copy this blog

Seth Finkelstein of Infothought has been writing articles for the Guardian. His latest discusses a few things to consider about Google and Privacy.

The task is then to prise out any abuses from behind the wall of corporate secrecy. Otherwise, we could end up with an unholy alliance between corporations and governments, where corporations act as privatised spies for governments, while government data retention mandates are used to give corporations an excuse to keep the sort of detailed records they’d want to in any case for market research and sale.

Google has done some very amazing and innovative things. One of the consequences of their success and their practices is that while they attempt to do no evil- and I honestly believe that many, if not most people at Google earnestly do want to practice that philosophy in more than a superficial marketing sense- they can be involved in questionable activities.

Read the rest of this entry »

From a story found on Slashdot about a professor at Bowling Green who got a visit from a networking and the police for using Tor, a Web anonymizing application. There are some very interesting implications involving academic freedom and privacy.

I’m using my lunch break to browse the University of Texas at Austin’s Libraries Administrative Council minutes and UT’s Library Committee minutes. I think it’s a great thing that these minutes are made available to the public. They’re usually open records, and there’s some interesting and useful information publicly available there (sometimes if you read between the lines).

I spotted something interesting in the May 31st minutes: “Campus IT group has started discussion about discontinuing public access to campus workstations. Libraries will develop a process to grant temporary EIDs to the public.”

This is interesting for several reasons. One, it looks like it is the result of pressure from either ITS and/or the Information Security Office. What are management implications for library information technology decisions made under these circumstances? Is it a common occurrence? Is it a cause for concern? (That’s before noting that the current method for granting temporary EIDs is time-consuming and difficult).

Two, and more importantly, what does it mean for the privacy of patrons? Is anonymity an important concept on the web in the library? Because the EID authentication system is handled through UT centrally, I’m pretty certain that these records aren’t controlled by the library. Should the browsing of patrons be considered in the same way we consider library circulation records? I can’t imagine that these ideas weren’t discussed- well, I could imagine it, but I’m sure the administration must have given some thought to the subject. What have other people done, and is it something to worry about?

The Managing Electronic Records Conference put on by Cohasset Associates was a very good experience. I attended as a student volunteer, and I met several persons in schools similar to our iSchool across the country, as well as vendors, consultants, professionals, and so on.

Electronic records aren’t exactly a recent interest of mine- I’ve been looking into retention schedules and how they might impact my job for some time. I’ve also had an interest in privacy and security. Recently, though, as I’ve been looking into archives and electronic records, the records management issues both at work and in the world have affected the way I examine these other issues.

Two stories from BNA’s Internet Law News today caught my interest:
Industry, Others Object to Data Retention
The story is about Alberto Gonzales’ call for greater records retention on the part ISPs. Once again, the excuses for this proposed action come from increased law enforcement powers related to terrorism and child pornography. However, ISPs are noting that there are security, privacy, technical and other issues related to this proposal. Government has been very much failing in privacy-related matters recently. This particular matter also affects ISPs such as universities and libraries, and many of these institutions as a matter of regular operation don’t keep transitory logs, for good reason. The privacy of students and patrons is incredibly important, as both a matter of established law and institutional or professional values. We haven’t really seemed to have good public discussions about privacy and why people should care about privacy, related to abuse, dignity, and so on. That type of talk needs to be part of the decision-making process.

We’re also constantly bombarded with one of the risks of records retention: stolen and lost information, and the risk of identity theft. See the second story from BNA News, Toronto Firm at Center of Security Breach. A piece of equipment that had the names and social security numbers of 1.3 MILLION students has been lost. These aren’t Canadian students, either- they’re students who borrowed from a Round Rock, TX based loan institution. Yes, just next to Austin. So, what are the risks to keeping even more personal information that wouldn’t have been kept in the first place? Privacy and data protection laws exist for a reason. They’re not just to limit cost and liability, although those certainly affect businesses. We really need a full understanding of the possibly harms that could come from such a law, instead of the rush from certain members of Congress to pass these things through.

Of course, there are also many procedural issues. Laws that affect records exist at both the federal (Sarbones-Oxley, FERPA) and state (library, government records) levels. There are also regulatory and legal concerns that govern record keeping behavior. These would need to be reconciled with such a broad change.

Several stories from the last few days have been fairly grim.

Reading Harry Potter before release date illegal illustrates a view that some content industries love- that you shouldn’t even be able to read something without the author’s permission. This story is from Canada, and I’m not familiar enough with Canadian law to determine whether that viewpoint is accurate or not, but I certainly don’t think it’s accurate in the US. Michael Geist has a few things to say about the situation (July 12-13) and its attacks on the freedom to read, freedom of expression, and personal property. In the US, there’s also the doctrine of first sale…

In Australia, a man has been found guilty of hyperlinking. Combine that with proposed amendments to Canadian law that would make search engine activity illegal and a copyright infringement lawsuit against the Internet Archive’s Wayback Machine, and you’ve got a good picture of how law and policy can affect the Internet as we know it.

The Daily Texan today is running an article about a propsal that would place tracking systems in cars, coming from the Texas House of Representatives. The bill, proposed by State Representative Larry Phillips (R-Sherman), apparently aims to stop people from driving without insurance.

Privacy advocates are wary. The Texan reports that Scott Henson from the Texas ACLU believes the the language is broad enough for tracking use by any law enforcement agency.The iSchool’s own Professor Doty is also quoted: “One of the essential elements of privacy is that citizens are presumed innocent until they are proven guilty. This law presumes everyone should be tracked and monitored simply because they exist… In post-Patriot Act America, people have lost awareness of the little changes that lead to a chain of effects that restrict us politically and individually. There is no reason to believe that this insurance database won’t be combined with other databases, such as those of the attorney general or the FBI.”

Text of HB 2893
HB Bills Status

So, as it turns out, the TSA lied about their privacy protection practices. I can’t say that I’m shocked, but it is disturbing. I can only hope that there will be repercussions to these actions…

Kayla, Lori, Patrick, Quinn, Sam, and I spoke at Educause about scaling the course we’ve all taught, INF 312 Information in Cyberspace. When developing my section, I wrote a bit about some of the privacy concerns we had. Then I had to include copyright. Then I had to at least mention accessibility. Finally we lumped them into “legal concerns.” It’s not the largest part of the section I talk about. But it’s the part that keeps on slightly expanding. There’s a lot to say there.

There are some serious legal concerns that appear when you move a class online, and some of these aren’t immediately obvious. I’ll write about them a bit more when I make sure that this blog is working correctly. ^_^