- What Information is Protected?
- Privacy From Whom?
- Individual Goofing Off
- What is the risk where data is lost?
Technology that will protection you from one threat vector may not protected you from another. An email service that offers encrypted email may protect you against surveillance by an authoritarian regimes, but not as against the corporation, or as against the divorce lawyer.
A lack of trust in the network / serviceinhibits use of the network / service.
- Rafi Goldberg, NTIA, Lack of Trust in Internet Privacy and Security May Deter Economic and Other Online Activities (May 13, 2016)
- Paul Starr, The Creation of the Media (2005) (discussing how Ben Franklin recognized the necessity of individuals trusting the postal service for the growth of the country and the economy).
- FTC, Staff Report, Internet of Things: Privacy & Security in a Connected World, at 55 (Jan. 2015)
- Written statement of Kevin Werbach, Associate Professor of Legal Studies & Business Ethics, The Wharton School, Hearing on ECPA Reform and the Revolution in Cloud Computing House Judiciary Committee, Subcommittee on the Constitution, Civil Rights and Civil Liberties September 23, 2010 at 8 (“A smooth transition to cloud computing requires users to continue feeling a sense of trust online.”)
- CISCO Comments to NTIA Internet of Things June 2,2016 at 22 (“end users must trust that their data is being securely transmitted”)
- Microsoft Comments to NTIA at 6 (March 13, 2017) ("One of the most significant barriers to adoption of new technologies such as IoT is a lack of consumer trust.")
- Tom Standage, The Victorian Internet 118 (2007) ("Worries about the security of telegraphic money transfers were holding back the development of on-line commerce ('The opportunities for fraud has been the chief obstacle,' declared the Journal of the Telegraph in 1872)")
- as against whom
- Individuals Goofing Off
- Discontinuity of protections
- Corporations versus Governments
Information Collection Concerns
Looks a lot like FIPPS
From N Doty, D Mulligan. E Wilde, Privacy Issues of the W3C Geolocation API, UC Berkeley School of Information Reports 2010-038, February 2010
- "Appropriateness: Is the collection of location information appropriate given the context of the service or application?
- "Minimization: Is the minimum necessary granularity of location information distributed or collected?
- "User Control: How much ongoing control does the user have over location information? Is the user a passive receiver of notices or an active transmitter of policies? Are there defaults? Do they privilege privacy or information ow?
- "Notice: Can requesters transmit information about their identity and practices? What information is required to be provided to the user by the requesting entity? What rules can individuals establish, attach to their location information and transmit? Is there a standard language for such rules?
- "Consent: Is the user in control of decisions to disclose location information? Is control provided on a per use, per recipient or some other basis? Is it operationalized as an opt-in, opt-out or opt model?
- "Secondary Use: Is user consent required for secondary use (a use beyond the one for which the information was supplied by the user)? Do mechanisms facilitate setting of limits or asking permission for secondary uses?
- "Distribution: Is distribution of location information limited to the entity with whom the individual believes they are interacting or is information re-transmitted to others?
- "Retention: Are timestamps for limiting retention attached to location information? How can policy statements about retention be made?
- "Transparency and Feedback: Are flows of information transparent to the individual? Does the specification facilitate individual access and related rights? Are there mechanisms to log location information requests and is it easy for individuals to access such logs
- "Aggregation: Does the standard facilitate aggregation of location information on specific users or users generally? Does the specification create persistent unique identifiers?
Right to Privacy / Media
- Invasion of privacy is a claim as against media and news reporters, arguing that the reported on material was not news worthy and constituted an invasion of privacy.
- Whether something is newsworthy has been defined frequently by the courts with the circular logic of whether it appeared in the news. A foundation of the courts hesitancy for finding truthful news reporting to be an invasion of privacy is the First Amendment.
- Restatement of Torts
- "When the subject matter is of legitimate public concern, there is no invasion of privacy.”
- "It seems clear that the common law restrictions on recovery for publicity given to a matter of proper public interest will now become part of the constitutional law of freedom of the press and freedom of speech. To the extent that the constitutional definition of a matter that is of legitimate concern to the public is broader than the definition given in any State, the constitutional definition will of course control."
- Restatement (Second) of Torts § 652D, comment d (1977).
- The Restatement sets forth reportedly four privacy interests
- Misappropriation of one's likeness
- Intrusion of one's privacy
- Public disclosure of highly private information and
- False light
- Bartnicki v. Vopper, 532 U.S. 514 (2001).
- Landmark Comm., Inc. v. Virginia, 435 U.S. 829 (1978) “The article published by Landmark provided accurate factual information about a legislatively authorized inquiry pending before the Judicial Inquiry and Review Commission, and in so doing clearly served those interests in public scrutiny and discussion of governmental affairs which the First Amendment was adopted to protect." p 839.
- Cox Broadcasting v. Cohn, 420 U.S. 469 (1975) (no cause of action where newspaper published name of rape victim)
- New York Times v. United States, 403 U.S. 713 (1970) (no cause of action where newspaper published name of rape victim).
- New York Times v. Sullivan, 376 U.S. 254 (1964) (defamation causes of action by public figures against news reporters must demonstrate that reporting was malicious or with reckless disregard to the truth).
- Griswold v. Connecticut, 381 U.S. 479 (1965)
- Winters v. New York, 333 U.S. 507 (1948) (striking down NY state law which prohibited publications “principally made up of criminal news, police reports, or accounts of criminal deeds of bloodshed, lust or crime.”)
- Pavesich v. New Eng. Life Ins. Co., 50 S.E. 68 (Ga. 1905) (public figures waive right to privacy)
- Erwin Chemerinsky, Rediscovering Brandeis’s Right to Privacy, 45 BRANDEIS L. J. 643 (2007)
- Jessica E. Jackson, Note: Sensationalism in the Newsroom: Its Yellow Beginnings, the Nineteenth Century Legal Transformation, and the Current Seizure of the American Press, 19 N.D. J. L. ETHICS & PUB. POL’Y 789 (2005)
- Patrick J. McNulty, The Public Disclosure of Private Facts: There is Life After Florida Star, 50 DRAKE L. REV. 93, 98 (2001)
- Rodney A. Smolla, Privacy and the First Amendment Right to Gather News, 67 GEO. WASH. L. REV. 1097 (1999)
- Randall P. Bezanson, The Right to Privacy Revisited: Privacy, News, and Social Change, 1890-1990, 80 CAL. L. REV. 1133 (1992)
- Jonathan B. Mintz, The Remains of Privacy’s Disclosure Tort: An Exploration of the Private Domain, 55 MD. L. REV. 425 (1996)
- John A. Jurata, Jr., Comment, The Tort That Refuses To Go Away: The Subtle Reemergence of the Public Disclosure of Private Facts Tort, 36 SAN DIEGO L. REV. 489 (1999)
- Robert C. Post, The Social Foundations of Privacy: Community and Self in the Common Law Tort, 77 CAL. L. REV. 957 (1989).
- Thomas I. Emerson, The Right of Privacy and Freedom of the Press, 14 HARV. CIV. RIGHTS CIV. LIB. L. REV. 329 (1979)
- Linda N. Woito & Patrick McNulty, The Privacy Disclosure Tort and the First Amendment: Should the Community Decide Newsworthiness, 64 IOWA L. REV. 185 (1979)
- William Prosser, Privacy, 48 CAL. L. REV. 383 (1960).
| The Technology of Privacy: When Geeks Meet Wonks
- Taxonomy [Eckersley EFF When Geeks Meet Wonks]
- What Data is protected (what you read, where you go, when you go, who you are, what is your religion, sexual orientation, who you talk to, what you buy)
- Privacy as against whom? (corporations, advertisers, governments, family, spouces, employers, law enforcement, lawyers, identity thieves, mafia, stalkers, data brokers)
- Purpose of Privacy ? (protection from authoritarian governments, social intolerance, crime, protection, individuals; what is risk where privacy is compromised)
- Data where (in storage, in the cloud, on your computer, in transmission)
- Blocking Resistant Tools
- on Computer
- of Communications
- HTTPS (Web)
- Encryption of web access, protects against interception of webbrowsing (including web based email), username and password interception, theft of financial information, ID theft, account hijacking. Useful with Wifi access points.
- Email: Avoids interception in transmission (by authoritarian regime); however stored email subject to subpoena
- Problem: Not widely deployed, or not deployed correctly [Eckersley EFF When Geeks Meet Wonks]
- HTTPS Everywhere: Attempts to force websites into HTTPS mode
- SSL Observatory
- VPN (transmissions)
- Web Browser based
Do Not Track
- "Do not track" is a response to behavioral advertising. Do Not Track would be "a persistent cookie on a consumer's browser, and conveying that setting to sites that the browser visits, to signal whether or not the consumer wants to be tracked or receive targeted advertisements"
- "Do not track" flag in your client browser signally to advtisers or website that you do not want to be tracked.
- Protects against tracking individuals web viewing activity
- Only works where websites participate
- Can also log into advertisers site (Google Ads) and set tracking preferences
- For Release:12/01/2010 FTC Staff Issues Privacy Report, Offers Framework for Consumers, Businesses, and Policymakers Endorses "Do Not Track" to Facilitate Consumer Choice About Online Tracking
- Federal Trade Commission (Bureau of Consumer Protection) A Preliminary FTC Staff Report on Protecting Consumer Privacy in an Era of Rapid Change: A Proposed Framework for Businesses and Policymakers (December 1, 2010)
- Text of the FTC Staff Report, and Concurring Statements of Commissioner Kovacic and Commissioner Rosch
- FTC Privacy Report : Remarks of Chairman Jon Leibowitz as Prepared for Delivery
- Dept of Commerce Internet Policy Task Force :: Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework
- Prepared Statement of the Federal Trade Commission on Do Not Track, Presented by David Vladeck, Director, Bureau of Consumer Protection, Before the Subcommittee on Commerce, Trade, and Consumer Protection of the Committee on the Energy and Commerce, United States House of Representatives (December 2, 2010) Text of the Commission Testimony :: For Release: 12/02/2010 FTC Testifies on Do Not Track Legislation
- EFF on Do Not Track
- Do Not Track at W3C
- Do Not Track Workshop April 28/29 2011
- IETF Draft, Do Not Track: A Universal Third-Party Web Tracking Opt Out (March 7, 2011)
- CDT Do Not Track
- Do Not Track website is maintained by Stanford researchers Jonathan Mayer and Arvind Narayanan , affiliated with the Computer Science department and the Center for Internet and Society .
- Mahmood Sharif Carnegie Mellon University (Do Not) Track Me Sometimes: Users' Contextual Preferences for Web Tracking
- J. Mayer, A. Narayanan, S. Stramm, Do Not Track: A Universal Third-Party Web Tracking Opt Out, IETF RFC (Mar. 7, 2011)
- Hannes Tschofenig, Rob van Eijk, DO NOT TRACK, An Attempt to Frame the Debate at W3C
- HR 654 Do Not Track Me Online (Mr. Speier) 112th Cong. "Requires the Federal Trade Commission (FTC) to promulgate regulations to establish standards for the required use of an online opt-out mechanism to allow a consumer to prohibit the collection or use of any covered information and to require a covered entity to respect the choice of such consumer to opt-out of such collection or use..."
- December 2010 Hearing
- Dingell Examines the Feasibility of Do Not Track LegislationDecember 2, 2010 8:05 AM
- "Do-Not-Track" Legislation: Is Now the Right Time? Testimony of Daniel J. Weitzner Associate Administrator for Policy Analysis and Development National Telecommunications and Information Administration United States Department of Commerce Before the Subcommittee on Commerce, Trade and Consumer Protection Committee on Energy and Commerce United States House of Representatives December 2, 2010
- FTC Testifies on Do Not Track Legislation 12/02/2010
- The testimony states that while some in the industry have taken steps to improve consumer control of behavioral advertising, industry efforts have largely fallen short. Given the limitations of existing mechanisms, "the Commission supports a more uniform and comprehensive consumer choice mechanism for online behavioral advertising," sometimes referred to as "Do Not Track."
The most practical way to do that "would likely involve placing a setting similar to a persistent cookie on a consumer's browser, and conveying that setting to sites that the browser visits, to signal whether or not the consumer wants to be tracked or receive targeted advertisements," according to the testimony.
The testimony states that such a mechanism could be accomplished through legislation or potentially through robust, enforceable self-regulation. "If Congress chooses to enact legislation, the Commission urges Congress to consider several issues," including:
- It should not undermine the benefits online behavioral advertising provides consumers, including funding content and services;
- Unlike the FTC's Do Not Call Registry for telemarketers, it should not require a registry of unique identifiers; rather, the Commission recommends a browser-based mechanism;
- It should consider an option that lets consumers choose to opt out completely or to choose certain types of advertising they wish to receive or data they are willing to have collected about them;
- The mechanism should be simple, and easy to find and use;
- The FTC should be given Administrative Procedures Act rulemaking and the ability to fine violators to "provide a strong incentive for companies to comply with any legal requirements, helping to deter future violations."
- Dec 2, 2010: Rep. Markey Opening Statement at hearing on Do Not Track legislation
- Dec 2, 2010: Markey to Introduce Legislation to Protect Children's Online Privacy
© Cybertelecom ::