net law blog

EU Data Protection Legislation Breakdown

fatimanadine — Wed, 15 Feb 2012 18:50:44 -0600

EU Data Protection Legislation Breakdown:

My blog post for the Hastings Privacy + Technology Project

Targeted ad?

fatimanadine — Wed, 25 Jan 2012 11:59:00 -0600

Targeted ad?

seamless sharing / mobile

fatimanadine — Thu, 29 Dec 2011 10:39:27 -0600

Spending time in Tokyo has given me a good look into the where the US is heading.

Mobile + Social

VIa mobile, we will have all of our needs in one

» Payments (already rolling out via Google Wallet, Box, etc.)

» Transportation (possibly separate from payments)

» Personal (Calendar, health, etc.)

As we move forward, these personal attributes will have the ability to connect to our social applications - via seamless sharing. Seamless sharing will continue because people will continue to want to share in a more simple way. For example, think Foursquare checking you in to the train station when you scan your phone for payment.

In the same manner, as we move forward, companies will have to avoid the “Facebook problem” or the backlash against seamless sharing. The Facebook reaction has taught us that an initial opt-in is not enough. Opt-in/opt-out give people a clear choice but oftentimes, people do not understand what they agree to in the opt-in.

The only other choice companies have is to give consumers choice to share with certain individuals or only at certain times. Choice embedded into design post opt-in will be a key tool as personal sharing increases and becomes more automated. The ability to choose should be clearly labeled within the program and simple.

Just like every other area of Internet, consumer choice should be very simple - particularly for mobile sharing. As companies move to mobile, they should ensure that consumers clearly see their ability to choose what they share and understand the choices they make.

nexsyslegal's tumblog: ODR Speed and Simplicity or Structure and Legitimacy? A Design Challenge

fatimanadine — Tue, 13 Dec 2011 01:46:07 -0600

nexsyslegal's tumblog: ODR Speed and Simplicity or Structure and Legitimacy? A Design Challenge:

nexsyslegal:

In terms of design, it can be difficult to determine how rigid and regulated an online dispute resolution (ODR) ought to be.

Take ODR for consumer complaints as an example.

A system that is too rigid simply won’t deliver on the promise to provide cheap, simple and fast ways to resolve consumer…

BFFs

fatimanadine — Fri, 11 Nov 2011 02:33:10 -0600

People have always shared information with their best friends - photographs, gossip, personal news, etc. They share this information with best friends because they don’t expect them to share the information with outsiders. Now, these best friends are online. So the way we share with them is through the Internet, yet still don’t expect them to divulge our secrets.

Much of society has recognized that sharing via Internet is the most convenient way to share. Companies have also recognized that some of things we share, we only want our family or best friends to know. Companies have created groups, friend lists or circles to address these needs. There is free, virtually unlimited storage and a lesser risk of misplacing this information online - as an added plus, my friends can view it at their leisure instead of sitting through hours of slideshows or boring conversations.

Companies are recognizing a limited-sharing privilege in privacy. Although the law is very slow to change, could this possibly lead to framework for recognizing new private relationships? How will these relationships be defined? Through online BFF groups? What will be the magic number? Friends have always been a part of real life, but not the law - can online social relationships pave the way to a change? If so, would these friends have responsibilities, like a fiduciary duty not to disclose? I don’t see these changes coming any time soon, but the reflection of real life is online, showing that it might be time for the law to contemplate change.

blog post on odr + privacy

fatimanadine — Mon, 31 Oct 2011 23:18:51 -0500

blog post on odr + privacy

"The problem, of course, is that there is no notice and there is no choice. Nobody reads privacy..."

fatimanadine — Wed, 28 Sep 2011 00:14:39 -0500

““The problem, of course, is that there is no notice and there is no choice. Nobody reads privacy policies. People that read them don’t understand them.””

- Ryan Calo, Stanford Center for Internet and Society

http://paloalto.patch.com/articles/eshoo-future-of-net-requires-privacy-transparency

"The year mobile IT was born"

fatimanadine — Wed, 28 Sep 2011 00:06:00 -0500

Recently, a GigaOm article dubbed 2011 as “the year mobile IT was born.” The article described corporate IT departments saying yes to mobile device and tablets, even those owned by the employee.

It’s great to see more companies embracing mobile and letting employees choose a device that makes them happy. However, companies can particularly run into problems when employees use their own personally bought devices for both personal and work reasons. Therefore, companies should inform and carefully train their employees to avoid legal issues.

A few privacy and data security issues:

Companies should make sure

-that IP or other sensitive information remains secure. They can help security by increased employee training and required authentication and other protections on devices.

-that they take the same precautions (or whatever possible) to avoid security breaches when employees travel abroad with sensitive information on their phone to places with a reputation for corporate espionage.

-to determine what information they will be able to access on an employee using a mobile device and make sure the employee knows before they agree to a mixed work and personal mobile device.

Employees can easily give access to family or friends, accidentally send sensitive information to friends or lose the information in a place where they would not take their work device. Some of these problems can be remedied by using VM technology, but without proper precautions, mixing devices used for work and devices used for play can be a slippery slope.

It’s key to make sure that the data is secure. To quote Julie Palen,

“It’s all about the device, as long as the data is secure and controlled … then that’s the big change and the answer becomes yes.”

Article link: http://gigaom.com/2011/09/27/mobilie-it-mobilize-2011/?utm_source=social&utm_medium=twitter&utm_campaign=gigaom

"The advent of technology collecting cell site location records has made continuous surveillance of a..."

fatimanadine — Mon, 12 Sep 2011 16:10:00 -0500

“The advent of technology collecting cell site location records has made continuous surveillance of a vast portion of the American populace possible: a level of Governmental intrusion previously inconceivable. It is natural for Fourth Amendment doctrine to evolve to meet these changes.”

- Judge Garaufis

Summary of case @ CDT blog: http://cdt.org/blogs/greg-nojeim/129court-rules-warrant-required-stored-cell-site-location-information

Indian National Identity Project

fatimanadine — Fri, 02 Sep 2011 22:12:45 -0500

The NYTimes recently reported on the Indian Identity project, Aadhaar. I feel that Aadhaar is a great idea for indigent people in India. In addition to increasing access to public welfare, it can lay the foundation for access to public justice via online dispute resolution that is mobile phone based.

ODR already exists in India (see http://www.odrindia.com/ - headed by a world-renown ODR expert, Chittu Nagarajan). However, the national identity system can help strengthen the system. Once the system can securely use mobile devices to recognize a person’s identity, it could lead to better enforceability of judgments. In addition, since the system is centralized, there could be much more done to ensure fairness and enforceability because of its direct link to other parts of the person’s identity.

I talked to some Indians (aka my cousins) and asked them their thoughts on the project. They were mostly unconcerned with the project and felt that most nations are moving to a centralized identity system even if it’s not run by the government. I feel that there is much truth to that.

However, I find it alarming that the central identity system is run by the government. Such a system brings up huge issues related to transparency and privacy. India does not have the best reputation for transparency of its practices and still has many hurdles to overcome. As it moves forward, the country must build trust with its citizens. The country is already taking steps to fight corruption, but we must wait and see how it uses the collected identity data. If Aadhaar works well in providing social services to the indigent, the government may be able to build sufficient trust to expand programs connected with the identity service.

I imagine that the government doesn’t have the resources (or really cares) to constantly track every single citizen at all times, but there are an overwhelming number of privacy and data security issues related to this project. (Ex. civil liberties, hacking, spoofing, identity theft, security strength, publication availability of data to name a few, but the list goes on and on.) Hopefully, a greater number watchdog groups or trusted organizations will spring forward to help create best practices. We will just have to see how it all plays out… maybe in the end it will be used to create a state-sponsored biodata-based dating service!

(NYTimes article @ http://www.nytimes.com/2011/09/02/world/asia/02india.html?pagewanted=1&src=recg)

blame social media

fatimanadine — Fri, 02 Sep 2011 22:12:15 -0500

Recently, there has been a lot of “blame social media” going on.

For example:

(1) British government - blamed social media for coordination of riots

(2) San Francisco BART - stopped cell phone service to prevent a protest

(3) CA law not allowing jurors to Tweet

Blaming the tool or method of communication is ludicrous. This is the same situation as stopping people from using the telephone or writing letters.

Some say that social media is more widespread, giving it more potential to cause harm. Just because more people now have access, doesn’t mean it will do more harm. People can just as easily use it to stage peaceful protests. Cutting off communication between individuals is a violation of our civil liberties. Time to stop blaming the tools and looking at the causes behind the activity.

Bionic glasses for poor vision - University of Oxford

uhohphattiyo — Tue, 30 Aug 2011 20:02:38 -0500

Bionic glasses for poor vision - University of Oxford:

These bionic glasses would raise interesting privacy questions.

A Millennial's Perspective on Privacy

fatimanadine — Tue, 09 Aug 2011 21:19:00 -0500

**Some random thoughts on privacy**

Just as concepts vary across cultures, concepts vary across different generations. With the advent of the Internet, people have changed the way they interact - now talking with friends and sharing information online instead of offline. As a result, the general public, particularly youth, have new notions of privacy.

Previously, privacy was generally viewed as Justice Brandeis’ “right to be let alone.” Many older generations still hold onto this view and knowing that the Internet will destroy this right, choose not to embrace social technology. For many Millennials and younger generations, social technologies are integrated into their communication patterns. Therefore, they have a different notion of privacy. For these groups, privacy is not necessarily the right to be let alone, but it’s the right to share yet shield certain aspects of personal life from the government and third parties.

Communication Paradigm Shift

Older generations were able to communicate with their friends in a socially acceptable manner without having to later face consequences for communications blunders. It was harder to hold people accountable or recall statements because people were not constantly video taped or recorded.

On the other hand, younger generations, like Millennials, have been raised with social technology. They still talk on the phone and meet each other, but they have added text messaging, emailing and online chatting as socially acceptable, and sometimes more common, modes of communication. These individuals no longer share tangible photographs with friends, but share them with virtually via social sharing sites.

Younger generations’ statements and actions are constantly recorded. If they wish to communicate with their friends, the ubiquitous and convenient avenues available to them are often via the Internet. It is socially acceptable to communicate via the Internet and possibly the main channel of communication for many. However, based on its widespread use, younger generations do not understand that they do not have the same level of privacy online as offline and their public commentary or emails can always be recalled and used against them.

The law is slow to change. The Stored Communications Act has still not been changed and the Millennial outlook on privacy is only rarely considered. As a Millennial, we need to define our notions of privacy for the law.

Privacy of Millennials’ Communications

(1) ISPs/cloud companies = telephone providers

We understand that we’re using a 3d party or business platform. However, our generation views the 3d party provider as equivalent to a phone provider. One typically does not expect the phone provider to record all of our conversations and use them against us later. Similarly, we do not expect our online instant messaging providers to record all of our conversations and use them against us later. In the same manner, we do not expect our friends to record our conversations (with a few exceptions, like gchat which has options to avoid this).

(2) Sharing Limitations

We can limit items stored on the cloud to small group of individuals. In the past, one would send someone a document or picture via email. Instead, it is shared in a limited manner. By limiting sharing, we expect to maintain some privacy. For our generation, limited sharing is akin to giving someone a tangible document or photograph that would require a warrant to access.

One issue that may come up with this is what constitutes “limited.” If you limit sharing to 5000 people is it the same as sharing with 5 people? What is the cutoff, who will decide the cutoff and will that decision be arbitrary?

(3) Disclosure & Control

Similar to control propounded by the FTC’s proposed privacy guidelines, it is acceptable for companies to publicize our data, but publication is conditioned upon disclosure and control. Companies should disclose that they will roll out new features and give us the option to opt-out.

These are a few points relating to online privacy from the point of view of a Millennial. For the law to adequately address online privacy, lawmakers must take into account the changing notions of privacy from one generation to the next.