Blown To Bits

Archive for the ‘Privacy’ Category

Class Action Against Google Buzz

Friday, February 19th, 2010 by Harry Lewis
If buy drops once daily you have insurance, your insurance company may require prior authorization cheapest dexamethasone before it covers Syfovre. Once a doctor receives the results, viagra sales a person will have either a telephone call or a buy lumigan online australia follow-up appointment to discuss the results in person. If doctors find cheap cialis online cannot quickly determine the cause of chronic hives, there are order cipro steps people can take to reduce discomfort. The Food and purchase cialis Drug Administration (FDA) has not approved the safety, effectiveness, or petcam (metacam) oral suspension sale quality of over-the-counter CBD products. Identifying the exact cause of find cheap cialis online an allergic reaction is complicated, and linking it to anesthesia buy generic retin-a is challenging. Consumers and doctors can verify the safety and find viagra without prescription side effects of herbs according to U.S. Pharmacopeia and NSF griseofulvin professional International. Clean intermittent self-catheterization is a common treatment for bladder conditions.

A Harvard Law School student has filed a class action lawsuit against Google for Buzz’s privacy violations. The student, Eva Hibnick, says “I feel like they did something wrong,” which is surely true but probably not her best lede. “The document cites the Federal Electronic Communications Privacy Act, the Federal Computer Fraud and Abuse Act, the Federal Stored Communications Act and California common and statutory law,” says ABC News. The kitchen sink, in other words.

The Electronic Privacy Information Center has already complained to the Federal Trade Commission (see here for EPIC’s press release, with a link to the complaint itself). This lawsuit seems like overkill, no matter how mad people are, given the risks we’ve written about elsewhere of stretching any available law to make a club with which to attack a technological innovation.

—-

I was on the Callie Crossley Show on WGBH radio in Boston yesterday giving Google a piece of my mind about Buzz. But I was gentle compared to Callie herself. You can hear the short segment here.

Google Smartly Changes Its Mind

Monday, February 15th, 2010 by Harry Lewis

Google yesterday reversed the crucial error it made when it rolled out Buzz. It decided not to initialize the service to follow your email correspondents, but simply to show those people to you as suggestions. In other words, you now have to opt in to following people, rather than opting out if you don’t want to follow them.

Bravo. You can pick at the edges–the company responded at first just by making the opt-out clearer, and didn’t go to opt-in until it realized that the first change wasn’t making the tidal wave of criticism any less powerful. But all things considered, this is a very professional response to a very serious self-inflicted wound.

The Toyota analogy I mentioned earlier sticks in my mind. Was there something in their management structure that allowed this horse to get out of the barn? Will there be some mistrust of Google now, some greater awareness that the company never guaranteed Gmail users absolute privacy in the first place and that it retains the right to make commercially advantageous use of their data?

What Was Google Thinking?

Saturday, February 13th, 2010 by Harry Lewis

Sigh. It is so sad to see Google lurch from doing the wrong thing (helping the Chinese thought control regime) to doing the right thing (announcing they’d rather lose the business than keep censoring in China) to doing a spectacularly wrong thing: The much-hyped Buzz social network service sets up your initial group of contacts from the list of people with whom you’ve been exchanging email and instant messages. And then makes that list of contacts public to the world. So lawyers could be exposing their clients, doctors their patients, husbands their mistresses, journalists their tipsters, you name it.

Buzz is an opt-out service–you’re in it until you tell Google you want to be out. And it is hard to get out (though in the past few days Google has, in response to the furious reaction it’s gotten, made the instructions a bit more visible). Even if you get out of Buzz, however, your secret lover may be exposing you. Happy Valentine’s Day!

This reminds me of Facebook’s Beacon fiasco, in which the company did not think through the consequences of having members announce to their friends what they were buying. Except worse, because ANYBODY knows that your email contacts are private information. How could Google not have had this pointed out to them in some focus group? For that matter, don’t they employ some house skeptics who are there just to point out the kinds of flaws that lots of bloggers pointed out almost immediately after the product was released?

Google’s response, according to today’s New York Times, is that a lot of people like the way it works. Which I am sure is true, and is a reason why big industries get regulated. The interests of minorities, no matter how serious, are not as important as providing the majority a product they like. Except that this time it looks like Google miscalculated the size of the minority of people concerned about their privacy, and the intensity of their feelings. I hope Google, like Toyota, is doing some soul-searching about how they got into their current pickle.

Thanks to danah boyd for pointing me to this excellent post from a lawyers’ blog explaining and analyzing the privacy problem and giving specific instructions about how to turn Buzz off. Very much worth a read.

Iran Bans Gmail

Wednesday, February 10th, 2010 by Harry Lewis

In a move that is remarkably aggressive even by the standards of totalitarian regimes, Iran has announced that Gmail will be banned and that a government-run email service will take its place. The Wall Street Journal explains,

An Iranian official said the move was meant to boost local development of Internet technology and to build trust between people and the government.

I get it. People will trust the government more if they know the government is watching all their email and there is nothing they can do about it. Wait, no, I don’t get it. Could you explain that again?

I have gotten two unsolicited emails over the past year from Iran. One was from a Gmail address, enclosing a manuscript about teaching for me to read. When I responded that we all think about the people of Iran and their struggles, the unguarded reply was “That is why I chose green for the cover of my book.” I hope that did not get him into trouble. Another, from a Yahoo mail address, asked for my help in locating a relative. Apparently the person writing thought the relative had gone to Harvard. I could find no evidence of that but I did find the fellow’s Facebook page, for which my correspondent was very grateful

These experiences left me wondering how thorough the surveillance is, and today’s announcement leaves me wondering if people will put up with it being heightened.

Hilary Clinton on Internet Freedom

Sunday, January 24th, 2010 by Harry Lewis

I’ve now both listened to and read Secretary of State Hilary Clinton’s speech on Internet freedom. (That’s a link to the State Dept. home page, where it is still featured. I imagine it will move off shortly.)

It’s a good speech, I think. At least it was good enough to annoy the Chinese. A columnist for the People’s Daily snorted that Google had been reduced to an “ideological tool” of the US government and noted, correctly, that Google is losing the competition with the native Chinese search engine, Baidu. (Note: You can compare for yourself the search results returned by the US version of Google, the Chinese version of Google, and Baidu. But be aware that the link for Chinese Google takes you to servers inside the US, while the link for Baidu takes you, I think, to China. The result is that you may not see google.cn, the Chinese version, as the Chinese experience it. When I tried Googling “Falun Gong” inside China, I lost the Internet connection to my hotel room.)

The China Daily simply denies that Clinton is telling the truth. [A Foreign Ministry spokesman] “said the speech indicated China restricts internet freedom. ‘It is a far cry from the truth,’ he said.” And the People’s Daily accuses the US of hypocrisy. “It is common practice for countries, including the United States, to take necessary measures to administer the Internet according to their own laws and regulations. The Internet is also restricted in the United States when it comes to information concerning terrorism, porn, racial discrimination and other threats to society.” The paper goes on to cite Steve Ballmer as one of the good guys. “Noting that most countries exert some sort of control over information, Microsoft Chief Executive Steve Ballmer said Friday his company must comply with the laws and customs of any country where it does business.

In fact, in her speech, Clinton, after stirring invocations of the US First Amendment and the Universal Declaration of Human Rights, conceded the point about Internet freedom having its limits. Here is the crucial paragraph:

Now, all societies recognize that free expression has its limits. We do not tolerate those who incite others to violence, such as the agents of al-Qaida who are, at this moment, using the internet to promote the mass murder of innocent people across the world. And hate speech that targets individuals on the basis of their race, religion, ethnicity, gender, or sexual orientation is reprehensible. It is an unfortunate fact that these issues are both growing challenges that the international community must confront together. And we must also grapple with the issue of anonymous speech. Those who use the internet to recruit terrorists or distribute stolen intellectual property cannot divorce their online actions from their real world identities. But these challenges must not become an excuse for governments to systematically violate the rights and privacy of those who use the internet for peaceful political purposes.

Now that passage contains a remarkable juxtaposition. A grand buildup.  A concession that there are limits to expressive freedom. A citation of the example of mass terrorism. OK, I’m listening. The next examples are the usual nondiscrimination categories, presented as hate-speech categories. Now I am getting worried; what counts as hate speech is so often in the ears of the listener. To be sure, it is easy to imagine a Tibetan rant about Chinese oppression that the Chinese could reasonably tag as ethnic hate speech. This is beginning to sound like a list of exceptions to freedom big enough to put almost anyone in shackles. Then there is the “issue” of anonymous speech. Secretary Clinton has nothing good to say about it, and then in a flat declaration puts Osama Bin Laden in the same box with millions of American teenagers—in the box of “those use the internet to recruit terrorists or distribute stolen intellectual property.” At this point I think the speech loses its operative edge. It leads inevitably to the conclusion that the speech control tools aren’t the problem—they are necessary in fact—only the way they are used.

So I finished the speech feeling good; it’s certainly better than a speech that emphasized cooperation at all costs, and that might have been expected. On the other hand it leaves me unconvinced that the administration actually has a consistent point of view on cyber-freedom.

One ironic footnote. The streaming video comes via a service called Brightcove. If you click on the “Information” icon on the video window while the speech is playing, you get Brightcove’s who-knew? privacy policy, which explains that “By using the Site, you agree to the terms and conditions of this Privacy Policy. If you do not agree to the terms and conditions of this Privacy Policy, please do not use the Site.” Much of the privacy policy does not apply to visits to the state.gov site, which requires no login and hence generates no personal information. But of course viewing the Internet Freedom video does send Brightcove your IP address, which Brightcove treats as “Non-Personal Information.” And, it says, “we reserve the right to share Non-Personal Information with affiliates and other third parties, for any purpose.” So Brightcove could, for example, sell Harvard University the information that I watched the Internet Freedom video via the wired jack in my Harvard office. Freedom does have its limits, but I might have hoped they fell a bit farther out than that.

A Case of Mistaken Identity, with a Postscript on Encryption

Saturday, January 16th, 2010 by Harry Lewis

The Associated Press reports a strange case in which a Facebook user logged into her account from her cell phone and wound up in someone else’s. Except it turns out that though strange, it is not unprecedented. A couple of people even wound up in each other’s accounts.

It’s a little hard to figure out what is going on, but it seems that the wrong cookie (code identifying the Facebook account) got installed on the user’s cell phone. According to the story, it’s AT&T’s fault, though it is hard to be sure since all the cases involve not just the same carrier but the same web service (Facebook) and the same Nokia phones. If, as reported, it’s a bug in AT&T’s cell-phone-to-Internet connection, it’s easy to imagine that a user might be taken to another’s Gmail account in the same way.

If the connection had been encrypted, that would probably have prevented the cookie bug from doing any harm. But Facebook does not use encrypted connections.

Which reminds me of something I should have mentioned earlier. In what was already a good week for Google on the privacy front, because of its announcement that it would stand up to the Chinese censors, Google announced in a much less publicized blog post that it was going to enable https by default for Gmail. That is, up to now, your Gmail has flowed to you in plaintext, available for sniffing and snooping anywhere in the Internet. There was always a way to change that default and have your Gmail encrypted, but it took a little digging to find the check box and few people bothered. The disadvantage to Google in making encrypted email the default is that the encryption takes time, so Google had to upgrade its systems, costing them money. Now they have decided to to exactly that, and once again, good for them!

Added a little later: The betting in the Slashdot comment thread is that it’s simpler than the AP story suggests. As one comment says,

My guess is that it’s as simple as this: the http returned by a request to “www.facebook.com” was cached by AT&T and delivered to other users who attempted to fetch that URL in an attempt to save bandwidth. The login credentials are irrelevant… once AT&T cached the page it thought of as “www.facebook.com” it would deliver it to anyone who asked for that URL. It probably only changed for the next person because someone insisted on logging out and back in, and the caching server detected the change then re-cached the NEW user’s page. This used to happen a lot on the internet to unencrypted streams that allowed log-ins. These days most caching servers are properly configured, but it’s still an easy mistake to make if you’re setting up a caching proxy.

That is, sometimes an ISP will cache (keep its own local copy) of a web page it retrieves from a server so the ISP can deliver it to multiple users who may request it without going back to the server for a fresh copy each time. Obviously this is the wrong thing to do if there is any possibility that the page may change in an important way in between requests that the ISP is receiving. Perhaps it was just delivering one party’s version of “facebook.com” (a logged in page) to another user who also asked for “facebook.com”. Whatever it was doing, it was wrong! And reminds us that nothing in a distributed system ever works better than the poorest code that gets invoked. Even retrieving a web page involves lots of parties.

Vaidhyanathan on China

Thursday, January 14th, 2010 by Harry Lewis

Siva Vaidhyanathan, author of the forthcoming book The Googlization of Everything, has posted on his blog what seems to be the entire text of one chapter, about Google in China. So it was frozen well before Google’s decision to stop censoring and perhaps abandon ship. It is a nuanced, balanced argument, with some compelling detail. He notes that censorship is not as simple as the “great firewall” metaphor would suggest, and that absolutist no-business-with-oppressive-regimes postures are not actually productive. Siva replays the debate in which he, I, and Esther Dyson participated, with an honest assessment of the two sides of the argument.

During that debate on National Public Radio in November 2008, Harvard computer science professor Harry Lewis accused Google of violating its “Don’t be Evil” motto by creating Google.cn along the very lines that the Chinese government demanded. “Their choice was, to accept the Chinese ultimatum or to go home. They could have gone home but they didn’t. They stated and built the engine as the Chinese wanted it.” Lewis concluded, “Google didn’t choose the lesser of two evils when faced with the Chinese ultimatum. It chose the more profitable of the two evils.” Now, Lewis was making a debater’s point because, well, this was a debate. The question before the two panels was not whether Google on balance does more bad than good or good than bad. It was whether Google lived up to its motto. The Chinese deal gives Google critics – and my debating team – an easy shot. Perhaps it’s a cheap shot. But that is what debating is all about.

Esther Dyson responded to Lewis. Dyson is known as one of the central visionaries of the information age. She has been present at the creation of many of the most important initiatives of the Internet, including the gestation of several search engines. She is one of the brightest and most influential thinkers about digital technologies and their effects on the world. Dyson understandably believes in the transformative, perhaps revolutionary, power of information technology. “The great virtue of the Internet is that it erodes power, it sucks power out of the center, and takes it to the periphery, it erodes the power of institutions over people, while giving to individuals the power to run their own lives. Google is part of that. It’s one of these things that shines light on everything, it enables people to find stuff out, it enables them to question what their governments are doing, and it’s absolutely wonderful,” Dyson told the debate crowd in New York City. “Google by its very presence and its operation, even if it’s incomplete, creates increasing expectations for transparency, it starts people answering questions. It gets them to expect to be able to find out stuff.”

As I wrote in Chapter 1, I was sitting at the opposite table to Dyson. I was on Harry Lewis’ side of this constructed event. If the question at hand was whether Google violated its motto, I have to come down on Lewis’ side, as I was in fact on Lewis’ side. But in the real world, debates like this don’t matter much. To the people of China, Google’s fidelity to its motto doesn’t make a bit of difference. In the real world, Dyson has a much stronger point. Google might raise expectations. Google might spark some young person in China to ask one more question about why she can’t read this or watch that. Some Google is probably a little better for China than no Google.

You can listen to the debate here. The front page includes a nice picture of Siva and me, ecstatic (and a bit surprised) at the moment the audience declared our team the winner.

So it is time for me to fess up. Siva’s description and assessment are accurate. In fact, when I was invited to participate in the event, I said I could argue either side. They wanted me on the pro side, which was fine with me—as Siva says, in the rhetoric of a debate, it’s the easier argument about which to wax oratorical. But the argument requires a great deal of subtlety, and Siva’s chapter gives the nuanced view.

He doesn’t say how he would revise it now that Google seems to have gotten fed up with Chinese shenanigans …

Foursquare Meets Harvard

Wednesday, January 13th, 2010 by Harry Lewis

While preparing a talk about privacy yesterday, I wanted to cite an example of a commercial service that lures people into surrendering their location information in exchange for social connectivity, restaurant recommendations, and the like. I was planning to make the point (and did, when I gave the talk at the HELIN conference today) that location information has cash value, and there are a variety of business models based on getting people to give it up for free and then cashing in on the data that gets collected.

Nothing wrong with this in principle, as long as people understand what they are giving and what they are getting. They are getting connectivity and exposure and recommendations, and they are giving data about the places they go, perhaps not just to the social network but to the business partners of the for-profit corporation that is running it.

In any case, forgetting the names of these networks, I did a little searching and then settled on foursquare as the example I would use. “Check-in to find your friends, unlock your city,” says the site, and the front page then gives a rolling report of what the site members are doing and saying, for example, “Jim N. in DeKalb, Illiois became the mayor of Caribou Coffee.” You can click on the name of the member (player, really) or the establishment to get more information about either. As the site explains,

People use foursquare to “check-in”, which is a way of telling us your whereabouts. When you check-in someplace, we’ll tell your friends where they can find you and recommend places to go & things to do nearby. People check-in at all kind of places – cafes, bars, restaurants, parks, homes, offices.

You’ll find that as your friends use foursquare to check-in, you’ll start learning more about the places they frequent. Not only is it a great way to meet up with nearby friends, but you’ll also start to learn about their favorite spots and the new places they discover.

Not just your friends, either. Just watch the latest check-ins scroll by on the foursquare home page, and you will get lots of interesting tidbits about lots of people. I was starting to groan about the usual privacy questions—who owns the location data, how long does foursquare hold it, how hard will it be for an unhappy spouse or employer to get hold of it, can the company sell it to business partners—when I moved on to work on the next slide.

And then I woke up this morning to discover that foursquare had cut a deal with Harvard University. As Harvard’s official organ, the Gazette, explains,

The service, which is accessible from smartphones and other mobile devices, enables students and visitors to explore the campus and surrounding neighborhoods while sharing information about their favorite places.

The Gazette goes on to proclaim that we are #1: “Harvard is the first university to use foursquare to help students explore their campus and surrounding places of interest.” (Maybe we should take pride in this, though UNC Charlotte claims to be the first university to use foursquare, for a somewhat different purpose. Years ago, when Harvard fell to #2 in the US News rankings, our humor magazine pointed out that this was a good thing, as it would teach us humility, and we should strive to be #1 in humility as we are in everything else.)

Having spent many an afternoon over the past year in information security meetings, where the University has been developing policies and standards for how information about our students may be accessed, stored, and moved, I immediately started wondering whether Harvard had somehow signed onto a deal to encourage students to surrender their privacy, and if so, who was the commercial beneficiary. The Gazette story doesn’t mention data privacy at all. It simply has a Harvard spokesman echoing foursquare’s utopianism.

We believe that Harvard’s participation will allow our community to engage with friends, professors, and colleagues in new ways. We also hope visitors and neighbors will benefit from the platform as it grows through use.

So visiting high school students and Chinese tourists are apparently also the intended “beneficiaries” of this “service.”

As Hal Roberts of the Berkman Center pointed out when I asked him about this story, foursquare’s privacy policy is pure boilerplate:

We receive and store certain types of information whenever you interact with our Service or services. Foursquare automatically receives and records information on our server logs from your browser including your IP address, cookie information, and the page you requested.

It goes on to explain how they aggregate this data and analyze it, and how they won’t disclose it in a way that would identify you personally. Only problem is, the privacy policy doesn’t mention the really private information foursquare collects—the location information. That simply isn’t covered by any of the boilerplate. So they can do what they want with it, without asking. Moreover (and thanks to doc searls for pointing this out), foursquare explicitly says that they may sell that information, and even if they don’t, the company will pass it on if it gets acquired. And that by signing up, you are acknowledging that you understand all that.

Business Transfers: In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Moreover, if Foursquare, or substantially all of its assets were acquired, or in the unlikely event that Foursquare goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Foursquare may continue to use your Personal Information as set forth in this policy.

It’s a free country. If people think it’s fun for people to know where they are, and they understand what they are doing, by all means they should go for it. I am not a killjoy.

But I am puzzled that Harvard wants to encourage this behavior—that it has somehow analyzed the social benefits and the evident commercial interests and privacy risks involved here, and has come to the conclusion that on balance it would be a good thing if a lot of students signed up.

I hardly dare wonder if Harvard itself might have a pecuniary interest in the success of the partnership. I hope not, and that it has simply seen great benefits to the community—and few risks. I would love to know more.

Added January 14: Perry Hewitt, who is quoted in the article, wanted to be clear that there is no “partnership” (as I called it) between Harvard and foursquare. Harvard is simply a foursquare “presence”—as it would be anyway, whether Harvard formally cooperated or not. By allowing foursquare to create a Harvard badge, Harvard is simply making more convenient something people would be doing anyway. I am grateful to Perry for getting back to me and clarifying these points.

Is It Illegal to Record an Arrest?

Tuesday, January 12th, 2010 by Harry Lewis

Depends on who you talk to.

In Blown to Bits, we talk about citizen vigilantism—people taking vengeance on people they see doing bad things, or just snapping pictures of crimes being committed, pictures that may help identify the culprits. The digital explosion has engendered a lot more of this, for both better and worse—we once did not all have cameras on us all the time.

Of course, a technology generation later, we all have not just still cameras, but audio recorders and video cameras too—in cell phones and even iPods. And people are whipping them out when they observe arrests being made, and are using the recordings to embarrass the the police, or to help in the defense of the party being arrested.

Except now, as the Boston Globe reports,  the police are increasingly fighting back, accusing those making the recordings of illegal surveillance, under wiretapping statutes. It’s a fascinating story. Some of the convictions are standing up in Massachusetts—the Supreme Judicial Court ruled in a split decision that the wiretapping statutes apply, unless the recording was made in a public manner. So people hiding the microphone in their sleeve or the camera in their coat may well be in trouble. Chief Justice Margaret Marshall was in the minority, opining

Citizens have a particularly important role to play when the official conduct at issue is that of the police. Their role cannot be performed if citizens must fear criminal reprisals when they seek to hold government officials responsible by recording, secretly recording on occasion, an interaction between a citizen and a police officer.

I don’t envy the police their job. Hell, I wouldn’t be happy if people were video-recording my  every movement while I was doing my job. But what the police are doing while making an arrest seems to me a public act by definition. In other situations (all those traffic-stop videos we see) the police themselves make sure everything is recorded these days. Can’t see why recording the police arresting someone in the public square wouldn’t fall within citizens’ rights.

Zuckerberg to the World: Privacy? Forget About It

Sunday, January 10th, 2010 by Harry Lewis

A year and a half ago, I wrote an opinion piece entitled How Facebook Spells the End of Privacy. Now Facebook founder Mark Zuckerberg says he’s sorry he ever built those privacy options into Facebook in the first place. Explaining the company’s decision in September to make all kinds of information public that users used to have the option to keep private—their friends list and the list of pages they subscribe to in particular — Zuckerberg explained,,

A lot of companies would be trapped by the conventions and their legacies of what they’ve built, doing a privacy change – doing a privacy change for 350 million users is not the kind of thing that a lot of companies would do. But we viewed that as a really important thing, to always keep a beginner’s mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.

Zuckerberg says that people are more comfortable sharing and being open than they used to be, and Facebook is just catching up with where society has already gone. Of course this is nonsensical reasoning, unworthy of someone who took a course in computational theory from me (yes, he did). The claim that a lot more people today do X than not-X is no reason to make everyone do X. As Marshall Kirkpatrick observes in the story linked to above, money is a more likely explanation. Having made Facebook nearly ubiquitous, Zuckerberg now sees more money in encouraging (or requiring) people to give up more information about themselves.

There are reasons of personal safety for people to maintain some privacy. There are reasons people want to keep multiple identities (personal and professional, for example) isolated from each other. And there is the big argument, which I put forward in Chapter 2, that privacy is socially progressive—not in the political sense, just in the obvious way, it is easier to think differently, and act differently, if you do so with trusted friends than in the full view of the entire world. I wonder if Zuckerberg would say the same thing about people being more open about everything if he spent a few months in China or in Iran.