Mobile Privacy October 12, 2012
Posted by Heather Mark in InfoSec & Privacy, Laws and Leglslation, privacy.Tags: Dr. Heather Mark, Heather Mark, Location Privacy Protection Act, mark consulting group, mobile privacy, privacy
add a comment
Smartphones have changed the way we interact with our world. They’ve introduced a new level of convenience, but they’ve also introduced a new potential threat to our privacy. As consumers, we should be informed about the choices that we make on our smartphones and how they might impact us. For example, I upgraded my iPhone to iOS 6 this afternoon. (I know. I’m a little late on that one.) Anyway, when I was done I got two prompts. The first asked if I wanted to enable location services. I said yes, knowing that meant that 1) I could use the “find my phone” app, as well as many other apps that come in handy for a frequent traveler, and; 2) that it meant that Apple would have access to my location data. The next prompt suggested that Apple could improve its products and services if I just allowed my phone to send occasional reports to headquarters. That one I declined. I don’t necessarily want Apple to have access to all of my activities on my smartphone.
Now, I’m not naive enough to believe that my simple selection means that I have safely secured my data and mobile behavior entirely. There are companies that are taking advantage of the fact that privacy laws have not kept pace with technology. We know for example, that there are companies that offer device fingerprinting services for fraud prevention that also happen to sell mobile device behavior analytics to marketers. Consumers don’t have any way of knowing that their behavior is being tracked and they have no way to opt out.
This week, Sen. Franken (D-Minn) and Sen. Blumenthal (D-Conn) introduced a bill designed to protect mobile privacy. The Location Privacy Protection Act of 2011 is meant to protect consumer privacy by informing users of how and with whom their location data is shared. There are four primary requirements of the bill. Distilled to their basics, those requirements are:
1) Gain consumer consent before collecting location data
2) Get consumer consent before sharing that data
3) Assist in understanding and investigating crimes that involve the misuse of location data
and
4) create criminal penalties for those that abuse location services or use so-called “stalking apps.”
While I applaud the move to ensure that mobile users are protected from entities divulging their location without the knowledge or consent of the consumer, I wonder if the law goes far enough in protecting consumer privacy. What about those device fingerprinting activities? Do you think the proposed bill goes far enough? Too far? What would you like to see in terms of mobile privacy protection?
“See, Hear & Speak no Evil”- Google Censorship Requests June 18, 2012
Posted by Chris Mark in Industry News, privacy.Tags: Censorship, cybersecurity, freedom of speech, google, InfoSec, mark consulting group, privacy, requests, satire
1 comment so far
Google today released information related to the censorship requests by Governments around the Globe. While many are familiar with China and other nations restricting access, it is interesting to see so many “Western” countries requesting censorship. An interesting example is the Canadian Government requesting the removal of “…YouTube video of a Canadian citizen urinating on his passport and flushing it down the toilet. “ To their credit, Google did NOT comply with this request. In another request, Google “…received a request from the Central Police in Italy to remove a YouTube video that satirized Prime Minister Silvio Berlusconi’s lifestyle.” Again, Google did not comply. The interesting part of these requests is that they request removal of material that is typically considered a right of free speech and protest. Satire has been used as a form of protest in West for centuries (look at Voltare, Oscar Wilde…etc.etc.) and civil disobedience (urinating on a passport, is a good example) has certainly been used as form of protest. One has to wonder whether how much more information ‘free’ governments have kept from the public. You can see the Google removal requests here.
Social Media as a Privacy Tool? June 14, 2012
Posted by Heather Mark in privacy.Tags: google, Heather Mark, InfoSec & Privacy, mark consulting group, privacy, risk management
add a comment
As one that closely follows the intersection of privacy and technology I read with great interest a paper released by Google entitled “Vanity or Privacy? Social Media as a Facilitator of Privacy and Trust.” The paper is to be presented at the 2012 ACM Conference on Computer Supported Cooperative Work. The paper is relatively short and presented as though it was undertaken in the nature of academic research. I doubt I need to replay for the reader Google’s recent privacy issues and its recent changes to the company’s privacy policy. With that in mind, it is difficult to read the short paper as anything other than a justification for these recent changes. Unfortunately for Google, the paper is patently one-sided and the premises themselves are flawed, to put it mildly. It should be noted that the authors of the paper do include the following caveat: “While these examples offer no judgment on whether social media is good for privacy in any absolute sense, they do support our contention that it is possible to design social media systems that are engaging and supportive of privacy and trust.”
Before I delve into the paper itself, it is important to provide some baseline definitions for privacy and trust, particularly with respect to the online environment. Privacy has traditionally been defined as the right to be let alone. (more…)
Global Security, Privacy, & Risk Management 