consumers' and citizens' privacy
TRANSCRIPT
MARCH 4, 2016
CAROLINA ROSSINI
VP @ PUBLIC KNOWLEDGE
BODY CAMERAS, BIG DATA,
AND PRIVACY: TWENTY FIRST
CENTURY TECHNOLOGY AND
THE FOURTH AMENDMENT
ELON LAW REVIEW SYMPOSIUM
International Sources
u the right to privacy is explicitly defined as a right for all people
Universal Declaration of Human Rights,
International Covenant on Civil and Political Rights (ICCPR
American Convention on Human RightsCharter of Fundamental Rights (Arts. 7 and 8)
OECD Privacy Guidelines
Fair Information Practices.
What does privacy enables?
u The right to privacy allows for all people to keep information about themselves out of the hands of those they don’t want to have the information. This includes personal data, such as weight or birthplace to more sensitive personal data, such as personal preferences, religious beliefs, and political views.
u The right to privacy also allows for people to feel empowered to have free flowing discussions and communications (offline and online) about sensitive issues without fear of retaliation or censorship.
u The right to privacy is most important because it allows for the rights of freedom of expression, freedom of speech, freedom of opinion, freedom of association, access to information, to flourish.
Right to be Anonymous
u In addition to privacy, the right to be anonymous online - thus, the right to say something online without having it be connected to your real identity - is also a crucial piece of the discussion around human rights, surveillance, data protection, and big data.
Your Privacy on The Web
What does privacymean to you?
“Nothing to hide”?
Or
“Having Control on your data” ?
Online Privacy?
uThe ability to control what information one reveals about oneself over the internet, and control who can access that information.
How differently people look at it?
u “Privacy is the future. Get used to it.” - Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001).
u “You have zero privacy anyway. Get over it.” - Scott McNealy, CEO, Sun Microsystems, 1999
Contemporaneous issues and trends
Your, Mine, Ours Digital Shadow
https://myshadow.org/
Behavioral Marketing
u Retargeting marks or tags online users who visit a certain brand website with a pixel or a cookie,[2] and then serves banner ads only to the people who have shown at least some amount of engagement with the original brand. In the milliseconds before you land on a web site where a retargeting company has either directly placed or has access to the site users cookie information, they present you with a highly targeted real-time and personalized advert for that very thing that you were looking at while you were on the retailers website earlier.
u Pretargeting is a form of online targeted advertising by which online advertising is targeted to consumers based on their previous actions on many websites. PreTargeting is a method to identify websites that people have likely or actually visited before coming to a retailer or publishers website and that information can be then used by them to better target the content that you see while browsing their website.
Behavioral Marketing
u The giants of the marketing world, namely Facebook and Google, already have an unimaginable amount of data regarding shopping trends and experiences. They can use this to spot the next big trends with a 90% degree of accuracy. With these types of insights they can predict the shopper's future and send out messages to encourage the customer towards a purchase.
u Amazon does a fantastic job of pretargeting with the customers that connect with Facebook. Shoppers can see their friends and Amazon starts building a shopping list, which is frightfully accurate.
$$$$
Not only your social media
u Walmart is an example that combines offline and online tracking with data aggregation. Walmart has gathered a large amount of consumer information from offline and online behaviors, and enhance their tracking abilities with the additional information sought from third parties.
Consumers, Big Data, and Online Tracking in the Retail Industry: A Case Study of Walmart, Center for Media Justice (November 2013), http://centerformediajustice.org/wp-content/uploads/2014/06/WALMART_PRIVACY_.pdf
Profiling goes global
u The current business model for global companies is “connected recognition ,” gathering and analyzing the information about your locations and activities across a number of devices you may own.
BARBIE
https://myshadow.org/trace-my-shadow
“As big data becomes more commonplace and embedded in everyday interactions, it could be used to automate discrimination and unfairness, both when data analytics delivers inaccurate profiles of individuals, for instance, but also when correct personal profiling is used to take advantage of a person’s weaknesses, such as with predatory lending. In both cases, she stressed that it could have profound impacts on people’s stability, mobility, and ability to determine their personal destinies.” Profa. Seeta Peña Gangadharan
Consequences – nothing funny
Barocas, Solon and Rosenblat, Alex and boyd, danah and Gangadharan, Seeta Peña and Yu, Corrine, Data & Civil Rights: Technology Primer (October 30, 2014). Data & Civil Rights Conference, October 2014. Available at SSRN: http://ssrn.com/abstract=2536579 or http://dx.doi.org/10.2139/ssrn.2536579
Privacy and IoT
"The Internet of Things" (IoT) refers to the capability of everyday devices to connect to other devices and people through the existing Internet infrastructure.
u Like it or not, technology is becoming inextricably entwined with the fabric of our lives. Our cars,
our homes, even our bodies, are collecting, storing and streaming more personal data than ever
before. In 2015, Gartner, Inc. forecasts the number of connected “things” will reach 4.9 billion, up
30 percent from 2014. By the year 2020, that number is expected to reach 25 billion.
u They are able to communicate with consumers, collect and transmit data to companies, and
compile large amounts of data for third parties.
Privacy and IoT
Car Privacy and Security
As vehicle manufacturers rush to adopt mobile-
friendly platforms and wireless technologies,
they've neglected to plug security and privacy
gaps, a new report revealed.
"Nearly 100% of vehicles on the market include
wireless technologies that could pose
vulnerabilities to hacking or privacy intrusions,”
Source: https://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-
Tracking_Hacking_CarSecurity%202.pdf
BARBIE
BARBIE
BARBIE
hackers turn your baby monitor into a spy cam
“Eight of the nine cameras got an F and one got a D minus,” security researcherMark Stanislav told Fusion’s Kashmir Hill. Security
flaws included issues such as a lack of encryption, the use of default passwords, and access to Internet portals with the device’s serial number or account number.
Source: http://www.wired.com/2015/09/security-news-week-turns-baby-monitors-w ildly -easy-hack/
Baby monitors are crazy easy to hack
Why is metadata important?
u We generate metadata unknowingly, in an organized format and over the long term. Metadata makes it easy to analyze, recognize patterns and draw conclusions about who we are, and what we are doing.
u Companies that are central to our communications - like our mobile phone provider or internet/email service provider - have detailed logs of this metadata, and this gives them, and anyone else who can access this information, an unprecedentedly detailed picture.
u Metadata can also reveal things we might not want to reveal. If our phone shows up in a certain location at the time that there is a protest, this can reveal that we were one of the protesters.
Big Data, Privacy and Profiling
u Big data has a variety of definitions, but is often described as:
u the fastly growing, massive data sets that contain a large volume, velocity, and variety of information. Big data sets, including those scraped from social media, online shopping sites, GPS devices, banks, entertainments sites, and others are usually too large to be analyzed by most modern data analyzing tools. Hundreds of trillions of bytes of data have been created, just on the Internet, and for many, big data paves the way for more efficient research, marketing, polling, and health/scientific research. Private sector companies have begun to invest more into big data research and analysis, as have a number of individual governments.
Who “regulates” privacy?
u The United States Federal Trade Commission (FTC) has
been involved in oversight of the behavioral targeting
techniques used by online advertisers since the mid-1990s.
These techniques, initially called "online profiling", are now
referred to as "behavioral targeting"; they are used to
target online behavioral advertising (OBA) to consumers
based on preferences inferred from their online behavior.
BARBIE
the public-private surveillance partnership
u What companies know, governments can & will know
u Any reform must take into account this relationship
Who else is watching you?
Privacy and Surveillance
Increase on “surveillance” agencies’ budget since the Patriotic Act
Encryption and Cryptography
Encryption and Cryptography
The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation.
Modern cryptography is increasingly being used by human rights and nonprofit community activist groups around the world to protect sensitive data from governments and hostile organizations.
Tor Usage and Political Rights
u Opportunity vs. Need
Source: The Dark Web Dilemma: Tor, Anonymity and Online Policing Eric Jardine (CIGI, 2016)https://www.cigionline.org/sites/default/files/no.21_1.pdf
Free Flow and Trade
u Forum Shopping: The total number of new data privacy laws globally, viewed by decade, shows that their growth is accelerating, not merely expanding linearly: 8 (1970s), 13 (1980s), 21 (1990s), 35 (2000s) and 12 (2 years of the 2010s), giving the total of 89.
u It is not about freedom of expression
u It is about trade, it is about e-commerce
u Privacy considered as a trade barrier
u countries should not use trade agreements to challenge privacy laws as trade barriers
u we need to make clear about what type of information we are discussing when discussing “free-flow”, which historically is related to cross-personal-data flow
u and if we want the language to go beyond cross-data-flow and actually deal with freedom of expression, the e-commerce chapter is a limited venue for that
More at: Information Flow and Trade Agreements: History and Implications for Consumers’ Privacy Alberto Cerda and Carolina Rossini – May, 20131 http://a2knetwork.org/sites/default/files/tpp_and_free_flow.pdf
The Digital Trade Imbalance and Its Implications for Internet Governance, Susan Ariel Aaronson, (CIGI, 2016)https://www.ourinternet.org/publication/the-digital-trade-imbalance-and-its-implications-for-internet-governance/
CISA - Surveillance bill by another name?
Source: https://www.newamerica.org/oti/the-cispa-zombie-wont-die-instead-it-changed-its-name-to-cisa-and-its-here-to-violate-your-privacy/
What it means for consumers/users
What it means for companies
https://www.ccianet.org/2015/10/ccia-urges-senate-to-improve-cybersecurity-information-sharing-act/
http://www.law360.com/articles/760952/information-sharing-under-cisa-what-it-means-for-companies
Wearables and Health Privacy
https://cdt.org/blog/recent-health-privacy-work-cdt/
Wearables + cutting-edge consent process = good science
Mole Mapper, a patient-centered iPhone-app based study to quantitatively track molesand help detect early signs of the deadly skin cancer melanoma.
Share the Journey: Mind, Body, and Wellness after Breast Cancer -Research on cognition after cancer is diagnosed
http://sagebase.org/mole-mapper/http://parkinsonmpower.org/ http://sharethejourneyapp.org/
BARBIE
http://sagebase.org/pcc/participant-centered-consent-toolkit/
Privacy + Consent = TRUST
u over 75 percent of the more than 12,000 mPowerparticipants chose to share their data broadly with researchers.
u This cutting-edge consent process is outlined in a third paper published today in Nature Biotechnology, and represents a sea of change in participant control over data sharing.
Privacy and security are two sides of a coin, intertwined and in near
constant tension.
its your responsibility and opportunity
https://www.epic.org/privacy/tools.html
Understand your technology
Video @ https://www.article19.org/resources.php/resource/38278/en/a-net-of-rights?-new-film-links-human-rights-and-internet-protocols