Data and Goliath
Page 46
personal information about you: The notion of ownership is actually very complicated. Ali M. Al-Khouri (Nov 2012), “Data ownership: Who owns ‘my data’?” International Journal of Management and Information Technology 2, http://www.id.gov.ae/assets/FNukwmhbQ4k.pdf.aspx. Jacob M. Victor (Nov 2013), “The EU General Data Protection Regulation: Toward a property regime for protecting data privacy,” Yale Law Journal 123, http://www.yalelawjournal.org/comment/the-eu-general-data-protection-regulation-toward-a-property-regime-for-protecting-data-privacy.
They pay for this information: Jennifer Valentino-DeVries and Jeremy Singer-Vine (7 Dec 2012), “They know what you’re shopping for,” Wall Street Journal, http://online.wsj.com/news/articles/SB10001424127887324784404578143144132736214. Jeremy Singer-Vine (7 Dec 2012), “How Dataium watches you,” Wall Street Journal, http://blogs.wsj.com/digits/2012/12/07/how-dataium-watches-you.
transparency trumps proprietary claims: Frank Pasquale (21 Apr 2009), “The troubling trend toward trade secret-protected ranking systems,” Chicago Intellectual Property Colloquium, Chicago, Illinois, http://www.chicagoip.com/pasquale.pdf.
more algorithms can be made public: Ethan Zuckerman (5 Sep 2012), “TSA pre-check, fairness and opaque algorithms,” My Heart’s in Accra, http://www.ethanzuckerman.com/blog/2012/09/05/tsa-pre-check-fairness-and-opaque-algorithms.
there are ways of auditing algorithms: Daniel Weitzner (29–30 Jan 2014), “The jurisprudence of accountability,” 2nd International Workshop on Accountability: Science, Technology and Policy, Cambridge, Massachusetts, http://dig.csail.mit.edu/2014/AccountableSystems2014/abs/weitzner-account-jurisprudence-abs.pdf. Ed Felten (19 Mar 2014), “Algorithms can be more accountable than people,” Freedom to Tinker, https://freedom-to-tinker.com/blog/felten/algorithms-can-be-more-accountable-than-people. Ed Felten (12 Sep 2012), “Accountable algorithms,” Freedom to Tinker, https://freedom-to-tinker.com/blog/felten/accountable-algorithms.
There’s been a concerted: Examples include Microsoft Corporation and the World Economic Forum. Craig Mundie (Mar/Apr 2014), “Privacy pragmatism: Focus on data use, not data collection,” Foreign Affairs 93, http://www.foreignaffairs.com/articles/140741/craig-mundie/privacy-pragmatism. William Hoffman et al. (May 2014), “Rethinking personal data: A new lens for strengthening trust,” World Economic Forum, http://reports.weforum.org/rethinking-personal-data. William Hoffman et al. (May 2014), “Rethinking personal data: Trust and context in user-centred data ecosystems,” World Economic Forum, http://www3.weforum.org/docs/WEF_RethinkingPersonalData_TrustandContext_Report_2014.pdf. William H. Dutton et al. (May 2014), “The Internet trust bubble: Global values, beliefs and practices,” World Economic Forum, http://www3.weforum.org/docs/WEF_InternetTrustBubble_Report2_2014.pdf. Fred H. Cate, Peter Cullen, and Viktor Mayer-Schonberger (Mar 2014), “Data protection principles for the 21st century: Revising the 1980 OECD Guidelines,” Oxford Internet Institute, University of Oxford, http://www.oii.ox.ac.uk/publications/Data_Protection_Principles_for_the_21st_Century.pdf. President’s Council of Advisors on Science and Technology (May 2014), “Big data and privacy: A technology perspective,” http://www.whitehouse.gov/sites/default/files/microsites/ostp/PCAST/pcast_big_data_and_privacy_-_may_2014.pdf.
the privacy harms come from: Chris Jay Hoofnagle (2 Sep 2014), “The Potemkinism of privacy pragmatism,” Slate, http://www.slate.com/articles/technology/future_tense/2014/09/data_use_regulation_the_libertarian_push_behind_a_new_take_on_privacy.single.html.
One intriguing idea has been: A. Michael Froomkin (23 Feb 2014), “Regulating mass surveillance as privacy pollution: Learning from environmental impact statements,” University of Miami, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2400736.
The regulatory agencies: Julie Brill (2 Jun 2014), “Weaving a tapestry to protect privacy and competition in the age of Big Data,” European Data Protection Supervisor’s Workshop on Privacy, Consumer Protection and Competition in the Digital Age, Brussels, Belgium, http://www.ftc.gov/system/files/documents/public_statements/313311/140602edpsbrill2.pdf. Jules Polonetsky and Omer Tene (6 Dec 2012), “It’s not how much data you have, but how you use it: Assessing privacy in the context of consumer data integration,” Future of Privacy Forum, http://www.futureofprivacy.org/wp-content/uploads/FPF-White-Paper-Its-Not-How-Much-Data-You-Have-But-How-You-Use-It_FINAL.pdf.
what the United States needs: European Union (9 Dec 2013), “National data protection authorities,” http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.htm.
Other applications prefer having: Alon Halevy, Peter Norvig, and Fernando Pereira (Mar/Apr 2009), “The unreasonable effectiveness of data,” IEEE Intelligent Systems 24, https://static.googleusercontent.com/media/research.google.com/en/us/pubs/archive/35179.pdf.
Twitter . . . is giving its data: Doug Gross (7 Jan 2013), “Library of Congress digs into 170 billion tweets,” CNN, http://www.cnn.com/2013/01/07/tech/social-media/library-congress-twitter.
the German language: Martin Fowler (12 Dec 2013), “Datensparsamkeit,” http://martinfowler.com/bliki/Datensparsamkeit.html.
The US is the only Western country: Of course, legal protections do not necessarily translate to actual protection. In 2011, the German government was found to be using a Trojan to spy on German citizens, in violation of its very strong data protection laws. As we’ve learned again and again, no law can secure us from a government that refuses to abide by it. Chaos Computer Club (8 Oct 2011), “Chaos Computer Club analyzes government malware,” http://ccc.de/en/updates/2011/staatstrojaner.
We do have protections for certain: DLA Piper (7 Mar 2013), “Data protection laws of the world,” http://files.dlapiper.com/files/Uploads/Documents/Data_Protection_Laws_of_the_World_2013.pdf. Theodore J. Kobus III and Gonzalo S. Zeballos (19 Feb 2014), “2014 international compendium of data privacy laws,” Baker Hostetler, http://www.bakerlaw.com/files/Uploads/Documents/Data%20Breach%20documents/International-Compendium-of-Data-Privacy-Laws.pdf.
Google has my lifelong search history: I can get at some of it if I have search history enabled. Dave Greenbaum (12 Jul 2014), “Google’s new account history page helps further control your privacy,” Life Hacker, http://lifehacker.com/googles-new-account-history-page-helps-further-control-1603125500.
Medtronic maintains that data: Hugh Campos (19 Nov 2011), “Hugo Campos fights for the right to open his heart’s data,” TEDxCambridge, Cambridge, Massachusetts, http://tedxtalks.ted.com/video/TEDxCambridge-Hugo-Campos-fight.
different types of data: Bruce Schneier (Jul/Aug 2010), “A taxonomy of social networking data,” IEEE Security & Privacy 8 (4), http://ieeexplore.ieee.org/xpls/abs_all.jsp?arnumber=5523874.
you could either make your Facebook: Blake Ross (13 Sep 2011), “Improved friend lists,” Facebook, https://www.facebook.com/notes/facebook/improved-friend-lists/10150278932602131.
Tweets are either direct messages: Tony Bradley (13 Oct 2010), “Think your tweet is private? Think again,” PC World, http://www.pcworld.com/article/207710/think_your_twitter_dm_is_private_think_again.html.
Instagram posts can be either: Leslie Meredith (15 Jan 2013), “Why you should make Instagram private before Saturday,” NBC News, http://www.nbcnews.com/tech/internet/why-you-should-make-instagram-private-saturday-f1B7987618.
Pinterest pages have public: Serge Malenkovich (25 Jan 2013), “How to protect your privacy on Pinterest,” Kaspersky Lab Daily, http://blog.kaspersky.com/protect-your-privacy-on-pinterest.
In 2014, a presidential review group: US Executive Office of the President (1 May 2014), “Big data: Seizing opportunities, preserving values,” http://www.whitehouse.gov/sites/default/files/docs/big_data_privacy_report_may_1_2014.pdf.
Jaron Lanier proposes a scheme: Jaron Lanier (2013), Who Owns the Future? Simon and Schuster, http://books.google.com/books?id=w_LobtmRYmQC.
US Consumer Privacy Bill of Rights: US Executive Office of the President (Feb 2012), “Consumer data privacy in a networked world: A framework for protecting privacy and promot
ing innovation in the global digital economy,” http://www.whitehouse.gov/sites/default/files/privacy-final.pdf.
the EU is currently grappling with: European Commission (8 Jul 2014), “Factsheet on the ‘Right to be Forgotten’ ruling (C-131/12),” http://ec.europa.eu/justice/data-protection/files/factsheets/factsheet_data_protection_en.pdf.
European Court of Justice ruled: Rory Cellan-Jones (13 May 2014), “EU court backs ‘right to be forgotten’ in Google case,” BBC News, http://www.bbc.com/news/world-europe-27388289. Court of Justice of the European Union (13 May 2014), “Judgment in Case C-131/12: Google Spain SL, Google Inc. v Agencia Española de Protección de Datos, Mario Costeja González,” http://curia.europa.eu/jcms/upload/docs/application/pdf/2014-05/cp140070en.pdf.
This caused a torrent of people: Jane Wakefield (15 May 2014), “Politician and pedophile ask Google to ‘be forgotten,’” BBC News, http://www.bbc.com/news/technology-27423527.
this is an important right: Alessandro Mantelero (Jun 2013), “The EU Proposal for a General Data Protection Regulation and the roots of the ‘right to be forgotten,’” Computer Law and Security Review 29, http://www.sciencedirect.com/science/article/pii/S0267364913000654.
What they’re consenting to: There have been lots of experiments to demonstrate this. Patricia A. Norberg, Daniel R. Horne, and David A. Horne (Summer 2007), “The privacy paradox: Personal information disclosure intentions versus behaviors,” Journal of Consumer Affairs 41, http://onlinelibrary.wiley.com/doi/10.1111/j.1745-6606.2006.00070.x/abstract. Leslie K. John, Alessandro Acquisti, and George Loewenstein (6 Jul 2009), “The best of strangers: Context-dependent willingness to divulge personal information,” Social Sciences Research Network, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1430482. Susan Waters and James Ackerman (Oct 2011), “Exploring privacy management on Facebook: Motivations and perceived consequences of voluntary disclosure,” Journal of Computer-Mediated Communication 17, http://onlinelibrary.wiley.com/doi/10.1111/j.1083-6101.2011.01559.x/full. Fred Stutzman, Ralph Gross, and Alessandro Acquisti (Apr 2013), “Silent listeners: The evolution of privacy and disclosure on Facebook,” Journal of Privacy and Confidentiality 4, https://www.cylab.cmu.edu/news_events/news/2013/acquisti-7-year-study-facebook-privacy.html.
systems we use are deliberately: It turns out that it’s surprisingly easy to manipulate people into ignoring their privacy concerns. Idris Adjerid et al. (22 Mar 2013), “Sleights of privacy: Framing, disclosures, and the limits of transparency,” SOUPS ’13: Proceedings of the Ninth Symposium on Usable Privacy and Security, http://www.heinz.cmu.edu/~acquisti/papers/acquisti-sleights-privacy.pdf.
Companies will be less inclined: Sara M. Watson (29 Apr 2014), “If customers knew how you use their data, would they call it creepy?” HBR Blog Network, http://blogs.hbr.org/2014/04/if-customers-knew-how-you-use-their-data-would-they-call-it-creepy.
And users will be less likely: Chris Jay Hoofnagle and Jan Whittington (28 Feb 2014), “Free: Accounting for the costs of the Internet’s most popular price,” UCLA Law Review 61, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2235962.
Notice, choice, and consent: Kirsten Martin (2 Dec 2013), “Transaction costs, privacy, and trust: The laudable goals and ultimate failure of notice and choice to respect privacy online,” First Monday 18, http://firstmonday.org/ojs/index.php/fm/article/view/4838/3802.
We need information fiduciaries: Near as I can tell, this idea has been independently proposed by two law professors. Jerry Kang et al. (Mar 2012), “Self-surveillance privacy,” Iowa Law Review 97, http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1729332. Jack M. Balkin (5 Mar 2014), “Information fiduciaries in the digital age,” Balkinization, http://balkin.blogspot.co.uk/2014/03/information-fiduciaries-in-digital-age.html.
comparable to investment advisors: Jonathan Zittrain (1 Jun 2014), “Facebook could decide an election without anyone ever finding out,” New Republic, http://www.newrepublic.com/article/117878/information-fiduciary-solution-facebook-digital-gerrymandering.
Dan Geer proposed that Internet: Dan Geer (9 Oct 2013), “Tradeoffs in cyber security,” http://geer.tinho.net/geer.uncc.9x13.txt.
Surveillance became the business model: The inventor of the pop-up ad has apologized. Ethan Zuckerman (14 Aug 2014), “The Internet’s own original sin,” Atlantic, http://www.theatlantic.com/technology/archive/2014/08/advertising-is-the-internets-original-sin/376041.
a lot of research on building privacy: Ann Cavoukian (Jan 2011), “Privacy by Design: The 7 foundational principles,” Privacy by Design, http://www.privacybydesign.ca/content/uploads/2009/08/7foundationalprinciples.pdf. US Federal Trade Commission (Mar 2012), “Protecting consumer privacy in an era of rapid change: Recommendations for businesses and policymakers,” http://www.ftc.gov/sites/default/files/documents/reports/federal-trade-commission-report-protecting-consumer-privacy-era-rapid-change-recommendations/120326privacyreport.pdf.
Companies like Google and Facebook: Ingrid Lunden (30 Sep 2013), “Digital ads will be 22% of all U.S. ad spend in 2013, mobile ads 3.7%; total global ad spend in 2013 $503B,” Tech Crunch, http://techcrunch.com/2013/09/30/digital-ads-will-be-22-of-all-u-s-ad-spend-in-2013-mobile-ads-3-7-total-gobal-ad-spend-in-2013-503b-says-zenithoptimedia. Marketing Charts (23 Dec 2013), “Data dive: US TV ad spend and influence (Updated—Q3 2013 data),” http://www.marketingcharts.com/wp/television/data-dive-us-tv-ad-spend-and-influence-22524.
Journalist James Kunstler calls this: James Kunstler (21 Oct 2005), “The psychology of previous investment,” Raise the Hammer, http://www.raisethehammer.org/article/181.
Some fought in court: Charlie Savage (14 May 2014), “Phone company pushed back against NSA’s data collection, court papers show,” New York Times, http://www.nytimes.com/2014/05/15/us/politics/phone-company-pushed-back-against-nsas-data-collection-court-papers-show.html. Claire Cain Miller (13 Jun 2013), “Secret court ruling put tech companies in data bind,” New York Times, http://www.nytimes.com/2013/06/14/technology/secret-court-ruling-put-tech-companies-in-data-bind.html.
Many computer companies: Ewen MacAskill (9 Sep 2013), “Yahoo files lawsuit against NSA over user data requests,” Guardian, http://www.theguardian.com/world/2013/sep/09/yahoo-lawsuit-nsa-surveillance-requests. Mike Masnick (27 Jan 2014), “Feds reach settlement with Internet companies allowing them to report not nearly enough details on surveillance efforts,” Tech Dirt, https://www.techdirt.com/articles/20140127/17253826014/feds-reach-settlement-with-internet-companies-allowing-them-to-report-not-nearly-enough-details-surveillance-efforts.shtml. Spencer Ackerman (3 Feb 2014), “Microsoft, Facebook, Google and Yahoo release US surveillance requests,” Guardian, http://www.theguardian.com/world/2014/feb/03/microsoft-facebook-google-yahoo-fisa-surveillance-requests.
Google says it turned over: Google (2014), “Transparency report,” https://www.google.com/transparencyreport/userdatarequests/US.
starting with CREDO Mobile: Brian Fung (9 Jan 2014), “The first phone company to publish a transparency report isn’t AT&T or Verizon,” Washington Post, http://www.washingtonpost.com/blogs/the-switch/wp/2014/01/09/the-first-phone-company-to-publish-a-transparency-report-isnt-att-or-verizon.
Verizon, for example, reports: Verizon (22 Jan 2014), “Verizon transparency report,” http://transparency.verizon.com/us-data.
every three months Verizon: Glenn Greenwald (5 Jun 2013), “NSA collecting phone records of millions of Verizon customers daily,” Guardian, http://www.theguardian.com/world/2013/jun/06/nsa-phone-records-verizon-court-order.
Apple announced that it would inform: Craig Timberg (1 May 2014), “Apple, Facebook, others defy authorities, notify users of secret data demands,” Washington Post, http://www.washingtonpost.com/business/technology/apple-facebook-others-defy-authorities-increasingly-notify-users-of-secret-data-demands-after-snowden-revelations/2014/05/01/b41539c6-cfd1-11e3-b812-0c92213941f4_story.html.
Microsoft and Google have teamed: Jacob Siegal (30 Aug 2013), “Microsoft, Google team up to sue federal government ove
r NSA spying,” BGR, http://bgr.com/2013/08/30/microsoft-google-nsa-lawsuit.
Yahoo is doing the same: Ewan MacAskill (9 Sep 2013), “Yahoo files lawsuit against NSA over user data requests,” Guardian, http://www.theguardian.com/world/2013/sep/09/yahoo-lawsuit-nsa-surveillance-requests. Kevin Collier (15 Jul 2013), “Yahoo wins court order to release records of its fight against PRISM,” Daily Dot, http://www.dailydot.com/news/yahoo-prism-court-win-fisa-declassified. Craig Timberg (11 Sep 2014), “U.S. threatened massive fine to force Yahoo to release data,” Washington Post, http://www.washingtonpost.com/business/technology/us-threatened-massive-fine-to-force-yahoo-to-release-data/2014/09/11/38a7f69e-39e8-11e4-9c9f-ebb47272e40e_story.html.
companies are employing “warrant canaries”: Cyrus Farivar (5 Nov 2013), “Apple takes strong privacy stance in new report, publishes rare ‘warrant canary,’” Ars Technica, http://arstechnica.com/tech-policy/2013/11/apple-takes-strong-privacy-stance-in-new-report-publishes-rare-warrant-canary.
valiant and clever effort: In fact, Apple’s canary disappeared in the report following the one where it debuted. No one is sure what it means. Jeff John Roberts (18 Sep 2014), “Apple’s ‘warrant canary’ disappears, suggesting new Patriot Act demands,” Gigaom, https://gigaom.com/2014/09/18/apples-warrant-canary-disappears-suggesting-new-patriot-act-demands.
many companies are stepping up: The Electronic Frontier Foundation is keeping a scorecard. Nate Cardozo, Parker Higgins, and Kurt Opsahl (13 Mar 2014), “Update: Encrypt the Web report: Who’s doing what,” Electronic Frontier Foundation, https://www.eff.org/deeplinks/2013/11/encrypt-web-report-whos-doing-what.
After Google learned that the NSA: Sean Gallagher (6 Nov 2013), “Googlers say “F*** you” to NSA, company encrypts internal network,” Ars Technica, http://arstechnica.com/information-technology/2013/11/googlers-say-f-you-to-nsa-company-encrypts-internal-network.
After Yahoo learned that the NSA: Barton Gellman and Ashkan Soltani (14 Oct 2013), “NSA collects millions of e-mail address books globally,” Washington Post, http://www.washingtonpost.com/world/national-security/nsa-collects-millions-of-e-mail-address-books-globally/2013/10/14/8e58b5be-34f9-11e3-80c6-7e6dd8d22d8f_story.html.