On March 4-5 2013 the Internet Society’s North America Bureau webcast the Freedom to Connect 2013 conference in Washington DC. One keynote speaker was Glenn Greenwald, who has recently come to international attention as the journalist who broke the NSA surveillance story. In his hour long speech, he talks about Aaron Swartz, the imbalance of justice, the growth of the surveillance state, the nature of power in the digital age, and its implications for Internet freedom. There are a couple of small glitches in the recording, for which we apologize. Video is below.
Tagged: privacy Toggle Comment Threads | Keyboard Shortcuts
@InternetSociety Statement on the Importance of Open Global Dialogue Regarding Online Privacy #prism #privacy
Internet Society Statement on the Importance of Open Global Dialogue Regarding Online Privacy
[Washington, D.C. and Geneva, Switzerland] The Internet Society has noted recent revelations regarding the apparent scope of U.S. government efforts to gather large amounts of end user information from U.S. Internet and telecom service providers for intelligence purposes. We are deeply concerned that the unwarranted collection, storage and potential correlation of user data will undermine many of the key principles and relationships of trust upon which the global Internet has been built. The impact of this action is not limited to U.S. users or companies, but has implications for Internet users around the globe.
While government plays an important role in protecting its citizens and there is a need for better approaches to address online security, the Internet Society strongly believes that real security can only be realized within a broader context of trust and the respect of fundamental rights, such as privacy. The Internet Society, along with many other organizations and individuals around the world, expect governments to respect and protect the basic rights of their citizens – including the right to privacy both offline and online – as enshrined in the Universal Declaration of Human Rights.
The U.S. Government has previously taken an active role in championing these rights in the international sphere. For example, the U.S. played a leadership role in the adoption of the Human Rights Council Resolution A/HRC/RES/20/8, which re-affirmed that fundamental rights are applicable to individuals’ activities in the online environment as well, including privacy and freedom of expression. This means that restrictions of rights should be exceptional and conform to internationally accepted criteria such as: provision by law; pursuing a legitimate purpose; proven as necessary and the least restrictive means required to achieve the purported aim. Users naturally have higher expectations of governments who have adopted these international standards.
The Internet must be a channel for secure, reliable, private communication between entities and individuals. Consensus for internationally recognized data protection standards has been formed through agreements constituting key building blocks of online trust, including the OECD Guidelines on the Protection of Privacy and Transborder Flows of Personal Data, the Council of Europe Convention for the Protection of Individuals with Regard to Automatic Processing of Personal Data, the EU Data Protection framework, and the APEC Privacy Framework and Cross Border Privacy Rules system.
Emerging revelations about alleged U.S. programs to gather information about Internet users raise clear questions about the extent to which individuals’ expectations of privacy have been compromised. This kind of collection of user information is at odds with the commitments governments around the world have made with respect to protection of personal data and other human rights. We would expect any government signing onto these principles to fully engage with its citizens in an open dialogue when seeking to achieve both the protection of individual rights and national security. We also need to challenge the view that there always has to be a trade-off between ensuring security and protecting users’ rights.
The Internet Society is also deeply concerned that alleged programs and similar efforts by other governments will have a chilling effect on the deployment and adoption of technical solutions for establishing trusted connections online. This kind of trust-enabled infrastructure is needed to maintain global interoperability and openness. The Internet is global – the impact of programs like these is not limited to the specific country in question but rather reverberates across the globe to users everywhere.
The revelations of recent days underscore the importance of an open global dialogue regarding online privacy in the realm of national security and the need for all stakeholders to abide by the norms and principles outlined in international agreements on data protection and other fundamental rights. Trusted interactions in cyberspace are critical not only for the future of the Internet, but also for continued innovation, economic and political progress and a vibrant global community. Users need clear and realistic expectations of online privacy that are respected by governments and enterprises alike, so that they can continue to use the Internet in ways that enhance all of society.
On Tuesday March 26 2013, at Thoughtworks NYC office, the Internet Society’s New York Chapter (ISOC-NY) presented “It’s the Web, Tim, but not as we know it” in which guest Michiel de Jong explained unhosted, an open source solution for privacy and security in the cloud.
The web started out as a platform for static documents. It then evolved into a platform for hosted software, that runs “in the cloud”, outside the user’s control. But html5 technology allows for a new option: “unhosted web apps”. Like documents, unhosted web apps are served as static content, which makes them cheap to publish. But like hosted software, they can have all the interactive functionality of a software application. In this new paradigm, the web is used to deliver the source code of the application, rather than delivering its user interface. Two years ago Michiel de Jong quit his day job as a scalability engineer, to work on free technology in exchange for donations. He now lives as a digital nomad and will be giving this talk remotely. This is a followup to the 2012 ISOC-NY/NYTECH event “New Techniques for Protecting Cloud Data and Security”
Before Michiel spoke, there was brief presentation by Mozilla System Adminstrator Ben Kero on the new FirefoxOS for mobile devices.
On February 14 2013 Center for Information Technology Policy at Princeton University (CITP) will host a lunchtime discussion The New Final Rule on COPPA: Needed Protections or Impending Doom for Kids’ Content?. Presenter Steven Roosa is a Fellow at CITP, a partner at the law firm of Holland & Knight, and co-chair of Holland & Knight’s Privacy and Data Security Team. The discussion will be webcast live via YouTube.
What: The New Final Rule on COPPA: Needed Protections or Impending Doom for Kids’ Content?
When: February 14 2013 12.30pm EST | 1730 UTC
Where: 306 Sherrerd Hall, Princeton University
Description: The FTC’s new Rule under the Children’s Online Privacy Protection Act (COPPA) becomes effective on July 1, 2013. The new Rule marks a major expansion of the long-arm reach of the FTC, both in terms of the entities subject to COPPA’s requirements as well as what data meets the definition of “Personal Information.” “Personal Information,” under the new Rule, now includes purely technical identifiers that currently enjoy near ubiquitous use in the kid-directed online and mobile space but which, in most cases, will now require parental consent come July 1, 2013. Many of these technical identifiers (e.g., UDID, MAC address, IFA) are currently collected by 3rd parties. As reflected in Commissioner Maureen K. Ohlhausen’s dissenting Statement, the FTC may not even have the requisite statutory authority to reach this 3rd party conduct. This presentation will examine the practical scope of the new Rule, the potential for unintended economic consequences, and the possibility of administrative law litigation to have the new Rule declared ultra vires.
A live webcast of the Asia Internet Symposium, Kolkata 2012 has just commenced on the Internet Society Chapters webcast channel. The theme of the Symposium is
‘The Twin Challenges of Security & Privacy: Balancing the Requirements‘.
What: Asia Internet Symposium, Kolkata 2012
Where: Hyatt Regency Kolkata, India
When: Tuesday October 9 2012 – 1400-1730 IST | 0830-1200 UTC | 0430-0800 EDT
VIDEO: Transatlantic Perspectives on Digital Rights and Online Privacy #OnlinePrivacyUS2EU #netfreedom
Earlier today – July 25 2012 – the New America Foundation hosted a German delegation in Washington DC to compare notes on digital rights and privacy. The archived webcast is below. Hashtag is #OnlinePrivacyUS2EU
Deputy Chief Technology Officer for Internet Policy, Office of Science and Technology Policy, The White House
Konstantin von Notz @KonstantinNotz
Member of German Parliament
Markus Beckedahl @netzpolitik
Chairman, Digitale Gesellschaft e.V. (Digital Society)
Host, re:publica, Germany’s largest social media conference
Jeanette Hofmann @jehof
Research Fellow, Social Sciences Research Center Berlin
Co-Founder and Director, Alexander von Humboldt Institute for Internet and Society
Gigi Sohn @gigibsohn
President and CEO, Public Knowledge
Sascha Meinrath @saschameinrath
Director, Open Technology Institute, New America Foundation
On June 19 2012 James Grimmelmann, Professor of Law, New York Law School, gave testimony before the U.S. House Committee on the Judiciary – Subcommittee on Intellectual Property, Competition, and the Internet – at a hearing on New Technologies and Innovations in the Mobile and Online Space and the Implications for Public Policy.
What: The Latest Developments in Internet Privacy
Where: Arlington, VA
When: Thursday March 29 2012 – 8.30am-10.30am EDT | 1230-1430 UTC
Justin BrookmanErica Newland, Center for Democracy and Technology
- Jules Polonetsky, Future of Privacy Forum
- Christopher Wolf, Hogan Lovells
On February 18 2012 the Internet Society’s New York Chapter (ISOC-NY) participated in the first ever FreedomBox Hackfest, held at the Columbia School of Law in New York City. The FreedomBox is an initiative “to create a network of personal servers to protect privacy during daily life, maintain beachheads of free network access during times of political instability, and open lines of communication during natural disasters.” The project is a direct consequence of the “Freedom in the Cloud” talk that Eben Moglen gave two years, almost to the day, earlier for ISOC-NY.
One foundational issue is the question of how the FreedomBoxes will identify themselves, discover their peers, and know which ones to trust. In our our first video we see a pair of presentations, one by Nic Daley, another by Isaac Wilder, that explore the problem.
ISOC-NY President David Solomonoff took the opportunity to sit down with FreedomBox Executive Director James Vasile to get some background on the project.
A contingent from the The Free Network Foundation was present at the hackfest and, indeed, a prototype of their “Freedom Tower” was in operation to provide participants with connectivity. FNF based local wireless networks, combined with FreedomBox distribution, can be the foundation of powerful community-based autonomous systems. David Solomonoff talked to Isaac Wilder and Marcus Eagan to find out more about the organization, and their forthcoming pilot project in Detroit.
The Internet Society (ISOC) will present an INET Regional Conference on June 14 2011 at the Sheraton Downtown in Philadelphia. The theme is “Maintaining Trust: The Future of Internet Security and Privacy.”. The distinguished line up of speakers will include Google Internet Evangelist Vint Cerf, Internet Child Safety Expert Parry Aftab, and Internet Policy Advisor at the National Institute of Standards and Technology Ari Schwartz.
What: INET Philadelphia
When: Wednesday October 5, 2011: 9am-5pm EDT
Where: Sheraton Downtown, 201 North 17th Street, Philadelphia
Who: ISOC Members $25, Others $50
Protecting customer, patient, and student information is a critical aspect of doing business in the online environment. Learn from industry experts exactly where Internet security and privacy are headed and what challenges remain on the horizon. In this one-day seminar, we’ll tackle today’s most pressing security and privacy challenges, including:
- How can organizations maintain the trust of customers, students, and patients while simultaneously keeping data secure and providing an open and service-oriented environment?
- What are the risks and liabilities of data breaches? How can technologies help prevent them and what should companies do if they experience a data breach?
- What are the implications of mobility and cloud computing from a security planning perspective? How do businesses protect data in motion in the event of device loss or compromise?
Panelists include Google’s Vinton G. Cerf, vice president and chief Internet evangelist; plus industry experts from Microsoft, PayPal,McAfee, Afilias, Comcast Cable,Temple University, and the FBI.
This is an unprecedented opportunity to network with the thought leaders and policy makers who are designing the global networks of tomorrow and creating the legislation that will safeguard the Internet for the future.
About the Internet Society
The Internet Society (ISOC) is a nonprofit organisation that is built on a network of over 80 local chapters around the world. We are dedicated to ensuring the open development, evolution and use of the Internet for the benefit of people throughout the world. The Internet Society has organized the INET in cooperation with our Philadelphia Chapter to provide leadership in Internet related standards, education and policy.
Susan Crawford in a Jul. 24 Bloomberg column Cyberwar Hysteria Hurts U.S., Helps Consultants notes how security hype, fueled by consultants spreading FUD couched in military language, is driving wholesale compromises of privacy and freedom.
The administration’s draft cybersecurity bill released in May would result in regulation of private Internet access providers by the Department of Homeland Security. The DHS approach maps to the framework under which chemical plants handling hazardous substances are regulated, signaling that some sector of the administration views the Internet as akin to an informational toxic-waste dump.
Most importantly, the bill would allow unrestrained “voluntary” sharing of any information by private operators with DHS, no matter how it was acquired and no matter how existing law would otherwise restrict disclosure of the information. Such sharing would be justified for cybersecurity purposes, if the operator made efforts to remove irrelevant identifying information and complied with not-yet-written privacy protections. This government- centered structure bypasses the Fourth Amendment’s right to privacy. The stated limitations are no real limitation at all.
The White House proposal would also broaden the scope of the Computer Fraud and Abuse Act, make the CFAA part of a racketeering prosecution (triggering harsh penalties), and generally enhance the sentences available under that statute. The CFAA already is interpreted breathtakingly broadly. All computers connected to the Internet are protected by the CFAA against undefined “unauthorized access,” which has made it possible for disgruntled employers to go after employees who use any information for purposes the employer doesn’t like. Expanding an already unconstrained scheme is the D.C. equivalent of jumping the shark; it calls the entire cyberwar enterprise into question.
On Feb 16 2011 Fordham Law School’s Center on Law and Information Policy will host NYU Professor Helen Nissenbaum talking about her new book “Privacy in Context: Technology, Policy and the Integrity of Social Life.”
What: Privacy in Context: Technology, Policy and the Integrity of Social Life
When: Wednesday, February 16 4:30pm
Where: Room 204, Fordham Law School, 140 W. 62 St. NYC
RSVP: email@example.com – Public welcome.
Roger Cochetti, RJC Associates
- Jim Dempsey, Vice President of Public Policy, Center for Democracy & Technology
- Ed Felten, Chief Technologist, Federal Trade Commission
- Ambassador Phillip Verveer, Deputy Assistant Secretary of State & U.S. Coordinator for International Communications & Information Policy, State Department
The option would allow users to transmit a Do Not Track HTTP header with every click or page view in Firefox, to provide a way for people to opt-out of online behavioral advertising (OBA).
- Mozilla Do-Not-Track FAQ
Kevin Bankston of the EFF reports a landmark decision issued today in the criminal appeal of U.S. v. Warshak, the Sixth Circuit Court of Appeals has ruled that the government must have a search warrant before it can secretly seize and search emails stored by email service providers. Closely tracking arguments made by EFF in its amicus brief, the court found that email users have the same reasonable expectation of privacy in their stored email as they do in their phone calls and postal mail.
The court held,
Given the fundamental similarities between email and traditional forms of communication [like postal mail and telephone calls], it would defy common sense to afford emails lesser Fourth Amendment protection…. It follows that email requires strong protection under the Fourth Amendment; otherwise the Fourth Amendment would prove an ineffective guardian of private communication, an essential purpose it has long been recognized to serve…. [T]he police may not storm the post office and intercept a letter, and they are likewise forbidden from using the phone system to make a clandestine recording of a telephone call–unless they get a warrant, that is. It only stands to reason that, if government agents compel an ISP to surrender the contents of a subscriber’s emails, those agents have thereby conducted a Fourth Amendment search, which necessitates compliance with the warrant requirement..
The decision essentially invalidates the Stored Communications Act, so it will either be appealed up to the Supreme Court, or Congress shall have to do some fixing.
- Decision pdf
Video: NY Tech Council Innovations in Media Series – Advertising Technology #advertising #media #internet #privacy
The New York Technology Council presented the second panel in its Innovations in Media Series – Advertising Technology: How has technology reshaped the advertising business model? – at CUNY Graduate Center NYC on Dec 2 2010. Coming directly on the heels of the FTC’s announcement of a proposed Do-Not-Track framework, a stimulating discussion on the trade-offs between privacy and commerce.
Joseph Plummer, Sr. Associate, Olson Zaltman Associates and Associate Professor at Columbia Business School
Ari Bluman, President, North American Sales & Operations, 24/7 Real Media
Brian Adams, Chief Technology Officer, AdMeld
Stuart Elliott, Columnist, The New York Times
The Federal Trade Commission is considering a “Do Not Track” approach in a proposed framework for consumer privacy.
The preliminary staff report notes that current ‘opt-out’ mechanisms are piecemeal and ineffective, and concludes:Given these limitations, Commission staff supports a more uniform and comprehensive consumer choice mechanism for online behavioral advertising, sometimes referred to as “Do Not Track.”Such a universal mechanism could be accomplished by legislation or potentially through robust, enforceable self-regulation. The most practical method of providing uniform choice for online behavioral advertising would likely involve placing a setting similar to a persistent cookie on a consumer’s browser and conveying that setting to sites that the browser visits, to signal whether or not the consumer wants to be tracked or receive targeted advertisements. To be effective, there must be an enforceable requirement that sites honor those choices.
The staff proposes further discussion on several issues:
1) that such a “universal choice mechanism” should not “undermine the benefits that online behavioral advertising has to offer”
2) that the mechanism should preferably be a “browser-based mechanism through which consumers could make persistent choices” – i.e. a browser “Do Not Track” button.
3) that provision may have to be made for selective opt-in within the opt-out mechanism.
4) that the mechanism be simple
5) that the mechanism be comprehensive, i.e include mobile
6) that it be mandatory
In a response in the report’s appendix, Commissioner William E. Kovacic has qualms. He raises some interesting questions about the economic effects of such a mechanism on advertising supported free web content:
It is possible that if online content providers can deny free access to those who opt out of tracking, they can prevent free riding. Setting prices is costly; if willingness to pay to avoid tracking varies substantially, the informational requirements to set access prices will be large. For a number of content providers, a price-for-content model is likely to provide less revenue than monetization via advertising; that most websites choose an ad-driven model rather than a direct fee model suggests that the former is a more efficient means than the latter to monetize content in most circumstances. At the margin – which may be large – forcing firms away from their revealed-preferred method of monetization may reduce revenue and hence degrade quality. In discussing whether website content might be degraded by consumers choosing not to be tracked, how, if at all, should such risks impact the Commission’s analysis?
CNET reports on a California suit against Disney, Warner Bros, and some other big pockets. The suit alleges that, on their behalf, Clearspring (famous as the creators of ShareThis) used Flash cookies to re-install deleted http cookies on user’s machines, contravening the Computer Fraud and Abuse Act, California’s Computer Crime law, and that state’s Invasion of Privacy Act. The filers are seeking class action status.
The Digital Due Process Coalition brings to gether such unlikely bedfellows as CDT, Google, AT&T, Microsoft, Yahoo!, AOL and the ACLU, along with some lawyers that ISOC-NY webcast viewers will be well familiar with like Susan Crawford, James Grimmelmann, Frank Pasquale, & David Post, united in the purpose of advocating reform of The Electronic Communications Privacy Act (ECPA) of 1986.
The ECPA is the statute under which the federal government can snoop into your email, and enforce co-operation in its efforts from ISPs. The move to cloud computing has nullified many of the protections in the act, and providers are facing increasing demands for access from law enforcement. The DDPC is demanding an overhaul of the statute, and a return to due process = warrants before they hand over users missives.
The New Jersey Supreme Court on Tuesday gave workers in New Jersey an assurance of privacy in using workplace computers to talk with their lawyers, ruling a company’s e-mail-monitoring policy yields to the attorney-client privilege.
Chief Justice Stuart Rabner, writing for the unanimous court in Stengart v. Loving Care Agency Inc., A-16-09, said a plaintiff in an employment discrimination suit against her employer had a reasonable expectation that e-mails to and from her attorney on her personal Yahoo account would be private, although transmitted via a company-owned laptop.
While finding the employer’s policy ambiguous in its reach, Rabner said that “even a more clearly written company manual — that is, a policy that banned all personal computer use and provided unambiguous notice that an employer could retrieve and read an employee’s attorney-client communications, if accessed on a personal, password-protected e-mail account using the company’s computer system — would not be enforceable.”
One of the Electronic Frontier Foundation’s founding principles was Mitch Kapor’s aphorism, “Architecture is politics.” The design of systems determines the kinds of politics that can take place in them, and designing a system is itself a political act. As part of EFF’s ongoing 20th anniversary celebrations, it held a panel called “Architecture is policy” at Carnegie-Mellon, featuring Ed Felten, Dave Farber, Lorrie Cranor, John Buckman, and Cindy Cohn
via Boing Boing
An NY Times article – Redrawing the Route to Online Privacy reports general consensus that the traditional “notice and choice” method of web-user privacy protection doesn’t cut it any more. As noted yesterday the NTIA and FCC have launched an initiative to consider regulation, but the trade offs between civic and economic interests make it a tricky business.
Meanwhile academics are coming up with their own solutions:
- privacy nudges: smart agents that alert users before they give away personal info.
- visceral notices: human-like warnings that are more likely to be heeded.
- browser reform: establishment of anonymous browsing as the norm rather than the exception.
Lawrence E. Strickling, Assistant Secretary of Commerce for Communications and Information, gave a speech The Internet: Evolving Responsibility for Preserving a First Amendment Miracle at The Media Institute in Washington DC on February 24, 2010.
In it he suggests that we are now entering on a third stage of Internet development -whereas the Internet has been allowed togrow freely and form its own ecosystems, it is now becoming necessary to for some intervention to allow it to flourish optimally, particularly with respect to free speech. He notes the following initiatives:
Child protection and Freedom of Expression: The Online Safety Technology Working Group, created by Congress and convened by NTIA, will issue a report on the state of the art in child protection strategies online.
Cybersecurity: How do we meet the security challenge posed by the global Internet which will require increased law enforcement and private sector technology innovation yet respect citizen privacy and protect civil liberties. A Commerce Department cybersecurity initiative will address these issues, particularly as they relate to improving the preparedness of industry for cyber attacks.
Copyright protection: NTIA and the US Patent and Trademark Office, are beginning a comprehensive consultation process that will help the Administration develop a forward-looking set of policies to address online copyright infringement in a balanced, Internet-savvy manner.
Internet Governance: The NTIA will conduct a series of administrative reviews to ensure that the agreed upon ICANN commitments are carried out in full.