Authors: Bruce Schneier
The US is the only Western country:
Of course, legal protections do not necessarily translate to actual protection. In
2011, the German government was found to be using a Trojan to spy on German citizens,
in violation of its very strong data protection laws. As we’ve learned again and again,
no law can secure us from a government that refuses to abide by it. Chaos Computer
Club (8 Oct 2011), “Chaos Computer Club analyzes government malware,” http://ccc.de/en/updates/2011/staatstrojaner.
We do have protections for certain:
DLA Piper (7 Mar 2013), “Data protection laws of the world,” http://files.dlapiper.com/files/Uploads/Documents/Data_Protection_Laws_of_the_World_2013.pdf.
Theodore J. Kobus III and Gonzalo S. Zeballos (19 Feb 2014), “2014 international compendium
of data privacy laws,” Baker Hostetler, http://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/International-Compendium-of-Data-Privacy-Laws.pdf.
Google has my lifelong search history:
I can get at some of it if I have search history enabled. Dave Greenbaum (12 Jul
2014), “Google’s new account history page helps further control your privacy,”
Life Hacker
, http://lifehacker.com/googles-new-account-history-page-helps-further-control-1603125500.
Medtronic maintains that data:
Hugh Campos (19 Nov 2011), “Hugo Campos fights for the right to open his heart’s
data,” TEDxCambridge, Cambridge, Massachusetts, http://tedxtalks.ted.com/video/TEDxCambridge-Hugo-Campos-fight.
different types of data:
Bruce Schneier (Jul/Aug 2010), “A taxonomy of social networking data,”
IEEE Security & Privacy
8 (4), http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5523874.
you could either make your Facebook:
Blake Ross (13 Sep 2011), “Improved friend lists,”
Facebook
, https://www.facebook.com/notes/facebook/improved-friend-lists/10150278932602131.
Tweets are either direct messages:
Tony Bradley (13 Oct 2010), “Think your tweet is private? Think again,”
PC World
, http://www.pcworld.com/article/207710/think_your_twitter_dm_is_private_think_again.html.
Instagram posts can be either:
Leslie Meredith (15 Jan 2013), “Why you should make Instagram private before Saturday,”
NBC News
, http://www.nbcnews.com/tech/internet/why-you-should-make-instagram-private-saturday-f1B7987618.
Pinterest pages have public:
Serge Malenkovich (25 Jan 2013), “How to protect your privacy on Pinterest,”
Kaspersky Lab Daily
, http://blog.kaspersky.com/protect-your-privacy-on-pinterest.
In 2014, a presidential review group:
US Executive Office of the President (1 May 2014), “Big data: Seizing opportunities,
preserving values,” http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf.
Jaron Lanier proposes a scheme:
Jaron Lanier (2013),
Who Owns the Future?
Simon and Schuster, http://books.google.com/books?id=w_LobtmRYmQC.
US Consumer Privacy Bill of Rights:
US Executive Office of the President (Feb 2012), “Consumer data privacy in a networked
world: A framework for protecting privacy and promoting innovation in the global digital
economy,” http://www.whitehouse.gov/sites/default/files/privacy-final.pdf.
the EU is currently grappling with:
European Commission (8 Jul 2014), “Factsheet on the ‘Right to be Forgotten’ ruling
(C-131/12),” http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf.
European Court of Justice ruled:
Rory Cellan-Jones (13 May 2014), “EU court backs ‘right to be forgotten’ in Google
case,”
BBC News
, http://www.bbc.com/news/world-europe-27388289. Court of Justice of the European
Union (13 May 2014), “Judgment in Case C-131/12:
Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja
González
,” http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf.
This caused a torrent of people:
Jane Wakefield (15 May 2014), “Politician and pedophile ask Google to ‘be forgotten,’”
BBC News
, http://www.bbc.com/news/technology-27423527.
this is an important right:
Alessandro Mantelero (Jun 2013), “The EU Proposal for a General Data Protection Regulation
and the roots of the ‘right to be forgotten,’”
Computer Law and Security Review
29, http://www.sciencedirect.com/science/article/pii/S0267364913
000
654.
What they’re consenting to:
There have been lots of experiments to demonstrate this. Patricia A. Norberg, Daniel
R. Horne, and David A. Horne (Summer 2007), “The privacy paradox: Personal information
disclosure intentions versus behaviors,”
Journal of Consumer Affairs
41, http://onlinelibrary.wiley.com/doi/10.1111/j.1745-6606.2006.
000
70.x/abstract. Leslie K. John, Alessandro Acquisti, and George Loewenstein (6 Jul
2009), “The best of strangers: Context-dependent willingness to divulge personal information,”
Social Sciences Research Network, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1430482.
Susan Waters and James Ackerman (Oct 2011), “Exploring privacy management on Facebook:
Motivations and perceived consequences of voluntary disclosure,”
Journal of Computer-Mediated Communication
17, http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2011.01559.x/full. Fred
Stutzman, Ralph Gross, and Alessandro Acquisti (Apr 2013), “Silent listeners: The
evolution of privacy and disclosure on Facebook,”
Journal of Privacy and Confidentiality
4, https://www.cylab.cmu.edu/news_events/news/2013/acquisti-7-year-study-facebook-privacy.html.
systems we use are deliberately:
It turns out that it’s surprisingly easy to manipulate people into ignoring their
privacy concerns. Idris Adjerid et al. (22 Mar 2013), “Sleights of privacy: Framing,
disclosures, and the limits of transparency,”
SOUPS ’13: Proceedings of the Ninth Symposium on Usable Privacy and Security
, http://www.heinz.cmu.edu/~acquisti/papers/acquisti-sleights-privacy.pdf.
Companies will be less inclined:
Sara M. Watson (29 Apr 2014), “If customers knew how you use their data, would they
call it creepy?”
HBR Blog Network
, http://blogs.hbr.org/2014/04/if-customers-knew-how-you-use-their-data-would-they-call-it-creepy.
And users will be less likely:
Chris Jay Hoofnagle and Jan Whittington (28 Feb 2014), “Free: Accounting for the
costs of the Internet’s most popular price,”
UCLA Law Review
61, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2235962.
Notice, choice, and consent:
Kirsten Martin (2 Dec 2013), “Transaction costs, privacy, and trust:
The laudable goals and ultimate failure of notice and choice to respect privacy online,”
First Monday
18, http://firstmonday.org/ojs/index.php/fm/article/view/4838/3802.
We need information fiduciaries:
Near as I can tell, this idea has been independently proposed by two law professors.
Jerry Kang et al. (Mar 2012), “Self-surveillance privacy,”
Iowa Law Review
97, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1729332. Jack M. Balkin (5
Mar 2014), “Information fiduciaries in the digital age,”
Balkinization
, http://balkin.blogspot.co.uk/2014/03/information-fiduciaries-in-digital-age.html.
comparable to investment advisors:
Jonathan Zittrain (1 Jun 2014), “Facebook could decide an election without anyone
ever finding out,”
New Republic
, http://www.newrepublic.com/article/117878/information-fiduciary-solution-facebook-digital-gerrymandering.
Dan Geer proposed that Internet:
Dan Geer (9 Oct 2013), “Tradeoffs in cyber security,” http://geer.tinho.net/geer.uncc.9x13.txt.
Surveillance became the business model:
The inventor of the pop-up ad has apologized. Ethan Zuckerman (14 Aug 2014), “The
Internet’s own original sin,”
Atlan
tic
, http://www.theatlantic.com/technology/archive/2014/08/advertising-is-the-internets-original-sin/376041.
a lot of research on building privacy:
Ann Cavoukian (Jan 2011), “Privacy by Design: The 7 foundational principles,”
Privacy by Design
, http://www.privacybydesign.ca/content/uploads/2009/08/7foundationalprinciples.pdf.
US Federal Trade Commission (Mar 2012), “Protecting consumer privacy in an era of
rapid change: Recommendations for businesses and policymakers,” http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf.
Companies like Google and Facebook:
Ingrid Lunden (30 Sep 2013), “Digital ads will be 22% of all U.S. ad spend in 2013,
mobile ads 3.7%; total global ad spend in 2013 $503B,”
Tech Crunch
, http://techcrunch.com/2013/09/30/digital-ads-will-be-22-of-all-u-s-ad-spend-in-2013-mobile-ads-3-7-total-gobal-ad-spend-in-2013-503b-says-zenithoptimedia.
Marketing Charts (23 Dec 2013), “Data dive: US TV ad spend and influence (Updated—Q3
2013 data),” http://www.marketingcharts.com/wp/television/data-dive-us-tv-ad-spend-and-influence-22524.
Journalist James Kunstler calls this:
James Kunstler (21 Oct 2005), “The psychology of previous investment,”
Raise the Hammer
, http://www.raisethehammer.org/article/181.
Some fought in court:
Charlie Savage (14 May 2014), “Phone company pushed back against NSA’s data collection,
court papers show,”
New York Times
, http://www.nytimes.com/2014/05/15/us/politics/phone-company-pushed-back-against-nsas-data-collection-court-papers-show.html.
Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data
bind,”
New York Times
, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html.
Many computer companies:
Ewen MacAskill (9 Sep 2013), “Yahoo files lawsuit against NSA over user data requests,”
Guardian
, http://www.theguardian.com/world/2013/sep/09/yahoo-lawsuit-nsa-surveillance-requests.
Mike Masnick (27 Jan 2014), “Feds reach settlement with Internet companies allowing
them to report not
nearly enough details on surveillance efforts,”
Tech Dirt
, https://www.techdirt.com/articles/20140127/17253826014/feds-reach-settlement-with-internet-companies-allowing-them-to-report-not-nearly-enough-details-surveillance-efforts.shtml.
Spencer Ackerman (3 Feb 2014), “Microsoft, Facebook, Google and Yahoo release US surveillance
requests,”
Guardian
, http://www.theguardian.com/world/2014/feb/03/microsoft-facebook-google-yahoo-fisa-surveillance-requests.
Google says it turned over:
Google (2014), “Transparency report,” https://www.google.com/transparencyreport/userdatarequests/US.
starting with CREDO Mobile:
Brian Fung (9 Jan 2014), “The first phone company to publish a transparency report
isn’t AT&T or Verizon,”
Washington Post
, http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/09/the-first-phone-company-to-publish-a-transparency-report-isnt-att-or-verizon.
Verizon, for example, reports:
Verizon (22 Jan 2014), “Verizon transparency report,” http://transparency.verizon.com/us-data.
every three months Verizon:
Glenn Greenwald (5 Jun 2013), “NSA collecting phone records of millions of Verizon
customers daily,”
Guardian
, http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order.
Apple announced that it would inform:
Craig Timberg (1 May 2014), “Apple, Facebook, others defy authorities, notify users
of secret data demands,”
Washington Post
, http://www.washingtonpost.com/business/technology/apple-facebook-others-defy-authorities-increasingly-notify-users-of-secret-data-demands-after-snowden-revelations/2014/05/01/b41539c6-cfd1-11e3-b812-0c92213941f4_story.html.
Microsoft and Google have teamed:
Jacob Siegal (30 Aug 2013), “Microsoft, Google team up to sue federal government
over NSA spying,”
BGR
, http://bgr.com/2013/08/30/microsoft-google-nsa-lawsuit.
Yahoo is doing the same:
Ewan MacAskill (9 Sep 2013), “Yahoo files lawsuit against NSA over user data requests,”
Guardian
, http://www.theguardian.com/world/2013/sep/09/yahoo-lawsuit-nsa-surveillance-requests.
Kevin Collier (15 Jul 2013), “Yahoo wins court order to release records of its fight
against PRISM,”
Daily Dot
, http://www.dailydot.com/news/yahoo-prism-court-win-fisa-declassified. Craig Timberg
(11 Sep 2014), “U.S. threatened massive fine to force Yahoo to release data,”
Washington Post
, http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html.
companies are employing “warrant canaries”:
Cyrus Farivar (5 Nov 2013), “Apple takes strong privacy stance in new report, publishes
rare ‘warrant canary,’”
Ars Technica
, http://arstechnica.com/tech-policy/2013/11/apple-takes-strong-privacy-stance-in-new-report-publishes-rare-warrant-canary.
valiant and clever effort:
In fact, Apple’s canary disappeared in the report following the one where it debuted.
No one is sure what it means. Jeff John Roberts (18 Sep 2014), “Apple’s ‘warrant canary’
disappears, suggesting new Patriot Act demands,”
Gigaom
, https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands.