Upload
madeline-trujillo
View
216
Download
1
Tags:
Embed Size (px)
Citation preview
Copyright2005-07
1
and Privacy
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, Department of Computer Science, A.N.U.and in Cyberspace Law & Policy, U.N.S.W.,
and in eCommerce at Uni. of Hong Kong
http://www.anu.edu.au/people/Roger.Clarke/…
…/DV/Googacy-070919 {.html, .ppt}
ANU DCS – 19 September 2007
Copyright2005-07
2
Google and PrivacyAgenda
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
Copyright2005-07
3
Privacythe interest that individuals have in
sustaining a 'personal space',free from interference
by other people and organisations
Privacy Protectiona process of finding appropriate balances
between privacy and multiple competing interests
Copyright2005-07
4
Privacy cf. Data Protection• Dimensions of privacy interest:
• The Physical Person• Personal Behaviour• Personal Communications• Personal Data
• Motivations for protecting privacy:
• Psychological• Social• Economic• Political
Copyright2005-07
5
‘Research Your Next Appointment’
• Their Site(s)/Blog(s)• Event Programs• Committee Minutes• Letters to the Editor• Postings
• email-lists• fora• blogs
• Logs (e.g. in court)• IAPs• ISPs• own machine
• Media Reports• as subject• as reporter• as commentator• as bystander
• 'Public Records'• Court Reports• ‘Little Black Books’• Commercial Databases• Dead Pages, from the
Wayback Machine• Specialist Sites, e.g.
Zoominfo.com, Spock.com
Copyright2005-07
6
Privacy Threats from Open Information
Discoverability• Data• Associations• Location• Habits
Consolidation, e.g. for:• Profiling• Manipulation• Character Assassination
Data Quality Problems• Out-of-Date• Incomplete• Acontextual• Inaccurate• Scurrilous• Spurious
Second-Round Effects• More Data Retention• More Data Capture
Copyright2005-07
7
SpiderCrawleror Robot
IndexerIndexor
Concordance
Phase 1 - Crawlingand Indexing
Phase 2 - UseCache TheInternet
SearchEngine
Operation
Copyright2005-07
8
Google’s Business(es)1. Content Discovery Services
• The Largest Coverage (size of the Reference List)
• The Smartest Precedence Algorithm (the sorting part of the Results Formatter)
• The Fastest, Simplest, Best? Search-Service (a UI for normal people, not specialists)
• Multiple Constrained Searches (images, blogs, Froogle)
• Multiple Extension Services (Answers, Scholar)
froo·gle (fru'gal) n. Smart shopping through Google
Copyright2005-07
9
Google’s Business(es)2. Content Services
• Google Earth• Google Base• Google Video /
YouTube• ...
• Google News • Google Library /
Print• ...
Copyright2005-07
10
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
Google’s CEO NYT, 10 Feb
2005
Round 1• Search-Terms• IP-address(es)• Click-Trail• Click-Throughs
Copyright2005-07
11
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
Google’s CEO NYT, 10 Feb
2005
Round 1• Search-Terms• IP-address(es)• Click-Trail• Click-Throughs
Round 2• Google Accounts:
• Email-Address as Username
• A Common Cookie
Copyright2005-07
12
Email – Long-Term Risk Exposures
Both Parties’s IAPs:• IP-address(es) used, disclosing location, trail• Authorised / unauthorised disclosure,
with/without notification• Traffic data retention, message retentionMail-Recipient’s ISP:• Access to, and use of traffic• Access to, and use of content• Authorised / unauthorised disclosure,
with/without notification• Message retention after downloadISP Mail-Hosting / Webmail• Message retention, long-term
Copyright2005-07
13
– Yet More Risk Exposures
Gmail Subscribers• Targeted Ads based on text from senders
=> consumer manipulation• Correlation with Data from Other
Services
Copyright2005-07
14
– Yet More Risk Exposures
Senders to Gmail Addresses
• Examination of Text• Long-Term Retention• Consolidation
with Other Sources• Long-Term Unauthorised
Disclosure• No notification of
disclosures
Senders Generally• Postings to Lists
if even a single subscriber is a Gmail account
• Forwards to Gmail accounts
• Forwards to Listsif even a single subscriber is a Gmail account
Copyright2005-07
15
Copyright2005-07
16
EPIC on Gmail• No Non-Subscribers Consent
to content extraction• Unlimited Data Retention• Profiling across Google
product line• Harms expectation of
privacy• Insufficient privacy policy• No data protection on
sale of company or change of company policy
http://www.epic.org/privacy/…… gmail/faq.html, August 2004
• Gmail is a privacy disaster• Google is engaging in
indefinite data retention• Google has publicly
stated it will not discuss law enforcement requests for personal information
• We have no idea how Google responds to law enforcement, nor how many requests have been received
private email from EPIC, 8 Dec 2005
Copyright2005-07
17
v. 1 – October 2004
Search Within Your Own Computer“A desktop search application that provides full text search over your email, files, music, photos, chats, Gmail, web pages that you've viewed, ...”(cf. Apple’s Sherlock 1998, later Spotlight, and many third-party products for Wintel)It allows people to scan their computers for information in the same way that they use Google to search the web
http://desktop.google.com/about.html
Copyright2005-07
18
v. 3 – 9 Feb 2006
Search Across Your ComputersBUT“In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google”
cf. MS Passport data, centralised at Redmond WA
http://desktop.google.com/...features.html#searchremote
Copyright2005-07
19
Would you trust this product ???Terms:
http://desktop.google.com.au/mac/install.html
Privacy Policy:Protecting users' privacy is very important to Google and the Third Parties. As a condition of downloading and using the Software, you agree to the terms of the Google Pack Privacy Policy ..., which may be updated from time to time and without notice.
No Read-Me File accompanies the download.There are no explanations as to how to de-install.It appears that the default may be set to
Promiscuous:http://desktop.google.com.au/en/mac/gettingstarted.html#prefs shows 'On'
Copyright2005-07
20
– Google’s ‘Social Networking Service’
• Requires a Google Account …• Is linked to Gmail ...• Profiles of Members are:
• Self-Captured• Unauthenticated
• Profiles of People Nominated by Members:• Captured by Members, e.g.
by upload of their address-books• Unauthenticated• Without Consent
• Discloses Traffic• Discloses Social Networks of Members and Non-
Members
Copyright2005-07
21
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
Copyright2005-07
22
Google as Wireless Internet Access Provider
http://www.techworld.com/mobility/...features/index.cfm?featureid=1837
Acceptance of Google’s tender confirmed 5 April 2006
Copyright2005-07
23
12 Months Later ...• WinterGreen Research, Inc. April 2007
Earthlink and San Francisco have finalised a Wi-Fi contract. The contract enables Earthlink to build a citywide wireless services network and Google to provide free Internet access
But, 4 Months After That ...• Blow as two ‘Muni WiFi’ schemes fail
Financial Times, 31 August 2007The San Francisco scheme … fell apart on Wednesday night after Earthlink, the [ISP], said it was pulling out of a contract to build the city’s WiFi network
Copyright2005-07
24
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Copyright2005-07
25
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Google AdSense• Minor Page-Owners let ad-space to Google• Google gathers data about all traffic
to all sites that are ‘AdSense affiliates’
Copyright2005-07
26
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Google AdSense• Minor Page-Owners let ad-space to Google• Google gathers data about all traffic
to all sites that are ‘AdSense affiliates’
On 13 Apr 2007, Google bought DoubleClick
Copyright2005-07
27
New York Consumer Protection Boardhttp://www.consumer.state.ny.us/pressreleases/2007/may092007.htm
“the combination of DoubleClick's Internet surfing history generated through consumers' pattern of clicking on specific advertisements, coupled with Google's database of consumers' past searches, will result in the creation of ‘super-profiles’, which will make up the world's single largest repository of both personally and non-personally identifiable information”. [bigger than Acxiom?!]The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third parties, as well as public disclosure as evidence in litigation or through data breaches.
Copyright2005-07
28
Current Regulatory Investigations
http://www.epic.org/privacy/ftc/google/
• US Federal Trade Commissionhttp://www.internetnews.com/bus-news/article.php/3680266
• EU Directorate on Competitionhttp://ec.europa.eu/comm/competition/index_en.html
• Aust Competition and Consumer Commissionhttp://www.accc.gov.au/content/index.phtml/itemId/788097
• EU Data Protection Commissionershttp://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_21_06_07_en.pdf
Copyright2005-07
29
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
Round 4• Google as Wireless IAP
Gratis (i.e. ad-funded)• Ad Syndication (AdSense)• Consolidation of the
Consumer Profiles held by DoubleClick and Google
Copyright2005-07
30
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
Round 4• Google as Wireless IAP
Gratis (i.e. ad-funded)• Ad Syndication
(AdSense)• Consolidation of the
Consumer Profiles held by DoubleClick and Google
Round 5• Psych profiles from
online gaming• Face Recognition
in Image Search• Street View• Facebook profiles• ...
Copyright2005-07
31
Google and PrivacyAgenda
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
Copyright2005-07
32
A Normative Template forTerms of Contract for Consumer
Transactionshttp://www.anu.edu.au/people/Roger.Clarke/EC/ICEC06.html#TN
T
• Information• Terms• Security• Choice• Consent• Recourse• Redress
Copyright2005-07
33
The Normative Template forMarketer-Consumer
Communications
• Information• Terms• Security• Choice• Consent• Recourse• Redress
Recourse• Enquiry and Complaints Process
• accessibility• prompt acknowledgement• copy into the consumer's email-archive• responsiveness to enquiry or complaint
• acknowledgement• resolution
• Restitution• product quality shortfalls
• own products and services• third-party products and services
• fulfilment quality shortfalls• payment errors
• External Complaints Mechanisms• information provided about them• prompt and appropriate communications with
regulators
Copyright2005-07
34
Google’s Challenges to Consumer Law
Consumer Benefits• Enormous• Gratis• But there is
consideration:acceptance of advertising, including intrusiveattention-grabbing devices (‘blink’, popups)
Terms:• Non-Negotiable• Non-Transparent• Changeable at whim• Not Version-Managed
Recourse• All-But Non-Existent
No sign of recovery of lostconsumer protectionsWSIS 2005, IGF are
vacuous
Copyright2005-07
35
Information PrivacyThe interest an individual has in controlling,
or at least significantly influencing, the handling of data about themselves
• Regulation:Data Protection Law, enforced by a Regulator [EU, Others – ???]
• Co-Regulation:Privacy Policy Statements, enforced by a Regulatore.g. through Trade Practices Law [US – ??]
• Self-Regulation:Privacy Policy Statements without enforcement [US actual]
Achieved Through
Copyright2005-07
36
28th International Data Protection and Privacy Commissioners' Conference
London, United Kingdom – 2 and 3 November 2006
Resolution on Privacy Protection and Search Engines
http://www.bfdi.bund.de/cln_029/nn_533554/SharedDocs/Publikationen/EN/InternationalDS/ConferenceOfInternationalDataProtectionCommissioners2006-
ResolutionSearchEngines,templateId=raw,property=publicationFile.pdf/ConferenceOfInternationalDataProtectionCommissioners2006-
ResolutionSearchEngines.pdf
“… providers of search engines … shall not record any information about the search that can be linked to users or about the search engine users themselves.“After the end of a search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data necessary to provide a service stored (e.g. for use in future searches)”
Copyright2005-07
37
A Privacy Statement Templatehttp://www.anu.edu.au/people/Roger.Clarke/DV/PST-
051219.html
• Data Collection• Data Security• Data Use• Data Disclosure• Data Retention and Destruction• Access by You to Your Personal Data• Information about Data Handling Practices• Handling of Enquiries, General Concerns and
Complaints• Enforcement• Changes to These Privacy Undertakings
• Definitions
Copyright2005-07
38
Google’s Privacy Statementhttp://www.anu.edu.au/people/Roger.Clarke/DV/PST-
Google.html
• Cookies not RFC2964-compliant• Cookies and Login (with Email-
Address as Username) enable the consolidation of a very substantial amount of identified personal data, without informed consent
• Purposes of Use and Disclosure vague but very extensive
• Storage in ‘Data Havens’ (such as the USA)
• Non-Consensual Use and Disclosure (presumption of consent, i.e. opt-out)
• Extraneous Disclosures not notified to the individual concerned
• No Information provided about Data-Handling Policies and Practices
• No Assurances whatsoever re:• Access by the Data Subject
[new WebHistory feature?]• Data Quality• Data Correction or Deletion• Data Relevance• Data Retention, Destruction
• No Consultation with Privacy Advocacy Organisations
• Deficient Complaint-Handling Procedures
• The Undertakings are Void in the event of merger, acquisition or sale of assets
• The Undertakings are Unenforced, and Probably Unenforceable
Copyright2005-07
39
Paranoia
http://www.google-watch.org/
Copyright2005-07
40
DIY Privacy-Protectionhttp://www.freenet.org.nz/misc/google-privacy.html
A simple HOWTO for stopping Google from logging your search history. In summary, the solution is to :
• clear all long-lasting cookies• set your browser to not keep cookies
between restarts• divert all google requests out
through an anonymous proxy
BUT ALSO !!!• Frequently re-start• Don’t register• Don’t use DeskTop, Gmail, …• Don’t send to Gmail accounts ...
Copyright2005-07
41
Google Mythology: “Do No Evil”• Two variants are evident on the web-site:
(1) number 6 of 'Ten things Google has found to be true':"you can make money without doing evil".But that statement is descriptive, not normative
(2) "Our informal corporate motto is 'Don't be evil' " But that statement is part of a ‘Code of Conduct’ communicated to investors, not customers, and is in any case completely non-binding
• There is an relevant corollary:• "You can make money without doing evil;
but you can make more money by doing evil"• Given the legal obligations of corporations,
the epithet actually implies that evil should be done
Copyright2005-07
42
Google Mythology:"Protecting users' privacy is very important
to Google" • World's-Worst Privacy Policy stance• "We will remove IP-addresses after 18 mths"
(They don't need them beyond 18 seconds)• "We will auto-delete cookies 2 yrs after last visit"
(Gobbledygook. They're remote from them …And there's no need for long-term cookies at all. It's better to block cookies, auto-delete cookies, delete cookies, and/or use a nymous proxy-server)
• Argues at UNESCO for standardisation on the world's weakest code. (The APEC code was designed by privacy-hostile USA with Australian help, using privacy-hostile Asia as the excuse)
Copyright2005-07
43
Google and PrivacyRecapitulation
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
Copyright2005-07
44
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Copyright2005-07
45
and Privacy
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, Department of Computer Science, A.N.U.and in Cyberspace Law & Policy, U.N.S.W.,
and in eCommerce at Uni. of Hong Kong
http://www.anu.edu.au/people/Roger.Clarke/…
…/DV/Googacy-070919 {.html, .ppt}
ANU DCS – 19 September 2007
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.