EPIC’s Rotenberg talks ‘privacy paradox,’ legislative challenges with Rainie

Lee Rainie, director of Pew Internet, led a final session at FutureWeb in which he discussed privacy issues with Marc Rotenberg of the Electronic Privacy Information Center (EPIC.)

WWW 2010 - "Special Session: Marc Rotenberg & Lee Rainie." From left to right: Marc Rotenberg, Lee Rainie. (Photo: Elon University Relations photographer Kim Walker. )

Rotenberg is arguably the best-known privacy advocate in the world, and he and his team work to bring to light the emerging civil liberties issues tied to the many uses of technology.

“Mark is my number one teacher on these issues,” Rainie said in his introduction. “He has schooled us (at Pew) both directly and indirectly, and his work has stood up remarkably and robustly as this environment has changed.”

Rotenberg addressed the privacy paradox, where on one level Americans tend to place value in the ability to control identity, but at the same time they don’t always stay true to this principle.

“The challenge is that people are constantly being coerced to give up data and to make information available because of some opportunity that is presented to them,” he said, in an indirect but obvious reference to online social networks like Facebook and online search companies such as Google.

He noted the historical similarities between the early years of the automobile and the early years of the Internet. Drivers in the early 1900s were in the similar situation of using a new product, despite the lack of safety features. Because it offers advantages, despite the threats to their well-being the consumer decides to use the product. As the product evolves, the challenge then becomes how to enhance it’s benefits to consumers while reducing the necessary risks.

“The key insight is that at the end of the day, it isn’t the driver going to auto safety school making the experience safer,” he said. “It is not possible to effectively place this burden on the driver. It has to be the responsibility of the manufacturer. I think that’s the big shift we’re going to see on the Internet privacy front.”

Rotenberg then spoke to the political atmosphere of the issue, saying it’s becoming more common to see people speaking up. He finds it encouraging that young people are participating in the conversation, citing the example of the Facebook group created to protest the largest social network’s new terms of service.

The launch of Google Buzz created similar activity involving privacy issues. After the introduction, Gmail users resisted the violation of privacy rights and there was an enormous pushback on Google.

“The next step in the maturing of the privacy debate is making the connections between recognition and… real action by Congress,” Rotenberg told Rainie. He is a strong advocate of specific privacy legislation and says new laws are necessary in this new environment.

Rotenberg added that it is not right for our representatives in Congress to trade off too much of people’s personal privacy in exchange for national security and government access.

“If you really lose privacy, it will be very hard to recapture,” he said.

Rotenberg said ideas about privacy in the Internet context tend to be universal around the world, and it is interesting how much agreement there is on basic principles. People tend to reflect similar values due to a common understanding of the issue.

A topic that many people are now concerned with is privacy in a mobile environment. Good privacy laws will focus on the collection and use of personal data from mobile devices, he said.

“People should be able to make decisions about what to post online,” Rotenberg said. “That’s what freedom’s about, and that’s a good thing. But when companies start to take that data (and analyze and distribute it)… I’m really uncomfortable with that.”

– By Ashley Dischinger

ADDITIONAL DETAILS FROM THIS EVENT…
Video and more written FutureWeb coverage:
http://bit.ly/imaginingtheinternet
FutureWeb YouTube channel: http://www.youtube.com/user/Futureweb2010#p/u
Flickr photos:
http://www.flickr.com/photos/38539612@N02/sets/72157623891937652/

Marc Rotenberg leads panel discussion on the future of privacy policies, education

Annie Anton discusses privacy and applications at the FutureWeb conference, part of WWW2010 in Raleigh.

Marc Rotenberg, of the Electronic Privacy Information Center (EPIC), led an interactive session this afternoon on the future of privacy and the Web. Panelists included Dave Hoffman of Intel, Anne Klinefelter of the UNC School of Law, Jolynn Dellinger of Data Privacy Day, Annie Anton of NC State and Woodrow Hartzog of UNC’s School of Mass Communication.

Rotenberg, of the Electronic Privacy Information Center (EPIC), led a lively and interactive session at FutureWeb on the future of privacy and the Web that touched on many aspects but mostly focused on social media and cloud computing.

Klinefelter addressed some policy issues from an educational standpoint. She said that readers’ privacy has long been a concern of librarians, but it is a problem that has been amplified online. Since books have gone digital with the invention of E-readers and tablets, people’s uses of content can be tracked and the information is not solely personal anymore.

“Some of the privacy settings can be surprising,” she said. “What’s really surprising is the way your data about your reading habits are being shared. You need to think about the way your data is being used. If it’s for commercial or governmental purposes you are being disempowered.”

Klinefelter said Internet users should band together to protest, in order to achieve privacy settings on all personal online content. Without the implementation of fair and open policies, the consequences can include identity theft, access to financial records and the compromising of health records.

Marc Rotenberg, director of the Electronic Privacy Information Center, leads expert panelists through a lively discussion of privacy issues.

The panelists discussed how social media can expose many layers of information people once kept private. Rotenberg asked audience members if they think employers have the right to look at political candidates’ Facebook pages. The majority of people raised their hands said they did not agree.

One audience member noted that a lot of the information on Facebook, such as that about religion, political opinion and sexuality, would not be legal to ask about during a formal job interview.

Antón, co-founder and director of ThePrivacyPlace.org, said most people have a reasonable expectation of privacy but don’t realize they have to set up specific privacy settings on Facebook to achieve that expectation. And age doesn’t matter, she said. “I don’t think this is a generational issue,” Antón said. “Some people know and some people don’t.”

Antón addressed further challenges of online privacy rights, including expectations of privacy on social networks. “A lot of people have a reasonable expectation of privacy but don’t understand they have to participate in setting things up so they can have that expectation of privacy,” she said.

There is a large percentage of the population that remains uninformed about privacy issues, though Anton doesn’t view it as a generational glitch. “Some people know, some people don’t – it’s as simple as that,” she said.

How do we express privacy policies more effectively? Antón said society needs to address issues such as Australia’s censorship controversy and consider how to balance privacy rights with national security and free speech.

Jolynn Dellinger of Data Privacy Day discusses a point about privacy education at the FutureWeb conference at WWW2010 in Raleigh.

Dellinger, of Data Privacy Day, spoke about the challenges to informing the general public about privacy rights.

“I’ve seen a disconnect between common knowledge and technology,” she said. “I think it’s fair to say a lot of people using Google and Facebook have no idea what’s going on behind the scenes, much less having real knowledge that will help them make informed decisions.”

Dellinger’s work related to Data Privacy Day tries to take education and put it into the hands of people to help with individual privacy practice. She said education is essential because it’s impossible to actively participate without an informed voice, adding that she hopes more tools on privacy education will be available in the future.

“There are people in big corporation that do care about privacy,” she said. “It’s trying to get those materials in the hands of people who can use them (such as educators).”

Woodrow Hartzog, formerly a clerk with the Electronic Privacy Information Center, spoke about privacy as “an umbrella term,” encompassing two issues: obscurity and confidentiality. There is a certain value that lies in obscurity that is only going to increase, he said.

Woodrow Hartzog says privacy is an umbrella term for "obscurity and confidentiality."

He compared the explosion of online content to the urbanization of cities, which allows people to become somewhat lost in the crowd.

“With this explosion of content on the Web we’ve moved to a place now where the Web is not just broadcast,” he said. “Now it’s this never-ending series of back alleys and there are invisible parts of the Web that do not show up in search engines.”

Hartzog noted that people can find ways to hide their blogs from search-engine results, and they can refrain from the real-time conversation, which is also more searchable today, with some content like that of Twitter being exposed even in a Google search. He said people should not be shy about requesting more confidentiality when they want it online.

The transparency of companies in confidentiality agreements is crucial when thinking about the future of privacy, he said.

David Hoffman of Intel concentrated his remarks on cloud computing and continued the discussion on privacy’s future by referencing the past. “I think cloud computing is somewhat like how we’ve been physically reaching the clouds (through commercial air travel) for the past 50 years,” he said. He noted that this aspect of human sharing – by storing information in remote databanks – “in the cloud” instead of on a local hard drive – is nothing new. But mass adoption of the cloud for storage of vast amounts of people’s most personal information is.

Our culture has developed to the point where we have a substantial reliance upon technology, along with a need to trust this technology – we trust it to be available and functional, to possess a certain measure of security assurance and trust that privacy will be respected, he said.

Hoffman said he is unsure of whether we are doing a satisfactory job of meeting these privacy expectations. “We’re heading to a global digital infrastructure,” he said. He described the key problems can that arise online include the fact that private information can be stolen or hacked and that the information stored in the cloud can be lost.

“We are now relying upon the cloud to such a degree that threats we don’t know about can create harm,” he said. “We trust it to be available, functional. We have a need to trust that our privacy will be respected.”

Hoffman noted that policy should be changed to compensate for new interactive technologies that allow for increased violation of privacy.

Klinefelter agreed that privacy laws need to have a second look.

“I would like the legislation – to have more an opt-in than an opt-out,” form of online privacy she said.

Antón said laws should changed to be compliant with software that can protect privacy, and Hartzog said he hopes to see revision in surveillance law.

– By Ashley Dischinger and Laura Smith

ADDITIONAL DETAILS FROM THIS EVENT…

Video and more written FutureWeb coverage: http://bit.ly/imaginingtheinternet
FutureWeb YouTube channel: http://www.youtube.com/user/Futureweb2010#p/u
Flickr photos: http://www.flickr.com/photos/38539612@N02/sets/72157623891937652/

danah boyd: privacy, publicity and ‘Big Data’

Social networks researcher danah boyd, who has collaborated with Microsoft and Harvard’s Berkman Center, kicked off day two of FutureWeb with her WWW2010 keynote address. boyd focused her talk on “Big Data” and its implications in the world of Web 2.0, namely privacy and publicity consequences.

danah boyd delivers the WWW2010 keynote address, speaking about Big Data, privacy and publicity. (Photo: Dan Rickershauser)

“Data is the digital air in which we breathe and countless efforts are being put into trying to make sense of the data swirling around,” boyd said. “When we talk about privacy and publicity in a digital age, we can’t avoid talking about data.”

boyd described Big Data as the kind of information that marketers, researchers and businessmen and women use to track and analyze public behavior. She named social media tools, such as Facebook, Twitter and Google, as core hosts of data.

We’ve entered an age where data is cheap, but making sense of it is not, boyd said. People must become actively engaged in the data in order to accurately and efficiently analyze human behavior online.

boyd cites four key issues to understand when working with Big Data:

1. Bigger Data are Not Always Better Data
2. Not All Data are Created Equal
3. What and Why are Different Questions
4. Be Careful of Your Interpretations

“Nobody loves Big Data better than marketers,” she said. “And nobody misinterprets Big Data better than marketers.”

One limitation to Big Data, boyd warned, is that it can only reveal certain things. Making assumptions about interpretations of that data is dangerous. boyd said such misinterpretations are “beautifully displayed when people try to implement findings into systems.”

Related to the problem of data misconceptions is the question of ethics. She cited privacy and publicity as two key issues that come into play. The biases and misinterpretations that are present in the analysis and use of Big Data are fundamentally affecting people’s lives, boyd said.

“Just because data is accessible doesn’t mean that using it is ethical,” boyd said. “It terrifies me when those who are passionate about Big Data espouse the right to collect, aggregate and analyze anything that they can get their hands on.”

Unintended consequences of our actions, including invasion of privacy, are why ethics matter. boyd said people begin to feel privacy violations as soon as their expectations are shattered in the physical environment.

She also spoke about the psychological consequences people suffer from who experience an invasion of privacy.

“Making content publicly accessible is not equal to being asked for it to be distributed, aggregated or otherwise scaled,” she said. “Paparazzi make celebrities’ lives a living hell. When we argue for the right to publicize any data that isn’t publicly accessible, we are arguing that everyone deserves the right to be stalked like a celebrity.”

In the context of social networks, she said people are sharing “personally identifiable information,” but are usually just concerned about “personally embarrassing information.”

The questions that arise from open access controls are challenging. Just because we can publicize content, should we? Just because we can aggregate and redistribute data, should we?

The answers to these questions still remain unclear, boyd said.

She spoke specifically about Facebook’s history with privacy issues, beginning with its initial reputation as a trusted, closed system with boundaries. Over the years, developments such as the News feed, Beacon and changing privacy settings have “left many users clueless and confused.” Still, boyd says people are slowly learning how to manipulate the technology to control their privacy.

“Privacy will always be a process that people are navigating,” boyd said. “Big Data is made out of people. We have to develop systems and do analysis that balance the complex ways in which people are negotiating these systems.  You are shaping the future, and I challenge you to build the future you want to inhabit.”

-by Ashley Dischinger

ADDITIONAL DETAILS FROM THIS EVENT…
Video and more written FutureWeb coverage: http://bit.ly/imaginingtheinternet
FutureWeb YouTube channel: http://www.youtube.com/user/Futureweb2010#p/u
Flickr photos: http://www.flickr.com/photos/38539612@N02/sets/72157623891937652/

The Future of Privacy and the Web

FutureWeb 2010 Conference, Raleigh, N.C., April 30, 1:30-3 p.m.

Marc Rotenberg, president of EPIC, will lead a session on The Future of Privacy and the Web at the FutureWeb conference in Raleigh, N.C.

Chair: Marc Rotenberg, executive director of the Electronic Privacy Information Center.

Session description: Privacy is evolving as people use the Web to share in new ways. Among the issues that can be considered are the economic and political advantages of respect for individual privacy; balancing security and privacy concerns; identity theft, identity fraud and information leaks; concerns tied to Web 2.0 and social networks; cloud computing and privacy (individuals’ control over personal data and data retention); regulation of illegal web content; regulatory models for privacy; network neutrality; frameworks for freedom; ethical dimensions in ensuring the openness of the Internet. The panel will aim to specifically isolate the key challenges and opportunities in the looming future for privacy and the Web and it will work to identify some specific action steps that can be taken today to work for a better tomorrow.

Panelists:

• 

  Anne Klinefelter

  Anne Klinefelter, expert in privacy law and director of the law library at the UNC School of Law. She has conducted research in the areas of privacy law, the First Amendment, copyright law and licensing. Klinefelter serves on the Advisory Board of the UNC Center for Media Law and Policy. She is also chair of the American Association of Law Schools Section on Law Libraries. Click here to watch a brief interview with Klinefelter in which she discusses the importance of online resources and issues surrounding intellectual property.

• Jolynn Dellinger, program manager for Data Privacy Day at The Privacy Projects and former privacy and security counsel for Intel. More information about Data Privacy Day 2010 can be found at www.dataprivacyday.org.

• 

  Annie Anton

  Annie I. Antón, professor of computer science at North Carolina State University’s College of Engineering and co-founder and director of ThePrivacyPlace.org.  Antón works with the organization, which is made up of a group of students and faculty at NCSU, Georgia Tech and Purdue University, to develop technology to help ensure that privacy policies are aligned with software systems. She also serves as a board member of The Future of Privacy Forum. Antón has received a number of awards, including the 2000 NSF CAREER Award, 2002 Computing Research Association Digital Government Fellow Award, the 2003 NCSU College of Engineering Pride of the Wolfpack Award and the 2005 CSO (Chief Security Officer) Magazine’s Woman of Influence in the Public Sector Award.

• 

  Woodrow Hartzog

  Woodrow Hartzog, Park Fellow at the University of North Carolina in Chapel Hill School of Mass Communication. His research interests include privacy, online communication and information law. Hartzog was formerly a clerk at EPIC. He tweets as hartzog at https://twitter.com/hartzog.

For more information about FutureWeb 2010 panel discussions, featured panelists and more, click here to navigate to the FutureWeb site. To register for the conference, visit the FutureWeb registration page.

Marc Rotenberg’s letter to NYT addresses Internet privacy issues

Marc Rotenberg, executive director of EPIC, will lead a session on The Future of Privacy and the Web at the FutureWeb conference in Raleigh, N.C.

Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), wrote a letter to the New York Times on April 9 discussing Internet privacy issues in a response to an editorial published the same day, called “Dial-Up Law in a Broadband World.”

Rotenberg says the United States must update laws surrounding electronic privacy, mostly due to dramatic changes in technology over the past 25 years. Likewise, he says businesses must alter their practices to comply with these developments. He sites the example of online advertisers that now rely on detailed profiles of Internet users to discreetly track and target consumers. Rotenberg writes:

“Congress should ensure that users have meaningful control over their personal information. Privacy policies are not enough. Users should have the right to examine what companies actually no about them and how it affects them.”

Rotenberg’s letter foreshadows the themes he will discuss as chair of The Future of Privacy and the Web session at the upcoming FutureWeb 2010 Conference in Raleigh, N.C.

To learn more about the future of Internet privacy, register for the FutureWeb conference.  More details about the conference schedule and speakers can be found on the FutureWeb site.

By Ashley Dischinger

EPIC files suit over Google Buzz, argues violation of data privacy laws

As the hype surrounding last month’s launch of Google Buzz refuses to cease, the Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission addressing privacy concerns. The public interest research group, which advocates the protection of privacy rights in the electronic information age, accused Google Buzz of converting the personal information of Gmail users, without consent, into public information on the new social networking site.

EPIC, which will send officials from its organization to coordinate a session on The Future of Privacy and the Web at the FutureWeb conference in Raleigh on April 30, challenged Google Buzz in a formal complaint. It argued the social networking application caused “clear harm to service subscribers” when it automatically drew from contacts in the program into the social network.

Gmail users said they didn’t necessarily want all of their e-mail contacts to follow them in the social network, which is designed similarly to Facebook’s interface. User contact information was made public, though they have the option to set it to remain private. Still, Google Buzz users reported the interface was somewhat confusing, and it was difficult to figure out how to alter privacy settings.

Since the launch of Google Buzz on Feb. 9, Google has changed elements of the service twice. In an attempt to directly address customers’ concerns over privacy, it clarified the option to not display follower information on public profiles. It also added a feature that makes it possible to block followers who have not created a Google Profile.

EPIC wrote in the complaint that, “This change in business practices and service terms violated user privacy expectations, diminished user privacy, contradicted Google’s own privacy policy, and may have also violated federal wiretap laws.”

The Internet privacy watchdog group urged the FTC to launch an immediate investigation into Google’s social networking application to determine whether they should issue a punishment. EPIC called for the FTC to force Google to present Google Buzz as a voluntary service rather than an opt-out application. The group requested that Google provide notice and request consent from users before making any more changes to the privacy policies.

Google says it welcomes all feedback on its latest service, allowing it to make the appropriate changes to Google Buzz. The Washington Post reports:

“We’ve already made a few changes based on user feedback, and we have more improvements in the works,” a Google representative said in a statement. “We also welcome dialogue with EPIC and appreciate hearing directly from them about their concerns. Our door is always open to organizations with suggestions about our products and services.”

EPIC soon filed an amendment to its FTC complaint, in response to a letter from the FTC that acknowledged its complaint, but pointed out the agency could neither confirm nor deny whether it is pursuing a related investigation. EPIC responded to the letter, arguing that Google violated its own Gmail Privacy Policy by using Gmail users’ contact lists and related data for a separate, unrelated service.

A week after EPIC issued its initial complaint, Gmail user Andranik Souvalian sued Google in Rhode Island over similar concerns. Souvalian says that, “Google intentionally exceeded its authorization to access and control confidential and private information.” He argues that Google Buzz is directly in violation of the Stored Communications Act and the Electronic Communications Privacy Act.

By Ashley Dischinger