Presentation is loading. Please wait.

Presentation is loading. Please wait.

Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Cyberspace Law & Policy, U.N.S.W., in eCommerce.

Similar presentations


Presentation on theme: "Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Cyberspace Law & Policy, U.N.S.W., in eCommerce."— Presentation transcript:

1 Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Cyberspace Law & Policy, U.N.S.W., in eCommerce at Uni. of Hong Kong, & in Comp. Sci., A.N.U. http://www.anu.edu.au/people/Roger.Clarke/… …/DV/Googacy-070524 {.html,.ppt} Uni Koblenz – 24 May 2007

2 Copyright 2005-07 2 Google and Privacy Agenda Privacy Googles Business(es) 1A Search-Engine 2Content-Discovery Services 3Content Services 4Data about Users Privacy Protections Consumer Protection Law Privacy Protection Law Privacy Policy Statements DIY Google Mythology

3 Copyright 2005-07 3 Privacy the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations Privacy Protection a process of finding appropriate balances between privacy and multiple competing interests

4 Copyright 2005-07 4 Privacy cf. Data Protection / Datenschutz Dimensions of privacy interest: The Physical Person Personal Behaviour Personal Communications Personal Data Motivations for protecting privacy: Psychological Social Economic Political

5 Copyright 2005-07 5 Research Your Next Appointment Their Site(s)/Blog(s) Event Programs Committee Minutes Letters to the Editor Postings email-lists fora blogs Logs (e.g. in court) IAPs ISPs own machine Media Reports as subject as reporter as commentator as bystander Court Reports Little Black Books Commercial Databases Dead Pages, from the Wayback Machine Specialist Sites, e.g. Zoominfo.com

6 Copyright 2005-07 6 Privacy Threats from Open Information Discoverability Data Associations Location Habits Consolidation, e.g. for: Profiling Manipulation Character Assassination Data Quality Problems Out-of-Date Incomplete Acontextual Inaccurate Scurrilous Spurious Second-Round Effects More Data Retention More Data Capture

7 Copyright 2005-07 7 Search Engine Operation

8 Copyright 2005-07 8 Googles Business(es) 1. Content Discovery Services The Largest Coverage (size of the Reference List) The Smartest Precedence Algorithm (the sorting part of the Results Formatter) The Fastest, Simplest, Best? Search-Service (a UI for normal people, not specialists) Multiple Constrained Searches (images, blogs, Froogle) Multiple Extension Services (Answers, Scholar) froo·gle (fru'gal) n. Smart shopping through Google

9 Copyright 2005-07 9 Googles Business(es) 2. Content Services Google Earth Google Base Google Video / YouTube... Google News Google Library / Print...

10 Copyright 2005-07 10 Googles Business(es) 3. Data about Users We are moving to a Google that knows more about you Googles CEO NYT, 10 Feb 2005 Round 1 Search-Terms IP-address(es) Click-Trail Click-Throughs

11 Copyright 2005-07 11 Googles Business(es) 3. Data about Users We are moving to a Google that knows more about you Googles CEO NYT, 10 Feb 2005 Round 1 Search-Terms IP-address(es) Click-Trail Click-Throughs Round 2 Google Accounts: Email-Address as Username A Common Cookie

12 Copyright 2005-07 12 Email – Long-Term Risk Exposures Both Partiess IAPs: IP-address(es) used, disclosing location, trail Authorised / unauthorised disclosure, with/without notification Traffic data retention, message retention Mail-Recipients ISP: Access to, and use of traffic Access to, and use of content Authorised / unauthorised disclosure, with/without notification Message retention after download ISP Mail-Hosting / Webmail Message retention, long-term

13 Copyright 2005-07 13 – Yet More Risk Exposures Gmail Subscribers Targeted Ads based on text from senders => consumer manipulation Correlation with Data from Other Services Senders to Gmail Addresses Examination of Text Long-Term Retention Consolidation with Other Sources Long-Term Unauthorised Disclosure, and no notification

14 Copyright 2005-07 14 – Yet More Risk Exposures Gmail Subscribers Targeted Ads based on text from senders => consumer manipulation Correlation with Data from Other Services Senders to Gmail Addresses Examination of Text Long-Term Retention Consolidation with Other Sources Long-Term Unauthorised Disclosure, and no notification Sorry, but I dont talk via Gmail

15 Copyright 2005-07 15 – Yet More Risk Exposures Gmail Subscribers Targeted Ads based on text from senders => consumer manipulation Correlation with Data from Other Services Senders to Gmail Addresses Examination of Text Long-Term Retention Consolidation with Other Sources Long-Term Unauthorised Disclosure, and no notification Sorry, but I dont talk via Gmail Senders Generally Postings to Lists where even a single subscriber is a Gmail account Forwards to Gmail accounts Forwards to Lists where even a single subscriber is a Gmail account

16 Copyright 2005-07 16 EPIC on Gmail No Non-Subscribers Consent to content extraction Unlimited Data Retention Profiling across Google product line Harms expectation of privacy Insufficient privacy policy No data protection on sale of company or change of company policy http://www.epic.org/privacy/… … gmail/faq.html, August 2004 Gmail is a privacy disaster Google is attempting to engage in indefinite data retention Google has publicly stated it will not discuss law enforcement requests for personal information. So we have no idea how Google responds to law enforcement, nor how many requests have been received private email from EPIC, 8 Dec 2005

17 Copyright 2005-07 17 v. 1 – October 2004 Search Within Your Own Computer A desktop search application that provides full text search over your email, files, music, photos, chats, Gmail, web pages that you've viewed,... (cf. Apples Sherlock 1998, later Spotlight, and many third-party products for Wintel) It allows people to scan their computers for information in the same way that they use Google to search the web http://desktop.google.com/about.html

18 Copyright 2005-07 18 v. 3 – 9 Feb 2006 Search Across Your Computers BUT In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google cf. MS Passport data, centralised at Redmond WA http://desktop.google.com/... features.html#searchremote

19 Copyright 2005-07 19 Googles Social Networking Service Profiles of Members Self-Captured Unauthenticated Profiles of People Nominated by Members Captured by Members, e.g. by upload of their address-books Unauthenticated Without Consent Traffic Social Networks of Members and Non-Members

20 Copyright 2005-07 20 Googles Business(es) 3. Data about Users We are moving to a Google that knows more about you - Googles CEO NYT, 10 Feb 2005 Round 3 Gmail Desktop Desktop v.3 Orkut

21 Copyright 2005-07 21 Google as Wireless Internet Access Provider http://www.techworld.com/mobility/... features/index.cfm?featureid=1837 Acceptance of Googles tender confirmed 5 April 2006

22 Copyright 2005-07 22 And 1 Year Later?

23 Copyright 2005-07 23 Doubleclick Major Site-Owners let ad-space to DoubleClick DoubleClick gathers data about all traffic to all such sites, resulting in consumer profiles

24 Copyright 2005-07 24 Doubleclick Major Site-Owners let ad-space to DoubleClick DoubleClick gathers data about all traffic to all such sites, resulting in consumer profiles Google AdSense Minor Page-Owners let ad-space to Google Google gathers data about all traffic to all sites that are AdSense affiliates

25 Copyright 2005-07 25 Doubleclick Major Site-Owners let ad-space to DoubleClick DoubleClick gathers data about all traffic to all such sites, resulting in consumer profiles Google AdSense Minor Page-Owners let ad-space to Google Google gathers data about all traffic to all sites that are AdSense affiliates On 13 Apr 2007, Google bought DoubleClick

26 Copyright 2005-07 26 New York Consumer Protection Board http://www.consumer.state.ny.us/pressreleases/2007/may092007.htm the combination of DoubleClick's Internet surfing history generated through consumers' pattern of clicking on specific advertisements, coupled with Google's database of consumers' past searches, will result in the creation of super-profiles, which will make up the world's single largest repository of both personally and non- personally identifiable information. The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third parties, as well as public disclosure as evidence in litigation or through data breaches.

27 Copyright 2005-07 27 Googles Business(es) 3. Data about Users We are moving to a Google that knows more about you - Googles CEO NYT, 10 Feb 2005 Round 3 Gmail Desktop Desktop v.3 Orkut Round 4 Google as Wireless IAP Gratis (i.e. ad-funded) Ad Syndication (AdSense) Consolidation of the Consumer Profiles held by DoubleClick and Google

28 Copyright 2005-07 28 Google and Privacy Agenda Privacy Googles Business(es) 1A Search-Engine 2Content-Discovery Services 3Content Services 4Data about Users Privacy Protections Consumer Protection Law Privacy Protection Law Privacy Policy Statements DIY Google Mythology

29 Copyright 2005-07 29 A Normative Template for Terms of Contract for Consumer Transactions http://www.anu.edu.au/people/Roger.Clarke/EC/ICEC06.html#TNT Information Terms Security Choice Consent Recourse Redress

30 Copyright 2005-07 30 The Normative Template for Marketer-Consumer Communications Information Terms Security Choice Consent Recourse Redress Recourse Enquiry and Complaints Process accessibility prompt acknowledgement copy into the consumer's email-archive responsiveness to enquiry or complaint acknowledgement resolution Restitution product quality shortfalls own products and services third-party products and services fulfilment quality shortfalls payment errors External Complaints Mechanisms information provided about them prompt and appropriate communications with regulators

31 Copyright 2005-07 31 Googles Challenges to Consumer Law Consumer Benefits Enormous Gratis But there is consideration: acceptance of advertising, including intrusive attention-grabbing devices (blink, popups) Terms: Non-Negotiable Non-Transparent Changeable at whim Not Version-Managed Recourse All-But Non-Existent No sign of recovery of lost consumer protections e.g. WSIS 2005 is vacuous

32 Copyright 2005-07 32 Information Privacy The interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves Regulation: Data Protection Law, enforced by a Regulator [EU, Others – ???] Co-Regulation: Privacy Policy Statements, enforced by a Regulator e.g. through Trade Practices Law [US – ??] Self-Regulation: Privacy Policy Statements without enforcement [US actual] Achieved Through

33 Copyright 2005-07 33 28th International Data Protection and Privacy Commissioners' Conference London, United Kingdom – 2 and 3 November 2006 Resolution on Privacy Protection and Search Engines http://www.bfdi.bund.de/cln_029/nn_533554/SharedDocs/Publikationen/EN/InternationalDS/Conferen ceOfInternationalDataProtectionCommissioners2006- ResolutionSearchEngines,templateId=raw,property=publicationFile.pdf/ConferenceOfInternationalDat aProtectionCommissioners2006-ResolutionSearchEngines.pdf … providers of search engines … shall not record any information about the search that can be linked to users or about the search engine users themselves. After the end of a search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data necessary to provide a service stored (e.g. for use in future searches)

34 Copyright 2005-07 34 A Privacy Statement Template http://www.anu.edu.au/people/Roger.Clarke/DV/PST-051219.html Data Collection Data Security Data Use Data Disclosure Data Retention and Destruction Access by You to Your Personal Data Information about Data Handling Practices Handling of Enquiries, General Concerns and Complaints Enforcement Changes to These Privacy Undertakings Definitions

35 Copyright 2005-07 35 Googles Privacy Statement http://www.anu.edu.au/people/Roger.Clarke/DV/PST-Google.html Cookies not RFC2964-compliant Cookies and Login (with Email- Address as Username) enable the consolidation of a very substantial amount of identified personal data, without informed consent Purposes of Use and Disclosure vague but very extensive Storage in Data Havens (such as the USA) Non-Consensual Use and Disclosure (presumption of consent, i.e. opt-out) Extraneous Disclosures not notified to the individual concerned No Information provided about Data- Handling Policies and Practices No Assurances whatsoever re: Access by the Data Subject [new WebHistory feature?] Data Quality Data Correction or Deletion Data Relevance Data Retention, Destruction No Consultation with Privacy Advocacy Organisations Deficient Complaint-Handling Procedures The Undertakings are Void in the event of merger, acquisition or sale of assets The Undertakings are Unenforced, and Probably Unenforceable

36 Copyright 2005-07 36 Paranoia http://www.google-watch.org/

37 Copyright 2005-07 37 DIY Privacy-Protection http://www.freenet.org.nz/misc/google-privacy.html A simple HOWTO for stopping Google from logging your search history. In summary, the solution is to : clear all long-lasting cookies set your browser to not keep cookies between restarts divert all google requests out through an anonymous proxy BUT ALSO !!! Frequently re-start Dont register Dont use DeskTop, Gmail, … Dont send to Gmail accounts...

38 Copyright 2005-07 38 Google Mythology: Do No Evil Two variants are evident on the web-site: (1)number 6 of 'Ten things Google has found to be true': "you can make money without doing evil". But that statement is descriptive, not normative (2)"Our informal corporate motto is 'Don't be evil' " But that statement is part of a Code of Conduct communicated to investors, not customers, and is in any case completely non-binding There is an relevant corollary: "You can make money without doing evil; but you can make more money by doing evil" Given the legal obligations of corporations, the epithet actually implies that evil should be done

39 Copyright 2005-07 39 Google and Privacy Recapitulation Privacy Googles Business(es) 1A Search-Engine 2Content-Discovery Services 3Content Services 4Data about Users Privacy Protections Consumer Protection Law Privacy Protection Law Privacy Policy Statements DIY Google Mythology

40 Copyright 2005-07 40

41 Copyright 2005-07 41 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Cyberspace Law & Policy, U.N.S.W., in eCommerce at Uni. of Hong Kong, & in Comp. Sci., A.N.U. http://www.anu.edu.au/people/Roger.Clarke/… …/DV/Googacy-070524 {.html,.ppt} Uni Koblenz – 24 May 2007


Download ppt "Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor in Cyberspace Law & Policy, U.N.S.W., in eCommerce."

Similar presentations


Ads by Google