Recently in Privacy Category

"I don't want to have to worry about all the different online scandals and problems," says Brown, an education major at St. Joseph College in Connecticut. She'd like to control her personal information and keep it out of the hands of identity thieves or snooping future employers. "It's just common sense."

It sounds like her info is locked down and airtight. But is it?

Turns out, even the privacy-conscious Sarah Browns of the world freely hand over personal information to perfect strangers. They do so every time they download and install what's known as an "application," one of thousands of mini-programs on a growing number of social networking sites that are designed by third-party developers for anything from games and sports teams to trivia quizzes and virtual gifts.

Two consumer groups asked the Federal Trade Commission on Tuesday to create a "do not track list" that would allow computer users to bar advertisers from collecting information about them.

The Consumer Federation of America and the Consumers Union also urged the FTC to bar collection of health information and other sensitive data by companies that do business on the Internet unless a consumer consents.

The call echoed those of other privacy advocates who filed statements with the FTC on Internet companies' use of "behavioral advertising." That is the practice of tracking a computer user's activities online, including Web searches and sites visited, to target advertisements to the individual consumer.

So I was looking at the Reuters this morning and saw an article that kind of annoyed me.  Not because of the reporting (top-notch) but because the article highlighted a lack of personal responsibility and a certain sense of entitlement that really bugs me.

Many people are uncomfortable with Web sites customizing content to people's personal profiles, according to a new survey.

"There's a creepy factor and a fear of the unknown that people don't want to deal with," said Michelle Warren, senior research analyst at Info-Tech Research Group in London, Ontario.

"The notion that there's a privacy issue in someone's email account hits a little too close to home for some," she added.

Nearly 60 percent of 2,513 people in the United States questioned in a Harris Interactive poll said they were uneasy when Web sites use information about personal online activity to tailor advertisements or content.

In a nutshell, the story related how a lot of people are uncomfortable with websites tracking their activity for the purposes of targeted advertising.  I understand that some people find it creepy, but it's nothing new. 

Search engines should delete personal data held about their users within six months, a European Commission advisory body on data protection has said.

The recommendation is likely to be accepted by the European Commission and could lead to a clash with search giants like Google, Yahoo and MSN.

Google and Yahoo anonymise user data after 18 months, while MSN does the same after 13 months.

The body said search companies were not clear enough on data protection.

Google said its privacy policy "strikes the right balance" between privacy, security and innovation.

We missed something. Too much about the toy, not enough on the game.

I'm reading Alex's post about Western Union's new "send money by prepaid phone" service and I can't help but think there is an invitation for regulatory disaster here.

I've had to send money with Western Union once in 25 years, to a friend who was stuck in Michigan with maxed out credit cards from a ticket and impound lot, who needed cash to fill up his car and drive back east.

When I called Western Union, they asked me a whole bunch of questions to verify who I was. They had my addresses going back five years (even my college dorms) and I had to think back to remember my old home phone number growing up (301-229-9041) and even some details about my parents.

The beauty of prepaid phones, however, is that they offer some level of anonymity by disconnecting the phone number from an identity. This is useful for say, people who are whistleblowers or sources for journalists, or even for plain old privacy-minded people who are willing to pay a premium to not have a name associated with their phone.

Western Union, which discontinued their signature telegram service last year, now makes their money taking a cut of funds that people send using their network. Those remittances that enterprising immigrants send home (which are, incidentally a huge part of the global economy) make up a massive pool of funds. For instance, Ghana's economy recieved $4.5 Billion in remittances from abroad in 2005, a huge chunk of that country's GDP.

In the U.S. many undocumented/illegal immigrants get paid cash. They send this cash home via Western Union. No tax is paid at any point, except perhaps by WU. On the other hand, this is cumbersome because of the paper trail required. Let's go back to me trying to send $150 tp Michigan. They knew everything about me. I'm sure they collect just as much information on Joe Blow trying to send cash, because they've been an easy target for money laundering and other underhanded enterprises. They cover their butts.

Another thing, if sending money is going to be so easy domestically, isn't the Government going to want a cut, or want to watch the sums moving around from phone to phone? I'd like to see the privacy policy associated with this service. Is reloading my phone with minutes going to be as document-heavy as sending money? Will I have to fill out a form, or will I just be able to buy a "card" with cash, no questions asked? Can you see where this is going?

Now, if I buy a prepaid phone from this service, am I going to have to document myself the same way? What if this becomes more widespread? Could this new "feature" spell the end of the disconnection of number and identity?

If so, the prepaid phone market will be all but dead, except to those who have no other choice. What bothers me about it is that right now, I have a choice, and should continue to have a choice whether or not to be anonymous. I'm afraid that in their zeal to open a new market, Western Union could make it an attractive option for the Government to take that choice from me.

I hope not.

The opening of social networks may now accelerate thanks to that older next big thing, web-mail. As a technology, mail has come to seem rather old-fashioned. But Google, Yahoo!, Microsoft and other firms are now discovering that they may already have the ideal infrastructure for social networking in the form of the address books, in-boxes and calendars of their users. "E-mail in the wider sense is the most important social network," says David Ascher, who managesThunderbird, a cutting-edge open-source e-mail application, for the Mozilla Foundation, which also oversees the popular Firefox web browser.

That is because the extended in-box contains invaluable and dynamically updated information about human connections. On Facebook, a social graph notoriously deteriorates after the initial thrill of finding old friends from school wears off. By contrast, an e-mail account has access to the entire address book and can infer information from the frequency and intensity of contact as it occurs. Joe gets e-mails from Jack and Jane, but opens only Jane's; Joe has Jane in his calendar tomorrow, and is instant-messaging with her right now; Joe tagged Jack "work only" in his address book. Perhaps Joe's party photos should be visible to Jane, but not Jack.

This kind of social intelligence can be applied across many services on the open web. Better yet, if there is no pressure to make a business out of it, it can remain intimate and discreet. Facebook has an economic incentive to publish ever more data about its users, says Mr Ascher, whereas Thunderbird, which is an open-source project, can let users minimise what they share. Social networking may end up being everywhere, and yet nowhere.

"The makers of the Constitution conferred the most comprehensive of rights and the right most valued by all civilized men--the right to be let alone." 

As COO, Sandberg will be responsible for helping Facebook scale its operations and expand its presence globally. Sandberg will manage sales, marketing, business development, human resources, public policy, privacy and communications and will report directly to Facebook's CEO Mark Zuckerberg.

First off, before she was at Google, she was Chief of Staff to the U.S. Treasury Secretary under President Bill Clinton. She carried this DC experience to Google where she was one of the few executives there openly and actively involved in politics. 

Later we'll have details on a new Facebook privacy concern.

Possibly (hopefully) with comments from Drew Clark, Commissioner Adelstein and Professor Tim Wu.

All discovery has been blocked so far by the administration's argument, still awaiting court resolution, that the suits are barred because they involve state secrets. What tantalizing clues about the surveillance have emerged so far have come from affidavits entered into the record by the plaintiffs.

If the AT&T case is allowed to proceed, for example, the plaintiffs will ask a judge to consider documents provided by a former AT&T technician, Mark Klein, that suggest a massive effort by the National Security Agency to tap into the backbone of the Internet to retrieve millions of e-mails and other exclusively domestic communications.

The government, in a brief before the U.S. Court of Appeals for the 9th Circuit in San Francisco, has denied the existence of any "dragnet" surveillance program. In the cases against the telecommunications firms, Justice Department attorneys have argued that merely to confirm or deny any "intelligence" relationship with AT&T or any company "could reasonably be expected to cause exceptionally grave damage to the national security."

Though the carriers have argued that they are barred from defending themselves against the allegations because of the government's invocation of the state-secrets privilege, at least one carrier, Verizon, has stated in regulatory filings that the cases against it are without merit.

Like most corporate interests with a heavy stake in Congressional action, the major phone companies significantly boosted their contributions to Democrats last year after the party surged back into the majority.

But giving by that sector is getting special attention from Republicans now that the debate over the surveillance program is front and center -- and focused on the phone companies' role in aiding the Bush administration after the 9/11 terrorist attacks.

"It's quite discouraging," said one GOP leadership aide, referring to the disparity in giving from the telecommunications industry in light of the FISA debate, but also the broader lack of support for Republicans from the business community in general.

"These companies just won't do anything," the aide said. "Even when you have the Democrats working against their bottom line."

Of the four major phone companies, only Sprint is now favoring Democrats overall, giving the majority party about 57 percent of their PAC contributions, according to CQ MoneyLine.

The other three companies, AT&T, Verizon and Qwest, still give a majority to Republicans but by slimmer margins than in years past.

AT&T gave Democrats 38 percent of their PAC dollars last year, up 8 percentage points from the 2006 cycle; Verizon gave them 47 percent, up 10 percentage points from the last cycle; and Qwest gave them 49 percent, a 22 percentage-point boost over 2006, according to records from the FEC and CQ MoneyLine.

A U.S. Districts Judge went back on his decision to prohibit a website from posting bank records from various off-shore banks.  The initial deceision was based on a lawsuit filed by a Swiss Bank, Julius Baer.

Here are some of the details from Reuters.com

By Philipp Gollner

SAN FRANCISCO (Reuters) - A U.S. judge on Friday reversed his earlier ruling shutting down a Web site with private bank data from Switzerland's Julius Baer Holding AG.

U.S. District Judge Jeffrey White reversed his February 15 order after hearing arguments by attorneys from the American Civil Liberties Union and other free-speech groups that his decision amounted to unconstitutional prior restraint.

"There are serious questions of prior restraint and possible violations of the First Amendment," White ruled from the bench in his San Francisco courtroom.

"The court has serious questions whether those concerns raised before the court make the granting of the relief requested by the plaintiffs constitutionally appropriate," he added.

White ruled that Baer, based in Zurich, could continue with its lawsuit against the Web site, Wikileaks.org, and Dynadot LLC, the Web site's domain-name registrar. White had issued a permanent injunction on February 15 ordering Dynadot, based in San Mateo, California, to disable the Wikileaks.org domain.

Baer had sued Wikileaks and Dynadot earlier this month after the site posted documents including bank records of about 1,600 clients with accounts in a Baer subsidiary in the Cayman Islands.

 

So the ACLU is defending the consitutional rights of someone who is posting other people's bank records on the internet.  Maybe it's my immense lack of any sort of legal training or degree (remember, I am NOT a lawyer) but common sense would seem to agree with the original ruling, which I'll paraphrase below -

Don't publish bank records that aren't yours on the internet!

I was going to write more, but I'm quite frankly baffled.  The article goes on to say explain how Swiss banks are used as a haven for the wealthy looking to hide their money from the IRS.  It also mentions that the poster of the records is a self-proclaimed "whistle-blower."  That's all well and good, and maybe the use of Swiss and other off-shore banks to facilitate illegal activities should be put into the spotlight.  But placing private citizens' bank record on the web for quite literally the entire world to see is not the right way to do it.

Committing one crime to expose another just weakens your cause.  It sucks, but you need to stay within the law in order to enforce it.  Sure, the Batman lover in me says "The system doesn't always work.  Get the crooks by any means.", but this isn't Gotham.

As much as I'd love to see the "bad guys" get taken down I don't want a precedent set where anyone who gets a hold of my bank records (and it wasn't mentioned how the records were obtained) can post them for all to see.  Granted, it's because I have so little money that it would be painfully embarassing, but I think you all see my point.

If anyone wants to weigh in, please leave a comment.

Here is a screenshot deeper in the application:

We're proud of the product that we've designed and are continuing to build, but recognize that we are just at the initial stages of our "launch early and iterate" strategy. We look forward to the feedback we will receive from our Cleveland Clinic pilot, from all of you, and from the initial users of our service when we make it publicly available in the coming months.

Permalink Links to this post

Labels: healthcare

Now, when I went to click on the "Links to this post" link, I got a blank space. Nothing. All the  trackbacks are kaput.

So, it's ok to link to the Google Blog in order to shower them with praises and talk about how revolutionary and wonderful they are...but criticize them or suggest they are heading down a dark path? They'll make you disappear. At least that's what it looks like. Now, I know a lot of tech types don't get Washington, but us Beltway locals have a saying: "the coverup is worse than the crime." You may have heard that before.

Hey, Google Bloggers: want to tell me why you turned off trackbacks? If you give me a real reason, I'll even apologize to you. Heck, I'll fly out to California and buy you all a round of your preferred beer.

But only if you can prove to me that you're not so scared of criticism based on your own blog that the second someone does, you stop linking back.

Your corporate motto is "do no evil" but honestly, this looks like something Steve Ballmer would do. I'm just too far away from the Googleplex for you to throw chairs at me.

So come on, Google Bloggers. Turn them back on, or explain on your blog why they are gone.

I'll be reading. And I'll be writing, too.

That's right. Google wants to host your medical records. Last week they announced a partnership with a clinic in Cleveland, OH. Now they're talking more about the product itself. Here's the scoop from Google Blog:

• Platform - One of the most exciting and innovative parts of Google Health is our platform strategy. We're assembling a directory of third-party services that interoperate with Google Health. Right now, this means you'll be able to automatically import information such as your doctors' records, your prescription history, and your test results into Google Health in order to easily access and and control your data. Later, this platform strategy will mean that you will be able to interact with services and tools easily, and will be able to do things like schedule appointments, refill prescriptions, and start using new wellness tools.

• Portability - Our Internet presence ultimately means that through Google Health, you will be able to have access and control over your health data from anywhere. Through the Cleveland Clinic pilot, we have already found great use-cases in which, for example, people spend 6 months of the year in Ohio, and 6 months of the year in Florida or Arizona, and will now be able to move their health data between their various health providers seamlessly and with total control. Previously, this would have required carrying paper records back and forth. With Google Health, the user can simply import the data from each medical facility and then choose to share it with the other facilities. It's advances in data portability like this that we think can really make a difference in the quality of healthcare. The clearer and more comprehensive the information regarding your health becomes, the better your care will be.

I'll be clear. I like Google. I think they mean well. They've got a ton of smart people there. On the other hand, the idea that my medical records are stored somewhere central, indexed and made available to anyone who can get access to the machine (as opposed to my doctor keeping his own records and sharing them when I tell him to) goes completely counter to my sense of privacy. Some things are best kept difficult. Sharing confidential records of any short should be one of them. To be honest, I think anything you want to keep secret or confidential should be on paper. My doctor, who is a pretty young, tech-savvy individual, uses a tablet PC to take his charts, and he's been kind enough to print his notes and stick them in a paper file.

Why do I ask him to do this when I don't have anything to hide? When there is no paper, there is no paper trail. If I know that only my doctor has my records, if they show up anywhere else, I have a pretty good idea of where they came from. If they're hosted on Google's machines, I have no idea who is doing what with my data.

Would this extend to mental health records? Imagine if you went to a therapist, marriage counselor, rehab, whatever, and those notes and records were online for "easy access." I want it to be a total pain in the neck for anyone to get them. I want it to be difficult for me to get them sent to anyone.

I switched Dentists this year. To transfer my charts and X-Rays, I had to call my old dentist, have them fax my new dentist a release form, which I signed in their presence, which they faxed back to my old dentist, who put my charts and X-Rays in a tracked, signed for FedEx envelope. It took some time and it was annoying, but my privacy was protected. Remember, there are many medical conditions that are illegal to disclose in the U.S. Imagine if a misplaced setting on this Google Health inadvertantly released people's genetic records or HIV status? I wonder what Andrew Sullivan, the Internet's favorite HIV+ pundit has to say about this.

People's medical records contain all kinds of things that are nobody's business but their own. Any doctor or hospital that would outsource their record-keeping, which is one of the most important things that a doctor can do for a patient (keep a good chart), is abdicating their responsibility and calls into question whether they value convenience over ethics. The doctor-patient relationship, including medical records, has long been considered sacrosanct. For a company like Google to actually want to offer this as a service says more about their arrogance than the system itself does about their capacity to innovate, and for any doctor or hospital to buy or use it would, to me, be a violation of trust.

There are those in Washington and around the country (Paul Krugman is one) who believe that electronic, portable charts are the key to universal health care. Krugman regular cites the Veterans Administration as an example, since they use some electronic records. The big difference is a) they keep it in-house, and b) they are a single organization. If I wanted to send my VA records to a private doctor, I would have to jump through way more hoops than just telling Google it's OK...and I should have to. Hillary Clinton regularly throws out "e-charts" as the solution to all our problems, and more centralization of records was a big part of her failed 1993 "Hillarycare" plan that she is so loathe to discuss now.

This should not be easy.

Google should be commended for trying to simplify health care record keeping, but this is an arena where they should keep their mitts off. If they want to sell a "black box" turnkey solution for internal record keeping, go for it, but I will still insist on paper. Host my records for me? Go away.

Eager to nail a corporate head to the wall in the mold of his predecessor Elliot Spitzer, New York Attorney General Andrew Cuomo has (according to AP, via The Register) has issued a subpoena for traffic data for Comcast's New York subscribers, despite the company's relatively small footprint in the state.

Cuomo may be a small fish for the company to worry about. When FCC Chairman Martin says things like

"While networks may have reasonable practices, they obviously cannot operate without taking some reasonable steps...but that does not mean they can arbitrarily block access to certain services."

you know you might have a problem. Martin (R), whose tenure at the FCC has been known for fines as massive as his love for deregulation, may join fellow Commissioners and usual suspects Michael Copps (D) and Jonathan Adelstein (D) in issuing an official order and possibly fining the nation's largest Cable TV provider and ISP for their throttling of BitTorrent traffic and subsequent attempts to cover-up or obfuscate the issue.

Martin has indicated his unwavering support for competition in all arenas, and although one would suspect he would naturally side with the business, the fact that Comcast operates a "competing" Video service throws a wrinkle into what would otherwise be a clear-cut "reasonable network management" practice. Also, Martin and several of his colleagues were adamant in their desire to encourage more disclosure and transparency in broadband subscription limitations.

Meanwhile, the Electronic Frontier Foundation has sued the U.S. Department of Justice. Again. They're curious to hear about discussions, negotiations or conversations between Google and Jayne Horvath, who was USDOJ's first "chief privacy and civil liberties officer" in 2006, when Google fought off a subpoena for a massive amount of search records. In an extreme cross-country case of "DC revolving door," Horvath is now Google's senior privacy counsel.

According to EFF counsel David Sobel, "

Google has an unprecedented ability to collect and retain very personal information about millions of Americans, and the DOJ and other law enforcement agencies have developed a huge appetite for that information...We want to know what discussions DOJ's top privacy lawyer had with Google before leaving her government position to join the company."

I'm not a conspiracy theorist by any means, and I'm certainly us