In conjunction with Congresswoman Sheila Jackson Lee, FPF will be presenting our fourth annual “Privacy Papers for Policy Makers” next Wednesday, March 5th. The event will be held in Rayburn House Office Building Room 2103 from 8:30 – 9:45 AM, coffee and breakfast will be provided. Event is sold out.
Featured at the event will be Professors Kenneth Bamberger and Deirdre Mulligan from Berkeley, who will be discussing their paper Privacy in Europe: Initial Data on Governance Choices and Corporate Practice. Professor Neil Richards will discuss his paper on why data privacy law is (mostly) constitutional, while Adam Thierer will present A Framework for Benefit-Cost Analysis in Digital Privacy Debates.
FPF is also pleased to have Jacob Kohnstamm, Chairman, Dutch Data Protection Authority, join us to provide reaction. Additionally, special guests Giovanni Buttarelli, Asst. European Data Protection Supervisor; Christopher Graham, UK Information Commissioner; Isabelle Falque-Pierrotin, CNIL (France); and María Elena Pérez-Jaén Zermeño, IFAI (Mexico), will be attending.
This event is intended to comply with applicable Congressional and Executive branch gift rules. Contact us with questions.
We were excited to learn that Aislelabs, a member of FPF’s Mobile Location Analytics privacy working group has been named a Privacy by Design Ambassador by the Information and Privacy Commissioner of Ontario. Like fellow PbD Ambassador Euclid Analytics, Aislelabs has signed on to our Mobile Location Analytics (MLA) Code of Conduct, which ensures that consumers are provided with transparency and choice as to whether MLA companies may collect their information. As the launch date of our central opt-out site fast approaches, we’re glad to see member companies being recognized for their commitment to consumer privacy in this space.
Jules, Omer and Chris Discuss the Challenges of Big Data and Consumer Review Boards
FPF’s Co-Chair and Executive Director Jules Polonetsky, Senior Fellow Omer Tene, and Co-Chair Christopher Wolf discussed the challenges facing President Obama with respect to big data in a new post for the IAPP. The post argues that balancing the benefits of data analytics against attendant risks to civil liberties presents the biggest public policy challenge of our time.
FPF is currently developing a toolkit designed to help privacy professionals perform a comprehensive, rigorous cost-benefit analysis to determine how best to pursue their big data goals. Companies should have a clear framework to use in order to evaluate how a data-driven project will affect their consumers. Recent articles about “people analytics” to guide hiring practices to a school’s tracking of its students add additional examples that make it clear that a “practical application of fair information principles that accounts for modern day realities of collection and use” has become increasingly necessary.
One potential path forward involves the creation of “Consumer Subject Review Boards,” an idea discussed by Ryan Calo.* Such review boards would assess and evaluate big data projects’ rewards and associated risks. They would play an instrumental role in revitalizing consumer trust and mitigating some of the risks associated with innovative uses of consumer data. However, there are still questions that must be answered before such review boards could be deployed in practice.
First, what type of issues would a review board address? Would it be focused on addressing only privacy dilemmas, or would it seek to anticipate other ethical issues? As Evan Selinger and Patrick Lin write: “A technology ethics board . . . can be an invaluable canary in the coalmine—scouting for explosive issues in advance of emerging technology and before the law eventually turns its attention to these new problems and the company itself.” Clearly, a review board would need to have a clear understanding of its proper subject-matter scope.
Another question is whether the review boards should be in-house or independent. An in-house review board would benefit from close familiarity with its company’s data practices, but would lack the credibility of an independent entity. Similarly, should the opinions of a review board be confidential or publicly available? Confidential opinions do not instill as much consumer trust; however, public opinions risk being watered down to mitigate future litigation risks, and could potentially chill valuable innovation. Some companies have privacy advisory boards already – is a Consumer Review Board a more formal example of a privacy board? What methodology will the members use?
We look forward to continuing to explore this promising idea.
* See alsoMalcolm Crompton’s suggestion of ethics boards for privacy issues.
Peter Swire: Why Tech Companies and the NSA Diverge on Snowden
FPF Senior Fellow Peter Swire has an op-ed in today’s Washington Post that discusses how tech companies and the intelligence community are grappling with the traitor-or-whistleblower debate when it comes to Edward Snowden. His conclusion suggests the debate provokes a much broader set of issues:
Fundamentally, the traitor-or-whistleblower debate comes down to different views of what values should be paramount in governing the Internet we all use. The Internet is where surveillance happens to keep our nation safe. It is also where we engage in e-commerce and express ourselves in infinite ways. The goal is to create one communications structure that safeguards diverse, important values.
Essays on Big Data and Privacy
Solutions to many pressing economic and societal challenges lie in better understanding data. New tools for analyzing disparate information sets, called Big Data, have revolutionized our ability to find signals amongst the noise. Big Data techniques hold promise for breakthroughs ranging from better health care, a cleaner environment, safer cities, and more effective marketing. Yet, privacy advocates are concerned that the same advances will upend the power relationships between government, business and individuals, and lead to prosecutorial abuse, racial or other profiling, discrimination, redlining, overcriminalization, and other restricted freedoms.
On Tuesday, September 10th, 2013, the Future of Privacy Forum joined with the Center for Internet and Society at Stanford Law School to present a full-day workshop on questions surrounding Big Data and privacy. The event was preceded by a call for papers discussing the legal, technological, social, and policy implications of Big Data. A selection of papers was published in a special issue of the Stanford Law Review Online and others were presented at the workshop. This volume collects these papers and others in a single collection.
These essays address the following questions: Does Big Data present new challenges or is it simply the latest incarnation of the data regulation debate? Does Big Data create fundamentally novel opportunities that civil liberties concerns need to accommodate? Can de-identification sufficiently minimize privacy risks? What roles should fundamental data privacy concepts such as consent, context, and data minimization play in a Big Data world? What lessons can be applied from other fields?
We hope the following papers will foster more discussion about the benefits and challenges presented by Big Data—and help bring together the value of data and privacy, as well.
PBS NewsHour: Jules Polonetsky Talks Big Data and Privacy
Last night, Jules Polonetsky was featured on a segment on PBS NewsHour discussing, “What’s the future of privacy in a big data world?” He was joined by Adam Thierer, senior research fellow at the Mercatus Center at George Mason University. The video and the transcript can be found here.
Comments to the FCC About "Anonymized" and "Deidentification"
Yesterday, the Federal Communications Commission posted FPF’s comments about “anonymization” and “deidentification.” The comments come in response to a request from Public Knowledge that the FCC clarify whether “anonymized” or “deidentified” but non-aggregate call records constitute individually identifiable “customer proprietary network information” under Section 222 of the Communications Act.
FPF submitted comments to address the argument that all anonymized records must be considered “personally identifiable” records because there have been instances in which some publicly available, anonymized records have been reidentified. Public Knowledge argues that because researchers have been able to reidentify some publicly disclosed data sets that were purged of personally identifying information, all datasets that have been purged of personally identifying information must necessarily be considered individually identifiable. FPF responded:
Logically, this argument is flawed. It is analogous to the argument that because some locks have been broken, there is no such thing as a reasonably secure door.
Although reidentification may be possible in some specific circumstances, when proper anonymization practices are used, anonymization is a valuable and effective way to advance the goal of protecting individual privacy while allowing for beneficial uses of data. The full set of comments is available to read.
Study Weighs Privacy Concerns Against Relevant Offers for Mobile Shoppers, Reports MediaPost
Yesterday, MediaPost reported a study by IDC that provided an interesting insight on how smartphone users value their privacy in retail environments. According to MediaPost:
“Smartphone owners were asked which was more important: retailers respecting their privacy or retailers presenting them with relevant offers.
The results were essentially split, with slightly more than half (53%) saying retailers respecting their privacy was more important and almost half (47%) saying presenting relevant offers matters more.”
This almost even split demonstrates the importance of transparency and choice when it comes to retailers using their customer’s smartphone data. We’ve been testing our mobile location analytics opt-out mechanism for precisely this reason: so that customers can decide for themselves whether they wish to opt out of tracking, or avail themselves of the valuable offers and discounts that individual shopper targeting allows.
Privacy a Big Priority for Mobile Location Analytics Companies at "Retail's BIG Show"
This week, over 30,000 attendees and 500 companies swarmed the Javits Center in New York City for the 2014 National Retail Federation Big Show. The massive expo showcased the latest in retail technology, with mobile location analytics companies making a particularly strong showing. Ten of these companies (Aislelabs, Brickstream, Euclid, iInside, Measurence, Mexia Interactive, Radius Networks, ReadMe Systems, SOLOMO Technology, and Turnstyle Solutions) have already made a significant commitment to protecting privacy by signing on to our Code of Conduct. However, as companies continue to find exciting new ways to improve the retail experience using consumer data, privacy and security are hardly foregone conclusions. [link] Square CEO Jack Dorsey put it nicely in his keynote on Wednesday morning, when he remarked:
“Privacy and security is not an end point. There’s no one solution. It’s always changing. You have to constantly be refreshing your technology. You have to give simple, intuitive tools to people so they can control their own privacy and make their own decisions. Otherwise, they will feel like there is all this big data out there and then ‘there’s me.’ If you give them simple controls, tools to glean insights from their own data, then you have something really powerful.”
Here at FPF — particularly as we work hard on building a central site for opting out of mobile location analytics — we continue to look for ways to give consumers choices and control in how they share their data in the retail space.
A “Cutting-Edge” Guide to Privacy For Not-So-“Cutting-Edge” Phones
Now that the New Year is upon us, California’s Do Not Track transparency bill AB 370 is officially in effect. As websites start to disclose in their privacy policies how they respond to Do Not Track signals, it’s helpful to explain a little more about Do Not Track, as well as other options consumers can use to limit how they are tracked online. FPF’s site AllAboutDNT is designed to serve as a tool for educating consumers about what DNT does and how to turn it on for a variety of devices.
In previous posts, we have reviewed the new privacy features for the most up-to-date versions of both Apple’s iPhone (running iOS 7) and Android (link Expired) (running 4.4 KitKat). But what if you’re using a slightly older phone that doesn’t run the new operating systems? In that case, this guide is for you.
iPhone (or iPad)
Check which version of the iOS you’re running by tapping Settings > General > About. Under “Version” you can see your version of iOS. The most up-to-date version of iOS is iOS 3.1.3 for the first generation iPhone, iOS 4.2.1 for the iPhone 3G, and iOS 6.1.3 for the iPhone 3GS. If your phone’s OS is out of date, connect it to your computer and follow the prompts to update it through iTunes.
The now-unsupported iPhone 3GS running iOS 6 has many of the same privacy controls as its newer counterparts, but some of the controls are located in unusual and hard-to-find places.
Private Browsing/Do Not Track
iOS 5.1 and newer have a feature called “Private Browsing.” When Private Browsing is on, webpages you visited are not added to the history list, the names of downloads are removed from the Downloads window, AutoFill information isn’t saved, and searches are not added to the search field’s pop-up menu. Enabling Private Browsing also sets Safari to include a “Do Not Track” signal with all web traffic, which communicates to websites that you do not wish to be tracked.
To turn it on, go to Settings > Safari > Private Browsing.
Note that while Private Browsing is on, websites can’t modify information stored on your computer, so services normally available at such sites may work differently until you turn off Private Browsing. Any changes made to cookies are discarded when you turn off Private Browsing. While older versions of the iOS cannot activate this feature, they can still navigate to the Safari Settings menu to clear their history and cookies.
Limit Ad Tracking (iOS 6 and newer)
In iOS 6, you can turn on “Limit Ad Tracking” by navigating to Settings > General > About > Advertising > Limit Ad Tracking and turning the feature on. (On iOS 7, the control is located at Settings > Privacy > Advertising.)
If you choose to limit ad tracking, advertising networks using Apple’s unique Advertising Identifier are prohibited from serving you targeted ads. You will still get ads, but they should not be based on tracking your activity across the different apps you use.
Permissions For Apps (Sorted By Data Type)
You might want to have more control over which apps can access your location,* contacts, calendars, reminders, photos, Bluetooth connection, or Twitter and Facebook accounts. To adjust these permissions go to Settings > Privacy – make sure that no unwanted or unfamiliar apps have access to your sensitive data.
*In iOS 4 and 5, Location Services is found in the General Settings menu, below “Notifications.”
Permissions For “System Services” With Access To Location
At the bottom of the menu within Settings > Privacy > Location Services, you’ll see another box labeled “System Services.” In this menu, you’ll see a number of options for “Cell Network Search, Compass Calibration, Diagnostics & Usage,” etc. While each option corresponds to a different service, they only affect whether this data is sent to Apple – they do not affect the device’s functionality. In other words, you can disable every single feature in that section and your iPhone or iPad will continue to function exactly the same way it always has.
The only exception is “Setting Time Zone” – if you turn this function off, then you won’t be able to set your time zone automatically when no cell tower is within range. If you frequently travel places where there are no cell towers, then consider leaving this on.
Android Phones
Google sends updates through its Google Play Store without the need for a full update of the phone’s operating system. As a result, you don’t need to run 4.4 KitKat to control many of your Android phone’s new privacy features.
Ad Tracking Controls
We discussed in our previous Android blog how ad networks used to track users through the device’s “Android ID.” The Android ID could only be reset by wiping the entire device, and opting out required the user to visit the third-party ad network’s site and enter in his or her device’s (lengthy) ID. Now, Users running Android 2.3 or later can use the new “Advertising ID” controls. In Google Settings (not to be confused with the regular Settings menu), select “Ads” and you will see your Advertising ID. On this screen you can select the option to “Reset Advertising ID.” Tap the box labeled “Opt Out of interest-based ads” to opt out. On the opt-out page, you can also reset your Advertising ID or follow the “Ads settings” link to a page that allows you to adjust your Ads Settings more granularly.
According to Google, when a user activates the Opt-Out feature, app developers are required to no longer use the advertising identifier for creating user profiles for advertising purposes or for targeting users with interest-based advertising. They may only use your Advertising ID for contextual advertising (i.e., advertisements that relate to the content on the page on which the ad is displayed), frequency capping, conversion tracking, reporting and security and fraud detection. (Enforcement of this policy will begin in August.)
App Permissions For Location Data
On older versions of Android (including 4.3 JellyBean), you can control whether apps can use your location information by going to the general Settings menu and selecting Location Services. Note that disabling this option makes apps such as Google Maps unable to detect your location for the purpose of finding directions.
Google Search Privacy Options
You can also adjust a myriad of other privacy settings within the Google Settings menu, found within the app list. On Google Settings, select Search> Accounts & Privacy. On this menu are a number of privacy options:
Commute Sharing lets your friends and family know when you’re heading home from work. You can use the controls here to enable or disable this feature.
Google Location Settings allows you to control whether Google apps can access your phone’s location at any time the device is on. Here you can set different controls for different accounts on the phone as well.
You can control whether Google retains your search history (note that this may disable some features).
You can control whether you get personal results in searches.
You can control whether Google can use your contact list.
You can control how much data is stored by your search application (typically Google Search).
CONCLUSION
Just because you haven’t paid for the newest phone doesn’t mean you can’t protect your privacy. Newer phones (sometimes) have more accessible privacy controls and options, but even your old phones can be made more private and more secure with a little knowledge of their inner workings. If you know of other privacy tips for old phones, share them in the comments!