MARCH 4, 2016

CAROLINA ROSSINI

VP @ PUBLIC KNOWLEDGE

BODY CAMERAS, BIG DATA,

AND PRIVACY: TWENTY FIRST

CENTURY TECHNOLOGY AND

THE FOURTH AMENDMENT

ELON LAW REVIEW SYMPOSIUM

International Sources

u the right to privacy is explicitly defined as a right for all people

Universal Declaration of Human Rights,

International Covenant on Civil and Political Rights (ICCPR

American Convention on Human RightsCharter of Fundamental Rights (Arts. 7 and 8)

OECD Privacy Guidelines

Fair Information Practices.

What does privacy enables?

u The right to privacy allows for all people to keep information about themselves out of the hands of those they don’t want to have the information. This includes personal data, such as weight or birthplace to more sensitive personal data, such as personal preferences, religious beliefs, and political views.

u The right to privacy also allows for people to feel empowered to have free flowing discussions and communications (offline and online) about sensitive issues without fear of retaliation or censorship.

u The right to privacy is most important because it allows for the rights of freedom of expression, freedom of speech, freedom of opinion, freedom of association, access to information, to flourish.

Right to be Anonymous

u In addition to privacy, the right to be anonymous online - thus, the right to say something online without having it be connected to your real identity - is also a crucial piece of the discussion around human rights, surveillance, data protection, and big data.

Your Privacy on The Web

What does privacymean to you?

“Nothing to hide”?

Or

“Having Control on your data” ?

Online Privacy?

uThe ability to control what information one reveals about oneself over the internet, and control who can access that information.

How differently people look at it?

u “Privacy is the future. Get used to it.” - Marc Rotenberg, Director, Electronic Privacy Information Centre - EPIC) (Fortune, 2001).

u “You have zero privacy anyway. Get over it.” - Scott McNealy, CEO, Sun Microsystems, 1999

Contemporaneous issues and trends

Your, Mine, Ours Digital Shadow

https://myshadow.org/

Behavioral Marketing

u Retargeting marks or tags online users who visit a certain brand website with a pixel or a cookie,[2] and then serves banner ads only to the people who have shown at least some amount of engagement with the original brand. In the milliseconds before you land on a web site where a retargeting company has either directly placed or has access to the site users cookie information, they present you with a highly targeted real-time and personalized advert for that very thing that you were looking at while you were on the retailers website earlier.

u Pretargeting is a form of online targeted advertising by which online advertising is targeted to consumers based on their previous actions on many websites. PreTargeting is a method to identify websites that people have likely or actually visited before coming to a retailer or publishers website and that information can be then used by them to better target the content that you see while browsing their website.

Behavioral Marketing

u The giants of the marketing world, namely Facebook and Google, already have an unimaginable amount of data regarding shopping trends and experiences. They can use this to spot the next big trends with a 90% degree of accuracy. With these types of insights they can predict the shopper's future and send out messages to encourage the customer towards a purchase.

u Amazon does a fantastic job of pretargeting with the customers that connect with Facebook. Shoppers can see their friends and Amazon starts building a shopping list, which is frightfully accurate.

$$$$

Not only your social media

u Walmart is an example that combines offline and online tracking with data aggregation. Walmart has gathered a large amount of consumer information from offline and online behaviors, and enhance their tracking abilities with the additional information sought from third parties.

Consumers, Big Data, and Online Tracking in the Retail Industry: A Case Study of Walmart, Center for Media Justice (November 2013), http://centerformediajustice.org/wp-content/uploads/2014/06/WALMART_PRIVACY_.pdf

Profiling goes global

u The current business model for global companies is “connected recognition ,” gathering and analyzing the information about your locations and activities across a number of devices you may own.

BARBIE

https://myshadow.org/trace-my-shadow

“As big data becomes more commonplace and embedded in everyday interactions, it could be used to automate discrimination and unfairness, both when data analytics delivers inaccurate profiles of individuals, for instance, but also when correct personal profiling is used to take advantage of a person’s weaknesses, such as with predatory lending. In both cases, she stressed that it could have profound impacts on people’s stability, mobility, and ability to determine their personal destinies.” Profa. Seeta Peña Gangadharan

Consequences – nothing funny

Barocas, Solon and Rosenblat, Alex and boyd, danah and Gangadharan, Seeta Peña and Yu, Corrine, Data & Civil Rights: Technology Primer (October 30, 2014). Data & Civil Rights Conference, October 2014. Available at SSRN: http://ssrn.com/abstract=2536579 or http://dx.doi.org/10.2139/ssrn.2536579

Privacy and IoT

"The Internet of Things" (IoT) refers to the capability of everyday devices to connect to other devices and people through the existing Internet infrastructure.

u Like it or not, technology is becoming inextricably entwined with the fabric of our lives. Our cars,

our homes, even our bodies, are collecting, storing and streaming more personal data than ever

before. In 2015, Gartner, Inc. forecasts the number of connected “things” will reach 4.9 billion, up

30 percent from 2014. By the year 2020, that number is expected to reach 25 billion.

u They are able to communicate with consumers, collect and transmit data to companies, and

compile large amounts of data for third parties.

Privacy and IoT

Car Privacy and Security

As vehicle manufacturers rush to adopt mobile-

friendly platforms and wireless technologies,

they've neglected to plug security and privacy

gaps, a new report revealed.

"Nearly 100% of vehicles on the market include

wireless technologies that could pose

vulnerabilities to hacking or privacy intrusions,”

Source: https://www.markey.senate.gov/imo/media/doc/2015-02-06_MarkeyReport-

Tracking_Hacking_CarSecurity%202.pdf

BARBIE

BARBIE

BARBIE

hackers turn your baby monitor into a spy cam

“Eight of the nine cameras got an F and one got a D minus,” security researcherMark Stanislav told Fusion’s Kashmir Hill. Security

flaws included issues such as a lack of encryption, the use of default passwords, and access to Internet portals with the device’s serial number or account number.

Source: http://www.wired.com/2015/09/security-news-week-turns-baby-monitors-w ildly -easy-hack/

Baby monitors are crazy easy to hack

Why is metadata important?

u We generate metadata unknowingly, in an organized format and over the long term. Metadata makes it easy to analyze, recognize patterns and draw conclusions about who we are, and what we are doing.

u Companies that are central to our communications - like our mobile phone provider or internet/email service provider - have detailed logs of this metadata, and this gives them, and anyone else who can access this information, an unprecedentedly detailed picture.

u Metadata can also reveal things we might not want to reveal. If our phone shows up in a certain location at the time that there is a protest, this can reveal that we were one of the protesters.

Big Data, Privacy and Profiling

u Big data has a variety of definitions, but is often described as:

u the fastly growing, massive data sets that contain a large volume, velocity, and variety of information. Big data sets, including those scraped from social media, online shopping sites, GPS devices, banks, entertainments sites, and others are usually too large to be analyzed by most modern data analyzing tools. Hundreds of trillions of bytes of data have been created, just on the Internet, and for many, big data paves the way for more efficient research, marketing, polling, and health/scientific research. Private sector companies have begun to invest more into big data research and analysis, as have a number of individual governments.

Who “regulates” privacy?

u The United States Federal Trade Commission (FTC) has

been involved in oversight of the behavioral targeting

techniques used by online advertisers since the mid-1990s.

These techniques, initially called "online profiling", are now

referred to as "behavioral targeting"; they are used to

target online behavioral advertising (OBA) to consumers

based on preferences inferred from their online behavior.

BARBIE

the public-private surveillance partnership

u What companies know, governments can & will know

u Any reform must take into account this relationship

Who else is watching you?

Privacy and Surveillance

Increase on “surveillance” agencies’ budget since the Patriotic Act

Encryption and Cryptography

Encryption and Cryptography

The growth of cryptographic technology has raised a number of legal issues in the information age. Cryptography's potential for use as a tool for espionage and sedition has led many governments to classify it as a weapon and to limit or even prohibit its use and export. In some jurisdictions where the use of cryptography is legal, laws permit investigators to compel the disclosure of encryption keys for documents relevant to an investigation.

Modern cryptography is increasingly being used by human rights and nonprofit community activist groups around the world to protect sensitive data from governments and hostile organizations.

Tor Usage and Political Rights

u Opportunity vs. Need

Source: The Dark Web Dilemma: Tor, Anonymity and Online Policing Eric Jardine (CIGI, 2016)https://www.cigionline.org/sites/default/files/no.21_1.pdf

Free Flow and Trade

u Forum Shopping: The total number of new data privacy laws globally, viewed by decade, shows that their growth is accelerating, not merely expanding linearly: 8 (1970s), 13 (1980s), 21 (1990s), 35 (2000s) and 12 (2 years of the 2010s), giving the total of 89.

u It is not about freedom of expression

u It is about trade, it is about e-commerce

u Privacy considered as a trade barrier

u countries should not use trade agreements to challenge privacy laws as trade barriers

u we need to make clear about what type of information we are discussing when discussing “free-flow”, which historically is related to cross-personal-data flow

u and if we want the language to go beyond cross-data-flow and actually deal with freedom of expression, the e-commerce chapter is a limited venue for that

More at: Information Flow and Trade Agreements: History and Implications for Consumers’ Privacy Alberto Cerda and Carolina Rossini – May, 20131 http://a2knetwork.org/sites/default/files/tpp_and_free_flow.pdf

The Digital Trade Imbalance and Its Implications for Internet Governance, Susan Ariel Aaronson, (CIGI, 2016)https://www.ourinternet.org/publication/the-digital-trade-imbalance-and-its-implications-for-internet-governance/

CISA - Surveillance bill by another name?

Source: https://www.newamerica.org/oti/the-cispa-zombie-wont-die-instead-it-changed-its-name-to-cisa-and-its-here-to-violate-your-privacy/

What it means for consumers/users

What it means for companies

https://www.ccianet.org/2015/10/ccia-urges-senate-to-improve-cybersecurity-information-sharing-act/

http://www.law360.com/articles/760952/information-sharing-under-cisa-what-it-means-for-companies

Wearables and Health Privacy

https://cdt.org/blog/recent-health-privacy-work-cdt/

Wearables + cutting-edge consent process = good science

Mole Mapper, a patient-centered iPhone-app based study to quantitatively track molesand help detect early signs of the deadly skin cancer melanoma.

Share the Journey: Mind, Body, and Wellness after Breast Cancer -Research on cognition after cancer is diagnosed

http://sagebase.org/mole-mapper/http://parkinsonmpower.org/ http://sharethejourneyapp.org/

BARBIE

http://sagebase.org/pcc/participant-centered-consent-toolkit/

Privacy + Consent = TRUST

u over 75 percent of the more than 12,000 mPowerparticipants chose to share their data broadly with researchers.

u This cutting-edge consent process is outlined in a third paper published today in Nature Biotechnology, and represents a sea of change in participant control over data sharing.

Privacy and security are two sides of a coin, intertwined and in near

constant tension.

its your responsibility and opportunity

https://www.epic.org/privacy/tools.html

Understand your technology

Video @ https://www.article19.org/resources.php/resource/38278/en/a-net-of-rights?-new-film-links-human-rights-and-internet-protocols

Thank you!

crossini@publicknowledge.org

Carolinarossini