Internet privacy is a rising concern in today’s world. There seems to be a dichotomy between those who seek to end privacy, such as the governments of countries on the Reporters Without Borders’ ‘Enemies of the Internet’ list [1] employing far reaching Internet censorship and surveillance techniques, and those who uphold privacy, such as netizens who protest invasive policies like the proposed Bill C-30 and Google’s Privacy policy. On the less extreme side of this debate is the issue of whether businesses should track your activities on their websites. While on one hand, Internet companies argue that doing this allows them to provide their customers with more personalized service, on the other hand Internet users complain that this practice increases the risk of privacy invasion and identity theft.
A good solution to this problem is that businesses voluntarily adopt the Do Not Track technology in their websites. This smart fix is a HTML header that can be sent out by users’s web browsers when they visit a website. The proprietor of the website need only include support for this header on the HTTP server and desist tracking procedures for any customer who sends out the ‘Do Not Track’ header. As of now, this technology is included in many major browsers, however there are precious few websites on the Internet that recognize this header and there is no mechanism for ensuring that businesses respect their users’ wishes with regards to tracking. Proponents of Internet privacy may be glad to know that, due to proposed new privacy legislation in the USA, many more businesses may choose to adopt Do Not Track [2].
While netizens and politicians alike call for more privacy on the internet, the consequences of this is not often considered [3]. More privacy means that businesses have less information about their users, which, in turn, means that they aren’t able to offer advertisers effective targeted ad services. Therefore, companies suffer in terms of revenue because they aren’t able to claim the usual premiums for personalized ads. This may prompt Internet businesses to start charging for their products and services, which may also reduce demand for them. Without demand, companies may be forced to stop offering their products at all, thus leading to less content and reduced functionality for the Internet. In the free web service culture that exists today, one can only imagine with horror a future where one must pay for e-mail accounts, search engine use, collaborative document processing, social networking and access to web videos.
Thus, it seems that those who value their privacy online are at an impasse with Internet advertising companies. We are asked to make a choice between our privacy, which we have a right to, or free services on the web. Which will you choose?
[1] http://www.huffingtonpost.com/2012/03/10/do-not-track_n_1336380.html?ref=technology
[2] http://en.rsf.org/
[3] http://lauren.vortex.com/do-not-track-white-paper-04-30-2011.html
Monday, March 12, 2012
Sunday, March 4, 2012
A Private Society
Over the ages human beings have developed into very private individuals. In the outside world we keep secrets and conduct our business behind closed doors and frosted glass in order to protect our privacy, our dignity, our livelihoods. Technologies such as computers and the Internet call this privacy into question and we are increasingly called upon to share personal information voluntarily or involuntarily. However, as a society, our behaviour regarding privacy does not extend onto the Internet. Users frequently give out personal information when signing up to use an online tool or service. Furthermore, users often use search engines, email accounts and other websites where they are unaware of or passively agree to breaches of their privacy.
A possible reason for this is offered by the Guardian's Cory Doctorow, who suggests that Internet users allow invasions of privacy from online sources because there are no immediate consequences to their actions [1]. For example, one does not expect to have their identity stolen every time they buy goods online. This unassertive attitude towards privacy online has been so deeply ingrained that when an Internet giant, like Google, implements an even more invasive privacy policy, most users quietly accept it without truly understanding the risks of doing so [2]. Thus, through their inaction, many users leave themselves open to cyber attacks that could have dangerous repercussions in the real world.
On the whole, governments are doing more to protect users' privacy than users do for themselves. Laws such as the Privacy Act in Canada and PIPEDA are important safeguards to the public's privacy online. Also, many governments are in opposition to Google's new privacy policy and speaking out against it. While it can be argued that governments should be doing more to educate the public on how to protect their privacy online, ultimately, it is up to users to protect their own privacy by changing their behaviour with regards to how they use the Internet. I would suggest reconsidering the use Google products - one could switch search engines or email clients. Another good idea is using anonymous browsing software such as TOR.
[1] http://www.guardian.co.uk/technology/2012/mar/02/censorship-inseperable-from-surveillance
[2] http://www.ft.com/cms/s/2/7d8c375c-6489-11e1-9aa1-00144feabdc0.html
A possible reason for this is offered by the Guardian's Cory Doctorow, who suggests that Internet users allow invasions of privacy from online sources because there are no immediate consequences to their actions [1]. For example, one does not expect to have their identity stolen every time they buy goods online. This unassertive attitude towards privacy online has been so deeply ingrained that when an Internet giant, like Google, implements an even more invasive privacy policy, most users quietly accept it without truly understanding the risks of doing so [2]. Thus, through their inaction, many users leave themselves open to cyber attacks that could have dangerous repercussions in the real world.
On the whole, governments are doing more to protect users' privacy than users do for themselves. Laws such as the Privacy Act in Canada and PIPEDA are important safeguards to the public's privacy online. Also, many governments are in opposition to Google's new privacy policy and speaking out against it. While it can be argued that governments should be doing more to educate the public on how to protect their privacy online, ultimately, it is up to users to protect their own privacy by changing their behaviour with regards to how they use the Internet. I would suggest reconsidering the use Google products - one could switch search engines or email clients. Another good idea is using anonymous browsing software such as TOR.
[1] http://www.guardian.co.uk/technology/2012/mar/02/censorship-inseperable-from-surveillance
[2] http://www.ft.com/cms/s/2/7d8c375c-6489-11e1-9aa1-00144feabdc0.html
Saturday, March 3, 2012
Anonymous: Hacktivists or Terrorists?
With the continual advancement of technology, I am disappointed to also note the increasing reports of cyber crime [1]. While some claim that the prevalence of crime is inevitable in such an unregulated arena as the Internet, it could also be that some cyber crimes are digital manifestations of acts of non-violent protest akin to those employed in the real world by social activists. The recent activities of the Anonymous hacker group have brought this issue to the forefront in today’s tech-savvy society. This group’s aid to protests movements, such as those in Arab Spring, are to be applauded, however many governments are now in the process of investigating and apprehending suspected members of Anonymous for their illegal attacks on organizations such as the Recording Industry Association of America, in response to the Stop Online Piracy Act [2].
Hacktivism is the use of computers and other technology to aid political protests and thus protect the rights of the individual and the freedom of information [3]. Hacktivism has a number of manifestations including defacing webpages, web sit ins (a form of denial of service by increasing web traffic), email bombing, code distribution, website mirroring (to combat censorship), geotagging, and blogging. Anonymous has aided and supported the rights of Middle Eastern peoples in Arab Spring protests by launching distributed denial of service attacks on websites of the Tunisian and Egyptian governments. The group has been part of social protests by disrupting the operations of supporters of the controversial SOPA. Many of the attacks perpetrated by the group require infiltration of digital security systems and are criminal because they break privacy laws. Therefore, members of Anonymous have proven themselves to support the rights of individuals and it can be argued that their actions are forms of digital protest similar to acts of protest in the real world.
On the other hand, Anonymous has been branded as a terrorist group by many people because of their numerous threats of punitive and retaliatory action. Terrorism by definition is a term that is somewhat similar to that of Hacktivism. Bruce Hoffman describes terrorism as acts or threats of violence with political motives committed by a non-state or sub-national organization that has an identifiable chain of command [4]. This interpretation is problematic in the case of Anonymous because of the ambiguous nature of the group. Since the group is free to join for anyone and involvement in specific initiatives are optional and they have an egalitarian structure with no formal leadership, Anonymous has no chain of command and its status as an 'organization' is called into question. Nevertheless, many of their actions and threats could have serious repercussions despite lacking the element of physical violence. For example, their Operation Global Blackout is a threat to shut down Facebook internationally or to 'take down' the Internet via an attack on root name servers. The consequences of such an attack would be disastrous on e-commerce and by extension the world economy and welfare of the global public. Furthermore, Anonymous' actions would be anti-activist because the disabling of online tools such as Facebook hinder other activists who use such tools for organization and communication. Thus, Anonymous has the potential to be a terrorist group the results of their attacks could cause serious harm to others.
Overall, Anonymous' actions on the Internet can be categorized as either examples of Hacktivism and/or Terrorism and this is subject to one's own opinion. What is concrete about this group is that, albeit criminal, their actions have brought awareness to the plight of many oppressed peoples and important social issues that we can take a stand on today.
[1] http://money.cnn.com/2012/03/02/technology/fbi_cybersecurity/index.htm
[2] http://www.huffingtonpost.co.uk/2012/02/29/25-anonymous-arrests-made_n_1308832.html
[3] http://www.wired.com/techbiz/it/news/2004/07/64193
[4] Bruce Hoffman, Inside terrorism, 2 ed., Columbia University Press, 2006, p. 41.
Hacktivism is the use of computers and other technology to aid political protests and thus protect the rights of the individual and the freedom of information [3]. Hacktivism has a number of manifestations including defacing webpages, web sit ins (a form of denial of service by increasing web traffic), email bombing, code distribution, website mirroring (to combat censorship), geotagging, and blogging. Anonymous has aided and supported the rights of Middle Eastern peoples in Arab Spring protests by launching distributed denial of service attacks on websites of the Tunisian and Egyptian governments. The group has been part of social protests by disrupting the operations of supporters of the controversial SOPA. Many of the attacks perpetrated by the group require infiltration of digital security systems and are criminal because they break privacy laws. Therefore, members of Anonymous have proven themselves to support the rights of individuals and it can be argued that their actions are forms of digital protest similar to acts of protest in the real world.
On the other hand, Anonymous has been branded as a terrorist group by many people because of their numerous threats of punitive and retaliatory action. Terrorism by definition is a term that is somewhat similar to that of Hacktivism. Bruce Hoffman describes terrorism as acts or threats of violence with political motives committed by a non-state or sub-national organization that has an identifiable chain of command [4]. This interpretation is problematic in the case of Anonymous because of the ambiguous nature of the group. Since the group is free to join for anyone and involvement in specific initiatives are optional and they have an egalitarian structure with no formal leadership, Anonymous has no chain of command and its status as an 'organization' is called into question. Nevertheless, many of their actions and threats could have serious repercussions despite lacking the element of physical violence. For example, their Operation Global Blackout is a threat to shut down Facebook internationally or to 'take down' the Internet via an attack on root name servers. The consequences of such an attack would be disastrous on e-commerce and by extension the world economy and welfare of the global public. Furthermore, Anonymous' actions would be anti-activist because the disabling of online tools such as Facebook hinder other activists who use such tools for organization and communication. Thus, Anonymous has the potential to be a terrorist group the results of their attacks could cause serious harm to others.
Overall, Anonymous' actions on the Internet can be categorized as either examples of Hacktivism and/or Terrorism and this is subject to one's own opinion. What is concrete about this group is that, albeit criminal, their actions have brought awareness to the plight of many oppressed peoples and important social issues that we can take a stand on today.
[1] http://money.cnn.com/2012/03/02/technology/fbi_cybersecurity/index.htm
[2] http://www.huffingtonpost.co.uk/2012/02/29/25-anonymous-arrests-made_n_1308832.html
[3] http://www.wired.com/techbiz/it/news/2004/07/64193
[4] Bruce Hoffman, Inside terrorism, 2 ed., Columbia University Press, 2006, p. 41.
Friday, March 2, 2012
Google’s Privacy Policy (or lack there of)
As of late, there has been a lot of furor in the press about Google’s
new unified privacy policy. The main point of contention seems to be
that this new policy is in violation of many countries’ privacy laws
including those of European Union states, the USA and possibly Japan
and South Korea. This is something that actually affects all of us
because I am sure that everyone reading this blog is using at least
one Google product or service (Blogger is owned by Google). So whether
you have a Gmail account, watch YouTube videos or use the Google
search engine, you should take notice of this issue because your
privacy is probably being violated.
The following is a brief summary of the policy. Google collects 5
types of information about you including your personal information
(when you sign up), usage information when you use a Google product or
service), location information, application data and cookies/anonymous
identifiers.
Google uses this information to maintain and improve existing
services, to create new products, to tailor content in their products,
to help fix problems with their products and to improve the user
experience of their services. The company also states that it will
combine all user data from all of its services, it may process this
information on international servers.
With regards to sharing your data, Google stresses that it will ask
for your consent before using your data for new purposes but that
anyone who knows your email address can view your public profile,
which includes your name and picture. They will also share your data
without your consent with domain administrators, external data
processing companies and in cases of litigation.
Google also claims to have a transparent policies in place to allow
you to review and control your information, ad preferences, personal
profile, who has access to your data, how to remove your content, and
to exclude your data for use in services. However, the company also
stipulates in very vague language that it cannot provide you access to
and control of all of your information due to various
impracticalities. For example, they state that they “may not
immediately delete residual copies from our active servers and may not
remove information from our backup systems.”
In terms of security measures to protect your data, Google has not put
in place any added measures despite the increased risk of privacy
invasion due to its data sharing practices. The company lists SSL
encryption and two step verification as two measures it has in place,
while also noting that those with who they share your information are
contractually obligated to keep all personal information confidential.
Google’s business practices, regarding privacy, fall under the
jurisdiction of Canada’s Personal Information Protection and
Electronic Documents Act. Their new policy seems to comply with the
act’s stipulations about an organization’s responsibilities. However,
the vagueness of the policy when it comes to providing users full and
complete access to their information does not preserve the privacy
rights of the user. Thus, while Google is not in violation of Canadian
privacy law directly regarding the requirements placed on business’s,
it does infrine upon the right of the user to “expect the personal
information an organization holds about them to be accurate, complete
and up- to-date; obtain access to their personal information and ask
for corrections…” It is up to the Canadian public to exercise their
right to privacy and, through litigation, force Google to change their
privacy policy for the better.
Below are links to the aforementioned press articles, Google's new privacy policy, and PIPEDA.
http://www.dailymail.co.uk/sciencetech/article-2108564/Google-privacy-policy-changes-Global-outcry-policy-ignored.html
http://www.google.com/policies/privacy/
http://www.priv.gc.ca/leg_c/leg_c_p_e.cfm
new unified privacy policy. The main point of contention seems to be
that this new policy is in violation of many countries’ privacy laws
including those of European Union states, the USA and possibly Japan
and South Korea. This is something that actually affects all of us
because I am sure that everyone reading this blog is using at least
one Google product or service (Blogger is owned by Google). So whether
you have a Gmail account, watch YouTube videos or use the Google
search engine, you should take notice of this issue because your
privacy is probably being violated.
The following is a brief summary of the policy. Google collects 5
types of information about you including your personal information
(when you sign up), usage information when you use a Google product or
service), location information, application data and cookies/anonymous
identifiers.
Google uses this information to maintain and improve existing
services, to create new products, to tailor content in their products,
to help fix problems with their products and to improve the user
experience of their services. The company also states that it will
combine all user data from all of its services, it may process this
information on international servers.
With regards to sharing your data, Google stresses that it will ask
for your consent before using your data for new purposes but that
anyone who knows your email address can view your public profile,
which includes your name and picture. They will also share your data
without your consent with domain administrators, external data
processing companies and in cases of litigation.
Google also claims to have a transparent policies in place to allow
you to review and control your information, ad preferences, personal
profile, who has access to your data, how to remove your content, and
to exclude your data for use in services. However, the company also
stipulates in very vague language that it cannot provide you access to
and control of all of your information due to various
impracticalities. For example, they state that they “may not
immediately delete residual copies from our active servers and may not
remove information from our backup systems.”
In terms of security measures to protect your data, Google has not put
in place any added measures despite the increased risk of privacy
invasion due to its data sharing practices. The company lists SSL
encryption and two step verification as two measures it has in place,
while also noting that those with who they share your information are
contractually obligated to keep all personal information confidential.
Google’s business practices, regarding privacy, fall under the
jurisdiction of Canada’s Personal Information Protection and
Electronic Documents Act. Their new policy seems to comply with the
act’s stipulations about an organization’s responsibilities. However,
the vagueness of the policy when it comes to providing users full and
complete access to their information does not preserve the privacy
rights of the user. Thus, while Google is not in violation of Canadian
privacy law directly regarding the requirements placed on business’s,
it does infrine upon the right of the user to “expect the personal
information an organization holds about them to be accurate, complete
and up- to-date; obtain access to their personal information and ask
for corrections…” It is up to the Canadian public to exercise their
right to privacy and, through litigation, force Google to change their
privacy policy for the better.
Below are links to the aforementioned press articles, Google's new privacy policy, and PIPEDA.
http://www.dailymail.co.uk/sciencetech/article-2108564/Google-privacy-policy-changes-Global-outcry-policy-ignored.html
http://www.google.com/policies/privacy/
http://www.priv.gc.ca/leg_c/leg_c_p_e.cfm
Subscribe to:
Comments (Atom)