Privacy as Product Safety


In non-Google news, I’ve just uploaded a draft of my latest paper, Privacy as Product Safety. I’ve been giving presentations on what I call the “Myths of Privacy on Facebook” and when I was invited to present at a symposium on Internet expression at Widener University, I decided to expand the presentation into a real essay. It’s forthcoming in the Widener Law Journal’s June issue, and the new twist is that I draw a parallel between the privacy problems facing users of Facebook and other social software with the problems of product safety facing consumers. Here’s the abstract:

Online social media confound many of our familiar expectaitons about privacy. Contrary to popular myth, users of social software like Facebook do care about privacy, deserve it, and have trouble securing it for themselves. Moreover, traditional database-focused privacy regulations on the Fair Information Practices model, while often worthwhile, fail to engage with the distinctively social aspects of these online services.

Instead, online privacy law should take inspiration from a perhaps surprising quarter: product-safety law. A web site that directs users’ personal information in ways they don’t expect is a defectively designed product, and many concepts from products liability law could usefully be applied to the structurally similar problem of privacy in social software. After setting the scene with a discussion of how people use Facebook and why standard assumptions about privacy and privacy law fail, this essay examines the parallel between physically safe products and privacy-safe social software. It illustrates the value of the product-safety approach by considering another ripped-from-the-headlines example: Google Buzz.

Comments are enthusiastically welcomed.


James, prior to The Capital Times publication of Small-time author blasts Google-UW digital book project and NBC’s pick-up of the story [Google Snoops on Family History], I was reluctant to voice my concerns on-line because of privacy concerns. However, afterwards I figured “in for a penny, in for a pound,” and decided that if I was going criticize Google & Company in regards to the piracy of my work, I would have to use my own name. I have had to forego my privacy. For this reason I have told the University of Wisconsin that I will reject any apology they may offer unless it is published in The Capital Times, The Chronicle of Higher Eduction, The Chronicle-Herald, and The Globe And Mail.

Congratulations on the publication of your work and have fun at the symposium. Douglas Fevens, Halifax, Nova Scotia— The University of Wisconsin, Google, & Me


Google & Company has digitized more than 200,000 volumes in the University of Wisconsin’s genealogical stacks. [See: GOOGLE TO DIGITIZE MORE OF UW-MADISON BOOK COLLECTION Back in May 2009 when I first discovered my work at Google Books they had on its web page a map of all the locations mentioned in my book. To me Google Books has serious “product safety” issues. If you find that your personal information is displayed at Google Books there is no way for you to have it removed unless you are the rights-holder to the work and even then Google & Company are not legally bound to remove it.

Douglas Fevens, Halifax, Nova Scotia— The University of Wisconsin, Google, & Me


An interesting paper on an important issue.

I note that in the story you cite at the start of your essay the material off Facebook fetched up in the pages of the Daily Mail, a right-wing UK tabloid newspaper.

According to Polly Toynbee of the Guardian, ‘The Mail’s founder, Lord Northcliffe said his winning formula was to give his readers “a daily hate” - and it does.’

I am interested that the photos mentioned are on the Mail’s website, which argues that they bought the rights to them. Who from, I wonder? Facebook? I know Facebook’s terms regarding the use of user content have caused concerns (see for instance Why I Don’t Post Photographs on Facebook, a blog post by a professional photographer).

If the world-wide copyright regime is destroyed or corrupted, so that photographers (amateur and professional) lose the right to control their work, we may expect to see a lot more of this sort of thing.


Gillian,

Amazon has a similar policy regarding reader-posted content, and Yahoo at least used to have such a policy regarding photos.

Fran


James, the city of Madison, Wisconsin is vying for the “Google Fiber City”. In a news story today it is being reported that the Google Fiber Network will be open to all (“They are going to charge for the service and let other companies (like TDS and Charter Communications in Madison) provide this ultra-high-speed Internet at a competitive price, too.”) I am trying to conceptualize what this might mean. Am I right in thinking of the Internet as a hour-glass and the sand, as bits of data? It would seem that if someone could constrict the flow of this data the way the sand is constricted in the middle of the hour-glass, they may be able to mine all the data that flows through it. I see Google Fiber as the middle section of the hour-glass. Douglas Fevens, Halifax, Nova Scotia The University of Wisconsin, Google, & Me


Douglas,

It’s already technically possible to mine the data that goes through the Internet, yes. It goes through numerous servers.

Fran


Fran

I understand that the various national spy agencies do exactly that , all the time. It is worth remembering that the origins/purpose of the first modern computer (at Bletchley Park) was for cracking messages. Personally for anything private, I prefer snail mail.


Douglas - If you want to get some idea of how many of everyone’s ordinary transactions on the web are visible to Google’s servers, use the free Firefox browser with the NoScript addon, not forgetting to remove the Google sites from the whitelist in the NoScript options menu.

You will then have to authorize every script that any site wants to run on your machine. You will find that a huge number of sites are now using Google Analytics to keep track of visitors. To my own very considerable disgust, these sites include the UK’s official website for the Houses of Parliament. The Google Analytics script passes information about the visitors to all these sites and the pages they visit directly back to Google for analysis and storage.

I am also not happy that the main UK rail inquiries site now uses googleapis.com, and is obviously passing queries to Google for processing. I do not know how much information about the individual site visitor - eg IP address, or info from Google cookies - is passed back with the queries.

If you have NoScript installed, you will notice the huge number of sites that serve ads from DoubleClick, now owned by Google. DoubleClick tracks the cookies it leaves on your machine from site to site, and since it serves ads all over the place, it is able to build up a pretty good idea of where you go and what you are interested in. Google’s AdSense program (the ads are served by googlesyndication.com) has also been using tracking cookies for the past year. It appears to be the case that DoubleClick can read the AdSense cookies, and vice versa. So far as I know, Google has never denied that it is pooling the data it collects from the two ad networks.

So: Google is mining vast amounts of data already, even from those people who haven’t got a Google account, don’t use Gmail, and avoid using Google’s search services.

Credit to James: the only extraneous script that runs on this site is the one for the useful little text editor that can be used to help format the comments.


gillian Have installed noscript , looking for Guide as to what scripts to avoid


John,

My mother was a code cracker for the US government during World War 2. Yes, times have changed. Search on “Carnivore” and “Echelon” together and you will find that any national government can find out anything about you that goes through the net. I posted a message about this before that did not get through.

Adding to what Gillian said: I find it a nuisance to approve every cookie, but I have my system set up to refuse all third-party cookies, and I clean out my cookies files fairly often. If you use Windows, do a “Files or Folders” search for “cookies.” You will find a fair number of cookies files, as many of these programs create their own cookies files on your machine. You can usually delete the entire file without your system suffering any harm. Windows will warn you if you try to delete a cookies file it really needs to run the system, so don’t delete those. If you delete the others, in my experience all that will happen is that some website where you bought something does not have the shipping address you recorded in your account and you have to enter it again next time you order—no big deal.

I haven’t used the Google search engine for years, and haven’t missed it either.


Fran

The best defense is, to be hard to see. There are a number of ways to breakup an outline.

I would guess that most of the spying these days (apart from Al-Qaeda related stuff) is of an economic oriented or fraud oriented nature. Would I be right?


Gillian Thank You, No Script is pretty ‘cool’.

A bit startled by the number of publicly funded sites that have links to google like information gathering functions. Obviously a Public Art Gallery has legit reasons for knowing more about the tastes of its Audience; but dos that information stay only with them?


To block third-party cookies in Firefox, see the Tools/Options/Privacy menu.

Alternatively, you can put a list of sites whose cookies you don’t want to accept in the Exceptions list. There is a partial list of tracking cookies here. googleadservices.com and googlesyndication.com also leave tracking cookies. So do quantserve.com and quantcast.com, and others. There are a number of companies out there trying to keep track of where users go on the web.

Tools/Options/Privacy/Show Cookies will let you see what cookies have been left on your machine, and you can delete them if you wish. You may not wish to delete all of them. For instance, if you delete the Laboratorium cookie, the comment log-in won’t remember your details.

Then there are flash cookies. This Firefox addon is supposed to deal with them. I haven’t tried it out. NoScript blocks flash programs; they will only run if you click on them. One boon is that sites load faster.

Using NoScript: as a rule I avoid allowing scripts from third-party sites that don’t seem absolutely necessary to make a site display properly. If I am not sure what the site is that hosts the script I look it up online by putting the name of the site into a search engine. That usually enables me to guess what it does.

Many people would find this a faff, of course. It is a good protection against viruses.

googleanalytics.com certainly passes info back to Google. Most, maybe all sites run perfectly well with that script blocked. The sites that use it could quite easily set up programs that would analyse their own logfiles instead.

Some people are unhappy about blocking advertising, eg doubleclick, googlesyndication and googleadservices, as well as other third-party sites serving ads, because it is how most websites make money (if they do). You can block the tracking cookies these sites deposit using the Firefox privacy menu (option to block third-party cookies) and configure NoScript to allow the sites to serve the ads. However, it is the case that one of the known conduits for viruses is infected banner ads served by third-party websites. DoubleClick has reportedly served malware infected banner ads on more than one occasion.

A few sites designedly block access to computers running browser addons that block third-party ads.

Recently Google has been analysing the searches made on every single computer, not just those belonging to people with Google accounts, and serving up ‘personalised search results’. You can opt out of this feature, but only if you accept a cookie from Google and leave it on your machine.

It concerns me that most web users have simply no idea how much data is being collected on them, or how identifiable they are online.

The NoScript list of blocked scripts is a useful reminder that when you click on almost any site these days, a whole lot of programs run on your machine, and most of them don’t come from the site you have just accessed. Some provide functions useful to the site-user, but many do not.


James I thought of Google & more specifically Google Fiber when I read this article: How spam filters dictated Canadian magazine’s fate. I know first hand that search results can be manipulated. Douglas Fevens, Halifax, Nova Scotia— The University of Wisconsin, Google, & Me


Last week hundreds of privacy regulators, corporate officers, and activists gathered in Jerusalem, Israel for the annual Data Protection and Privacy Commissioner Conference.— Michael Geist; Facing Up to the Generational Privacy Divide

Douglas Fevens, Halifax, Nova Scotia— The University of Wisconsin, Google, & Me