stick at you,” he said.

It’s not that surprising that the Obama Justice Department, like its predecessor, prefers the stick. As a department official in the 1990s, Attorney General Eric Holder touted the idea of mandatory data retention. In 1999, Holder said that “certain data must be retained by ISPs for reasonable periods of time so that it can be accessible to law enforcement.”

For now, the scope of any mandatory data retention law remains hazy. It could mean forcing companies to store data for two years about what Internet addresses are assigned to which customers. (Comcast said in 2006 that it would be retaining those records for six months.)

Or it could be more intrusive, sweeping in online service providers, and involve keeping track of e-mail and instant-messaging correspondence and what Web pages users visit. Some Democratic politicians have previously called for data retention laws to extend to domain name registries and Web hosting companies and even social-networking sites. An FBI attorney said last year that the bureau supports storing Internet users’ “origin and destination information,” meaning logs of which Web sites are visited.

John Morris, general counsel at the Center for Democracy and Technology, said mandatory data retention could “harm Americans’ privacy rights, aggravate the problem of identity theft, and jeopardize Americans’ First Amendment right to speak anonymously on the Internet.

Retention vs. preservation

At the moment, Internet service providers typically discard any log file that’s no longer required for business reasons such as network monitoring, fraud prevention, or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation—a practice called data preservation.

A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any “record” in their possession for 90 days “upon the request of a governmental entity.”

Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.)

In addition, an existing law called the Protect Our Children Act of 2008 requires any Internet provider who “obtains actual knowledge” of possible child pornography transmissions to “make a report of such facts or circumstances.” Companies that knowingly fail to comply can be fined up to $150,000 for the first offense and up to $300,000 for each subsequent offense.

{o.a.}

Local colleges have plans in place to screen for troubled or dangerous students, but officials said they must balance those concerns with students’ privacy rights.

Two states — Virginia and Illinois — now have laws that require colleges to have “threat assessment teams” charged with identifying dangerous students, and 80 percent of colleges nationwide have started them since the 2007 tragedy at Virginia Tech left 32 people dead.

Green Bay-area campuses put similar teams in place after the Virginia Tech shootings.

The University of Wisconsin-Green Bay has a student review team that includes representatives from a variety of areas, including campus public safety, residence life, counseling services and the dean’s office.

UW-Green Bay conducts training and works with other local agencies, such as The Crisis Center of Family Service, to help struggling students.

Resident assistants in student housing are trained to look for signs of trouble, said Dean of Students Brenda Amenson-Hill.

“They know to look for things like ‘Is someone not going to class, or not eating?’ They should refer them,” she said.

When referrals are made, “it usually is a mental-health type issue,” she said. Students with emotional problems also may be struggling with studies, she said.

But while campus authorities can screen for signs of trouble, they have to balance that against a student’s right to privacy.

“There definitely is a fine line,” Amenson-Hill said. “There’s nothing against asking if they’re doing OK. That’s really our rule: If it’s a health or safety issue, or if they’re causing a disruption in the classroom, or if someone physically is not waking up, we get involved.”

After the Virginia Tech tragedy, St. Norbert College created a Responsive Intervention for Student Concerns Committee.

The committee focuses on prevention and early intervention of campus situations involving students experiencing extreme distress or engaging in harmful or disruptive behaviors, said committee co-chairman Tim McNulty.

Committee members also have been trained, and each case is handled individually, using methods such as a team approach, one-on-one or a referral to an outside professional agency.

{o.a.}

Think your data isn’t online? Think your privacy is secure? Take a minute to visit Spokeo and you’ll change your mind.

The popular information-gathering website offers a multitude of options for finding information about anyone. It purports to know your income, religion, spouse’s name, credit status and the number of people in your household. It even offers a satellite shot of your house, complete with an estimated value.

Spokeo’s not alone in the information-mining business — competitor Intelius, for instance, offers similar services — and for as little as $2.95 a month for a year’s membership, you can run a detailed background check that pulls information from local, state and federal government databases and hundreds of social-networking sites.

A trade group has even petitioned the Federal Trade Commission (FTC) to investigate. FTC spokeswoman Claudia Bourne Farrell confirmed to FoxNews.com that “the Center for Democracy and Technology has petitioned the FTC to investigate Spokeo for violations of the Fair Credit Reporting Act,” though she could not offer further details on an investigation. 

The possibility of an FTC probe hasn’t stopped the service from expanding, which now lets you search for the username of Facebook friends and track down their personal details. 

Larry Ponemon, the chairman and founder of the Ponemon Institute, an organization that researches Internet privacy and security, told FoxNews.com that sharing personal information about you is “grossly unethical” — and barely legal. Worse, many of the personal data purveyors knowingly disseminate inaccurate information.

“It’s evil for organizations to collect information that is knowingly inaccurate about people, no matter how many caveats they have,” he said, pointing out that the sites also make it easy for criminals to access your personal information, opening the door to identity theft — or worse.

Scary stuff — but how do these sites get away with it?

Along with offering your personal information to anyone who wants to pay the price, much of the information that’s being disseminated isn’t always correct. FoxNews.com put Spokeo.com to the test, and while it returned some scarily detailed results, accuracy often left much to be desired.

Of the 15 people we asked to research themselves on Spokeo.com, 10 reported inaccuracies in their report. Of those, three said the information was mostly inaccurate, while the others noted only minor discrepancies, such as an incorrect address or the wrong number of people in their household. Only five said the data was completely accurate.

“Since individual profiles are only as accurate as the published information they are comprised of, we continue to remind users that any information on our site should be regarded as a reference only,” said Katie Johnson, a spokesperson for Spokeo.

In one case, the site reported an income level for a colleague at least twice as much as he actually earns. In another case, the information about a person was accurate but included a past divorce that no one actually knows about in his circle of friends.

Ponemon argues that in fact much of the information is woefully suspect because sites such as Spokeo and others like it rely on outdated public databases, some poorly maintained. In just one example, the information at the site was accurate — it reported an income level around $146,000 for another colleague — income based on investments and other private holdings that the colleague does not want to make public.

“These sites piece together a profile about you,” Ponemon said. “If you live in a wealthy neighborhood, they can take this data and infer certain things about you.” 

Spokeo was developed by former Stanford student and company CEO Harrison Tang — who has unsurprisingly blocked his own personal information from Spokeo searches. Company spokeswoman Katie Johnson said there is a difference between “personal information” and “private information” that shouldn’t be revealed.

“Offering a more efficient mechanism by which to pull together information is not the same as providing greater access to personal information,” Johnson told FoxNews.com. 

Among the numerous concerns Spokeo raises with privacy experts is that the service obfuscates its data sources. There is no way to correct the information, although you can opt-out to block your name from the searches. FoxNews.com tried unsuccessfully to use the opt-out feature, which at first didn’t offer a way to enter a required e-mail address. The site appears to have updated this feature following a FoxNews.com inquiry.

Another issue is how Spokeo and Intelius obtain personal data. Intelius spokesperson Jim Cullinan told FoxNews.com that the service gathers records from public sources, many of them from widely available government sources.

“Intelius isn’t scraping data off consumers and then reselling it,” he said. “There has always been a misconception of this, but the data comes from public records. People may not know what their digital footprint is, but since governments have digitized so many public records, this information is out there.”

For instance, each state collects information on births, deaths, marriages and other such information in a Vital Statistics database (MA, NY, OH and so on); while most of Spokeo’s data is in the public record, these Vital Statistics databases aren’t simply public data. A recent amendment to the Drivers Privacy Protection Act prohibits a DMV from distributing your personal information unless you give them permission. It’s unclear whether Spokeo is covered by these regulations, or how the various privacy policies governing different database are respected when the data in them are combined.

Access to other commercial databases is possible too, in spite of federal laws that restrict it. It’s a crime to sell credit reporting information without letting you know about the transaction or providing a way to find more information, for example, according to the Fair Credit Reporting Act (FCRA). Sites like Spokeo get around this criteria by reporting a general credit score of low or high, not the actual score.

Robert Siciliano, a security consultant with IDTheftSecurity.com, explained that a website or social-media site you join might provide a terms of service for site users that says the site will not sell your information. Yet, there is no way to enforce adherence to a terms of service.

Kyle-Beth Hilfer, an attorney who covers privacy issues, says the FTC is carefully watching Web activity to protect consumers and encouraging the safeguarding of personal information.

So what can you do if you spot too much personal information? Hilfer says one recourse is to contact the site owner and attempt to block your information. She says you can always go to your state representatives and complain. “We will see more legislation on this depending on how the sites regulate themselves,” she said.

Siciliano argues that transparency on the Web is a good thing — that revealing some personal information is okay because it means there is a way to link an online persona with an actual individual. Angry posters at Websites can be traceable and not engage in anonymous name-calling, in other words.

“There is no mystery anymore,” he said. “We have been living this way for decades, the data has been compiled and now people are taking this data and piecing it together. This has been going on for a long time.”

Ponemon warns, however, that brokering personal data can lead to serious abuses, such as cyberstalking and online impersonation.

So what can you do to protect your privacy? With Spokeo.com, it’s a good idea to opt-out of the listing. You’ll need to do a search on your name, find your listing, copy the URL, and fill out the fields at Spokeo.com/privacy.

But your information is probably already online anyway.

And short of visiting every site that lists personal information and opting out — or a federal law — most privacy experts say to accept the fate. If your personal info is out there, someone will find a way to buy it or sell it to the highest bidder. 

That may not be ethical, but it’s part of living in the digital age. 

{o.a.}

This blog post is based upon a draft of my recent article posted on SSRN entitled “The Federal Trade Commission and Privacy: Defining Enforcement and Encouraging the Adoption of Best Practices.” It expands the analysis of other privacy models and more explicitly discusses the competing models and the limitations of some of them, particularly when they are examined against Privacy by Design. Further background on the FTC’s guidance and Section 5 authority, as well as the issues that enforcement models have faced in the U.S. is contained in the article, which can be downloaded from this link.

The Challenges of Notice and Choice and Harm-Based Models.

In its recent guidance, the FTC recognized that the notice-and-choice, and harm-based models of enforcement had been criticized for a number of reasons. The notice-and-choice/deception/Privacy 1.0 model, which requires some form of misrepresentation but only requires a likelihood of consumer injury, is perceived to have led to lengthy privacy policies that consumers do not read, which truly defeats the notice and choice theory completely. The harm-based model/unfairness/Privacy 2.0 model, which requires “significant” consumer harm, has also been criticized by commentators for being too “reactive”[1] and, as is shown by the failures of privacy litigation, proving harm, particularly “substantial harm” is an illusive and often difficult achievement.[2] 

Ultimately, while these concepts have formed the basis of the FTC’s privacy enforcement efforts, the FTC recognized that these models had limitations, including the reactive nature of these doctrines. That Privacy 2.0, the model advocated by Prosser and adopted by the FTC in its unfairness enforcement, has failed to address privacy concerns, particularly those created by innovation, is well established.[3] Privacy 2.0 is a harm and tort-centric model created by courts when their decisions were now famously placed in context by Prosser. It has been the touchstone for privacy since 1960, but as the FTC recognized, Privacy 2.0 has been criticized for being too “reactive” and not keeping pace with innovation.[4] Indeed, to understand the latency of litigation one need only ask someone who is a party to it to describe their view of how long litigation can take to resolve. Moreover, based upon the past history of Privacy 2.0, it is clear that a litigation-based model will inherently fail to provide proactive guidance. Guidance under the Privacy 2.0 model comes from what published decisions are made by courts, or the few public settlements entered by government agencies, such as the FTC or state Attorneys General. In many cases private litigation settles on confidential terms, and in any case guidance under the Privacy 2.0 model is inherently limited by the discovery of issues, and a party, governmental or otherwise, being willing to litigate the problem. There are also jurisdictional limits on privacy litigation, both for private parties, as well as the FTC.[5]

These points illustrate, as more fully discussed below, that models based upon “accountability”—in other words enforcement—have already been tried in the United States, and have failed. Both Privacy 1.0 and 2.0 focus on enforcement as the model to drive compliance and the FTC, as well as many other commentators recognize the limitations of these models. This led the FTC to suggest a new model that was more proactive and provided more flexibility—the “privacy by design” framework. While the model is a significant step in the right direction, it will need to be defined in a more complete way before it can be implemented by businesses in a meaningful way.[6] 

Understanding Proposed Models for Privacy.

There are in essence three main proposed constructs for privacy being discussed. It is helpful to understand these models and what they propose, in order to try and chart a path forward. Before that is examined, it is helpful to understand the basic structure of existing privacy laws and internal policies. While Privacy by Design is a model being discussed, it is a model focused on implementation of privacy and it is best placed in the first or second elements of what is discussed below.

Privacy laws do in essence three things—(1) classify or identify data that is to be regulated; (2) regulate the processing of data through conduct limitations, including the level of consent required to collect or use the data, data security limitations, use-restrictions, and other limitations; and (3) provide for enforcement for violation of point (2). Internal policies that are adopted at companies regarding data governance effectively do the same thing—define what data is being covered; restrict its use; and provide for some form of enforcement, though the enforcement is much different than a consumer class action or an FTC enforcement action.

The point of identifying these 3 elements is to give context for the models that are being discussed to help define what these models are, and what they are not, and to argue that proportionality is the key principle that must be the basis of any new regime.

Model 3—Accountability.

Models based upon accountability have been put forward by some as a viable solution to the privacy concerns of today, including the reactive nature of current privacy regimes. You will note that though this is the first model I discuss, I list it as Model 3, and the reason for that will become clear below.

Accountability models are, not surprisingly, focused on holding people accountable for what they do with data. “As a result, a growing faction in the cryptography and security community has embraced greater reliance on accountability mechanisms: When an action occurs, it should be possible to determine (perhaps after the fact) whether a rule has been violated and, if so, to punish the violators in some way.”[7] While accountability-based models must have rules of the road regarding a variety of topics, including security, use restrictions, restrictions on third-party transfers, and other topics, to mete out punishment for violation, an accountability model generally focuses on after the fact enforcement. 

The flaw in a model that focuses on accountability is clearer to understand when one re-examines the three elements of laws identified above. A focus on accountability means a focus on the third element, which is the least important of the three elements. More importantly, a focus on enforcement ignores the last 50 years of privacy law in the United States, as well as the inherently retrospective nature of a model that is enforcement-centric. Simply put, accountability models inherently must focus on after-the-fact enforcement to set standards and that is the opposite of a system that is proactive and voluntary—what the FTC is currently seeking.

Other accountability advocates argue that the model should be accountability-centric. The problem with this argument is two-fold. As noted above, enforcement-centric models have been tried in the U.S. and they have not worked. [8] Moreover, to the extent that what these advocates are saying is really there should be penalties for violating the law, it is a point that cannot be disputed as it underlies every existing law. If that is truly the argument, then it is not informative to privacy practitioners because there are always some consequences for violating a law and focusing on consequences does not provide the proactive guidance the FTC seeks to generate.[9] 

There are some accountability models that focus more on data owners being “accountable” for data in that they are required to take steps to control data, and this is seen as a way to encourage the adoption of best practices. However, at this time there generally is not a fixed definition around what data should be protected, and how it should be protected. Instead, there may be reference to internal “values” regarding information, or ethics. The challenge with these type of accountability models is that information ethics is in the eye of the beholder. Left to their own devices, what a “privacy-centric” and non-privacy-centric company will conclude is appropriate will vary dramatically, as noted by the FTC in their recent report. As such, these models provide little guidance to companies that are not culturally privacy-centric and will not solve the problem as articulated by the FTC.

It should also be noted that any model based upon accountability inherently focuses on privacy in a different way than Privacy by Design. Privacy by Design is a way to imbed privacy into technology, and its express purpose is proactive prevention, not after the fact enforcement. Indeed, the first of the seven principles of Privacy by Design is:

The Privacy by Design (PbD) approach is characterized by proactive rather than reactive measures. It anticipates and prevents privacy invasive events before they happen. PbD does not wait for privacy risks to materialize, nor does it offer remedies for resolving privacy infractions once they have occurred — it aims to prevent them from occurring. In short, Privacy by Design comes before-the-fact, not after.[10]

Given any accountability model’s inherent retrospective view, accountability and Privacy by Design are not concepts that take the same view of how to improve privacy. To the extent that accountability advocates argue that Privacy by Design makes organizations more “accountable” for the for data throughout the organization, this is really more a concept of responsibility for implementing appropriate processing restrictions, which is really a focus on the second point of three. Accountability as a model looks at enforcement and an enforcement model without clear focus on data classification and processing limitations, is empty vessel that provides no guidance, which is what proportionality principles provide. At some level an accountability-centric model would be like passing comprehensive privacy legislation and simply saying “If you violate someone’s privacy you will be liable for a $10,000 fine”, without defining what data is covered, or what acts are prohibited. This is not what accountability advocates have put forward, and that “guidance” can be built in through data classification and processing limitations, but that illustrates the point—accountability is the third step in a three step process, and therefore should not be the focal point of privacy theory, particularly since the experience in the United States demonstrates accountability models have not worked. 

Model 2—Models Based upon Processing Limitations

There is an emerging model of privacy that focuses on restrictions on processing of information, which are in some circles referred to as use-limitation models, though they go beyond mere use limitations. It is worth noting here that some advocates for privacy view use-limitation models as “accountability” models. They are not. Use limitation is focused on restricting the use of information. While there may be consequences for misuse, that does not make a model focused on use restriction into an accountability model, any more than it makes every existing privacy law in the United States that restricts the use of data an “accountability” statute. This also becomes clear when one examines the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data. 

The OECD guidelines identify a number of principles regarding the use of data. Three of them are of particular importance. The Purpose Specification Principle, which states, “The purposes for which personal data are collected should be specified not later than at the time of data collection and the subsequent use limited to the fulfilment of those purposes or such others as are not incompatible with those purposes and as are specified on each occasion of change of purpose.” This is clearly a used-based principle. The Use Limitation Principle, which states, “Personal data should not be disclosed, made available or otherwise used for purposes other than those specified in accordance with Paragraph 9 except: a) with the consent of the data subject; or b) by the authority of law.” Again, a use-based principle that is similar to what some have advocated. If “accountability” were about use-limitation, these principles would be the accountability principle. They are not. There is also an “Accountability Principle” which states “A data controller should be accountable for complying with measures which give effect to the principles stated above.” In other words, accountability is the enforcement mechanism for other principles that are defined in other ways. Without the other principles accountability is simply an empty vessel and use-based models provide a part of the framework needed for accountability.

While use-based models themselves are not inherently incorrect, they focus on the second point of law, as noted above. Restrictions on the use of information are critical to any system, but they cannot be the underlying basis of the system because the decisions to restrict use must be based upon something, which is step one in the analysis. To continue the analogy from above, it would be like passing legislation that provides restrictions on the use of “data” without defining data in the first place. Again, that is not what advocates of use-based systems are arguing for, but it again illustrates the point that use-based restrictions only truly function as part of a system of proportional protections and penalties.

Model 1—Proportionality

There are some that have interpreted my Privacy 3.0 article, first published over 3 years ago as a chapter in my privacy treatise, as advocating purely a focus on sensitivity and ignoring other issues. If this were true, I would have called the article Privacy 3.0—The Principle of Sensitivity. I did not because I believe that while sensitivity is extremely important, and data classification is the first step in the analysis, it is truly only the first step, which is why I chose the word proportionality.[11]

In Privacy 3.0 I argued that it was widely recognized that the current theoretical construct of privacy—Prosser’s tort-based enforcement/accountability model—had failed. What was needed was a model that provided appropriate, but not over or under-inclusive protection, particularly in the rapidly changing Web 2.0 world where information sharing was the basis of a number of now ubiquitous services, such as Facebook.

I also recognized that society would gain benefit from information sharing, though there should be restrictions, or use-limitations, on the sharing.

Instead, a theory of proportional protection places higher restrictions and access barriers on truly sensitive information that either has limited or no use to third-parties and has great capacity to damage individuals and society, while simultaneously permitting the necessary and appropriate access to those having a legitimate need to know certain information, particularly when that information is less sensitive. Proportionality also has the advantage of minimizing the societal impact of privacy issues because enforcement and compliance will be focused on the most appropriate levels of sensitive information.[12]

In other words, use-limitations should be proportional to the sensitivity of data. 

While an examination of data elements for sensitivity could lead to improving privacy protection, that model did not seem to provide prospective guidance. As such, I proposed creating four tiers—highly sensitive; sensitive; slightly sensitive; and non-sensitive. By creating these tiers, one could associate certain use-restrictions and enforcement with each tier. As noted below, I did not simply focus on sensitivity as part of proportionality, but rather a broader set of issues that needed to be defined once the four tiers of information were created:

Thus, there are common elements that I will be discussing regarding each tier. These include:

• whether information can be gathered without notice or consent;

• whether consent must be opt-in or opt-out;

• the effect of consent;

• the types of processing that can be done;

• can information be gathered under false pretenses;

• are there time restrictions upon the retention of the data;

• data security requirements;

• data destruction requirements;

• what steps are required, or permitted, to mitigate any mishandling of information; and

• penalties for misuse of the information, including the imposition of statutory penalties in certain cases.[13]

As is clear from these bullet points—use-limitation—i.e.—“ the types of processing that can be done” and the effect of consent, as well as “accountability”—i.e.—“ penalties for misuse of the information, including the imposition of statutory penalties in certain cases” are inherent in proportionality. 

One could ask—how are these models different and why should one predominate? The answer really is two-fold. The Privacy 3.0 model, by starting, but not ending, the analysis with data sensitivity permits business and government to more efficiently focus resources on protecting the information that can create the most mischief if lost or misused, while simultaneously avoiding overregulation of data as well. Second, I think there is a significant “best practice” value in focusing first on sensitivity in the way I articulated in 2008. As noted above, use-limitation, consent, enforcement, and other issues would be defined by the tiers, not by the individual data elements themselves. The data elements would be examined based upon sensitivity and then placed into a tier. Once the individual data elements were placed into a tier, the use-restrictions and other issues would flow from the tier, not the data element. Current use-limitation models tend to focus more on the data elements themselves, and there are two advantages of the approach I advocated. The first is that data sensitivity can change over time and this system permits more flexibility for data to move to a higher or lower tier. The second is that it permits privacy to be more proactive. When a new technology is created that uses a new form of sensitive data, these tiers and the data elements placed within them, can be examined and companies seeking guidance can use past placement of data elements to appropriately protect new forms of data. To the extent that advocates of accountability believe in a “ethics” or value-based accountability system, the tiers permit companies to make value judgments regarding a large number of data sets, including emerging forms of data, in a consistent and cohesive way.

Ultimately, the issue is not choosing between use-limitations, accountability, or sensitivity, but rather what the first step in the process is. Focusing on proportionality in the method identified in Privacy 3.0 permits informed decisions to be made regarding use-limitations, and accountability. To focus on either without first addressing sensitivity so that use-restrictions and accountability can be proportional runs the risk of either having too few, or too many restrictions. 

Baking It In.

There is a path that would provide more flexibility to the FTC, and more guidance to business in the Web 2.0 World. I have previously proposed Privacy 3.0, which is a model based upon data sensitivity that makes the safeguards required to be implemented for personal information contextually connected to the sensitivity of that information using a proportional methodology. While this may seem like a radical departure from prior FTC enforcement, if the concept is put into different terms, it is truly just a small step away from prior guidance and enforcement, but this small step provides much needed predictability and, perhaps even more importantly, flexibility, as technology changes. 

Stated differently, examining the sensitivity of data through the totality of the circumstances surrounding the individuals and the context of the personal information is simply determining the risk of harm that can result from the improper or unauthorized disclosure or use of the personal information. The more sensitive the data is, the higher the risk of harm to consumers. This is a different approach at a certain level than the prior enforcement cases in that while likelihood of harm is considered by the FTC, it is typically only done so in the context of a deception case, which requires a misstatement of some kind regarding privacy. Otherwise, the level of consumer injury for unfairness goes far beyond “a risk of harm” since actual harm appears to be required.

Moreover, if Privacy 3.0 were considered, it would not directly be the basis of enforcement by the FTC. Part of the rationale of using sensitivity rather than the Privacy 1.0 and 2.0 doctrines is that harm is frequently difficult to prove and therefore litigation frequently fails to address the stated concerns of individuals. As such, I would propose that the risk of harm analysis be used to create the Privacy 3.0 framework and the framework would be the basis of a “safe harbor” program, administered by the FTC. The “Privacy 3.0 Safe Harbor” program would rely upon the 4 tiers of sensitivity, and more fully detailed in Privacy 3.0, would provide clear guidance regarding what information practices were permitted for each tier, including what level of consent, both implicit and explicit, would be required to process data.[14] Companies that agreed to and implemented the data classification framework, and the resulting restrictions and permissions that would be created based upon the sensitivity of information, would not be subject to enforcement action if there was a data incident. However, companies that voluntarily chose to participate in the “Privacy 3.0 Safe Harbor” would be subject to enforcement if they failed to meet the requirements of the program, or falsely claimed to comply when they in fact did not.[15] 

This program could follow the model of the EU Safe Harbor program, or Binding Corporate Rules, or BCRs, which are approaches many companies are now using to comply with EU data protection laws. This would encourage international cooperation, while simultaneously permitting companies that have implemented a program based upon the EU Safe Harbor or BCRs to build upon existing work by companies, though this model would focus protection on information by doing a data risk analysis under the Principle of Proportionality.[16]

An additional side benefit from an economic standpoint is that such a program would remove uncertainty from the information environment allowing organizations to provide protections and safeguards more efficiently by focusing security and protective resources on those data that are more sensitive. In turn, this could provide the economic stimulus to promote greater valuation in concepts like “privacy (or security) by design,” which would be driven through economic value because of reduced regulatory risk rather than using a “Sword of Damocles” over the head of any handler of consumer information; the carrot versus the stick approach.

This would give companies an incentive to proactively focus its compliance efforts on the most critical information and therefore proactively prevent consumer harm in many cases.  Without a focus on sensitivity compliance efforts can often be unfocused and not as efficient or productive as otherwise possible.

Whether this is accomplished via the FTC’s rulemaking authority, referenced in Section 7, or if additional legislation is required, pursuing a framework that incorporates Privacy 3.0, includes a safe harbor for those companies that choose to comply, and that links in some form to the existing EU models, will provide the appropriate combination of protections and incentives for businesses so that proactive privacy protection can be achieved in a way that maximizes international coordination and cooperation.

[1] As stated by the FTC in its recent report at footnote 86, “George Washington University Law School Professor Daniel Solove has criticized the harm-based approach for being too ‘reactive’ and called for an architectural approach to protecting privacy that involves “creating structures to prevent harms from arising rather than merely providing remedies when harms occur.” Daniel J. Solove, Identity Theft, Privacy, and the Architecture of Vulnerability, 54 Hastings L.J. 1227, 1232-45 (2003).”

[2] “However, the road to plaintiffs’ recovery in privacy litigation is littered with a number of issues that can derail a case before it truly starts, not the least of which is that plaintiffs in many cases cannot prove actual damage, and may actually lack standing to bring an action. Moreover, even if the case clears this hurdle, many class actions fail the certification requirements because of issues unique to privacy litigation.” Serwin, POISED ON THE PRECIPICE: A CRITICAL EXAMINATION OF PRIVACY LITIGATION, 25 Santa Clara Computer & High Tech L.J. 883 (2009); see also, Hammond v. The Bank of New York Mellon Corp., 2010 WL 2643307 (S.D.N.Y. June 25, 2010), citing Id.

[3] Solove, supra, note 1.

[4] Id.

[5] Private parties face the problem that harm is often difficult to prove. The FTC faces the issue that its jurisdiction is not unlimited and it can only act under Section 5 if it can prove deception and a likelihood of harm, or consumer injury that is “substantial”.

[6] Flexibility in meeting the challenges of the Web 2.0 has long been recognized as necessary by the FTC. Bond, Doctor Zuckerberg: Or, How I Learned to Stop Worrying and Love Behavioral Advertising, 20-FALL Kan. J.L. & Pub. Pol’y 129 (2010), citing, Joel Winston, FTC Staff Report: Self-Regulatory Principles for Online Behavioral Advertising: Behavioral Advertising: Tracking, Targeting, & Technology, 970 Practicing L. Inst. 411, 431 (PLI Patents, Copyrights, Trademarks and Literary Property Course Handbook Ser. No. 19129, 2009).

[7]Feigenbaum, Accountability as a Driver of Innovative Privacy Solutions,http://www.law.yale.edu/documents/pdf/ISP/Feigenbaum_Accountability.pdf, last visited January 12, 2011.

[8] Privacy 2.0 is a harm and tort-centric model created by courts when their decisions were now famously placed in context by Prosser. It has been the touchstone for privacy since 1960, but as the FTC recognized, Privacy 2.0 has been criticized for being too “reactive” and not keeping pace with innovation. Ultimately, however, an essential element of an accountability model is, of course, enforcement based upon accountability to voluntarily adopted best practices, as well as by regulators and private plaintiffs. Taking the second point first, to the extent the model focuses on external enforcement, it is likely to fail. That Privacy 2.0, the model advocated by Prosser and adopted by the FTC in its unfairness enforcement, has failed to address privacy concerns, particularly those created by innovation, is well established. Indeed, to understand the latency of litigation one need only ask someone who is a party to it to describe their view of how long litigation can take to resolve. Moreover, based upon the past history of Privacy 2.0, it is clear that a litigation-based model will inherently fail to provide proactive guidance. Guidance under the Privacy 2.0 model comes from what published decisions are made by courts, or the few public settlements entered by government agencies, such as the FTC or state Attorneys General.

[9]In many cases private litigation settles on confidential terms, and in any case guidance under the Privacy 2.0 model is inherently limited by the discovery of issues, and a party, governmental or otherwise, being willing to litigate the problem. There are also jurisdictional limits on privacy litigation, both for private parties, as well as the FTC.

[10] http://www.ipc.on.ca/images/Resources/7foundationalprinciples.pdf, last visited January 15, 2011. As noted above, this model is consistent with the criticism of current privacy regimes expressed by Professor Dan Solove.

[11] Serwin, PRIVACY 3.0—THE PRINCIPLE OF PROPORTIONALITY, 42 U. Mich. J.L. Reform 869 (2009).

[12] Id., at 876.

[13] Id., at 901-902.

[14] This “Safe Harbor” program would differ from the existing EU Safe Harbor program in its implementation and the contemplated level of detail in the filings and commitments.

[15] See, e.g., See In re Dirs. Desk LLC, No. C-4281, 2010 WL 326896 (F.T.C. Jan. 12, 2010) (consent order); In re World Innovators, Inc., No. C-4282, 2010 WL 326892 (F.T.C. Jan. 12, 2010) (consent order); In re Collectify LLC, No. C-4272, 2009 WL 5576194 (F.T.C. Nov. 9, 2009) (consent order); In re ExpatEdge Partners, LLC, No. C-4269, 2009 WL 5576191 (F.T.C. Nov. 9, 2009) (consent order); In re Onyx Graphics, Inc., No. C-4270 2009 WL 5576192 (F.T.C. Nov. 9, 2009) (consent order); In re Progressive Gaitways LLC, No. C-4271, 2009 WL 5576193 (F.T.C. Nov. 9, 2009) (consent order).

[16] Tying the proposed program in some way to the existing BCR process would further the FTC’s goal of increasing International cooperation, and would also give companies further incentives to pursue the BCR process. It would also streamline a number of the International data transfer issues, at least with the EU.

{o.a.}

Personal, financial records exposed in breach; full extent of damage not known 

A security breach at the Pentagon’s official credit union has exposed the personal and financial records of members of the U.S. military and their families, putting hundreds of thousands of people at risk for identity theft.

The Pentagon Federal Credit Union’s (PenFed) database, which includes names, addresses, Social Security numbers and credit card numbers, was accessed by a malware-infested PC, Paul Roberts of the security firm Kaspersky Lab reported.

Chartered in 1935, PenFed serves about 100,000 members in the Air Force, Army, Coast Guard, Department of Homeland Security, Department of Defense and the Veterans of Foreign Wars. PenFed offers mortgages, credit cards and loans to its customers, and has $15 billion in assets.

The full extent of the data breach is not yet known. Roberts reported that the attack was discovered Dec. 12 and that so far 514 New Hampshire residents have been affected.

In a letter mailed to customers, PenFed’s executive vice president of operations, Roderick Mitchell, said, “We have no indication that your information has been misused.” No PINs or passwords were accessed in the breach, Mitchell said.

PenFed reissued all credit and debit cards to members whose account information may have been obtained illegally.

In an unrelated development, PenFed posted an alert on its website notifying customers that a man named Dick Bennett has been posing as a PenFed underwriter, phoning people to tell them their mortgages are being sold, and then requesting personal information.

        There’s no dearth of sophisticated gear for the aspirational ATM thief. But skimmers don’t exactly have an aisle at Wal-Mart. Gizmodo takes a look at the scary Internet black market where fraudsters get their tools — or get swindled themselves.

     Online attacks against credit unions and government employees are nothing new. A sheriff’s office in Colorado was victimized in December, exposing the names and addresses of confidential drug informants. Cybersecurity experts believe high-profile data breaches will continue to occur because the rewards of obtaining sensitive government data are so high.

The Identity Theft Resource Center reported that data breaches in general rose 33 percent in 2010 from the previous year.

{o.a.}

THE privacy commissioner will investigate the way Vodafone handles customer data after reports that private information was easily accessible to outsiders.

Vodafone is looking for the people who breached its customer database.

More stories have emerged of privacy breaches. One customer was sent a letter addressed to someone else after making an inquiry about the safety of his own data. And a Brisbane man said $100 worth of products were bought with his credit card from a Vodafone store in Chatswood, Sydney.

Advertisement: Story continues below

The Privacy Commission said it would investigate whether Vodafone’s handling of customer data breached the National Privacy Principles.

”I am concerned about the amount of personal information that may have been disclosed which could include sensitive information,” the commissioner, Timothy Pilgrim, said yesterday.

”For this reason I have opened an own motion investigation into the matter today. I have spoken with the chief executive of Vodafone and he has assured me of Vodafone’s full co-operation.”

Vodafone will change the password to its database every 24 hours until it finds the people responsible for the breach, a spokeswoman said.

{o.a.}

This morning, I joined the Madeleine Brand Show to talk about the latest personal data privacy aggregator that has many of us spooked: Spokeo.

Listen to the archived radio segment here.

Spokeo isn’t new, nor is it alone: peoplefinder, pipl, spoke, zabasearch, Intelius, and many other internet companies exploit the same weaknesses in America’s privacy laws. But Spokeo popped up in the news over the holidays after launching a “username search” feature. The focus of this morning’s radio segment: what sites should be able to access your personal data, and what, if anything can you do to stop them?

So, about Spokeo. As Sean Bonner guest-blogged here over the weekend, you enter your name on the site, and if you’re in its reach, the site freely returns data about everything from your religion to gender to marital status to hobbies to “wealth level.” Oh, and your home address and phone number, even if you go to some effort to keep those un-listed. They apparently only traffic in US addresses, so those of you outside the states shouldn’t end up in Spokeo’s search results.

The project dates back to 2006, the dorm room brainchild of 27-year-old Stanford student Harrison Tang. He told the Los Angeles Times last June that Spokeo gets data from about 80 “public” sources, including LinkedIn, MySpace, Twitter and Yelp, and has been working with Facebook to open that door, too. Tellingly, Mr. Tang opted out of his own site over privacy concerns.

Spokeo claims not to possess Social Security numbers, driver’s license numbers, bank accounts, or other private financial data such as credit scores. Despite this, they do report “wealth level,” whatever that means, and this prompted a Federal Trade Commission complaint last summer by The Center for Democracy and Technology, alleging that Spokeo “purports to provide information about individuals’ credit ratings and other financial data, but fails to disclose the source of the data or allow consumers an opportunity to dispute and correct false information.”

Spokeo’s offices are located in Pasadena, CA. The business address they publish is a small mailbox at a UPS Store in a Pasadena strip mall (though the LA Times also tracked down and published the company’s physical address).

Peoplefinders and OptOut are owned by the same company, and share an address in Sacramento. Spokeo publicizes that they have a “partner” relationship with ReputationDefender, a site that, for a fee, promises to help “manage your reputation online” and deal with offending leakers like Spokeo. It’s hard to ferret out exactly what the data publishing sites like Spokeo have with the privacy service sites like ReputationDefender, but it seems fair to at least characterize them as symbiotic.

As frightening as the prospect of having a satellite photo of one’s home next to one’s marital status, religion, and estimated income in one free search result may be— Boing Boing guestblogger Andrea James points out that Spokeo probably isn’t the scariest data-monger in the room. “Information commerce company” Intelius bought people search site Spock last year, scaring the bejeebus out of a lot of people in the process. Who knows what may yet come of that merger.

I reached out to Sharon Nissim, a Consumer Protection Fellow from EPIC, to make sense of Spokeo and sites like it. Nissim said this felt “one step away from having someone’s SSN,” and is “indicative of a pervasive problem online: people really have no idea how much tracking is being done, because behavioral tracking services effectively track everything you look at online.”

Regarding paid services that promise to “clean” the internet of your personal data, “You shouldn’t have to pay to keep your information private,” said Nissim, “privacy should be a default setting.”

EPIC is among the privacy watchdog groups backing the idea of a “do not track” mechanism first proposed in 2007, which was initially modeled on the popular “do not call” database administered by FCC to limit telemarketing access. Nissim explained that while the two can’t technologically can’t work same way, and the idea of a government-maintained centralized registry of websites is a non-starter, there is hope. One solution under discussion with researchers at Stanford for “do not track” involves using HTTP headers on the browser side.

“For now, making sure to opt out of data sharing or data storing when given a choice by credit card companies, banks, and websites is one good thing to do,” said Nissim. “We’re also concerned about the privacy threat posed by mobile phone/smartphone data. We don’t carry our computers everywhere we go, but we do carry these mobile devices. The location information that apps store and share will surely be of greater concern, as their usage grows.”

“Online tracking is a huge problem, and while it is certainly good that some steps are being taken to try to crack down on some of it, we are really far behind where we need to be,” adds Nissim. “The FTC is just waking up to the issue and strong enforcement of any do not track mechanism is imperative for it to succeed. That being said, I am hopeful that Congress will get behind the initiative and that movement will continue on protecting peoples’ privacy online.” 

{o.a.}

For any website or business who collects data from visitors/customers, a privacy policy is must to disclose how the data will be used.

GeneratePrivacyPolicy.com is a free online service which eases creating one quickly.

It asks several questions from the name of the business and URL to the type of data collected (and why they are collected). Once all details are mentioned, it generates a professional policy instantly.

The service requires registration (free) and can list any previously created privacy policies for managing them better.

{o.a.}

So the time has come for the way we all knew Brightkite to change over to Grouptext. However, don’t fret, they kept the Brightkite name. Actually do fret, because if you have installed the updated app on your Android device, they have already violated your privacy. The When you launch Brightkite for the first time after installing the update, it has to go through an initializing stage. This also makes Brightkite your new SMS client. But they don’t tell you that, in fact you don’t know that until you get your first text and you get two alerts.

But how is this violationg your privacy. Well, the initializing of the application takes your current text messages and uploads them to the Brightkite servers. That’s right, they don’t even ask your permission. This in turn gives them your contacts phone numbers. So if you were curious of how Birghtkite could monitize, they could send a SMS to one of your contacts telling them to reply for what ever reason, and charging them $1 to their phone bill. Doesn’t sound like a good deal to me.

Brighktie used to be a great service, that connected people from all over the world. It truly created great friendships, and thankfully those friendships have continued through this tough time of Brightkite stabbing their users in the back. 

The worst part about all this, besides the privacy issues, is Brighkite was a pioneer in location, they were setting the bar for social media with the way their streams even worked. However, by switching to their grouptext modle, they have gone from being a leader, to a copycat. Yes, they are doing exactly what Tatango, Pingchat, WhatsApp, and TextPlus have been doing for years. 

If you don’t want Brigktkite violating your privacy, please uninstall the apps from your Android and iPhone device and delete your account on brightkite.com

{o.a.}

It’s been a hell of a year for consumer privacy, or the lack thereof. From Facebook leaking personally identifiable information to advertisers, to data brokers harvesting reams of user information on social nets, to Google’s Wi-Fi slurping, 2010 may be remembered as the year the privacy chickens came home to roost — and quickly got roasted. 

Now Congress is debating new privacy laws and the FTC has weighed in with proposals for a No Tracking List to thwart nosy Web advertisers.  The agency has also called for sites to create privacy policies a wee bit shorter and more accessible than, say, Facebook’s 5,830-word privacy opus. Not surprisingly, the online data industry immediately began trash talking the FTC’s ideas, calling for even more ‘self regulation’ and forming yet another industry consortium, the Open Data Partnership, to avoid a Federal smack down. 

Apparently, the 10 years online data mongers have been given to come up with privacy protections that actually protect privacy hasn’t been enough. Just give them another 10 years and they promise they’ll get it right.

I’ve got a better solution. Instead of a welter of new laws or regulations, how about just one: The Honest Privacy Policy Act. The HPPA would require every company to post a simple, direct, and brutally honest policy detailing what really happens to your data.

To help this proposal along I’ve come up with one of my own – and it’s 5,085 words shorter than Facebook’s. Here’s what a real privacy policy might look like:

    ”At COMPANY _______ we value your privacy a great deal. Almost as much as we value the ability to take the data you give us and slice, dice, julienne, mash, puree and serve it to our business partners, which may include third-party advertising networks, data brokers, networks of affiliate sites, parent companies, subsidiaries, and other entities, none of which we’ll bother to list here because they can change from week to week and, besides, we know you’re not really paying attention.

    We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.

    Remember, when you visit our Web site, our Web site is also visiting you. And we’ve brought a dozen or more friends with us, depending on how many ad networks and third-party data services we use. We’re not going to tell which ones, though you could probably figure this out by carefully watching the different URLs that flash across the bottom of your browser as each page loads or when you mouse over various bits. It’s not like you’ve got better things to do.

    Each of these sites may leave behind a little gift known as a cookie — a text file filled with inscrutable gibberish that allows various computers around the globe to identify you, including your preferences, browser settings, which parts of the site you visited, which ads you clicked on, and whether you actually purchased something.

    Those same cookies may let our advertising and data broker partners track you across every other site you visit, then dump all of your information into a huge database attached to a unique ID number, which they may sell ad infinitum without ever notifying you or asking for permission.

    Also: We collect your IP address, which might change every time you log on but probably doesn’t. At the very least, your IP address tells us the name of your ISP and the city where you live; with a legal court order, it can also give us your name and billing address (see guys with crew cuts and subpoenas, above).

    Besides your IP, we record some specifics about your operating system and browser. Amazingly, this information (known as your user agent string) can be enough to narrow you down to one of a few hundred people on the Webbernets, all by its lonesome. Isn’t technology wonderful?

    The data we collect is strictly anonymous, unless you’ve been kind enough to give us your name, email address, or other identifying information. And even if you have been that kind, we promise we won’t sell that information to anyone else, unless of course our impossibly obtuse privacy policy says otherwise and/or we change our minds tomorrow. 

    We store this information an indefinite amount of time for reasons even we don’t fully understand. And when we do eventually get around to deleting it, you can bet it’s still kicking around on some network backup drives in somebody’s closet. So once we have it, there’s really no getting it back. Hell, we can’t even find our keys half the time — how do you expect us to keep track of this stuff?

    Not to worry, though, because we use the very bestest security measures to protect your data against hackers and identity thieves, though no one has actually ever bothered to verify this. You’ll pretty much just have to take our word for it.

    So just to recap: Your information is extremely valuable to us. Our business model would totally collapse without it. No IPO, no stock options; all those 80-hour weeks and bupkis to show for it. So we’ll do our very best to use it in as many potentially profitable ways as we can conjure, over and over, while attempting to convince you there’s nothing to worry about.

    (Hey, Did somebody hold a gun to your head and force you to visit this site? No, they did not. Did you run into a pay wall on the home page demanding your Visa number? No, you did not. You think we just give all this stuff away because we’re nice guys?  Bet you also think every roomful of manure has a pony buried inside.)

    This privacy policy may change at any time. In fact, it’s changed three times since we first started typing this. Good luck figuring out how, because we’re sure as hell not going to tell you. But then, you probably stopped reading after paragraph three.”

I am hereby open sourcing this privacy policy. Feel free to use it on your own sites or suggest it to any that seem deserving (but I’d appreciate a credit and a link, if you’re so inclined).

ITworld TY4NS blogger Dan Tynan writes privacy policies in his sleep — which may be why he always wakes up cranky. Catch his brand of juvenile snark at eSarcasm (Geek Humor Gone Wild) or follow him on Twitter: @tynan_on_tech. 

{o.a.}

Here are some odd questions: do you spend more time on the calls you make than on the calls you receive? When you leave a message for someone, do they quickly call you back? Does calling people late at night not bother you at all? If people are at a party or event, do they tend to give you a call?

You might not be thinking about these questions. Frankly, you may not even know the answers to these questions about your telephonic behavior. But your telephone carrier definitely does. It uses all the data it collects about you every second of the day you are on a call to create a profile of you. For example, if you answered yes to every one of the questions above, then you are an “influencer” i.e. people listen to what you have to say, and are interested in your opinion. If Nike wants to market a new shoe to someone, then it’s more profitable for Nike to market the shoe to an influencer than to a person who spends a lot of money. Why? Because even though influencers are often thrifty, they can persuade a large number of people to buy the shoe, whereas the spender will at most buy one or two pairs. Unlocking your network power is one of the top priorities of every corporation you come in contact with. 

Whether it’s the obvious social media firms like Twitter and Facebook, or the unusual ones like the Army and Whole Foods, companies are investing millions of dollars in network analysis software to understand how to make money off your friends. According to the Economist, India’s largest mobile operator Bharti Airtel is one of the customers of IBM’s network analysis software, a growing business that IBM says will bring in $15 billion annually by 2015:  

    Modelling social relationships is akin to creating an “index of power”, says Stephen Borgatti, a network-analysis expert at the University of Kentucky in Lexington.

Network analysis can have a boomerang effect on your life too, not always in a positive way. For example, say you’ve had a midlife crisis and discovered that banking is not your calling in life. You quit your job, and decide to open a bed and breakfast in Montauk. You apply for a bank loan for your new business, and the bank uses SAS analytics to determine if you are a reliable borrower. One of the measures it uses is whether other people in your social network are in the hospitality business. But all your friends are traders, lawyers and consultants in the financial services industry. This lack of relationships in the area of “bed and breakfast” business is considered extremely suspicious. Compounded with the fact that your credit card history shows that you always vacationed at hotel chains like Holiday Inn rather than small family-run hotels, and nothing in your education or work experience indicates any interest in hospitality, and your loan application may well be rejected.

The applications of network analysis are never ending. For example, we all want our neighborhoods to be safe. But it is a fact that even perfectly law-abiding adults become rowdy and unpredictable after drinking at a party. If the police only knew when and where a party was going to occur, it could send a patrol car to monitor the situation. Now they can. People love to chatter about upcoming parties on Facebook, My Space and Twitter, and Richmond’s police force monitors these posts and messages, sending more officers to areas where parties are being planned. According to Stephen Hollifield, the Chief Technology Officer of the police department, crime has “dramatically” declined as a result.

How do you feel about corporations and governments “watching” your social activity? In some cases, you may feel naked because of lack of privacy, in other cases you may feel more protected. In some instances, you’ll be rewarded for your network, in others you might be punished for it. Even as you grapple with his question, the data mining of your network is happening right now.

For more applications of network analysis including how it is used to influence you, this fascinating article in the Economist is a must-read.

Ayesha and Parag Khanna explore human-technology co-evolution and its implications for society, business and politics at The Hybrid Reality Institute.

{o.a.}

PopCap has denied a Wall Street Journal report that Bejeweled 2 for the iPhone violates user privacy, calling it “misleading and confusing.”

The Wall Street Journal published a report last week claiming that many of the most popular apps on the iPhone and Android, including hit games like Angry Birds and Bejeweled 2, broadcast private user information like user name and password, location and mobile number to the app maker or, in many cases, third-party advertisers. Rovio, the studio behind Angry Birds, quickly denied the charge and now casual game behemoth PopCap has joined suit.

“Recent reports on user data and transmissions to third parties for a variety of iPhone applications have been misleading and possibly confusing for PopCap customers,” PopCap’s Head of Studios Ed Allard told Develop. He explained that the game transmits user name and password only after owners link the game to their Facebook account, and mobile number only if users set up their Facebook account to authenticate with it.

“The transmission of user name, password and phone number is optional and occurs only after explicit player input through a Facebook login dialog box for Blitz mode,” Allard said. “After logging in to Facebook, players can interact with their Facebook account through Bejeweled 2 on their iPhone.”

Concerns over privacy on Facebook have been kicking around for years and flared up most recently in October, when the Wall Street Journal revealed that several popular apps, including games like FarmVille, FrontierVille and Texas Hold ‘Em Poker were transmitting identifiable user information to online advertisers and data trackers.

Firefox 4 will not include a ‘do not track’ privacy option to block targeted advertising, according to the web browser’s maker Mozilla.

On Monday, an AFP report stated that Firefox 4, which is due for release in early 2011, would include a ‘do not track’ privacy option to foil behavioural advertising. Behavioural or targeted advertising products track a user’s behaviour online, and serve ads based on the user’s perceived interests.

However, Tristan Nitot, president of Mozilla Europe, told ZDNet UK on Thursday that Firefox 4 would not have the option, which is technologically difficult to implement.

“We have been investigating [the option], but so far we haven’t found a way of combining a ‘do not track’ option with a good user experience,” Nitot said.

Nitot said there is a good chance that web pages would not load properly if a user has the blocker enabled. The multiplicity of sites that track user behaviour, added to the number of ways users can be tracked, means that blocking user tracking can break web pages.

Firefox already allows users to block some forms of behavioural advertising, Nitot said. Firefox extensions including NoScript — a Flash, Java, and JavaScript blocker — and Adblock Plus can mitigate tracking. Users can also sign up to Taco, an opt-out list that advertisers voluntarily follow, Nitot added. These plug-ins will be also available with Firefox 4.

A Mozilla spokeswoman told ZDNet UK on Thursday that the privacy option was just one approach and not a ‘comprehensive solution’ for privacy on the web.

“We have been working with other organisations to discuss ways to design the right solution, and there is more work to do. Firefox 4 will not ship with what we envision is the end-to-end solution; we don’t think any browser can today,” the company said in a statement. “Mozilla has always believed that users should have control over their web experience, including who has access to information about them and on what terms.”

The company said that there is no easy fix to online privacy, and that any product would need to be a “simple, verifiable and complete” way to give web users control.

“[Do not track] will need to work for the two billion people on the web today and will require collaboration across the entire ecosystem, from users to web developers and anyone interested in creating an open and participatory way for users to control their web experience,” the spokeswoman added. “And once defined, we will ship that solution as part of Firefox.”

The privacy mechanism has support from US regulators. On 1 December the FTC issued a report (PDF) supporting a ‘do not track’ option for site users.

{o.a.} Another sign that browser companies are toying with new ideas for beefing up privacy protection: Mozilla has released a set of icons that are intended to communicate to users, in a simple and straightforward way, how their data can be used. And what about the many websites that presumably won’t use them? Well, the Privacy Icons won’t just be pretty pictures—they’ll be machine readable, and anyone using a Firefox browser could see a graphic warning that non-participating sites might be sharing or selling their data. Mozilla lead designer Aza Raskin announced an “alpha release” of the icons, and has posted the full array of Privacy Icons on his blog, along with some explanation. See more of our latest Browsers coverage or add an alert for future coverage of Browsers. By designing a set of simplified icons to help users make decisions about a complicated issue like privacy, Mozilla appears to be taking a page out of the Creative Commons playbook. Creative Commons, which was co-founded by internet copyright guru Lawrence Lessig, is a non-profit group that promotes a set of simplified copyright licenses which allow creators to share their creations in some ways but not in others—that is, to keep “some rights reserved.” Raskin says the icons are not aimed at replacing a company’s privacy policies—that’s probably impossible, because “there are too many edge-cases and specifics that each company has to put into their privacy policy,” he notes. But Privacy Icons will “bolt on to” existing policies and provide consumers certain guarantees. Firefox has about a quarter of the browser market, well behind Internet Explorer, according to Net Applications. Of course, the big question about such a move is whether website owners—especially the websites that do engage in practices like sharing data with advertisers, or sell data to aggregators—will use the icons. Raskin recognizes they might not, but says that upcoming editions of Firefox will then display the most permissive icons to users, who will know their data might be used in ways they don’t like. Raskin writes: “[I]f Privacy Icons become widely adopted (and I think Mozilla is in a unique position to help make that happen) then the correlation of good companies using the icons and bad companies not using the icons becomes rather strong. The absence of Privacy Icons becomes a warning flag for when you go to sign up for new service.” Mozilla releases the icons at a time when the federal government is paying increased attention to the issue of online privacy. Both the Federal Trade Commission and the Commerce Department have made separate proposals about beefing up online privacy enforcement. The FTC’s proposal includes granting internet users a “Do Not Track” option that would need to be implemented in web browsers, which puts browser companies like Mozilla squarely at the center of the online privacy debate. The five sets of icons break down how a particular website will treat users’ data, by trying to provide clear answers to five not-so-simple questions: » Will the site only use your data for its “intended use”? Raskin’s example: “Mint.com uses your login information to import your financial data from your banks — with your explicit permission. That’s primary use and shouldn’t be punished.” But a site that has a feature that poses “as a cute questionnaire and then turns around and sells your data. That’s secondary use, is undisclosed, and feels scummy.” » Will your data be bartered or sold? In other words, will a shopping website just send your address info to the shipping company? Or will it collect data about your shopping preferences, frugality, and IP address and sell that info to data aggregators or other e-commerce sites? » Will the site give your data to advertisers? Sites that share data about their users with advertisers would have to use the more permissive icon. » How long with the site retain your data for? Separate icons are available indicating the data retention lasts one month, six months, or 18 months, or indefinitely. » Under what conditions will the site give your data to law enforcement? Will the site only hand over data when the government follows the “legally required process,” such as getting a warrant? Or will they hand over data to government representatives in response to a simple phone call or letter?