Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace Law & Policy, U.N.S.W., and in eCommerce at Uni. of Hong Kong http://www.anu.edu.au/people/Roger.Clarke/… …/DV/Googacy-070919 {.html, .ppt} ANU DCS – 19 September 2007
45
Embed
Copyright 2005-07 1 and Privacy Roger Clarke Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U. and in Cyberspace.
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Copyright2005-07
1
and Privacy
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, Department of Computer Science, A.N.U.and in Cyberspace Law & Policy, U.N.S.W.,
and in eCommerce at Uni. of Hong Kong
http://www.anu.edu.au/people/Roger.Clarke/…
…/DV/Googacy-070919 {.html, .ppt}
ANU DCS – 19 September 2007
Copyright2005-07
2
Google and PrivacyAgenda
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
Copyright2005-07
3
Privacythe interest that individuals have in
sustaining a 'personal space',free from interference
by other people and organisations
Privacy Protectiona process of finding appropriate balances
between privacy and multiple competing interests
Copyright2005-07
4
Privacy cf. Data Protection• Dimensions of privacy interest:
• The Physical Person• Personal Behaviour• Personal Communications• Personal Data
• Motivations for protecting privacy:
• Psychological• Social• Economic• Political
Copyright2005-07
5
‘Research Your Next Appointment’
• Their Site(s)/Blog(s)• Event Programs• Committee Minutes• Letters to the Editor• Postings
• email-lists• fora• blogs
• Logs (e.g. in court)• IAPs• ISPs• own machine
• Media Reports• as subject• as reporter• as commentator• as bystander
• 'Public Records'• Court Reports• ‘Little Black Books’• Commercial Databases• Dead Pages, from the
with/without notification• Traffic data retention, message retentionMail-Recipient’s ISP:• Access to, and use of traffic• Access to, and use of content• Authorised / unauthorised disclosure,
Gmail Subscribers• Targeted Ads based on text from senders
=> consumer manipulation• Correlation with Data from Other
Services
Copyright2005-07
14
– Yet More Risk Exposures
Senders to Gmail Addresses
• Examination of Text• Long-Term Retention• Consolidation
with Other Sources• Long-Term Unauthorised
Disclosure• No notification of
disclosures
Senders Generally• Postings to Lists
if even a single subscriber is a Gmail account
• Forwards to Gmail accounts
• Forwards to Listsif even a single subscriber is a Gmail account
Copyright2005-07
15
Copyright2005-07
16
EPIC on Gmail• No Non-Subscribers Consent
to content extraction• Unlimited Data Retention• Profiling across Google
product line• Harms expectation of
privacy• Insufficient privacy policy• No data protection on
sale of company or change of company policy
http://www.epic.org/privacy/…… gmail/faq.html, August 2004
• Gmail is a privacy disaster• Google is engaging in
indefinite data retention• Google has publicly
stated it will not discuss law enforcement requests for personal information
• We have no idea how Google responds to law enforcement, nor how many requests have been received
private email from EPIC, 8 Dec 2005
Copyright2005-07
17
v. 1 – October 2004
Search Within Your Own Computer“A desktop search application that provides full text search over your email, files, music, photos, chats, Gmail, web pages that you've viewed, ...”(cf. Apple’s Sherlock 1998, later Spotlight, and many third-party products for Wintel)It allows people to scan their computers for information in the same way that they use Google to search the web
http://desktop.google.com/about.html
Copyright2005-07
18
v. 3 – 9 Feb 2006
Search Across Your ComputersBUT“In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google”
Privacy Policy:Protecting users' privacy is very important to Google and the Third Parties. As a condition of downloading and using the Software, you agree to the terms of the Google Pack Privacy Policy ..., which may be updated from time to time and without notice.
No Read-Me File accompanies the download.There are no explanations as to how to de-install.It appears that the default may be set to
Acceptance of Google’s tender confirmed 5 April 2006
Copyright2005-07
23
12 Months Later ...• WinterGreen Research, Inc. April 2007
Earthlink and San Francisco have finalised a Wi-Fi contract. The contract enables Earthlink to build a citywide wireless services network and Google to provide free Internet access
But, 4 Months After That ...• Blow as two ‘Muni WiFi’ schemes fail
Financial Times, 31 August 2007The San Francisco scheme … fell apart on Wednesday night after Earthlink, the [ISP], said it was pulling out of a contract to build the city’s WiFi network
Copyright2005-07
24
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Copyright2005-07
25
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Google AdSense• Minor Page-Owners let ad-space to Google• Google gathers data about all traffic
to all sites that are ‘AdSense affiliates’
Copyright2005-07
26
Doubleclick
• Major Site-Owners let ad-space to DoubleClick• DoubleClick gathers data about all traffic
to all such sites, resulting in consumer profiles
Google AdSense• Minor Page-Owners let ad-space to Google• Google gathers data about all traffic
to all sites that are ‘AdSense affiliates’
On 13 Apr 2007, Google bought DoubleClick
Copyright2005-07
27
New York Consumer Protection Boardhttp://www.consumer.state.ny.us/pressreleases/2007/may092007.htm
“the combination of DoubleClick's Internet surfing history generated through consumers' pattern of clicking on specific advertisements, coupled with Google's database of consumers' past searches, will result in the creation of ‘super-profiles’, which will make up the world's single largest repository of both personally and non-personally identifiable information”. [bigger than Acxiom?!]The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third parties, as well as public disclosure as evidence in litigation or through data breaches.
Copyright2005-07
28
Current Regulatory Investigations
http://www.epic.org/privacy/ftc/google/
• US Federal Trade Commissionhttp://www.internetnews.com/bus-news/article.php/3680266
• EU Directorate on Competitionhttp://ec.europa.eu/comm/competition/index_en.html
• Aust Competition and Consumer Commissionhttp://www.accc.gov.au/content/index.phtml/itemId/788097
• EU Data Protection Commissionershttp://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_21_06_07_en.pdf
Copyright2005-07
29
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
Round 4• Google as Wireless IAP
Gratis (i.e. ad-funded)• Ad Syndication (AdSense)• Consolidation of the
Consumer Profiles held by DoubleClick and Google
Copyright2005-07
30
Google’s Business(es)3. Data about Users
“We are moving to a Google that knows more about you”
- Google’s CEO NYT, 10 Feb
2005
Round 3• Gmail• Desktop• Desktop v.3• Orkut
Round 4• Google as Wireless IAP
Gratis (i.e. ad-funded)• Ad Syndication
(AdSense)• Consolidation of the
Consumer Profiles held by DoubleClick and Google
Round 5• Psych profiles from
online gaming• Face Recognition
in Image Search• Street View• Facebook profiles• ...
Copyright2005-07
31
Google and PrivacyAgenda
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
Copyright2005-07
32
A Normative Template forTerms of Contract for Consumer
“… providers of search engines … shall not record any information about the search that can be linked to users or about the search engine users themselves.“After the end of a search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data necessary to provide a service stored (e.g. for use in future searches)”
Copyright2005-07
37
A Privacy Statement Templatehttp://www.anu.edu.au/people/Roger.Clarke/DV/PST-
051219.html
• Data Collection• Data Security• Data Use• Data Disclosure• Data Retention and Destruction• Access by You to Your Personal Data• Information about Data Handling Practices• Handling of Enquiries, General Concerns and
Complaints• Enforcement• Changes to These Privacy Undertakings
A simple HOWTO for stopping Google from logging your search history. In summary, the solution is to :
• clear all long-lasting cookies• set your browser to not keep cookies
between restarts• divert all google requests out
through an anonymous proxy
BUT ALSO !!!• Frequently re-start• Don’t register• Don’t use DeskTop, Gmail, …• Don’t send to Gmail accounts ...
Copyright2005-07
41
Google Mythology: “Do No Evil”• Two variants are evident on the web-site:
(1) number 6 of 'Ten things Google has found to be true':"you can make money without doing evil".But that statement is descriptive, not normative
(2) "Our informal corporate motto is 'Don't be evil' " But that statement is part of a ‘Code of Conduct’ communicated to investors, not customers, and is in any case completely non-binding
• There is an relevant corollary:• "You can make money without doing evil;
but you can make more money by doing evil"• Given the legal obligations of corporations,
the epithet actually implies that evil should be done
Copyright2005-07
42
Google Mythology:"Protecting users' privacy is very important
to Google" • World's-Worst Privacy Policy stance• "We will remove IP-addresses after 18 mths"
(They don't need them beyond 18 seconds)• "We will auto-delete cookies 2 yrs after last visit"
(Gobbledygook. They're remote from them …And there's no need for long-term cookies at all. It's better to block cookies, auto-delete cookies, delete cookies, and/or use a nymous proxy-server)
• Argues at UNESCO for standardisation on the world's weakest code. (The APEC code was designed by privacy-hostile USA with Australian help, using privacy-hostile Asia as the excuse)
Copyright2005-07
43
Google and PrivacyRecapitulation
Privacy
Google’s Business(es)1 A Search-Engine2 Content-Discovery
Services3 Content Services4 Data about Users
Privacy Protections• Consumer Protection
Law• Privacy Protection Law• Privacy Policy
Statements• DIY
Google Mythology
Copyright2005-07
44
QuickTime™ and aTIFF (Uncompressed) decompressor
are needed to see this picture.
Copyright2005-07
45
and Privacy
Roger ClarkeXamax Consultancy Pty Ltd, Canberra
Visiting Professor, Department of Computer Science, A.N.U.and in Cyberspace Law & Policy, U.N.S.W.,