Docstoc

Googacy

Document Sample
Googacy Powered By Docstoc
					and Privacy
Roger Clarke
Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U.
and in Cyberspace Law & Policy, U.N.S.W., and in eCommerce at Uni. of Hong Kong http://www.anu.edu.au/people/Roger.Clarke/… …/DV/Googacy-070919 {.html, .ppt}

ANU DCS – 19 September 2007
Copyright 2005-07 1

Google and Privacy Agenda
Privacy
Google‟s Business(es) 1 A Search-Engine 2 Content-Discovery Services 3 Content Services 4 Data about Users Privacy Protections • Consumer Protection Law • Privacy Protection Law • Privacy Policy Statements • DIY

Google Mythology

Copyright 2005-07

2

Privacy
the interest that individuals have in sustaining a 'personal space', free from interference by other people and organisations

Privacy Protection
a process of finding appropriate balances between privacy and multiple competing interests

Copyright 2005-07

3

Privacy cf. Data Protection
•

Dimensions of privacy interest: • The Physical Person • Personal Behaviour • Personal Communications • Personal Data Motivations for protecting privacy: • Psychological • Social • Economic • Political
4

•

Copyright 2005-07

„Research Your Next Appointment‟
•
• • • •

•

Their Site(s)/Blog(s) Event Programs Committee Minutes Letters to the Editor Postings • email-lists • fora • blogs Logs (e.g. in court) • IAPs • ISPs • own machine

•

• • • • •
•

Media Reports • as subject • as reporter • as commentator • as bystander 'Public Records' Court Reports „Little Black Books‟ Commercial Databases Dead Pages, from the Wayback Machine Specialist Sites, e.g. Zoominfo.com, Spock.com
5

Copyright 2005-07

Privacy Threats from Open Information
Discoverability • Data • Associations • Location • Habits
Consolidation, e.g. for: • Profiling • Manipulation • Character Assassination
Copyright 2005-07

Data Quality Problems • Out-of-Date • Incomplete • Acontextual • Inaccurate • Scurrilous • Spurious
Second-Round Effects • More Data Retention • More Data Capture

6

Search Engine Operation

Copyright 2005-07

7

Google‟s Business(es) 1. Content Discovery Services
•

•
•

The Largest Coverage (size of the Reference List) The Smartest Precedence Algorithm (the sorting part of the Results Formatter) The Fastest, Simplest, Best? Search-Service (a UI for normal people, not specialists)

• •

Multiple Constrained Searches (images, blogs, Froogle) Multiple Extension Services (Answers, Scholar)
froo·gle (fru'gal) n. Smart shopping through Google

Copyright 2005-07

8

Google‟s Business(es) 2. Content Services
• • •
•

Google Earth Google Base Google Video / YouTube ...

• • •

Google News Google Library / Print ...

Copyright 2005-07

9

Google‟s Business(es) 3. Data about Users
“We are moving to a Google that knows more about you” Google‟s CEO NYT, 10 Feb 2005

Round 1 • Search-Terms • IP-address(es) • Click-Trail • Click-Throughs

Copyright 2005-07

10

Google‟s Business(es) 3. Data about Users
“We are moving to a Google that knows more about you” Google‟s CEO NYT, 10 Feb 2005

Round 1 • Search-Terms • IP-address(es) • Click-Trail • Click-Throughs

Round 2 • Google Accounts: • Email-Address as Username • A Common Cookie

Copyright 2005-07

11

Email – Long-Term Risk Exposures
Both Parties‟s IAPs: • IP-address(es) used, disclosing location, trail • Authorised / unauthorised disclosure, with/without notification • Traffic data retention, message retention Mail-Recipient‟s ISP: • Access to, and use of traffic • Access to, and use of content • Authorised / unauthorised disclosure, with/without notification • Message retention after download ISP Mail-Hosting / Webmail • Message retention, long-term
Copyright 2005-07 12

– Yet More Risk Exposures
Gmail Subscribers • Targeted Ads based on text from senders => consumer manipulation • Correlation with Data from Other Services

Copyright 2005-07

13

– Yet More Risk Exposures
Senders to Gmail Addresses Senders Generally • Examination of Text • Postings to Lists if even a single subscriber • Long-Term Retention is a Gmail account • Consolidation • Forwards to Gmail accounts with Other Sources • Forwards to Lists • Long-Term Unauthorised if even a single subscriber Disclosure is a Gmail account • No notification of disclosures

Copyright 2005-07

14

Copyright 2005-07

15

EPIC on Gmail
•
• •

• • •

No Non-Subscribers Consent to content extraction Unlimited Data Retention Profiling across Google product line Harms expectation of privacy Insufficient privacy policy No data protection on sale of company or change of company policy

• •

•

•

http://www.epic.org/privacy/… … gmail/faq.html, August 2004
Copyright 2005-07

Gmail is a privacy disaster Google is engaging in indefinite data retention Google has publicly stated it will not discuss law enforcement requests for personal information We have no idea how Google responds to law enforcement, nor how many requests have been received

private email from EPIC, 8 Dec 2005
16

v. 1 – October 2004
Search Within Your Own Computer “A desktop search application that provides full text search over your email, files, music, photos, chats, Gmail, web pages that you've viewed, ...” (cf. Apple‟s Sherlock 1998, later Spotlight, and many third-party products for Wintel) It allows people to scan their computers for information in the same way that they use Google to search the web
Copyright 2005-07

http://desktop.google.com/about.html

17

v. 3 – 9 Feb 2006
Search Across Your Computers BUT “In order to share your indexed files between your computers, we securely transmit this content to Google Desktop servers located at Google” cf. MS Passport data, centralised at Redmond WA

Copyright 2005-07

http://desktop.google.com/... features.html#searchremote

18

Would you trust this product ??? Terms: http://desktop.google.com.au/mac/install.html
Privacy Policy: Protecting users' privacy is very important to Google and the Third Parties. As a condition of downloading and using the Software, you agree to the terms of the Google Pack Privacy Policy ..., which may be updated from time to time and without notice. No Read-Me File accompanies the download. There are no explanations as to how to de-install. It appears that the default may be set to Promiscuous:
http://desktop.google.com.au/en/mac/gettingstarted.html#prefs shows 'On'

Copyright 2005-07

19

– Google‟s „Social Networking Service‟
• • •

•

• •

Requires a Google Account … Is linked to Gmail ... Profiles of Members are: • Self-Captured • Unauthenticated Profiles of People Nominated by Members: • Captured by Members, e.g. by upload of their address-books • Unauthenticated • Without Consent Discloses Traffic Discloses Social Networks of Members and Non-Members

Copyright 2005-07

20

Google‟s Business(es) 3. Data about Users
“We are moving to a Google that knows more about you” - Google‟s CEO NYT, 10 Feb 2005

Round 3 • Gmail • Desktop • Desktop v.3 • Orkut

Copyright 2005-07

21

Google as Wireless Internet Access Provider

Acceptance of Google‟s tender confirmed 5 April 2006
Copyright 2005-07

http://www.techworld.com/mobility/... features/index.cfm?featureid=1837

22

12 Months Later ...
•

WinterGreen Research, Inc. April 2007 Earthlink and San Francisco have finalised a Wi-Fi contract. The contract enables Earthlink to build a citywide wireless services network and Google to provide free Internet access

But, 4 Months After That ...
•

Blow as two „Muni WiFi‟ schemes fail Financial Times, 31 August 2007 The San Francisco scheme … fell apart on Wednesday night after Earthlink, the [ISP], said it was pulling out of a contract to build the city‟s WiFi network

Copyright 2005-07

23

Doubleclick
• •

Major Site-Owners let ad-space to DoubleClick DoubleClick gathers data about all traffic to all such sites, resulting in consumer profiles

Copyright 2005-07

24

Doubleclick
• •

Major Site-Owners let ad-space to DoubleClick DoubleClick gathers data about all traffic to all such sites, resulting in consumer profiles

Google AdSense
•
•

Minor Page-Owners let ad-space to Google Google gathers data about all traffic to all sites that are „AdSense affiliates‟

Copyright 2005-07

25

Doubleclick
• •

Major Site-Owners let ad-space to DoubleClick DoubleClick gathers data about all traffic to all such sites, resulting in consumer profiles

Google AdSense
•
•

Minor Page-Owners let ad-space to Google Google gathers data about all traffic to all sites that are „AdSense affiliates‟

On 13 Apr 2007, Google bought DoubleClick
Copyright 2005-07 26

“the combination of DoubleClick's Internet surfing history generated through consumers' pattern of clicking on specific advertisements, coupled with Google's database of consumers' past searches, will result in the creation of „super-profiles‟, which will make up the world's single largest repository of both personally and nonpersonally identifiable information”. [bigger than Acxiom?!] The Board expressed concern that these profiles expose consumers to the risk of disclosure of their data to third parties, as well as public disclosure as evidence in litigation or through data breaches.
New York Consumer Protection Board
http://www.consumer.state.ny.us/pressreleases/2007/may092007.htm
Copyright 2005-07

27

Current Regulatory Investigations
http://www.epic.org/privacy/ftc/google/
•

US Federal Trade Commission
http://www.internetnews.com/bus-news/article.php/3680266

•

EU Directorate on Competition
http://ec.europa.eu/comm/competition/index_en.html

•

Aust Competition and Consumer Commission
http://www.accc.gov.au/content/index.phtml/itemId/788097

•

EU Data Protection Commissioners
http://ec.europa.eu/justice_home/fsj/privacy/news/docs/pr_21_06_07_en.pdf

Copyright 2005-07

28

Google‟s Business(es) 3. Data about Users
“We are moving to a Google that knows more about you” - Google‟s CEO NYT, 10 Feb 2005

Round 3 • Gmail • Desktop • Desktop v.3 • Orkut

Round 4 • Google as Wireless IAP Gratis (i.e. ad-funded) • Ad Syndication (AdSense) • Consolidation of the Consumer Profiles held by DoubleClick and Google
29

Copyright 2005-07

Google‟s Business(es) 3. Data about Users
“We are moving to a Google that knows more about you” - Google‟s CEO NYT, 10 Feb 2005

Round 3
•
• •

Round 4
•
• •

Round 5
• •
• • •

•

Gmail Desktop Desktop v.3 Orkut

Google as Wireless IAP Gratis (i.e. ad-funded) Ad Syndication (AdSense) Consolidation of the Consumer Profiles held by DoubleClick and Google

Psych profiles from online gaming Face Recognition in Image Search Street View Facebook profiles ...
30

Copyright 2005-07

Google and Privacy Agenda
Privacy
Google‟s Business(es) 1 A Search-Engine 2 Content-Discovery Services 3 Content Services 4 Data about Users Privacy Protections • Consumer Protection Law • Privacy Protection Law • Privacy Policy Statements • DIY

Google Mythology

Copyright 2005-07

31

A Normative Template for Terms of Contract for Consumer Transactions
http://www.anu.edu.au/people/Roger.Clarke/EC/ICEC06.html#TNT

• • •

• • • •

Information Terms Security Choice Consent Recourse Redress
32

Copyright 2005-07

The Normative Template for Marketer-Consumer Communications
Recourse
•

•

• • • • • •

Information Terms Security Choice Consent Recourse Redress

•

•

Enquiry and Complaints Process • accessibility • prompt acknowledgement • copy into the consumer's email-archive • responsiveness to enquiry or complaint • acknowledgement • resolution Restitution • product quality shortfalls • own products and services • third-party products and services • fulfilment quality shortfalls • payment errors External Complaints Mechanisms • information provided about them • prompt and appropriate communications with regulators 33

Copyright 2005-07

Google‟s Challenges to Consumer Law
Consumer Benefits • Enormous • Gratis • But there is consideration: acceptance of advertising, including intrusive attention-grabbing devices („blink‟, popups) Terms: • Non-Negotiable • Non-Transparent • Changeable at whim • Not Version-Managed Recourse • All-But Non-Existent No sign of recovery of lost consumer protections WSIS 2005, IGF are vacuous
Copyright 2005-07 34

Information Privacy
The interest an individual has in controlling, or at least significantly influencing, the handling of data about themselves

Achieved Through
•

•

•

Regulation: Data Protection Law, enforced by a Regulator [EU, Others – ???] Co-Regulation: Privacy Policy Statements, enforced by a Regulator e.g. through Trade Practices Law [US – ??] Self-Regulation: Privacy Policy Statements without enforcement [US actual]
Copyright 2005-07 35

28th International Data Protection and Privacy Commissioners' Conference London, United Kingdom – 2 and 3 November 2006

Resolution on Privacy Protection and Search Engines
http://www.bfdi.bund.de/cln_029/nn_533554/SharedDocs/Publikationen/EN/InternationalDS/Conferen ceOfInternationalDataProtectionCommissioners2006ResolutionSearchEngines,templateId=raw,property=publicationFile.pdf/ConferenceOfInternationalDat aProtectionCommissioners2006-ResolutionSearchEngines.pdf

“… providers of search engines … shall not record any information about the search that can be linked to users or about the search engine users themselves. “After the end of a search session, no data that can be linked to an individual user should be kept stored unless the user has given his explicit, informed consent to have data necessary to provide a service stored (e.g. for use in future searches)”
Copyright 2005-07 36

A Privacy Statement Template
http://www.anu.edu.au/people/Roger.Clarke/DV/PST-051219.html
• • •

• • • •
• • •

Data Collection Data Security Data Use Data Disclosure Data Retention and Destruction Access by You to Your Personal Data Information about Data Handling Practices Handling of Enquiries, General Concerns and Complaints Enforcement Changes to These Privacy Undertakings

•
Copyright 2005-07

Definitions
37

Google‟s Privacy Statement
http://www.anu.edu.au/people/Roger.Clarke/DV/PST-Google.html
•
•

•
• •

•
•

Cookies not RFC2964-compliant Cookies and Login (with EmailAddress as Username) enable the consolidation of a very substantial amount of identified personal data, without informed consent Purposes of Use and Disclosure vague but very extensive Storage in „Data Havens‟ (such as the USA) Non-Consensual Use and Disclosure (presumption of consent, i.e. opt-out) Extraneous Disclosures not notified to the individual concerned No Information provided about DataHandling Policies and Practices
Copyright 2005-07

•

•
• •

•

No Assurances whatsoever re: • Access by the Data Subject [new WebHistory feature?] • Data Quality • Data Correction or Deletion • Data Relevance • Data Retention, Destruction No Consultation with Privacy Advocacy Organisations Deficient Complaint- Handling Procedures The Undertakings are Void in the event of merger, acquisition or sale of assets The Undertakings are Unenforced, and Probably Unenforceable
38

Paranoia
http://www.google-watch.org/

Copyright 2005-07

39

DIY Privacy-Protection
http://www.freenet.org.nz/misc/google-privacy.html
A simple HOWTO for stopping Google from logging your search history. In summary, the solution is to : • clear all long-lasting cookies • set your browser to not keep cookies between restarts • divert all google requests out through an anonymous proxy BUT ALSO !!! • Frequently re-start • Don‟t register • Don‟t use DeskTop, Gmail, … • Don‟t send to Gmail accounts ...
Copyright 2005-07

40

Google Mythology: “Do No Evil”
•

Two variants are evident on the web-site: (1) number 6 of 'Ten things Google has found to be true': "you can make money without doing evil". But that statement is descriptive, not normative (2) "Our informal corporate motto is 'Don't be evil' " But that statement is part of a „Code of Conduct‟ communicated to investors, not customers, and is in any case completely non-binding There is an relevant corollary: • "You can make money without doing evil; but you can make more money by doing evil" • Given the legal obligations of corporations, the epithet actually implies that evil should be done
41

•

Copyright 2005-07

Google Mythology:
"Protecting users' privacy is very important to Google"
•
• •

•

World's-Worst Privacy Policy stance "We will remove IP-addresses after 18 mths" (They don't need them beyond 18 seconds) "We will auto-delete cookies 2 yrs after last visit" (Gobbledygook. They're remote from them … And there's no need for long-term cookies at all. It's better to block cookies, auto-delete cookies, delete cookies, and/or use a nymous proxy-server) Argues at UNESCO for standardisation on the world's weakest code. (The APEC code was designed by privacy-hostile USA with Australian help, using privacy-hostile Asia as the excuse)
42

Copyright 2005-07

Google and Privacy Recapitulation
Privacy
Google‟s Business(es) 1 A Search-Engine 2 Content-Discovery Services 3 Content Services 4 Data about Users Privacy Protections • Consumer Protection Law • Privacy Protection Law • Privacy Policy Statements • DIY

Google Mythology

Copyright 2005-07

43

QuickTime™ and a TIFF (Uncompressed) decompress or are needed to see this picture.

Copyright 2005-07

44

QuickTime™ and a TIFF (Uncompressed) decompress or are needed to see this picture.

and Privacy

Roger Clarke
Xamax Consultancy Pty Ltd, Canberra Visiting Professor, Department of Computer Science, A.N.U.
and in Cyberspace Law & Policy, U.N.S.W., and in eCommerce at Uni. of Hong Kong http://www.anu.edu.au/people/Roger.Clarke/… …/DV/Googacy-070919 {.html, .ppt}

ANU DCS – 19 September 2007
Copyright 2005-07 45


				
DOCUMENT INFO
Shared By:
Tags:
Stats:
views:112
posted:8/12/2009
language:English
pages:45