[governance] So Who (or What) is Managing Privacy for/by the 1 Billion+

Roland Perry roland at internetpolicyagency.com
Sun Dec 30 07:04:50 EST 2012 

In message <DA70E176-C9C9-439C-97FA-93FB164FFEDE at virtualized.org>, at 
14:17:33 on Fri, 28 Dec 2012, David Conrad <drc at virtualized.org> writes
>[Merging two messages]
>
>Roland,
>
>On Dec 28, 2012, at 5:38 AM, Roland Perry 
><roland at internetpolicyagency.com> wrote:
>> In message <ABD62AA5-F63A-4391-A264-010001BB18C3 at virtualized.org>, at 
>>19:51:45 on Thu, 27 Dec 2012, David Conrad <drc at virtualized.org> 
>>writes
>>>  Your rights to privacy are not removed by Facebook changing their 
>>>terms and conditions.  You have the ultimate right to privacy by not 
>>>subjecting yourself to their endless incomprehensible games
>> How would that work if your connectivity ISP decided it would publish 
>>the urls of all the websites you visit? With the get-out that you 
>>could always find another ISP if you didn't like it.
>
>As Avri points out, this is probably a contract law issue.

In the "Old World" (as opposed to the "New World") we have a fairly 
comprehensive set of rules that say contracts between businesses and 
consumers have to give a certain minimum amount of protection form the 
consumer - who cannot be expected to understand complicated contracts.

Privacy (or as we call it Data Protection) is one area that is covered.

>If your contract with your ISP allows them to sniff your data to 
>extract URLs that the ISP can then publish and you don't like this, 
>then yes, the get-out is to terminate your contract for your ISP's 
>services and find another (something I would highly recommend).

Not just sniffing, they could put your browsing traffic through a 
proxy/cache and simply publish extracts of the logs.

>However, I believe there is a fundamental difference between the 
>relationship you have with Facebook and one you have with your ISP: 
>with your ISP, you are the customer and you are paying for data transit 
>services under terms and conditions that (presumably) dictate that the 
>ISP doesn't do what you suggest.

This goes straight to the heart of my original point, which is that 
ordinary consumers don't see a difference between the connectivity 
provided by their ISP (to the wider Internet) and the connectivity 
provided by Facebook (to their friends and their photo albums etc).

>With Facebook, you, as a Facebook user and the data you voluntarily 
>provide to Facebook, are the product.

I prefer to think of the connectivity with my friends and the photo 
album server as the product, and selling data about me to advertisers 
(etc) as the fee.

>On Dec 28, 2012, at 5:32 AM, Roland Perry 
><roland at internetpolicyagency.com> wrote:
>> In message <A0A499E7-3064-4CE2-B982-A2E6FBA0DE57 at virtualized.org>, at 
>>17:34:47 on Thu, 27 Dec 2012, David Conrad <drc at virtualized.org> 
>>writes
>>> Facebook's rules may result in intrusions into my privacy (not my 
>>>right to privacy), but if so, the answer would appear to be simple: 
>>>if I don't like their rules or how those rules are changed, I will 
>>>exercise my right to privacy and choose to not use their service.
>>
>> The problem with that approach is the suspicion that when they make 
>>changes they are retrospective;
>
>If a term of the Facebook terms and conditions is that they can change 
>their terms unilaterally and I accept their terms and conditions in 
>order to make use of their services, then to be safe I should assume 
>that they will, at some point in the future, do the worst possible 
>thing they are legally allowed to do in the legal venue in which the 
>contract between Facebook and I apply.

However, most consumers outside the USA (and perhaps many inside) are 
not familiar with what Californian Law will, in the extremes, allow.

Take a simple example: I cancel my subscription, but the photo album 
remains visible (rather than being taken down). We must presume this is 
legal in California, otherwise it would not happen.

However, European Privacy Regulators have had a number of issues with 
Facebook.

>> Security by obscurity, perhaps, but a great deal of what Facebook 
>>offers is "privacy by obscurity".
>
>There's a reason "security by obscurity" is considered pejorative :). 
>As security by obscurity can't be relied upon, I believe "privacy by 
>obscurity" is functionally equivalent to "no privacy", particularly as 
>data warehouses continue to grow and data mining techniques continue to 
>improve over time.

That's almost exactly the argument that Facebook is using to justify 
withdrawing the ability for people to hide their user names from Search.

(Go to Facebook's new "Privacy Shortcuts", then "More Settings" then 
"Who can look me up". If you have an older account there will be three 
entries, one of which is "Who can look up your Timeline by Name", which 
can be edited to 'Everyone/Friends of friends/Friends' but is missing 
from newer accounts where it is in effect set to 'Everyone')

If you want "not to be bothered" [troubled] by people other than 
Friends, which includes the public's ability to email you at your 
Facebook email address, then stopping 'Everyone' looking you up by name 
is reasonably effective at the moment.

If you can do a search-by-name, then your Facebook email address can be 
deduced trivially from the url of your status page (eg "david.conrad 
.nnnn" in your case) even if you choose not to reveal that email address 
in your Contact Info.

>To me, it's simple: if you want to keep something private, don't put it 
>on the Internet, regardless of whether the vehicle for posting is 
>Facebook or anything else.

So maybe you wouldn't mind me publishing your Facebook email address? My 
'Old World' netiquette forbids it though.

>Where my rights to privacy are impacted is when I do not have control 
>over what gets put onto the Internet.

Or as you put it on Facebook: "Everything is wonderful until you know 
something about it". Based on my example above I'm sure some people are 
reaching for their keyboards to say "but but but, you can prevent anyone 
at all from emailing you at your Facebook address", but actually they 
recently changed that as well.

>The interesting Internet governance question to me is given the 
>increased governmental mandates for putting stuff like health records, 
>utility billing information, etc., onto the Internet whether I have any 
>control anymore.

I make a distinction between information that's published to at least a 
subset of the public, and that which is intended to be restricted to a 
supplier/customer relationship, like utility billing information.

But to extend an earlier analogy, I suppose you could always move to a 
different country!

-- 
Roland Perry

-------------- next part --------------
____________________________________________________________
You received this message as a subscriber on the list:
     governance at lists.igcaucus.org
To be removed from the list, visit:
     http://www.igcaucus.org/unsubscribing

For all other list information and functions, see:
     http://lists.igcaucus.org/info/governance
To edit your profile and to find the IGC's charter, see:
     http://www.igcaucus.org/

Translate this email: http://translate.google.com/translate_t

More information about the Governance mailing list