Archive for the ‘Internet’ Category

Do youth care about privacy? We will explore this question on September 8, 2011, when our Office holds its next Insights on Privacy armchair discussion.  We have invited two experts on young people’s use of social media, Kate Raynes-Goldie (@oceanpark) and Matthew Johnson (@MFJ72) to talk about what privacy means to youth and how we can help youth preserve their privacy by promoting digital literacy skills.

Kate Raynes-Goldie is completing her PhD in the Department of Internet Studies at Curtin University of Technology. Her current research explores Facebook privacy issues by combining a study of the ideologies that drive the site’s privacy architecture with a nuanced look at user understandings and practices. Kate is also a Research Associate at Ryerson University’s EDGE Lab, where she is researching privacy, autonomy and social media for children.  She is the founder of PrivacyCampTO, Canada’s first privacy unconference. 

As Director of Education with Media Awareness Network, Matthew Johnson creates resources for educators, parents and community groups. He is the designer of MNet’s comprehensive digital literacy tutorials Passport to the Internet (Grades 4-8) and MyWorld (Grades 9-12). Matthew also writes the Talk Media blog, one of the most popular sections of the MNet Web site.  He has given presentations and interviews to parents, school, community and industry groups on topics such as the effect of media violence on children, video game addiction, alcohol advertising, children’s use of new media and the moral dimensions of computer games.

This event is the fifth in a series hosted by the OPC to shed light on experts doing new and thought-provoking work in the field of privacy.

To participate:

We are inviting full participation in this discussion. For those of you who attend the session in person, we will be asking for questions from the audience as well as inviting you to tweet the content using the #privtalks hashtag.

If you are unable to attend the session in person, and would like the speakers to address a particular aspect of this topic, please send your question to knowledge.savoir@priv.gc.ca by September 2^nd and we will try to incorporate it in the issues we cover.

The video of this event will be made available after the presentation, as we’ve done for previous Speakers Series events.

Space is limited and is available on a first-come, first-served basis. Please RSVP before September 6^th, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Thursday, September 8, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2^nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca

The Media Awareness Network, benefactor of the Office of the Privacy Commissioner’s Contributions Program, has launched the third Phase (Phase III) of its ongoing study, Young Canadians in a Wired World (YCWW). This third phase is a crucial element to the project, as it will shed a more distinct light on the need for online education resources in classrooms and communities.

The study is the most comprehensive and wide-ranging study of youth internet use in Canada. The project tracks and investigates the behaviours, attitudes, and opinions of Canadian children and youth with respect to their use of the Internet. There have been two previous phases over seven years. The first comprised of telephone interviews with parents, focus groups with parents and children and quantitative research findings from a national school-based survey of 5,682 students in grades 4 – 11. The second stage includes qualitative research findings from focus groups with parents and young people aged 11 – 17, and quantitative research findings from a national school-based survey of 5,272 students from grades 4 – 11. You can find more information on these first two phases here.

MNet’s research has gathered a wealth of information about the online activities of Canadian youth, and has raised a number of privacy issues that require society’s attention. Perhaps most importantly, the research has highlighted the importance of education as a key response in helping young people make smart and informed online decisions, as well as stay safe online.

The third phase in MNet’s research will help inform public policy and support the development of relevant digital literacy resources for Canadian homes, schools, and communities. MNet has already begun implementing the new research through various interviews and focus groups. Phase III of the research project is scheduled to be completed in 2012, finishing with a nation-wide field study of a representative sample of Canadian students and teachers.

Stay tuned for more updates about this exciting endeavour.

For more information, please contact Francois Cadieux at Francois.Cadieux@priv.gc.ca.

On June 23^rd, 2011, the Office of the Privacy Commissioner is holding the fourth Insights on Privacy armchair discussion. We heard in April about opportunities for privacy in the design of intimate devices that we share our lives with every day, like smart phones, and the sensor-rich landscape that’s upon us.

To complement this talk, we’ve invited David Murakami-Wood and Craig Forcese to examine the privacy risks in a society that is placing its citizens under greater surveillance with each passing year.

David Murakami Wood is an Associate Professor in the Department of Sociology at Queen’s University and holds a Canada Research Chair (Tier 2) in Surveillance Studies. Until August 2009, he was Reader in Surveillance Studies in the Global Urban Research Unit at Newcastle University in the UK. He had an ESRC Research Fellowship for a project called Cultures of Urban Surveillance, which looked at the globalization of surveillance in different global cities. David is a member of The Surveillance Studies Centre at Queen’s and is part of The New Transparency research initiative. He is also Managing Editor of Surveillance & Society, the international journal of surveillance studies, and a founder-member of the Surveillance Studies Network.

Craig Forcese, LL.M, has been an Associate Professor in the Faculty of Law at the University of Ottawa since 2003. Previously, he practiced international trade law with Hughes Hubbard & Reed LLP in Washington D.C., representing clients in proceedings before the U.S. Department of Commerce, the U.S. International Trade Commission, the U.S. Trade Representative, and the World Trade Organization. He also served as a law clerk for Mr. Justice Andrew MacKay at the Federal Court of Canada. Craig is the author of a number of books on law and national security, and a frequent blogger.

To participate:

If you are unable to attend the session in person, and would like the speakers to address a particular aspect of this topic, please send your question to knowledge.savoir@priv.gc.ca by June 20^th and we will try to incorporate it in the issues we cover. You are also invited to tweet the content using the #privtalks hashtag, whether attending in person or not.

The video of this event will be made available after the presentation, as we’ve done for previous Speakers Series events.

Space is limited and is available on a first-come, first-served basis. Please RSVP before June 20, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Thursday, June 23, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2^nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca

Last month, our Office was invited to participate in a youth privacy conference hosted by the American Library Association (ALA). The ALA’s Office for Intellectual Freedom has been focused on the issue of libraries and privacy awareness for the last three years, thanks to a grant from the Open Society Institute.  They plan to focus their efforts in 2011 on developing strategies for how best to deliver the privacy message to young people and see libraries as ideal places for youth to learn about privacy. They brought together privacy advocates, policy experts, librarians, educators, and our Office to pick our brains on how to best achieve this.

Their keynote speaker was Cory Doctorow of BoingBoing, who gave a very engaging talk via Skype where he advocated for network education – an approach we’ve discussed in this blog before.

He argues for the development of critical thinking skills, and defines the goal of youth privacy initiatives as  “A future where ‘why do you need to know this?’ is the default position when someone asks our kids to disclose information.”

He gave a similar talk at TEDx Observer recently on privacy and kids – worth watching:

Our Office is pleased to be hosting the 49th meeting of the “Berlin Group”, more formally known as the International Working Group on Data Protection in Telecommunications, which takes place today and tomorrow, in Montreal. This is the first time that this Group has met in Canada. Participants in the meeting, representing more than 20 international data protection and privacy authorities, will be focusing on privacy-related topics such as electronic payments, vehicle event data recorders and locational privacy.

The Berlin Group was established in 1983 by the Berlin Commissioner for Data Protection and Freedom of Information. The Group has, through its continuing examination of the data protection and privacy implications of telecommunications-based systems and services, developed into what the current Chairman and Berlin Commissioner, Dr. Alexander Dix, refers to as “an early warning system monitoring the risks arising from new technological developments, but at the same time, highlighting the opportunities of a privacy-friendly network architecture”.

The Group takes a very inclusive approach on what constitutes a telecommunications-based system or service. Over the years, this has resulted in a detailed examination of a broad range of subjects, everything from search engines and location-based services to social network services and road pricing systems.

On April 20^th, 2011, our Office is holding the third Insights on Privacy armchair discussion. We heard in February about what motivates us to reveal or conceal details of our personal lives, and how we protect the private lives of others around us.

To complement this talk, we’ve invited tech innovators Adam Greenfield (@agpublic) and Aza Raskin (@azaaza) to explore opportunities for privacy in the design of intimate devices, like smart phones, that we share our lives with every day, to the sensor-rich landscape that’s upon us. We’ll discuss opportunities for companies to empower individuals with greater choice and control over how their data are used and for greater collaboration within and across industry sectors.

In his 2006 book Everyware, Adam Greenfield argued that we were headed for a world in which keeping the boundaries between different roles in our lives was going to prove untenable. That notion is coming to pass with the current debate over the public/private divide and the blurring of our various roles and reputations online. Adam was Nokia‘s head of design direction for user interface and services from 2008 to 2010 and Lead Information Architect at Razorfish Tokyo. His current projects through Urbanscale focus on improving how users experience technology, such as stored-value cards for public transit and many other “smart-city” initiatives.

Aza Raskin’s passion for improving the way we experience technology recently had him heading up user experience for Mozilla, developer of the popular Firefox browser, where he rethought and simplified conventional approaches to privacy policies. Raskin left Mozilla in late 2010 to launch the start-up Massive Health, with the goal of helping people improve control of their health through innovatively designed technology and the ways we interact with it.

The video of this event will be made available after the event, as we did for the December 10, 2010 event with Jesse Hirsh and Chris Soghoian and for the February 28, 2011 event with Christena Nippert-Eng and Alessandro Acquisti.

Space is limited and is available on a first-come, first-served basis. Please RSVP before April 15, 2011. Simultaneous interpretation for both official languages will be available.

When: 2:00-4:00 p.m. Wednesday, April 20, 2011
Where: Minto Suites Hotel, 185 Lyon Street North, 2^nd Floor, Salon Vanier/Stanley

RSVP: knowledge.savoir@priv.gc.ca

Last month, we held our second Insights on Privacy armchair event, with Alessandro Acquisti and Christena Nippert-Eng as our guests. Much of the discussion revolved around the challenges of negotiating privacy in an online environment, and we heard many interesting observations about how human nature gets in the way of good online privacy decisions. Dr. Acquisti’s research shows that the more in control people feel over their personal information, the more sensitive information they tend to disclose. Granular controls in privacy settings give people a sense of power over their information that may be more illusion than reality. When deciding how much information to reveal, people also become confused in online environments because they cannot rely on the physical cues that guide them in their off-line interactions. Without physically seeing our audience, it’s easy to misjudge or disregard those who can see us.

What can be done to bring more reality to our online experience? With technology companies pushing disclosure, innovative solutions need to be developed to help individuals better adapt to the online world. Perhaps we should be presented with personalized visual cues, like a picture of a disapproving grandmother, to make us think twice before posting. According to Dr. Nippert-Eng, personalization is important because the reactions of those we know are much more influential than those of strangers. Dr. Acquisti believes, like many privacy advocates, that more privacy protections need to be built into technology, like seatbelts for the internet. This would go far in addressing the problem of perceived control over information, and make individuals less susceptible to making mistakes with their privacy.

As Dr. Nippert-Eng describes in her book “Islands of Privacy: Selective Concealment and Disclosure in Everyday Life”, we make dozens of privacy decisions on a daily basis. It would be nice if online that process became a little bit easier.

The next event in the Insights on Privacy series will take place on April 20^th with Aza Raskin and Adam Greenfield , who will talk about privacy, design and innovation. Stay tuned to our blog for details.

While there are always advance warnings about the potential privacy risks of emerging technologies, it usually takes a “killer app” for people to take notice of the real dangers. For geotagging, that app is the rather aptly named creepy.

Photo geotagging — the embedding of geographical location information within digital photos — is becoming increasingly common as a side effect of regulation by the US Federal Communications Commission.  By September 11, 2012, American mobile wireless service providers are required to provide precise location data to improve 911 emergency service. To meet this directive, more and more mobile phones sold in North America now have built-in GPS chips.

Often times, the embedding is automatic. If consumers take a picture with their GPS-enabled phone and haven’t specifically disabled geotagging, the coordinates where the photograph was taken become a digital record contained within the picture file. If enough of these location-tagged photographs are taken and uploaded to on-line sharing services, the aggregated GPS information can indicate a pattern of behaviour. If your picture gallery also contains a self-portrait, it becomes possible for strangers to track you down in person.

Creepy can harvest data from a dozen of the most popular photo hosts, including flickr, twitpic and yfrog, then illustrate any found location data with Google Maps. The result is a visual cluster of your usual whereabouts: your favourite park, your place of employment, or your home.

Have you checked your mobile’s camera settings for mention of geotagging or EXIF data embedding? If not, now is a good time to familiarize yourself with the configuration screen. Consider turning those “features” off, unless you have reason to do otherwise.

There have been recent reports about security vulnerabilities arising from the reuse of passwords on different web sites. What about the reuse of usernames? Can identities established on multiple web sites be linked together based on the usernames, and what are the implications for privacy?

A recent research paper from INRIA in France described an experiment that looked at over 10 million usernames from popular services such as Google and eBay. In some of the tests, Google profiles that listed multiple accounts on different web services were used to establish “ground truth” about linked usernames.

The first finding was that the usernames chosen by people on the various websites tend to be very unique, with a probability of duplication being approximately one in one billion. This was true for a variety of web services, including a corporate network, Finnish web forums, and MySpace.

Second, the researchers found that when people used different usernames for different services, many of the usernames were constructed by making very small changes to existing usernames (e.g., sarah, sarah2).

Third, the study demonstrated that more than 50% of the usernames created for different services could be linked to one another because the username was identical, or very similar, and unique from other usernames.

The results are important for privacy protection. Although you may limit the amount of personal information you reveal when using a particular service, if your profile can be linked to other services than a detailed personal profile can be constructed from the various bits of partial information. This could lead to embarrassment if a supposedly anonymous profile is linked to a real-world identity. Spammers and fraudsters could also gather information from multiple services to target their messages or launch phishing and social engineering attacks.

In a demonstration of the risks involved, a quick examination of people using anonymous file sharing services (private BitTorrent trackers) found that 13 out of the 20 usernames examined could be linked to other web services (e.g., YouTube, eBay) and 4 usernames could be linked to real-world identities.

The lesson is similar to the warning about passwords – make sure that you choose a truly unique username (and password) for each service that you do not want linked together.

There truly is an app for everything.

Recently, the digital world has been aflutter with news of the first-ever app approved by the Catholic Church – Confession, an app that helps Catholics prepare for the sacrament of confession by guiding the user through “a personalized examination of conscience”:

“To help those that are feeling guilty ready themselves for the sacrament of confession, the app provides a checklist of the Ten Commandments — along with mini-questions based on each — to help in compiling an inventory of malfeasance. The app even lets one add in non-traditional transgressions not already listed.”

One of the selling points of the app appears to be the password-protection feature, enabling you to lock out anyone who may try to find out about your sinnin’ ways. But what seems to be missing is what Little iApps, the developer of Confession, will do with the data they collect. According to reports, the app asks users to also provide information on their age, sex and marital status – paired with detailed information on the user’s transgressions, that’s a potentially detailed profile that would be quite attractive to marketers and others.

Details on the collection and use of the user-provided data wasn’t available on Little iApps’ site…so if the developer is collecting and using information without the user knowing, does that mean they’ve broken one of the commandments themselves – “Thou shalt not steal”?