Vogel Internet, Information Technology and e-Discovery Blog : Texas Internet, Information Technology, eCommerce & E-Discovery Lawyer & Attorney Peter S. Vogel : Gardere Wynne Sewell Law Firm : Dallas TX

GPS data about an alleged drug dealer’s location obtained from a GPS device attached to his car without a warrant, violated the defendant’s Fourth Amendment guarantee of privacy. In US v. Jones the US Supreme Court ruled 9-0 that prosecutors could not use the ill-gotten GPS data. However the Court, in its opinion, included a broader reference to GPS data from wireless devices:

… cell phones and other wireless devices now permit wireless carriers to track and record the location of users—and as of June 2011, it has been reported, there were more than 322 million wireless devices in use in the United States.

So even though the Court ruled against using location data obtained without a warrant in a criminal case, it also effectively acknowledged that wireless GPS data may be the next area of privacy concern. 

However when parties voluntarily provide information to Internet sites, their expectation of privacy is different. As Justice Sotomayor stated:

People disclose the phone numbers that they dial or text to their cellular providers, the URLS that they visit and the e-mail addresses with which they correspond to their Internet service providers, and the books, groceries and medications they purchase to online retailers . . . I for one doubt that people would accept without complaint the warrantless disclosure to the Government of a list of every Web site they had visited in the last week, or month, or year.

So the Supreme Court likely has more to say about privacy protection as it relates to GPS and Internet data.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

My video interview about business risks concerning Internet Privacy Policies is very timely since Google just announced a radical change in its Privacy Policies. You are welcome to view the video interview “Privacy Policies: What You Don't Know Can Hurt You” thanks to my friends at Financial Management Network (& parent SmartPros Ltd.).

Of course Privacy Policies is a common topic for me as my October 2011 monthly Technology Law column at eCommerce Times was entitled “Shore Up Your Privacy Policy Before Disaster Strikes” and included discussion about:

• What Type of Information Do Privacy Policies Protect? - Personally Identifiable Information (PII)
• Website Privacy Regulation – US (FTC), EU, Canada, and Japan
• What Should Your Privacy Policy Contain? - consider your visitors' expectations
• Aggregate Data - DoubleClick
• Consider Subscribing to Privacy Standards – TRUSTe, Better Business Bureau, Online Privacy Alliance, and CPA WebTrust Program.

Stay tuned for more blogs on Internet Privacy since it is core to business and consumer utilization of the Internet.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Since WikiLeaks’ addresses were provided to Twitter, a Judge ruled that it was no longer private since the “information has already been disclosed.” On January 4, 2012 US District Judge Liam O’Grady ordered Twitter to produce WikiLeaks records as reported by Bloomberg:

Litigation of these issues has already denied the government lawful access to potential evidence for more than a year…. The public interest therefore weighs strongly against further delay.

Who do you follow on Twitter?

On Jan. 1, I found that these Twitter names had hordes of followers: @ladygaga had 17,554,645, @Starbucks had 1,927,255, and @noahkravitz had 24,273 which anyone on Twitter can view. Please read my January column in eCommerce Times about Twitter followers in the PhoneDog v. Kravitz case entitled “New Legal Challenge - Who Owns Followers on Twitter?”

Clearly Twitter information appears to not be so private or secret.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

BYOD has created new challenges for those employers who encourage their employees to buy their own cell phones, tablet devices, and/or computers. After a recent discussion about BYOD my good friend Galen Gruman (Executive Editor of InfoWorld for Features) posted an InfoWorld blog “Lost in BYOD's uncharted legal waters” which includes many important legal and business issues.

Before posting the blog Galen wrote an excellent 29 page report called the “BYOD and Mobile Strategy Deep Dive” which has the following summary:

iPhones, iPads, Androids, and more are joining your business's suite of technology tools, driven by user demand and need. Most companies have opened up their networks to such devices, but big questions remain on how to do so securely, how to manage the new breed of devices to ensure compliance and information security while not unduly burdening users.

A 2010 US Supreme Court 9-0 ruling declared that employees are not entitled to privacy if they use an employer’s issued device, so what level of privacy is there for BYODs? Will employees using BYODs be entitled to privacy if they are conducting business for their employers? Or will the employees using BYODs be entitled to privacy if the employer reimburses the employee for the cost(s) of the BYOD? 

Interesting questions and in the future the Courts will let us know….so stay tuned.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A Judge in Boston sealed the court records after a brief hearing challenging the District Attorney’s subpoena to Twitter to get the identity of certain accounts. The American Civil Liberties Union challenged the subpoena and was very disappointed in the sealing of the records.  

The New York Times reported: 

The police in Boston and the Suffolk County district attorney issued the subpoena in an effort to get information about the Twitter account @P0isAn0N and other activity on the social network related to the Occupy Boston protests. The owner of the @P0isAn0N account had also linked to personal information about Boston police officers that had been stolen in a hacking attack. 

However the subpoena also requested of the identity of Guido Fawkes, well-known British blogger named Paul Staines who by all accounts was not involved with Occupy Boston. Whoever issued the subpoena apparently did not understand the difference between hashtag and an account. Here’s the list of names in the subpoena:

Guido Fawkes
@p0isAn0N
@OccupyBoston
#BostonPD
#d0xcak3

Since Twitter lost a similar battle over anonymity over WikiLeaks it will be interesting to see how this court action plays out.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

 Earlier this week Carrier IQ representatives met with officials at the FTC, FCC, and with the staff of a number of Senators. For more details about Carrier IQ please read my eCommerce Times column “Carrier IQ and the US' Escalating Privacy Risk Level.”

The Washington Post reported that Carrier IQ Andrew Coward (senior vice president for marketing) said “This week Carrier IQ sought meetings with the FTC and FCC to educate the two agencies . . . and answer any and all question”…but he was “not aware of an official investigation.” As well, the scope of the privacy controversy has enlarged. In addition to class action lawsuits against Carrier IQ other class-actions have been filed against AT&T, Sprint Nextel, Apple, T-Mobile USA, HTC, Samsung, and Motorola.

Stay tuned for more about Carrier IQ and privacy.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Google has a team of 60 engineers, & Microsoft has 40 people, fully devoted to avoiding violation of privacy laws in the US and around the world. At a recent legal seminar executives from Google and Microsoft described how many resources they devote to privacy law compliance.

Google’s senior privacy attorney Keith Enright said that the Google team of 60 engineers “work on developing products and then the legal team steps in to examine them.” As well, Google employs Anne Toth (former Yahoo! Chief Trust Officer) to oversee privacy for Google+. 

In addition to the 40 Microsoft employees dedicated to privacy full time, Microsoft also has another 400 people who spend time on privacy law compliance.

Although the US privacy laws are generally managed by the Federal Trade Commission (FTC), there is not a single privacy law like the 1995 EU Data Directive. However a recent NY Times report indicated that it may be time to harmonize the privacy laws in the EU since the now very old 1995 privacy laws do not seem to apply well as the Internet and Social Media in 2011. 

No surprise that Google and Microsoft want to avoid the sort of problems that led to the FTC’s 20 year monitoring of Google for its failure to manage privacy with its Social Media Buzz, and the FTC’s proposed 20 year monitoring of privacy compliance of Facebook.

What is your organization doing to comply with privacy laws? When was the last time you look at the privacy policies on your website?
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A researcher recently found that Carrier IQ software is secretly installed on most modern Android, BlackBerry, and Nokia phones. Android developer’s Trevor Eckert’s 17 minute video demonstrates how that Carrier IQ software is loaded on his phone, cannot be disabled, tracks every keystroke, and sends the data to Carrier IQ.  After receiving this massive data from millions of cell users, Carrier IQ "correlates and aggregates the data for near real-time system monitoring and business intelligence" for phone carriers and manufacturers ostensibily to improve quality.

Eckert demonstrated that Carrier IQ software was logging and potentially transmitting the sensitive information of consumers, including:

• when they turn their phones on;
  
• when they turn their phones off;
  
• the phone numbers they dial;
  
• the contents of text messages they receive;
  
• the URLs of the websites they visit;
  
• the contents of their online search queries—even when those searches are encrypted; and
  
• the location of the customer using the smartphone—even when the customer has expressly denied permission for an app that is currently running to access his or her location.

As a result Representative Edward Markey (D-Mass.), co-Chair of the Congressional Bi-Partisan Privacy Caucus, sent a letter to the Federal Trade Commission  asking what is being done to investigate.

In addition to Representative Markey’s letter, Senator Al Franken (chairman of the Subcommittee on Privacy, Technology, and the Law) sent his own letter to Carrier IQ which included the following:

I am very concerned by recent reports that your company's software - pre-installed on smartphones used by millions of Americans - is logging and may be transmitting extraordinarily sensitive information from consumers' phones ... It also appears that an average user would have no way to know that this software is running - and that when the user finds out, he or she will have no reasonable means to remove or stop it. ... These actions may violate federal privacy laws, including the Electronic Communications Privacy Act and the Computer Fraud and Abuse Act. This is potentially a very serious matter.

Senator Franken requested that Carrier IQ answer by December 14, 2011.

On December 1, 2011 Carrier IQ issued a press release in which Carrier IQ stated that consumer’s privacy is protected:

Consumers have a trusted relationship with operators and expect their personal information and privacy to be respected. As a condition of its contracts with operators, Carrier IQ operates exclusively within that framework and under the laws of the applicable jurisdiction. The data we gather is transmitted over an encrypted channel and secured within our customers’ networks or in our audited and customer-approved facilities.

Actually Carrier IQ claimed that “Our software makes your phone better by delivering intelligence on the performance of mobile devices and networks to help the operators provide optimal service efficiency.”

This is alarming news and it seems to me we all expect our government to step in to protect consumers’ privacy which seems has been seriously compromised! 

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

After the US government filed charges that Facebook violated US privacy law, Facebook finally confessed that it failed to protect the privacy of its 800 million active users. The Federal Trade Commission (FTC) welcomes the public to submit comments on the settlement through December 30, 2011.

Under the proposed consent order, which does not include any fines, Facebook is:

barred from making misrepresentations about the privacy or security of consumers' personal information;

required to obtain consumers' affirmative express consent before enacting changes that override their privacy preferences;

required to prevent anyone from accessing a user's material more than 30 days after the user has deleted his or her account;

required to establish and maintain a comprehensive privacy program designed to address privacy risks associated with the development and management of new and existing products and services, and to protect the privacy and confidentiality of consumers' information; and

required, within 180 days, and every two years after that for the next 20 years, to obtain independent, third-party audits certifying that it has a privacy program in place that meets or exceeds the requirements of the FTC order, and to ensure that the privacy of consumers' information is protected.

The Facebook user community surely welcomes these commitments to comply with privacy laws, and it’s good to see that FTC will monitor Facebook’s privacy compliance for the next 20 years. The 20 year privacy monitoring is similar to the FTC’s agreement for Google to protect privacy after Google’s social media disaster with Buzz.

However, time will tell if the FTC can really police social media privacy, so it would be wise for social media users to protect their own privacy.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

US citizens expect the Department of Homeland Security (DHS) to protect the country from potential threats, but the recent announcement that DHS will monitor Twitter & Facebook will surely cause privacy advocates great concern. Social Media has been used extensively in the government uprisings world-wide and DHS is now drawing up guidelines to monitor Social Media. Undersecretary of the DHS Caryn Wagner told an audience at the National Symposium on Homeland Security and Defense in Colorado Springs:

We're still trying to figure out how you use things like Twitter as a source…How do you establish trends and how do you then capture that in an intelligence product?

The DHS guidelines may cast a pall over Social Media and impact how Social Media is used and surely the Electronic Frontier Foundation (EFF) and Electronic Privacy Information Center (EPIC) will keep a close eye. As a matter of fact, EPIC posted a recent report from Carnegie Mellon University that found that “privacy tools designed to protect consumers from online behavioral advertising are ineffective because they are difficult for users to understand and to configure.”

Everyone needs to stay tuned to see how this unfolds.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Today everybody carries GPS devices in their phones (and tablets), but few people consider that our personal privacy may be compromised as a result. In November the US Supreme Court will hear argument (US v. Jones) as to whether the drug suspect’s Constitutional right to privacy was violated since a GPS device was attached to his vehicle without a warrant. As a matter of fact, Roger L. Easton, the principle inventor of GPS technology, has joined the Electronic Frontier Foundation to urge the Supreme Court to require warrants before using GPS tracking systems.

GPS data is retained by phone service providers and may become a larger part of litigation (and eDiscovery) which will allow parties in litigation to track parties’ location at specific times.

Our personal privacy may be a stake if the Supreme Court writes a broad opinion about how much personal privacy we can expect from GPS data since our phones (and tablets) contain GPS devices.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

My eCommerce Times column for October is entitled “Shore Up Your Privacy Policy Before Disaster Strikes” and I encourage you to read it. Actually it was published the same day as my blog that more than 7.5 million children under 13 are on Facebook. Since the Federal Trade Commission regulates Internet privacy in the US and particularly the 1998 Children’s Online Privacy Protection Act , it’s only a matter of time before we can expect some action.

Facebook’s latest user statistics are that more than 75% of Facebook users are outside the US.  So it seems likely that the EU, Japan, Canada, and many other countries will inquire about what Facebook intends to do about children using Facebook!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The June 2011 issue of Consumer Reports included an article that Facebook has more than 7.5 million children as users which apparently is violating the 1998 Children’s Online Privacy Protection Act (COPPA) which precludes children under 13 from using websites and in particular to join Facebook. The Consumer Reports article stated that:

• Of the 20 million minors who actively used Facebook in the past year, 7.5 million—or more than one-third—were younger than 13 and not supposed to be able to use the site.
• Among young users, more than 5 million were 10 and under, and their accounts were largely unsupervised by their parents.
• One million children were harassed, threatened, or subjected to other forms of cyberbullying on the site in the past year.

These facts reinforce the fact that it is impossible to know who is actually using the Internet websites as highlighted by one of my most favorite New Yorker cartoons from 1993 where two dogs are sitting in front of a computer and one dog says to the other “On the Internet nobody knows you’re a dog.”

COPPA was enacted to protect children under 13, but if children under 13 lie about their age what is Facebook (or any other site) to do? This is a most perplexing problem and hopefully we can solve this problem to protect children.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A report in the Financial Times that Alibaba might take over Yahoo! has raised privacy fears. Jack Ma's (Alibaba founder & former Google employee) recent comment about the prospect that Alibaba was interested in Yahoo! set off privacy group alarms as reported by the Financial Times:

"Lawmakers should oppose a deal where the data of Americans come under the control of a foreign company with links to the Chinese government,” said Jeff Chester, head of the Center for Digital Democracy. “Instead of stealthfully spying on Google users, which Chinese officials have been alleged to have done, an Alibaba takeover of Yahoo would sanction the surveillance of millions of Americans."

Ironically Yahoo! uses Microsoft's Bing these days for it search engine....so this privacy concern is much larger than it seems on the surface. As well Alibaba is the most popular search engine in China, and with Google's departure it seems that Alibaba is as strong as ever notwithstanding that Bing has entered the Chinese search engine market.

This will be of great interest to follow for the search engine wars and privacy concerns!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Effective in December 2011 OnStar GPS navigation-and-emergency-services company will collect vehicle data for those customers who terminate their agreements.

The 10 page OnStar Privacy Statement states that:

Unless the Data Connection to your Vehicle is deactivated, data about your Vehicle will continue to be collected even if you do not have a Plan. It is important that you convey this to other drivers, occupants, or subsequent owners of your Vehicle. You may deactivate the Data Connection to your Vehicle at any time by contacting an OnStar Advisor.

In addition to GPS location data the Privacy Statement goes on to specify what information OnStar collects:

• your contact information, (including your name, address, telephone number and email address);
• your billing information (including your credit card number);
• information about the purchase or lease of your Vehicle, such as the vehicle identification number (VIN), make, model, year and date of purchase or lease and selling/preferred dealer; and
• other information that you voluntarily provide to us (such as your language preference, your license plate number and/or your emergency contact information).

It will be interesting to see how many OnStar customers will allow this tracking when their contracts end. GPS data intrudes on personal privacy whether it’s an iPhone, iPad, or OnStar device. But do people really think about their GPS privacy?
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Google’s Eric Schmidt said in a recent interview that Google+ users should be not be anonymous since it would be better “if we had an accurate notion that you were a real person as opposed to a dog, or a fake person, or a spammer.” Schmidt’s comments thoughts reinforce one of my favorite New Yorker cartoons from 1993 with two dogs sitting in front of a computer with one saying to the other “on the Internet nobody knows you’re a dog!”

Schmidt’s interview is posted at Google+  which now has an estimated 25 million users also included these thoughts:

But my general rule is that is people have a lot of free time and people on the Internet, there are people who do really really evil and wrong things on the Internet, and it would be useful if we had strong identity so we could weed them out. I’m not suggesting eliminating them, what I’m suggesting is if we knew their identity was accurate, we could rank them. Think of them like an identity rank.

Since we really have no clue who is using the Internet and Social Media whether a dog or an evil person maybe Eric Schmidt is right that forcing people to identify themselves would be better. But in his interview included the following:

But we want people to stand for something, we want people to be willing to express themselves. There are obviously people for which using their real name is not appropriate, and it’s completely optional, and if you’re one of those people don’t do it.

Clearly the debate about anonymity will continue, so stay tuned.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A new lawsuit against Google for Internet location tracking highlights my recent eCommerce Times column that Internet privacy may not be possible. The new class action lawsuit brought by Jon Pessano and others asserts that Google uses its location marketing database to generate billions of dollars in location based ad revenue.

The lawsuit is based in part on the reports that Apple and Google confessed that they tracked locations of iPhone, iPads, and Android devices. However until the court in Tampa, Florida certifies the plaintiffs’ class the lawsuit will not proceed, but if the class is certified this will be one very interesting case to follow.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Two recent Pennsylvania State Court rulings only make things more confusing as Social Media privacy disputes become more prevalent.

Bucks County Common Pleas Court Judge Albert J. Cepparulo ruled in Piccolo v. Paterson denied a motion to require the Piccolo to accept Patterson as a Facebook friend. In this case Piccolo was injured in an auto accident in which Paterson admitted liability for the accident. When Paterson learned that Piccolo regularly posted updates and photos to her private Facebook page, Paterson asked the Judge to order Piccolo to allow her to be a Facebook friend so Paterson could view updates and photos. The ruling protected Piccolo’s private Facebook updates and photos.

Paterson relied on another Pennsylvania case of McMillen v. Hummingbird Speedway Inc. in Jefferson County Common Pleas Court where McMillen was ordered to provide his Facebook and MySpace users names and passwords. Also the Judge John Henry Foradora,, and “shall not take steps to delete or alter existing information and posts on his MySpace or Facebook account.” McMillen’s lawsuit “alleged substantial injuries, including possible permanent impairment, loss and impairment of general health, strength, and vitality, and inability to enjoy certain pleasures of life.” So when Hummingbird discovered that McMillen’s Facebook and MySpace pages showed that McMillen was posting travel pictures from many locations the Judge concluded that McMillen was not entitled to privacy for his Facebook and MySpace postings.

Stay tuned for more court ruling on Social Media postings!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

While a Michigan couple was married the husband and wife shared a computer and the husband had access to his wife’s email password…. but according to the Detroit Free Press he ex-husband has now been charged with a felony for looking at his ex-wife's emails. 

Should it be a crime or divorce court dispute for the husband to view his wife’s gmail?

My February 2011 Technology Law Column in the eCommerce Times has the complete story, including the comments of nationally recognized criminal defense lawyer Barry Sorrels (the current President of the Dallas Bar Association). 

Barry and I were interviewed on Fox News about this case and he “wondered if this "type of matter was the highest and best use of the criminal justice system.... There are more serious matters."

What do you think?

• Email This
• Print
• Comments (2)
• Trackbacks
• Share Link

My recent interview about "Internet Privacy" by CNN’s anchor Brooke Baldwin was very timely since the next day the Department of Commerce called for the creation of a Federal Office to Guide Online Privacy and published a white paper entitled: “Commercial Data Privacy and Innovation in the Internet Economy: A Dynamic Policy Framework.” Although the proposed the new proposed Privacy Office would be part of the Department of Commerce the proposal was that the Federal Trade Commission (FTC) should be responsible for enforcement. Since Internet privacy is front page news because of a myriad of Internet sites, the FTC continues to keep an eye on protecting US citizens while at the same time the EU is also evaluating its 1995 Data Directive. In the US emails are generally private to employers, but in the EU (Canada, Japan, and other countries) emails are generally private to employees. So as the Internet and Social Media expand world-wide communications, which laws apply to email and text communications are still unclear. Stay tuned.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A recent NY Times report is critical of the daily use of the military’s use social security numbers  (SSN)and birthdates, and how poorly Personal Identifiable Information (PII) is managed. Army intelligence officer turned West Point professor Lt. Col. Gregory Conti co-authored a report entitled “The Military’s Cultural Disregard for Personal Information” published at smallwarsjournal.com starts “Identity theft is not simply an inconvenience; it can lead to long-term financial and legal difficulties for individuals and families.” The report includes more than a dozen examples of misuse of PII including:

Social Security numbers and dates of birth are exposed to foreign customs officials when traveling on official orders.

Social Security numbers are exposed, all or in part, to contracted transportation companies and truck drivers during military moves.

Some military organizations use portions of Social Security numbers in email addresses and as computer user names.

Until recently, a Service Academy Alumni Association published books listing all graduate’s dates of birth. Copies are available on Ebay.

Service members, and their family members, frequently provide their Security number-laden military identification card to merchants, clerks, and night club bouncers for military discounts or as proof of age.

Service members in Iraq, Afghanistan, and other foreign countries must show their military identification card to locally contracted, foreign national security guards to gain entrance.

When I was in the Army Reserves 40 years ago the use of SSN was common place including our uniforms, and no one seemed concerned about identity theft. But in our Social Media world of 2010 clearly the US military needs to do something to help our troops and their families….sooner rather than later. This is a serious problem.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

The Electronic Privacy Information Center (EPIC) issued its second annual privacy report card with lower grades of “C for consumer data protection efforts and a D on civil liberties.” Mark Rotenberg, executive director of EPIC said "Our bottom-line assessment is that with respect to privacy, things are getting worse.” The EPIC is pleased that President Obama’s first Cyber Czar Howard Schmidt (who was appointed in December 2009) is working with privacy groups. EPIC’s report is critical of the Federal Trade Commission (FTC) which is now reevaluating US privacy laws in the wake of Google’s Buzz disaster and alleged privacy violations by Facebook. Clearly everyone needs to keep an eye on how the Obama administration manages privacy, and now that the Democrats do not control both houses of Congress it will be interesting to see how law makers deal with privacy.

New Congress and Privacy

As matter of fact after the November 2, 2010 election the Washington Post reported  that “Rep. Joe L. Barton (Tex.), ranking GOP member of the House Energy and Commerce Committee, signaled the legislative push in a statement about his correspondence with Facebook executives on privacy issues…I want the Internet economy to prosper, but it can't unless the people's right to privacy means more than a right to hear excuses after the damage is done.” Reports of data breaches continue and merely needs to check out the FBI’s websites of Cyber Crime Stories which clearly impact us all. 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Facebook now offers users the ability to download all of their content in a simple zip file format, but this doesn’t solve privacy concerns. Sure it’s nice to be able to download all the content, but in the meantime Facebook still stores lots of valuable information about users.

Let’s see a show of hands- how many of you have ever taken the time read Facebook’s Privacy Policy? … not many hands were raised which I find is the norm.

In the meantime here’s what Facebook says about site activity information:

We keep track of some of the actions you take on Facebook, such as adding connections (including joining a group or adding a friend), creating a photo album, sending a gift, poking another user, indicating you “like” a post, attending an event, or connecting with an application. In some cases you are also taking an action when you provide information or content to us. For example, if you share a video, in addition to storing the actual content you uploaded, we might log the fact that you shared it.

eMarketer.com July 2010 estimates are that the advertising revenue for Facebook in 2010 is $1.28 billion which is about a 50% increase from the 2009 revenue of $665 million. It doesn’t take rocket science to see that Facebook monetizes users’ data and so it’s hard to image that there is any real privacy on Facebook at all since Facebook sells information about everyone and what they do on Facebook.

What about Terms of Service and Privacy Policies?

Generally courts around the world enforce Terms of Service and Privacy Policies, but I continue to be amazed that so few people ever read these contracts that legally bind them to websites, and particularly Social Media sites. As part of my Law of eCommerce class I regularly review Terms of Service and Privacy Policies during each semester, and I find it fascinating that like businesses have such different business views….take a look at Google and Bing’s Terms of Service and see how differently they bind their users even though they are in the same search engine business. For instance, Google does not require users to indemnify Google for claims brought against Google, but Bing does require users to indemnify Bing (Microsoft) if a claim is made against Bing based on the user’s actions.

Think about Terms of Service and Privacy Policies

Often I find that my clients merely copy Terms of Service and Privacy Policies for their websites without taking into account that they may be in the software development and licensing business, but since they are not IBM, it’s not a good idea to just copy IBM’s Terms of Service and Privacy Policy as if they will properly protect themselves. One should use good judgment about how to bind users contractually to websites, and make sure the Terms of Service and Privacy Policies are consistent with the way their conduct their businesses.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Proposed laws to ease wiretaps on the Internet are now being considered by the US Senate Judiciary Committee, but with widespread pushback from privacy groups. Federal officials have long relied on the wiretap laws to monitor criminals and terrorists, however as we all know fewer and fewer individuals are using phones any more. Rather everyone uses emails, texts, and posting information on Social Media sites. Since 1994 phone and broadband services have provided intercept capabilities based on the Communications Assistance to Law Enforcement Act, and the New York Times reported about the proposed new laws:

Essentially, officials want Congress to require all services that enable communications — including encrypted e-mail transmitters like BlackBerry, social networking Web sites like Facebook and software that allows direct “peer to peer” messaging like Skype — to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages.

Since there are so many privacy issues at stake on these proposed laws there will be a great deal of debate in Congress, and in the meantime cyber security in the US and the world continues to be a major concern for all.

Cyber Attack: Malware Infects more than 45,000 computer Systems

A recent report in the Washington Post speculated that either a country, or well-funded private group was behind Stuxnet which is was “the first malicious computer code specifically created to take over systems that control the inner workings of industrial plants.” The consequences of such malware is potential catastrophic physical or property damage or loss. When we hear about these types of cyber attacks we have to consider how to protect the ourselves how to balance the personal privacy.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A recent report that the White House wants the FBI to have access to an individual’s Internet activity may help with investigation of terrorism or intelligence, but what about our expectation of privacy? Notwithstanding all of Mark Zuckerberg’s recent comments about privacy, last winter Zuckerberg he told a live audience that if he were to ‘create Facebook again today, user information would by default be public.’ Also Google CEO Eric Schmidt admitted in a CNBC interview that under the US Patriot Act that Google would turn over user information (which Google maintains for 18 months) without question. So maybe we have less privacy than we may think, but in the name of national security alone does it make sense for the White House/FBI to not even both getting a federal judge to issue a subpoena?

COMPANY PRIVACY: Social Engineer Defcon Contest

At the annual Defcon meetings (July 30-August 1) in Las Vegas there was a 3 day contest to see which Social Engineer could get the most company data from 30 companies. The FBI is not too happy, but after consulting lawyers from the Electronic Frontier Foundation the following contest rules were created:

Each Social Engineer is sent via email a dossier with the name and URL of their target company chosen from the pool of submitted names.

Pre-Defcon you are allowed to gather any type of information you can glean from the WWW, their websites, Google searches and by using other passive information gathering techniques. You are prohibited from calling, emailing or contacting the company in any way before the Defcon event. We will be monitoring this and points will be deducted for “cheating”.

The goal is to gather points for the information obtained and plan a realistic and appropriate attack vector. The point system will be revealed during the Defcon event. All information should be stored in a professional looking report. 1 week prior to Defcon you will submit your dossiers for review to the judging panel.

Stay tuned to see how successful the Social Engineers were in getting information from these 30 companies. How easy will it be to get information? We all know the answer, pretty easy!
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

The Ontario, CA Police Department (OPD) did not violate the 4th Amendment by reviewing text messages sent from a work pager. Apparently the OPD’s warrantless audit found Officer Quon had sent or received 456 messages, but only 57 were work-related. The OPD Computer Policy included the following provisions that the OPD “reserves the right to monitor and log all network activity including e-mail and Internet use, with or without notice. Users should have no expectation of privacy or confidentiality when using these resources.” The Court ruled that the “warrantless review of Quon’s pager transcript was reasonable … because it was motivated by a legitimate work-related purpose, and because it was not excessive in scope.” Today so many employees use cell phones and PDA provided by employers that surely the Supreme Court’s ruling will impact all employees, not just government employees.

Privacy Ruling in California Court

The Supreme Court ruling in the Quon case should also impact the May 26, 2010 ruling where US District Judge Margaret Morrow ruled that messages posted on Facebook and MySpace may not be subpoenaed. Based on the Supreme Court ruling in Quon, employees who post private messages on social media using their work computers, cell phones, or PDAs may not be able to claim privacy communications. The ruling in the Quon case is one more reason for Congress to review the 1986 Stored Communications Act given the use of social media communications. Stay tuned on how the Quon ruling will impact all businesses.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A Judge ruled that Facebook wall postings and MySpace comments may not be subpoenaed based on the 1986 Stored Communications Act which is the same statute before the US Supreme Court in Quon v. Arch Wireless. US District Judge Margaret Morrow’s May 26, 2010 37 page Order in Buckley H. Crispin v. Christian Audigier, Inc. et al reversed a ruling from an US Magistrate Judge that defendants in a copyright infringement case could not subpoena private message on Facebook MySpace. This ruling is particularly interesting since the April 7, 2010 White House Order that all postings on blogs and social media sites are public meetings under federal law. Clearly courts will be vexed by these complex issues as social media continues to grow and change communications. It is any wonder that the 1986 Stored Communications Act may need to be updated or totally replaced since clearly the courts and the White are not in synch?

Yahoo! Plans its Social Media

With 280 million email users it’s no wonder that Yahoo! will launch its social media services to allow exchange of comments, pictures, and the like. Given all the current issues with Facebook privacy and Google’s Buzz it’s no wonder that Yahoo! head of privacy claimed that “ We’ve been watching and trying to be thoughtful about our approach.” Clearly we will all be watching to see the impact of Yahoo! entry into social media, particularly as Yahoo! search engine decline in popularity in the US. Will email traffic overcome the lack of search engine traffic?

More Google Wi-Fi Woes – Now Canada

Recent reports now indicate that the Privacy Commissioner of Canada started an investigation about Google collection of Wi-Fi network data. Since Germany, France, Italy, and the Czech Republic are investigating Canada’s entry into the fray is no surprise. Google’s defense that other companies including Skyhook and organizations like the German Fraunhofer Institute does not seem to be much help at this juncture. The outcome of the Wi-Fi privacy issues may also impact Google maps which are tied together.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

To the surprise of many Google confirmed that since 2006 its Street View Cars captured WiFi network information in addition to Street View Photos. Google uses this WiFi network information to improve location-based services like search and maps. Specifically Google confessed that the WiFi information collected was:

WiFi networks broadcast information that identifies the network and how that network operates. That includes SSID data (i.e. the network name) and MAC address (a unique number given to a device like a WiFi router). Networks also send information to other computers that are using the network, called payload data, but Google does not collect or store payload data.

Not surprising that Google claims that its collection and use of the WiFi data was legal, done by other companies including Skyhook and organizations like the German Fraunhofer Institute. Around the world a number of privacy groups have been unhappy about Google Street View Photos and now new privacy concerns issues abound regarding Google’s collection of WiFi network data.

Destruction of Google’s Irish WiFi Data

Even though Google claim it is completely legal on May 14, 2010 the Irish Data Protection Authority asked Google to delete its WiFi network data collected in Ireland. So on May 16th the destruction of this WiFi network data was confirmed by a third party consultant. However one might wonder how the consultant could confirm that all the data was actually destroyed without reviewing Google computer networks, which is probably impossible to do.

Germany and Australia Want Answers

German prosecutors are investigating whether Google violated privacy laws and Google posted a blog that the Data Protection Authority in Hamburg, German requested an audit of Google’s WiFi data.  Also privacy groups in Australia want Google to know more. Clearly Google’s collection and use of private WiFi network information helps us better understand how little privacy we all have.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link

A report that a number of privacy groups filed a complaint with the FTC to investigate includes this quote “Internet ad exchanges… are basically markets for eyeballs on the Web. Advertisers bid against each other in real-time for the ability to direct a message at a single Web surfer. The trades take 50 milliseconds to complete.” The April 8, 2010 complaint was filed by the Center for Digital Democracy, US PIRG, and the World Privacy Forum against Google, Yahoo, PubMatic, TARGUSinfo, MediaMath, eXelate, Rubicon Project, AppNexus, Rocket Fuel, and others. Among other allegations in the complaint is a “massive and stealth data collection apparatus.” How much privacy to we really have?

Privacy in Social Media

Seems like an interesting overlap with my recent blog about the fact that the FTC is already dealing with EPIC’s complaint that Google’s new Buzz significantly breached “consumers' expectations of privacy” at the same time that Google acquired Social Media Optimization company Aardvark. Since it is the job of the FTC to protect consumer privacy it will be interesting to see how both of these disputes evolve.

Hearst Said to Be in Talks for Web-Marketing Agency iCrossing

More interesting news is that Hearst might take over iCrossing.  iCrossing is one of the leading Search Engine Optimization (SEO) companies with a who’s who customer list including: Adobe, Bank of America, BMW, Epson, Fairmont Hotels, Mary Kay, MasterCard, Office Depot, and Toyota. Hearst is:

“one of the nation's largest diversified media companies. Its major interests include magazine, newspaper and business publishing, cable networks, television and radio broadcasting, internet businesses, TV production and distribution, newspaper features distribution and real estate.”

So the addition of SEO power for Hearst will make an interesting future for everyone. Not to mention the impact on Social Media Optimization that Google and others possess we can expect the FTC investigations to prove very interesting.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

For purposes of dealing with web 2.0 the White House Memo released on April 7, 2010 about social media specifically states that “interactive meeting tools—including but not limited to public conference calls, webinars, blogs, discussion boards, forums, message boards, chat sessions, social networks, and online communities—to be equivalent to in-person public meetings.” The White House Memo is a follow-up to President Obama’s January 21, 2009 (day after the President was sworn-in) “calling for the establishment of ‘a system of transparency, public participation, and collaboration.’” Fascinating development that blogs, Facebook, LinkedIn, Twitter, MySpace, Yelp, and the like are public meetings which means that one should expect little privacy from use of these online services.

Majority of Government Agencies Use Social Networks

This report states that a majority of government agencies now use social networks is hardly a news flash, but put in context of the White House’s Memo that use of social networks are public meetings may change the public view of how they communicate. Of the 400+ million Facebook members of an estimated 70% are outside the US, and one may wonder how communications across international borders impacts the declaration that social media is public meetings.

Yelp and the Business of Extortion 2.0

This recently filed class action suit accuses Yelp of extortion to get bad comments removed from Yelp and lower rankings by reviewers. It remains to be seen whether this case will succeed, but if Yelp is considered a public meeting by the White House it makes one wonder how extortion fits in. Not to mention that the 50 million a day of tweets on Twitter are considered public meetings, even though at least 14,000 are followers of a Doonesbury’s cartoon character Roland Hedley! Web 2.0 is definitely taking us in interesting directions!

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A recent report that Web 2.0 (Facebook, Twiter, MySapce, et al) continues to encourage friends to share private information at an alarming rate is hardly a surprise. Research at a number of universities demonstrates that things are probably worse than most people image. For instance, the 2009 paper entitled “Predicting Social Security numbers from public data” from Carnegie Mellon explained how easy it is to predict patterns of data that leads to accurate predictions of Social Security numbers (SSNs) and birth dates from public data. Cyber thieves are taking advantage of the personal information on the Internet as we are well aware.

Electronic Health Records (EHRs)

To make matters more interesting the expansion of EHRs over the next four years will expose more personal medical information on the Internet. The US deadline of 2015 implementing all EHRs may sound great to some, but we should be concerned about how well that personal information is protected. Actually the EHRs may make the personal information a bigger target to cyber thieves. Recent warning about cyber threats from the FBI and DHS should make us all uneasy.

SSNs Used for Personal Identification

As many of us remember for many years health insurance companies used SSNs for their insureds’ account numbers and a number of states used SSNs for drivers’ license numbers.  So there are millions of historic records on US citizens that include SSNs. As a matter of fact, millions of Internet court records include divorce decrees, motions, and affidavits with SSNs, drivers’ license numbers, credit card numbers, and bank account numbers. Many states now limit posting of this personal information on the Internet, but records from the past abound with personal information. Given our open government view of open records laws which sprang forth after Watergate in 1972 most people think government and court records should be open, but a hidden danger lurks in protecting personal information within those court records.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In a recent interview Mark Zukerberg “told a live audience …that if he were to create Facebook again today, user information would by default be public, not private as it was for years until the company changed dramatically in December.” Without question Facebook and social networking have changed Internet users’ perceptions of what should be private and not.

Google CEO Schmidt Comments about Privacy
 

The Electronic Frontier Foundation recently reported:
 

When asked during an interview for CNBC's recent "Inside the Mind of Google" special about whether users should be sharing information with Google as if it were a "trusted friend," Schmidt responded, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."
 

Schmidt went to say that under the US Patriot Act the US government may obtain information from Google which they routinely retain. Many Google users are unaware that Google retains each and every search for 18 months. So I guess his advice should make people stop and think.

Privacy – What Do Law Students Think?

When I first started teaching the Law of e Commerce at SMU Dedman School of Law in 2000 privacy was a very important and hot topic. A few years ago the CyberProf listserv did an informal survey of those of us who teach the Law of eCommerce and/or the Internet regarding how our students felt about privacy in 2000 and in 2008. Not much of a surprise that law students in 2008 seemed to care a lot less about privacy. My guess is that social networking, Facebook, MySpace, Twitter, texting, et al have been the big drivers of this change in attitude regarding privacy.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

In a 5-4 ruling the Ohio Supreme Court now requires a search warrant to search cell phone content which the American Civil Liberties Union of Ohio calls a landmark decision as this appears to be a case of first impression. The defendant’s cell phone was searched without a warrant after he was arrested on drug charges based on a police sting operation. At trial the defendant claimed a violation of the 4th Amendment that although the police had the right to take his cell, the police did not have the right to search the contents of the cell. A decision to appeal to the US Supreme Court is pending.

US Supreme Court Agrees to Consider Text Messages

This week the Supreme Court agreed to consider the privacy claims of police officers text messages in City of Ontario v. Quon. The question before the Supreme Court is whether the city employees are entitled to privacy of the text messages stored at Arch Wireless’ servers since the city provided the text services to the officers as part of their jobs. Each officer received 25,000 characters a month as an allowance and the officers paid for any overages. The city paid no attention to the text messages until it discovered that officer Jeff Quon (who paid for characters above the allowance) had sent sexually explicit messages that were clearly personal and not business related. The question in this case is also a claim of violation of the 4th Amendment.

Web 2.0 Communications

Given what people post on social networking sites like Facebook, MySpace, and LinkedIn it is a wonder that many folks expect much privacy today. Courts will continue to be confronted with perplexing issues regarding the use of the Internet and this will never be less complex, but as I  blogged this week Judges in Florida should not be social network friends with lawyers who appear before them in cases even though lawyers may contribute to their election campaigns. As web 2.0 expands one easily images that the courts will have to reconsider how the 1789 written Constitution applies.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Behavior Advertising

A recent privacy blog discussed the February 2009 Federal Trade Commission Staff Report entitled “Self-Regulatory Principles For Online Behavioral Advertising,” and the opt-out questions posed by Congress are at the heart of whether new Internet privacy laws are required. The Internet economy, and certainly Google is chief example, are dependent upon the current behavioral advertising model and surely will be impacted by a change in the privacy laws in the US.

eMail Surveillance

Most US citizens believe that their emails are private. However employee privacy regarding emails in the workplace (not personal webmail) may be misplaced since in the US emails are private to employers and in the EU, Canada, and other countries emails are private to the employees. Nevertheless there are more questions being asked in Congress about how many e-mails are being collected in the name of security. The recent report that National Security Agency exceed its authority by intercepting emails and phone calls continues to be debated in Congress. Given President Obama’s cybersecurity agenda it will be interesting to see how the US congress can reconcile the expectation of personal privacy and need for Internet security. These debates will continue as the Internet evolves. Stay tuned for more.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

After a three-year study a panel (of former military leaders and IT professionals) from the National Academy of Sciences reported that the US has no clear military policies for cyberattacks. Notwithstanding a recent blog about the NSA exceeding its authority to intercept email, we are not much safer from cyberattacks. One would have to live under a rock to have not noticed the significant number of system breaches. As a matter of fact as pointed out in other blogs, LexisNexis just warned 32,000 individuals about data breaches that personal information may have been improperly accessed in a credit card scheme as far back as 2004.

Proposed Federal Legislation to Update FISMA

The US Congress will be considering an update to FISMA (the Federal Information Security Management Act) called the "U.S. Information and Communications Enhancement Act of 2009." This proposed Act will create hacker squads to test defenses of agency networks, and the agencies will be required to show how they can effectively detect and respond to cyberattacks. Currently there are only about five federal agencies who conduct this type of testing.

Cyberattacks From Within

A former Sysadmin (System Administrator) recently pled guilty to a charge of cyber extortion by threatening his former employer and faces up to five years in prison and a fine of $250,000. After the Sysadmin was terminated last year he complained about the severance and threatened to cause extensive damage to his former employer’s systems. Apparently he left many back doors in the systems he managed that allowed him to enter and cause havoc, which of course as a Sysadmin he had the authority to do so.

How Safe Should We Feel?

Hopefully the US should get control of cyber security because it seems patently obvious to the most casual observer that at this time the US is extremely vulnerable. Maybe spending the US should $19 Billion on cyber security rather than on Electronic Health Records (EHR) since the US is so dependent on the use of the Internet today, and the US’s dependence on the Internet will only increase. Cyber safety is more critical than EHR.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

A report that the National Security Agency (NSA) exceeded its authority by intercepting emails and phone calls of Americans make some people feel safer, and others wary. Many speculate that these massive email and phone call interceptions are systematic and intentional. For instance the Electronic Privacy Information Center (EPIC) and Electronic Frontier Foundation (EFF) have been following NSA’s activities for some time and are alarmed at NSA’s actions.

US Patriot Act

In the wake of September 11 terrorist attacks on October 26, 2001 President Bush signed the US Patriot Act after passing both houses of Congress in less than one day. The US Patriot Act gave the federal government unparalleled power to search emails and private communications without many checks and balances in the name of protection from terrorists. The US Patriot Act was renewed in 2005 substantially without major change. Congress and US citizens want certain protections, but EPIC and EFF are concerned that the US Patriot Act is too broad.

Increased in Criminal Data Breaches

Reports that there have been a significant increase in data breaches by organized crime is hardly surprise, but it seems that NSA’s efforts in searching emails and phone calls have not really paid off to make our Internet a safer place in which to conduct business. Last year there were more than 100 confirmed data breaches involving roughly 285 million consumer records, most of which occurred from sites overseas. There needs to be a balance between safety from bad guys and protection of civil liberties.
 

• Email This
• Print
• Comments
• Trackbacks (1)
• Share Link

A video about personal information was recorded in October, 2008 and was posted on WatchIT’s website  which is one of many educational programs available.  Please take a look to see which programs can help your business.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Facebook claims to have more than 120 million active members and it is the 4th most trafficked site in the world. Of course there are many other popular social network sites including LinkedIn and MySpace to name a few, and only to make things more interesting a recent report indicates that more than half of MySpace visitors are 35 or older. Not much of a surprise that more mature individuals are getting into social networking as the Internet evolves.

What about the Content?

The terms of use vary between Facebook and other social network sites, but one common provision in the terms of use is that the users grant these sites a worldwide license to the user content that is irrevocable, perpetual, non-exclusive, transferrable, royalty free to use, copy, or just anything they want. Facebook also limits its liability to the amount of monies paid (if any) or $1000. Even users of Google Apps grant Google a license to their content.

Web Universal ID?

Facebook recently announced Facebook Connect which is an Universal ID that will allow its users to only logon once and then navigate to third party sites. Not much of a surprise that Google, Yahoo!, and MySpace are also developing similar technology. However, it seems that either few individuals don’t care or understand that they are providing Facebook, MySpace, Google, and the all the rest with licenses to their personal content. Regardless of what users understand the growth of the social networking websites will be based on increased data from their users’ content which will generate more online advertising revenues.
 

• Email This
• Print
• Comments (2)
• Trackbacks
• Share Link

A recent a Google announcement of Wiki services in Google to improve the search experience and allow users to rank search results has a number of individuals questioning exactly what’s going on. Just like most wiki projects, this project did not in a straight line. Apparently this new service came from a Google Wiki Search Team rather than Google Labs.

How does the new Google Wiki work?

The new Google Wiki will allow users to conduct searches, and then permits them to reorder or delete certain results. That way when users return for future visits to Google they get their search results in the order they want. Only the user has access to their own search results with its Google Wiki reorganization, so they can keep this private.

What’s really going on?

Some skeptics complain that Google’s run out of ideas and that they are fixing something that wasn’t broken. Maybe, but perhaps there’s more method to this madness – since users’ can control the priority of their search results, won’t Google have even more powerful advertising data about users? Google users are more likely to spend more time on Google, which can only help Google’s business. Privacy of personal information should be a major concern to Google users since Google will have a personal insight about search priority of search results, not to mention the deleted search results. Stay tuned for future developments!
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

While most IT professionals are well aware of the evolution of Internet 2.0 computing services which offer on-line applications and large storage, in many ways this seems like an evolution of time-sharing from the 1960s when the likes of General Electric offered remote computing services to dumb terminals. Now Cloud Computing is one of the hot buzz words describing Software as a Service (SaaS) (sort of an updated term for ASPs- Application Service Providers) coupled with large amounts of storage. Major players are offering these services including IBM’s Blue Cloud,  Amazon’s S3, Google’s Apps, and Salesforce’s CRM. These Cloud Computing services allow users to collaboratively work on projects over the Internet using proprietary and open source applications. 

Collaboration is Great

One of the great benefits of using Cloud Computing like wiki tools is allowing collaboration, and many large companies including IBM, Microsoft, and Oracle use collaboration tools to develop new technologies. It is hard to believe that Wikipedia started in 2001 and now has more than 2.5 million English articles since it reached a major milestone of 1 million articles in March of 2006. Clearly there are many other wiki success stories, but yet still skeptics about the accuracy and authenticity of the content.

How Secure is the Data?

Virtually no one reads the Click Agreement terms or Terms of Service when accessing Internet sites, downloading software, or registering on a website, nor do business people generally consult their attorneys about these Click Agreement terms or Terms of Service. So is any wonder that the vendors generally provide the services “as is,” without warranties and limit their liability and damages, and make jurisdiction and venue as inconvenient as possible to the user? Probably not, but when there are service outages that even the Service Level Agreements offer a reimbursement for down time, but not consequential damages. Another major concern is privacy of data since such laws such as HIPAA and the EU Data Directive restrict use of certain person information, and yet depending on how the Cloud Computing provider operates, these data privacy issues can be lost.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Congressional hearings reveal that Internet companies routinely track behavior of visitors to websites, and as a result Congress is considering legislation to help personal privacy. Currently the Federal Trade Commission allows for self-regulation by websites, and websites need not have privacy policies, but if there are privacy policies the FTC expects adherence. Otherwise the FTC levies fines.
 

Unfortunately few Internet users ever bother to review the Privacy Policies of the websites that they visit, because if they did perhaps Congress would not be so shocked. Google and other major players retain data on visitors for 18 months, and even the EU recently was considering restricting the data retention to only 12 months (not that the 6 months additional data would change the fact that the ISPs were capturing information for their own purposes). Since the federal government allowed Google to purchase DoubleClick clearly everyone was aware of where Google was headed but to take advantage and use personal information about the Internet traffic.
 

Tracking information about web traffic is not bad, but when personal identifiable information is compromised consumers react. A number of major players submitted letters to the House Committee including AOL, Charter Communications, Earthlink, Time Warner Cable, and Yahoo! to name a few.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link