22 Jun Take Data Privacy a Step Further
Recently, I wrote about the president’s initiative to create an Internet Bill of Rights.
I promised to follow up with a closer look at the issues involved. It would be the Federal Trade Commission and its Bureau of Consumer Protection’s burden to bear if the Bill of Rights is put into place. Overall, I think closer attention could be paid to safe guarding customers’ data, streamlining terms and conditions, and limiting consumer profiling.
Safeguarding Customers’ Data
On June 6th, six million passwords were stolen from LinkedIn.com. Many technologists share the opinion that LinkedIn should be liable for not providing adequate safeguards in their infrastructure and how they stored user data. I won’t get into the technical details, but LinkedIn announced that the users’ passwords could have been better encrypted. LinkedIn requires a user to use an email address as the login name and most people reuse passwords across accounts. As a result, I believe it is reasonable to conclude that many users may have had their email accounts compromised. If you want more information on how passwords can be secured, check out this article Life Hacker put out this week.
One strategy could be to address this breach of privacy with policies similar to credit card fraud regulations. Since banks provide the service, they are the ones that are liable in the event of fraudulent charges and other misuse of data. Without the pressure on the banking institutions we wouldn’t have those annoying but necessary fraud monitoring algorithms. You know those phone calls you get from your credit card company every time you go to Vegas or travel to foreign places! It’s unfortunate but sometimes the threat of monetary fines is what’s needed for companies to take issues more seriously.
If you own an Apple product (and many of you do), you’ve likely accepted all 49+ pages of Apple’s Terms and Conditions. I don’t have an exact number (or even a close one) but I’m sure Apple had at least a handful of lawyers on hand crafting that document. How many lawyers did you have read it before you accepted it? Did you even read it? If you didn’t agree to it what would you do with that new $500 iPad you just bought? You can’t return it after it is opened.
Every online service seems to have their own set of terms and conditions. Why? Essentially, the services only fall into a few categories, Utility (email, collaboration), Social (Facebook,Twitter), Administration (banking, paying bills). Why can’t there be a standardized set of terms and conditions and privacy policies for companies to draw from and apply a one to two page amendment if needed? Open source software has been doing this for years with licensing agreements. There are a handful of common licensing agreements which many organizations choose to draw from: Apache, BSD, GNU and MIT. Each policy is slightly different than the other depending on the intended use, see more details on this here. This approach would be more consumer-friendly and allow non-lawyers to understand the agreement they’ve made with an organization.
The data you give companies as part of the requirements to use their services is only one aspect of user privacy. Did you know statistical data about your online habits is also being collected? These trackers monitor the sites you’ve visited, your location when you visited them, and the time of day. The aggregation of this is used in many cases as a way of driving targeted advertising. However, it can also allow someone to track your daily travel patterns.
Did you know that search engines like Google already have a pretty good understanding of who you are? To see what information is being use to target ads toward you, check out this link. If you haven’t accepted any terms and conditions for services which profile your web behavior how are these companies being held accountable? Some larger companies are attempting to self-regulate which I applaud them for, but I think that most organizations will not act without some direction regarding methods, retention, and types of aggregation allowed.
The Internet Bill of Rights may be a step in the right direction, but it’s a far cry from a fix-all for data privacy. We are living in the age of “Big Data,” a time where everything you do online is considered useful data for targeted advertising purposes. Companies that make their bread and butter from those activities aren’t going to give up their access so easily. Let’s hope we keep the remote control in our hands when it comes to sharing our data.