May 3, 2012 – Only 13M people ignore Facebook’s privacy tools. The rest of us know what we’re doing, VB
Thirteen million people do not use or pay attention to their privacy settings on Facebook, according to a study by Consumer Reports today.
Thirteen million people do not use or pay attention to their privacy settings on Facebook, according to a study by Consumer Reports today.
On April 27th, the Future of Privacy Forum hosted a trans-Atlantic policy dialogue at Facebook’s headquarters in Menlo Park, CA. The participants included EU Data Protection Supervisor Peter Hustinx; Article 29 Working Party Chair Jacob Konstamm; Sjoera Nas from the Dutch Data Protection Authority; and Daniel Weitzner, the Deputy Chief Technology Officer in the White House Office of Science and Technology. Also attending were chief privacy officers from major technology and consumer-facing organizations and advocacy group representatives. Following an introduction by Facebook Vice President Elliot Shrage, FPF Senior Fellow Omer Tene and Co-Chairs Christopher Wolf and Jules Polonetsky led a conversation with the US and EU officials.
Steven Beale
Steven Beale was a Policy Analyst at the Future of Privacy Forum. His work focused mainly on encryption, government access to data, and the smart grid. Prior to joining FPF, Steven worked on Intel Corporation’s Security and Privacy Policy team and also served for a year with AmeriCorps in St. Louis. He graduated summa cum laude from Hamilton College and was elected to Phi Beta Kappa.
[imagebrowser id=4]
Joseph Jerome is a policy counsel at Future of Privacy Forum. At FPF, Joseph’s issue portfolio focuses on big data and the Internet of Things, where he works on de-identification standards and educational privacy questions. He is interested in questions around transparency and accountability mechanisms in data use. Prior to joining FPF, Joseph served as a national law fellow at the American Constitution Society, where he edited legal scholarship and organized programming addressing civil liberties and national security questions. He is a graduate of New York University School of Law, where he was an International Law and Human Rights Student Fellow in 2010.
Mobile payment systems are a relatively new technology that has sparked the interest of lawmakers, federal agencies, academics, and privacy advocates. The question they are all asking is why are Americans not taking advantage of a system that promises to significantly increase economic efficiency and convenience?
When it comes to mobile payment systems, the United States is lagging far behind in usage compared to Europe, Japan, and South Korea. A recent study conducted by the Federal Reserve revealed “perceptions of limited usefulness and concerns about security are holding back the adoption of mobile financial services,” with only 12 percent of mobile phone owners reporting that they made a mobile payment in the last year.
Electronic wallets serve a multifunctional purpose on a device that can fully emulate physical wallets retaining cash, transaction information, and identification and authentication information. They have the ability to capture and transmit data onto a device that can replace the need for loyalty cards, transit cards, movie tickets, parking tickets, keys, and ID cards. It is clear that both consumers and merchants alike stand to benefit significantly from the new mobile system. And yet, the Federal Reserve reported that more than a third of consumers that don’t use mobile payments either don’t see any benefit from using mobile payments or find it easier to pay with another, more traditional method.
Security
According to statistics published by the Federal Reserve, security concerns were the primary reason given for not using mobile payments (42 percent) and the second most common reason for not using mobile banking (48 percent). At the FTC’s Mobile Payment workshop on April 26, 2012, panelists convened to discuss the security and privacy implications if such a system were to be adopted on a larger scale. Bradley Greene, Senior Business Leader in the Mobile Products division at Visa, stated that mobile payment systems have the potential to add levels of security to consumers through distinct features including locked payment credentials with only the bank having access; dynamic authentication and data; and configuring the use of a passcode for transactions within the device.
As security practices have yet to be standardized, “mobile payments as related to security are the wild wild west,” said Paul Rasori, Senior Vice President of Marketing at VeriFone Systems. Ben Milne, CEO and Co-Founder at Dwolla, noted that security is a network architecture issue regarding mobile payments, raising the concern that personal information can be stolen from any number of service providers without the user’s knowledge. Yet when implemented correctly and with proper security measures in place, a mobile device should be more secure than a physical credit card, said Milne. As an additional security measure, companies should start from the assumption that “bad” data will be passing through systems. To that end, he suggested building procedures to discard of such data as well as data no longer needed for its intended purpose.
Privacy
The success of mobile payments hinges on establishing user trust through transparency, said Pat Walshe, Director of Privacy at the GSM Association. “Privacy by design is really the key for mobile payments,” said Harley Geiger, Policy Counsel at the Center of Democracy and Technology. According to Geiger, users should be provided with controls over the collection of information for the purpose of marketing, and not every purchase should be the equivalent of joining a loyalty program. Update: Geiger also wrote a detailed blog post explaining the privacy issues with mobile payments.
These principles are in line with the findings from a survey conducted by the Berkeley Center for Law and Technology, revealing that a majority of Americans objected to having their personal information shared at the point of sale. In particular, 65% stated that they would definitely not allow sharing their telephone number with a store where they purchase goods. Moreover, despite the fact that mobile payment systems can enable unique consumer information to be passed to the retailer, the authors suggest that retailers should be prohibited from obtaining this information automatically without the consumer’s consent. “An opt-in standard on a per-transaction basis could empower consumers to share where they find it appropriate but block this information collection and sharing by default.”
Others on the panel argued that the government should be careful not to anticipate unimagined advances in order to avoid speculative harms, particularly as this technology is just beginning to emerge. “A dozen years ago, the prospect that a company would know your reading habits and use that was something that seemed suspect. Today, personalized book recommendations on the Internet are an offering most couldn’t have envisioned and few would want to give up. With comfort the public often embraces change; the uncertain future becomes the popular now,” said Mallory Duncan, Senior Vice President and General Counsel at the National Retail Federation.
Looking to the Future
An effective mobile payment system must have the proper infrastructure in place with all the players working together, due to the intricate interdependent nature of this ecosystem. Currently, the two major competing mobile payment services are Isis, a joint venture formed by AT&T, T-Mobile, and Verizon and Google Wallet backed by Visa, American Express, Discover, MasterCard, Nexus, and Sprint. As these providers compete to bring these services to the market, the evidence is clear that privacy and security will play a key role in paving the path to consumer adoption.
-Lia Sheena
Last Thursday morning, Politico Pro presented a briefing focused on cyberprivacy and cybersecurity. Participating in the discussion were Sen. Richard Blumenthal (D-CT), Rep. Mary Bono Mack (R-CA), Dr. Thomas M. Lenard (President and Senior Fellow at the Technology Policy Institute), and Tim Sparanpani (Principal at SPQR Strategies, PLLC).
The briefing began with a discussion of the pending Cyber Intelligence and Sharing Act (CISPA). This pending legislation would increase the ability of the government and private sector to share cyber threat information. While both Sen. Blumenthal and Rep. Bono Mack agreed that the cyber threat is significant and real, they disagreed about provisions of CIPSA. While Bono Mack supports the bill in its current form, Blumenthal believes that the bill needs greater privacy protections and should include a private right of action. Blumenthal also broached the idea of creating a new cybersecurity agency to protect the country against cyber attacks. Bono Mack responded that creating a new agency would not be a panacea, and that the best solution is to empower the private sector to find solutions.
Blumenthal and Bono Mack also expressed differing opinions about privacy legislation. Blumenthal voiced his support for baseline privacy legislation. He said that people understand privacy, and they should have knowledge of data practices and the option to give consent to data collection. Bono Mack, on the other hand, said people frequently choose convenience over privacy, and there should be more Congressional hearings on privacy. Her first choice, she said, was for industry self-regulation; only if this failed, should Congress pass privacy legislation. Tim Sparanpani meanwhile voiced optimism that app developers are taking privacy seriously. He also noted the importance of data minimization and warned against legislation that would inhibit the ability of the private sector to develop new, innovative products and solutions.
One area where Blumenthal and Bono Mack did agree was on data breach legislation. They both voiced their support for data breach legislation, and such legislation has strong bipartisan support.
Overall, the participants were in broad agreement about what needs to be done; all agreed that privacy is very important, and the U.S. urgently needs to increase cybersecurity. However, as with so many events on cybersecurity and cyberprivacy legislation, the participants held divergent opinions about the best way to accomplish these goals. The discussion, while informative, did not seem to indicate an immediate compromise solution.
-Steven Beale
Last Wednesday the Senate Judiciary Committee held a confirmation hearing for nominees to the Privacy and Civil Liberties Oversight Board (PCLOB). The Board, created in response to the 9/11 Commission, is charged with making sure privacy and civil rights are protected for executive branch activities and measures. It consists of five members appointed by the President, and all five of these nominees were present at Wednesday’s hearing. The nominee for Chairman of the PCLOB is David Medine, and the other nominees are James Xavier Dempsey, Elisebeth Collins Cook, Rachel L. Brand, and Patricia M. Wald. The nominees are bipartisan, and all are recognized thought leaders on privacy and civil rights.
The hearing showcased significant common ground between the senators present and the nominees. All agreed that civil rights are fundamental; as Senator Leahy put it, safeguarding liberties is not a partisan issue, it is an American issue. At the same time, everyone agreed that privacy controls should not impede security. Rather, there was consensus that that privacy and security are not mutually exclusive, and that it is possible to simultaneously have both strong security and privacy.
One topic that surfaced multiple times was cybersecurity and information sharing. Senators Leahy, Whitehouse, and Franken all asked the nominees questions about pending cybersecurity legislation. In particular, the senators were interested in how to encourage the sharing of cybersecurity threat information while also protecting the privacy of U.S. citizens. The nominees agreed that this is an important issue, and Mr. Dempsey expressed the opinion that increased information sharing would be beneficial and could be done in a privacy-friendly manner.
Another theme that surfaced several times was how to ensure privacy in an era of rapid technological change. GPS, facial recognition technology, data aggregation, and other new technologies allow the government track and gather significant data about citizens. This data can be used both to protect our nation’s security, but, if proper rules are not in place, it can also infringe the privacy and civil liberties of innocent Americans. Ms. Cook noted that, if confirmed, she would work with her colleagues to use new privacy enhancing technologies. Ms. Wald also noted the important role the PCLOB can play by working to ensure privacy and civil liberties are protected during the policy design phase.
The hearing demonstrated that if and when the nominees are confirmed, they will have to carefully prioritize their important work. The hearing did not feature any harsh questions or significant criticisms of the nominees, so the path may be clear for proceeding to confirmation.
-Steven Beale