D’oh! FTC reveals attendees’ email addresses before privacy conference

Mass emails that don’t mask the list of recipients do more than violate privacy. They can be really annoying.
Maybe I’m naive to expect a certain savviness about privacy from the FTC, especially just before it convenes a group of experts in privacy and cybersecurity at a conference in Washington, DC, next week. I certainly didn’t expect the agency to accidentally send out a list of every attendee’s email address. But, it did.
The Federal Trade Commission on Friday sent an email advising participants to show up early to get a seat, and left all the recipients on the list visible to each other.
Read more:
Posted by Dont Mine on Me

Read More

UN warns snooping laws will have ‘chilling effect’ on freedom of expression

A lack of appropriate oversight and transparency will “ultimately stifle fundamental freedoms”, the UN experts on civil liberties said.
MPs have called for an overhaul of the Regulation of Investigatory Powers Act
United Nations warning comes as Twitter, Facebook and Google insist they should be allowed to tip off suspected terrorists and criminals being monitored by the security services.
New snooping laws could result in “mass surveillance” and have a “chilling effect” in freedom of expression, the United Nations human rights watchdog has warned.
A lack of appropriate oversight and transparency will “ultimately stifle fundamental freedoms”, the UN experts on civil liberties said.
Read more:
Posted by Dont Mine on Me


Read More

Latest Draft of Terms, V .7

This version of terms can also be found here at Kantara, Consent and Information Sharing Working Group, User Terms.

It is version .7 and includes a draft of human readable language after each term choice, followed by legal readable language in double brackets like this: {{ }}.

User Terms v. 7 Draft Icons

User Terms Draft 2 Icons

USER TERMS: Human language and {{ legal language }} below.
PREAMBLE: User submitted terms create an opportunity for individuals to share their own terms with entities about how they wish to be treated. This effort is meant to describe human, legal and machine readable versions of each possible term along with additional information for agents who might implement terms for individuals as well as for entities who might see, accept or refuse the terms. {{ Information is defined as personal information provided by the individual about themselves. Data + Meaning = Information. The observer creates meaning (or observer is “informed by” the data), and then can be assigned duties. Information not collected from a person does not by definition constitute personal data. }}
TERMS AGREEMENT: {{ Information can only be shared with those parties who first agree to abide by these terms. Any sharing of information with a party that has not first agreed to these terms is a violation of these terms. }}

SHARE: describes the terms for sharing information with entities by individuals.
Choice: 2nd

    1st-2nd Party: My information shared and what I do will be kept between me and the entity.
    {{Information shared by an individual (the “1st party”) and their activities are not permitted to be shared by the 2nd party with any other parties.}}

Choice: 3rd

    3rd Party: I will allow sharing of my information or information about what I do with 3rd parties I approve of.
    {{ Information about an individual and their activities can be shared by the 2nd party with mutually approved 3rd parties, including the public, subject to 1st Party’s purpose choices, including but not limited to advertising and data brokering. }}

DURATION: describes the terms for retaining information by entities about individuals. {{ Add language referring to laws or contracts, defining 3rd party jurisdiction, to limit this from abuse. }}
Choice: Session

    Session: My information shared or about what I do will only be kept for the session, unless required by law or contractual obligation.
    {{ Information about an individual must be destroyed by the 2nd party immediately after the completion of the transaction for which it was collected or otherwise generated, unless otherwise required by law or contract obligation. }} [NOTE: What about records for audit? What about hashed storage, e.g., in blockchain or other ledger system?]

Choice: 3

    3 months: My information will be kept for up to 90 days after I share it or take an action, unless required by law or contractual obligation.
    {{ Information about an individual must be destroyed on or before the date that is 90 days after its collection or other generation by the 2nd party, unless otherwise required by law or contract obligation. }}

Choice: Infinity

    Unlimited until further notice: My information will be kept as long as I continue to choose this term, unless required by law or contractual obligation. If I change to another lesser term, my new term will be followed.
    {{ Information about an individual can be retained indefinitely by the 2nd party, unless and until the 1st party notifies the 2nd party they have made an alternate selection for duration. }}

PURPOSE: describes the purpose for use of individual’s information provided or about actions they take
Choice: Transaction

    Transaction: My information will be used only for the purposes I share it for or implied from my actions taken on the site/app.
    {{ Information about an individual may be used only for the purpose of the transaction for which it was collected or generated. }}

Choice: Site / App Use

    Site and App Use: My information will be used for providing and / or enhancing the site or service, but not other purposes without my permission.
    {{ Information about an individual may be used beyond the transaction for which it was collected or generated, but only with respect to the operation [or further development?] of the site or app over which such original transaction occurred and not for any other secondary uses by the 2nd party or other parties. }}

Choice: Partner – 3rd use

    Partner and 3rd Party use: My information or activities may be used by 3rd parties I approve of, for purposes I approve of.
    {{ Partners: Subject to the limitations of the 1st party’s “sharing” preferences, information about an individual can be used for 3rd party purposes. }}

Choice: Tracking

    Tracking: I will allow myself to be tracked by 3rd parties.
    {{ Tracking of individual and their activities by any 3rd parties is authorized. }}

Choice: Do Not Track

    Do Not Track: I do not want to be tracked off the site or app by the 2nd party, or by any other parties on the site or app.
    {{ Tracking by 3rd parties is not authorized by individual. 2nd parties will not track activities by 1st party that occur on another service or site.
    NEED to add: definition of tracking that will describe exceeding authority by an unauthorized party. }}
Read More

Terms: What are They and Why Should You Care?

User Terms Draft 2 Icons

User Terms Draft 2 Icons

Terms are choices you make to ask that your data and activities be treated a certain way. Customer Commons is developing terms with Kantara and the Consent and Information Sharing Working Group so that we have a standardized set of terms, which can commonly be used through browsers, apps and other forms.

It is our intention that Terms will come in Human, Legal and Engineering forms so that people can read them, they can be legally binding, and apis and code will convey and negotiate your chosen terms. The idea isn’t that you would constantly be choosing these things, but rather have your agent take your choices and negotiate for you. We also envision being able to copy someone else’s terms you trust, if you don’t understand what these choices will mean for you.

Terms may also be created that fit with various contexts, like how to handle your health data, or what to do about data you share for a purchase, verses data you share for social activity. Those will come later after the initial set is developed. What you see in the picture above are draft icons. We intend to develop prettier versions with a designer, and work with engineers to develop sample or open source code for both choosing terms, as well as responding to those term requests from individuals.

If you are interested in helping with this project, you can join CISWG UX Kantara, by getting on the mail list, signing the IP agreement (so that all contributions can be used in the project) and getting on our calls.  We hope to see you there. Or comment here with questions!

Read More

The biggest privacy stories of 2015

Happy New Year 2016!!!
Hand pulling open a blind
Since the Snowden revelations, consumers have become increasingly wary of how their data is shared or stored – as are clients of technology storage vendors.
Earlier this year, a survey by the Information Commissioner’s Office (ICO) found that 77 per cent of consumers were very or fairly concerned that organisations are not collecting and keeping personal details secure, while 67 per cent believe companies are requesting unnecessary data or collecting details they do not need.
Read more:
Posted by Dont Mine on Me

Read More

New Rules for Privacy Regulations

The Wall Street Journal has an informative conversation with Lawrence Lessig: Technology Will Create New Models for Privacy Regulation. What underlies a change toward new models are two points: the servers holding vast user databases are increasingly (and very cheaply) breached, and the value of the information in those databases is being transferred to something more aligned to VRM: use of the data, on a need to know basis. Lessig notes:

The average cost per user of a data breach is now $240 … think of businesses looking at that cost and saying “What if I can find a way to not hold that data, but the value of that data?” When we do that, our concept of privacy will be different. Our concept so far is that we should give people control over copies of data. In the future, we will not worry about copies of data, but using data. The paradigm of required use will develop once we have really simple ways to hold data. If I were king, I would say it’s too early. Let’s muddle through the next few years. The costs are costly, but the current model of privacy will not make sense going forward.

The challenge, notes Lessig, is “a corrupt Congress” that is more interested in surveillance than markets and doing business. Perhaps that isn’t a problem, according to an Associated Press poll (which has no bias, of course!):

According to the new poll, 56 percent of Americans favor and 28 percent oppose the ability of the government to conduct surveillance on Internet communications without needing to get a warrant. That includes such surveillance on U.S. citizens. Majorities both of Republicans (67 percent) and Democrats (55 percent) favor government surveillance of Americans’ Internet activities to watch for suspicious activity that might be connected to terrorism. Independents are more divided, with 40 percent in favor and 35 percent opposed. Only a third of Americans under 30, but nearly two-thirds 30 and older, support warrantless surveillance.

Right. After all, who needs business?

Read More

Hyatt Hotels Hacked, Customer Data May Be Compromised

A recent study actually found that most big hotel chains have vulnerable computer systems.
The company is still investigating how its system was compromised.
Hyatt, the Chicago-based hotel chain, announced Wednesday that it had discovered a virus on computers used to process payments for some of its hotel locations.
Read more:
Posted by Dont Mine on Me

Read More

Tim Cook: There’s no trade-off between security and privacy

The reality is if you put a back door in, that back door’s for everybody, for good guys and bad guys!!
Apple CEO Tim Cook
In a strong defense of encryption, Apple’s CEO Tim Cook said that there was no trade-off between privacy and national security when it comes to encryption.
“I think that’s an overly simplistic view. We’re America. We should have both,” he told Charlie Rose on CBS’ 60 Minutes program on Sunday, according to a transcript of the interview posted online.
Read more:
Posted by Dont Mine on Me

Read More

Stop doing quizzes on Facebook if you place any value on your privacy

Any information about you and your friends can be collected and sold onto advertisers. There is simply no way to know where it ends up!!
You might think that talking about Facebook and privacy in the same breath is a little odd. The two just don’t go hand in hand, surely? Trying to use Facebook whilst maintaining your privacy is an exercise in futility, right? Well, yes, it’s certainly true that hitting a social network is not the thing to do if you want to fly under the radar, but many people do not realize just how easy it is to unwittingly hand over reams of personal information to companies and persons unknown.
Read more:
Posted by Dont Mine on Me

Read More