Posted: November 10th, 2010 | Author: Billy Barnes | Filed under: Internet, Privacy | No Comments »
Danah Boyd, a researcher at Microsoft, writes about strategies for Facebook risk reduction she has encountered among teenagers. One girl deactivates her account to prevent it from being accessed whenever she is logged off. Another deletes every post, status, and photo after a few days to avoid being confronted with peers who might look through her history for embarrassing or indiscreet posts.
Posted: November 2nd, 2010 | Author: Billy Barnes | Filed under: Privacy | No Comments »
A resolution was passed at the International Data Protection and Privacy Commisioners’ Conference in Jerusalem to adopt Privacy By Design. Privacy By Design is a concept that Ontario Information and Privacy Commissioner Ann Cavoukian developed in the 1990s and requires that privacy be built in to new services in the early planning stages rather than added after the fact. “Unless we act now, privacy as we know it will be gone, lost beyond our grasp, by the year 2020,” according to a statement made by Commissioner Cavoukian earlier this week.
Posted: October 25th, 2010 | Author: Billy Barnes | Filed under: Copyright, Intellectual Property | No Comments »
HADOPI, the French organization in charge of administering the country’s new three strikes law is reportedly handling 25,000 reports of infringement each day. ISPs have 24 hours to act once notified of the report. This has increased from the 10,000 daily reports when the system came into effect but below the projected amount (variously given as between 50,000 and 150,000 notices per day).
Posted: October 22nd, 2010 | Author: Billy Barnes | Filed under: Privacy | No Comments »
In an effort to address privacy concerns, Google recently offered an opt-out option to Germans that would blur their houses on Google Street View. This agreement was made in the wake of the Wifi privacy breach (regarding which the Canadian Privacy Commissioner has recently released preliminary findings). 244,000 Germans exercised this option. Google points out that this represents only 3% of German households and thus “97% of German households have no problem with Street View”. However, in a world where almost everyone values privacy, but doesn’t take the time to diligently guard it, 3% seems like a big number to me.
Posted: October 4th, 2010 | Author: Billy Barnes | Filed under: Copyright, Intellectual Property | No Comments »
A report released by the Library of Congress’ National Recording Preservation Board details the problems faced by archivists due to modern technology and copyright law. One problem the report notes is the expectation that recordings be accessible online and the related difficulty of attracting donations to support archives that can not be made available for decades. Another problem is that the US Copyright Act specifies a technical process for making archival copies that is years out-of-date. [via Ars Technica]
Posted: October 3rd, 2010 | Author: Billy Barnes | Filed under: Internet, Privacy, Technology | No Comments »
Security expert Bruce Schneier has a post explaining why he believes it’s not a good idea to pass laws requiring internet communications providers to build in monitoring capabilities. Schneier worries about function creep; that systems designed to allow surveillance will promote additional surveillance. He also writes that backdoors into user communications are unlikely to be used solely by the government as intended. He cites an example where a surveillance feature in Sony Ericsson phones was remotely enabled and used to spy on Greek government officials for nearly a year before being discovered.
Posted: September 22nd, 2010 | Author: Billy Barnes | Filed under: Privacy | No Comments »
It’s not entirely serious but last night’s Colbert Report interview with Google CEO Eric Schmidt condenses his position in a short and entertaining segment. He discusses his comment that children should consider a name change to erase their youthful indiscretions, Google’s approach to China, and whether Google is engaged in data mining.
Posted: September 3rd, 2010 | Author: Billy Barnes | Filed under: Technology | No Comments »
A Hawaiian court is allowing a man to sue for mental harm caused by video game addiction. The End User License Agreement (EULA) contained clauses limiting liability and requiring that suits be brought in Texas. However, the court held that this did not prevent the man for suing in Hawaii for physical harm (including mental harm in some circumstances) arising from the gross negligence of the game manufacturer.
Posted: July 27th, 2010 | Author: Billy Barnes | Filed under: Copyright, Intellectual Property | 1 Comment »
In an essay entitled “Intellectual Property Norms in Stand-Up Comedy“, Professors Oliar and Sprigman of the University of Virginia present a study of how stand-up comedians have created a parallel system of protecting copyright based on social rather than legal norms. They also detail the differences that the emergence of these norms have made to the creative process. When jokes were held to be common property, comedians put less effort into individual jokes. Instead, comedians worked with short—often stolen—jokes and focused on creating performances that were tougher to duplicate. As the social system arose to protect their jokes, comedians turned to long-form routines, focusing on the text of the joke. The essay will be published in The Making and Unmaking of Intellectual Property from University of Chicago Press.
Posted: June 7th, 2010 | Author: Billy Barnes | Filed under: Featured, Privacy | No Comments »
Google CEO Eric Schmidt has announced that the company will be complying with demands that captured Wifi data be turned over to state agencies in Germany, France and Spain. The data has also been demanded by a US federal judge. This article discusses what Google did and why turning over the data is undesirable.
Technical Background
When you send data over any network, it is broken up into small packets. When it reaches the destination computer, the packets are reassembled into the original data. Before transmitting them by radio, a wireless network encapsulates these packets with information about the network (you can think of it like putting the data, or payload, in an envelope and writing the address on the outside). If the network has been configured to do so, the payload data is also encrypted. Receivers are able to pick up encapsulated packets from any network and intended for any computer, but normally they only care about packets addressed to them.
As Google’s Streetview cars drive around, they capture wireless data and read the envelope data. What was important to Google was one piece of information written on that envelope: the BSSID (broadcast service set identifier). For most wireless networks, the BSSID is a unique number assigned to the wireless access point by the manufacturer (the MAC address). Google maintains a database of these IDs and their locations using the car’s GPS. A computer or phone could then find its approximate location by simply scanning for nearby networks and querying this database.
Since they only needed the envelope data, Google should have been discarding the payload (the contents). Unfortunately, they did not do so. I won’t speculate about whether this was truly a mere oversight. The result is that Google ended saving the actual packets being transmitted over unencrypted networks; the payload data for encrypted networks would generally be unreadable. Depending on what the network users were doing at the time the Streetview car passed, this could include snippets of emails or web pages. It could include personal, even highly confidential, information. Of course, it could also just be pictures of cats.
Why turning the data over doesn’t make sense
Google has admitted that they captured the payload data and that it may contain sensitive personal information but they have not analyzed it and therefore don’t know precisely what information it contains. When Google first announced the problem, they said they intended to delete the data. That is precisely what they should do.
The reason stated by the European governments for why Google should hand over the data is that they wish to know precisely what Google was collecting. But we know what they collected. Google already admitted it: Wifi payload data potentially containing personal information such as email, web browsing, and even financial data. That admission should be enough. What data turns out to be on the hard drive is just a result of chance. It’s equally possible that not a single piece of sensitive information was collected or that sensitive information was collected about every person they drove past. From a regulatory perspective, the actual results of such random gathering shouldn’t be important. The question they should ask themselves is this: would Google’s conduct be any less serious if they luckily avoided capturing any sensitive data? The governments should instead be focusing on whether it was intentional, what policies Google had in place to prevent it, and what they will do in the future.
By asking Google to turn over the data instead of destroy it, the governments are just increasing the opportunities for the data to be compromised. The data will be disclosed to at least three government agencies and potentially to a number of contractors. It will have to be transported and stored in multiple locations. As the number of actors increases so do the odds that one will make a mistake. In addition, the very act of analyzing it completes the privacy invasion they are concerned about. As I’ve stated, the analysis will reveal nothing about Google, but it will potentially reveal a lot about their citizens. The report that is prepared will at least have statistics on the prevalence of unencrypted networks. It will also very likely disclose some of the browsing habits of citizens. While I’m sure that the report will not actually contain personal information, it will require the non-consensual processing of large amounts of it. This is precisely what privacy regulators are supposed to be discouraging.
No purpose is served by distributing the data any further. Any governments that wish to investigate Google on this manner should order that data destroyed and confine their investigations to Google’s privacy practices.
Recent Comments