Showing posts with label privacy. Show all posts
Showing posts with label privacy. Show all posts

Friday, September 21, 2007

DRM violates Canadian privacy law

The University of Ottawa's Canadian Internet Policy and Public Interest Clinic has just released a huge, deep report on the privacy implications of various DRM systems. They examine 16 different systems in depth and conclude that DRM is a grave threat to personal privacy.
Our assessment of the compliance of these DRM applications with PIPEDA led to a number of general findings:

• Fundamental privacy-based criticisms of DRM are well-founded: we observed tracking of usage habits, surfing habits, and technical data.

• Privacy invasive behaviour emerged in surprising places. For example, we observed e-book software profiling individuals. We unexpectedly encountered DoubleClick - an online marketing firm - in a library digital audio book.

• Many organizations take the position that IP addresses do not constitute "personal information" under PIPEDA and therefore can be collected, used and disclosed at will. This interpretation is contrary to Privacy Commissioner findings. IP addresses are collected by a variety of DRM tools, including tracking technologies such as cookies and pixel tags (also known as web bugs, clear gifs, and web beacons).

• Companies using DRM to deliver content often do not adequately document in their privacy policies the DRM-related collection, use and disclosure of personal information. This is particularly so where the DRM originates with a third party supplier.

• Companies using DRM often fail to comply with basic requirements of PIPEDA.

PDF Link (via Michael Geist)


Wednesday, August 01, 2007

Can privacy be a premium service?

Time and privacy are two aspects of our modern lives that are in short supply. The constant distractions of modern communications have placed increased demands on our time. And similarly, as we do more things on the web, we leave our footprints in the sand, sacrificing our privacy in micro-chunks: be it surfing on the web, or simply conducting searches on Google.

Time and its management are highly personal issues, but when it comes to privacy, the chinks outweigh the average person's capabilities. And that prompted me to as the question: can privacy be offered as a value-added (premium) service by carriers and web service operators such as Google.

There are those who fret about the Government snooping into our lives. Yet, at the same time, we are all happily sacrificing a little but of our privacy every day in the name of cool or convenience. Take, the new friend-finding service on Sprint Nextel (powered by Loopt) as an example. The Wall Street Journal reports that such location-based services now account for one third of US carriers' application-related revenues, ahead of sports and music.

And that's not all. The hot new trend of personal broadcasting (or neo-modern narcissism) only exacerbates the problem. From photos uploaded to Flickr, location-based services announcing our presence, alert services like Twitter and Pownce acting as nano-thought transmitters, videocasting via Kyte, or just plain old Facebook - it seems in this post-broadband world, everyone is happy to share everything.

This might seem as the final deliverance on the promise of the two-way web, but this upload-and-share philosophy comes with some baggage. While in the past it was your emails that could get you into trouble (Bill Gates would agree), now there are many more ways to get busted.

Only last week we had the quirky WholeFoods CEO whose "anonymous" self promotion has gotten him into trouble, lately with SEC. There was the whole fracas about Plazes CEO who skipped a conference, making an excuse, only to broadcast his location from another city. And now, The Times of London is reporting how Oxford University proctors got hold of photos of wild celebrations from the Facebook, and fined the rowdy students.

The tragicomic-sensationalist headlines not withstanding, as the shift to online interactions gathers momentum , we might find our lives more exposed than ever before. If not today, but soon enough, we might be willing to pay to protect the privacy, and erase the digital footprints we are leaving behind.

The search engine giants - Ask, Yahoo, Microsoft and to some extent Google - have started to put privacy protection procedures in place, but they are meaningless. At least three of them will be keeping our search data for a year - which is too long. For a nominal fee of say a $1 a month, they should offer us ability to erase our search behavior every week.

Similarly, web services could use better privacy as a distinguishing factor. After all if all social networks are going to be platforms, I should ideally opt for one that protects and respects my privacy. Other web services could follow - turn privacy into an opportunity for making money.


Friday, July 06, 2007

iTaggit: Personal Asset Management

itaggit.png iTaggit aims to change the way people collect, organize, and enjoy their personal items and collections by providing a service to catalog collections online.

iTaggit provides an online environment for cataloguing, managing, and sharing collections of items, while preserving user and data privacy. The site features community resources, where users can connect and interact with friends, like-minded collectors, and experts. Recent upgrades include an Add Item Wizard, a Flickr-like picture uploader, an Amazon import tool, and Item Publisher.

The best way of describing iTaggit is as a personal asset management service. If you’re a hobbyist or someone who likes cataloguing collections then iTaggit will appeal; although notably this would likely be a relatively small vertical.

iTaggit took $1.04 million Series A financing round in August 2006 and makes revenue from eBay and similar affiliate advertising programs.


Crunch Network: MobileCrunch Mobile Gadgets and Applications, Delivered Daily.


Saturday, June 02, 2007

Photo Tagging as a Privacy Problem?

An anonymous reader writes "The Harvard Law Review, a journal for legal scholarship, recently published a short piece on the privacy implications of online photo-tagging (pdf). The anonymously penned piece dourly concludes that 'privacy law, in its current form, is of no help to those unwillingly tagged.' Focusing on the privacy threat from newly emergent automatic facial recognition search engines', like Polar Rose but not Flickr or Facebook, the article states that 'for several reasons, existing privacy law is simply ill-suited for this new invasion.' The article suggests that Congress create a photo-tagging opt-out system, similar to what they did with telemarketing calls and the Do-Not-Call Registry." How would you enforce such a registry, though?

Read more of this story at Slashdot.