Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#Google’

privacy-coins-and-bitcoin-dominance-guide

Editorial: Privacy Lessons From Google

December 28, 2018

Thursday, December 27, 2018
Congress is eyeing a federal privacy framework for 2019. But what about the laws already on the books? Demands for an investigation into Google’s marketing of children’s apps in its mobile store could offer legislators some lessons.

Comprehensive privacy rules for the United States are necessary precisely because the current rules cover only information or populations deemed especially sensitive. One of those populations is children, and the Children’s Online Protection Privacy Act was passed in 1998 to prohibit sites from collecting their identifying data without parental consent.

But according to a filing to the Federal Trade Commission by 22 children’s and consumer organizations, many apps gather that data anyway — from ID numbers, to addresses, to location, to the photos on a game-player’s smartphone.

Google is not responsible under COPPA for the actions of untrustworthy apps; the apps themselves are the only ones breaking that law. (The tracking of children on YouTube, which is owned by Google, is another question.) But the complainants allege that, by labeling a section of its store child-friendly and then allowing COPPA violators to appear there, Google is misleading consumers.

They want the FTC to step in, and three Democratic senators have joined in the call. Google says it has removed thousands of noncompliant apps in the past year and has already begun removing those listed in last week’s filing.
This debate should be particularly interesting to lawmakers seeking to craft broader regulations for consumer protection. First, there is the question of Google’s role as a gatekeeper, particularly when its own ad platform is integrated with many of the apps in its stores. Making Google and other software companies, such as Apple, liable for all of the content they host would hurt more than help. But the companies’ conflicting interests are an argument for increased oversight of app stores. And companies should be held to account when they are demonstrably negligent in enforcing their standards.

Last week’s complaint also presents an enforcement issue. The FTC has taken some action against developers in the past for sharing children’s information with advertisers, but the problem persists, and at scale: A study in April found that a majority of the popular apps that researchers surveyed were potentially in violation of COPPA. The FTC has been granted the fining and rulemaking authority under COPPA that many legislators presumably would grant it under a federal privacy law. Still, its efforts so far have not been an effective deterrent, and Congress will have to ask why.

COPPA is two decades old, and it requires modernization that ought to occur alongside Congress’ broader privacy efforts next term. But its provisions nonetheless should remind lawmakers of an important reality: How companies are held to account for violating a law is as important as the law itself.

The Washington Post

Tags: ,

private

Just Don’t Call It Privacy

September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads only to men or just to people between the ages of 25 and 36?

How about when Google collects the whereabouts of its users — even after they deliberately turn off location history?

Or when AT&T shares its mobile customers’ locations with data brokers?

American policymakers often refer to such issues using a default umbrella term: privacy. That at least is the framework for a Senate Commerce Committee hearing scheduled for this Wednesday titled “Examining Safeguards for Consumer Data Privacy.”

After a spate of recent data-mining scandals — including Russian-sponsored ads on Facebook aimed at influencing African-Americans not to vote — some members of Congress are now rallying behind the idea of a new federal consumer privacy law.
At this week’s hearing, legislators plan to ask executives from Amazon, AT&T, Google, Twitter and other companies about their privacy policies. Senators also want the companies to explain “what Congress can do to promote clear privacy expectations without hurting innovation,” according to the hearing notice.

There’s just one flaw with this setup.

In a surveillance economy where companies track, analyze and capitalize on our clicks, the issue at hand isn’t privacy. The problem is unfettered data exploitation and its potential deleterious consequences — among them, unequal consumer treatment, financial fraud, identity theft, manipulative marketing and discrimination.
In other words, asking companies whose business models revolve around exploiting data-based consumer-influence techniques to explain their privacy policies seems about as useful as asking sharks to hold forth on veganism.

“Congress should not be examining privacy policies,” Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a prominent digital rights nonprofit, told me last week. “They should be examining business practices. They should be examining how these firms collect and use the personal data of customers, of internet users.”

The Senate Commerce hearing, however, doesn’t seem designed to investigate commercial surveillance and influence practices that might merit government oversight.
For one thing, only industry executives are currently set to testify. And most of them are lawyers and policy experts, not engineers versed in the mechanics of data-mining algorithms.

Companies are sending their “policy and law folks to Washington to make the government go away — not the engineering folks who actually understand these systems in depth and can talk through alternatives,” Jonathan Mayer, an assistant professor of computer science and public affairs at Princeton University, told me.

That may be because Congress is under industry pressure.

California recently passed a new privacy law that would give Californians some power over the data companies’ hold on them. Industry groups hope to defang that statute by pushing Congress to pass federal privacy legislation that would overrule state laws. The industry-stacked Senate hearing lineup seems designed to pave the way for that, said Danielle Citron, a law professor at the University of Maryland.

Frederick Hill, a spokesman for the Senate Commerce Committee, said the group planned future hearings that would include other voices, such as consumer groups. But “for the first hearing,” Mr. Hill said, “the committee is bringing in companies most consumers recognize to make the discussion about privacy more relatable.”

What is at stake here isn’t privacy, the right not to be observed. It’s how companies can use our data to invisibly shunt us in directions that may benefit them more than us.

Many consumers know that digital services and ad tech companies track and analyze their activities. And they accept, or are at least resigned to, data-mining in exchange for conveniences like customized newsfeeds and ads.

But revelations about Russian election interference and Cambridge Analytica, the voter-profiling company that obtained information on millions of Facebook users, have made it clear that data-driven influence campaigns can scale quickly and cause societal harm.
And that leads to a larger question: Do we want a future in which companies can freely parse the photos we posted last year, or the location data from the fitness apps we used last week, to infer whether we are stressed or depressed or financially strapped or emotionally vulnerable — and take advantage of that?

“Say I sound sick when I am talking to Alexa, maybe they would show me medicine as a suggestion on Amazon,” said Franziska Roesner, an assistant professor of computer science at the University of Washington, using a hypothetical example of Amazon’s voice assistant. “What happens when the inferences are wrong?”

(Amazon said it does not use Alexa data for product recommendations or marketing.)

It’s tough to answer those questions right now when there are often gulfs between the innocuous ways companies explain their data practices to consumers and the details they divulge about their targeting techniques to advertisers.

AT&T’s privacy policy says the mobile phone and cable TV provider may use third-party data to categorize subscribers, without using their real names, into interest segments and show them ads accordingly. That sounds reasonable enough.

Here’s what it means in practice: AT&T can find out which subscribers have indigestion — or at least which ones bought over-the-counter drugs to treat it.

In a case study for advertisers, AT&T describes segmenting DirecTV subscribers who bought antacids and then targeting them with ads for the medication. The firm was also able to track those subscribers’ spending. Households who saw the antacid ads spent 725 percent more on the drugs than a national audience.

Michael Balmoris, a spokesman for AT&T, said the company’s privacy policy was “transparent and precise, and describes in plain language how we use information and the choices we give customers.”
But consumer advocates hope senators will press AT&T, Amazon and other companies this week to provide more details on their consumer-profiling practices. “We want an inside look on the analytics and how they’re categorizing, ranking, rating and scoring us,” Professor Citron said.

Given the increased public scrutiny, some companies are tweaking their tactics.

AT&T recently said it would stop sharing users’ location details with data brokers. Facebook said it had stopped allowing advertisers to use sensitive categories, like race or religion, to exclude people from seeing ads. Google created a feature for users to download masses of their data, including a list of all the sites Google has tracked them on.

Government officials in Europe are not waiting for companies to police themselves. In May, the European Union introduced a tough new data protection law that curbs some data-mining.

It requires companies to obtain explicit permission from European users before collecting personal details on sensitive subjects like their religion, health or sex life. It gives European users the right to see all of the information companies hold about them — including any algorithmic scores or inferences.

European users also have the right not to be subject to completely automated decisions that could significantly affect them, such as credit algorithms that use a person’s data to decide whether a bank should grant him or her a loan.

Of course, privacy still matters. But Congress now has an opportunity to press companies like Amazon on broader public issues. It could require them to disclose exactly how they use data extracted from consumers. And it could force companies to give consumers some rights over that data.

Tags: , , ,

2f211d498f833

Google’s new program to track shoppers sparks a federal privacy complaint

August 2, 2017

A prominent privacy rights watchdog is asking the Federal Trade Commission to investigate a new Google advertising program that ties consumers’ online behavior to their purchases in brick-and-mortar stores.

The legal complaint from the Electronic Privacy Information Center, to be filed with the FTC on Monday, alleges that Google is newly gaining access to a trove of highly sensitive information — the credit and debit card purchase records of the majority of U.S. consumers — without revealing how they got the information or giving consumers meaningful ways to opt out. Moreover, the group claims that the search giant is relying on a secretive technical method to protect the data — a method that should be audited by outsiders and is likely vulnerable to hacks or other data breaches.

“Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that,” said Marc Rotenberg, the organization’s executive director.
Google called its advertising approach “common” and said it had “invested in building a new, custom encryption technology that ensures users’ data remains private, secure and anonymous.”
The Washington Post detailed Google’s program, Store Sales Measurement, in May. Executives have hailed it as a “revolutionary” breakthrough in advertisers’ abilities to track consumer behavior. The company said that, for the first time, it would be able to prove, with a high degree of confidence, that clicks on online ads led to purchases at the cash register of physical stores.

To do this, Google said it had obtained access to the credit and debit card records of 70 percent of U.S. consumers. It had then developed a mathematical formula that would anonymize and encrypt the transaction data, and then automatically match the transactions to the millions of U.S. users of Google and Google-owned services such as Gmail, search, YouTube and maps. This approach prevents Google from accessing the credit or debit card data for individuals.

But the company did not disclose the mathematical formula it uses to protect consumers’ data. In a statement, Google said it had taken pains to build custom encryption technology that ensures the data the company receives remains private and anonymous.
The privacy organization is asking the government not to take Google’s word for it and to review the algorithm itself. In its complaint, the organization said the mathematical technique that Store Sales Measurement is based on, CryptDB, has known security
flaws. Researchers hacked into a CryptDB-protected health-care database in 2015, accessing more than 50 percent of the stored records.

Google also would not disclose which companies were providing it with the transaction records. When asked if users had consented to having their credit and debit transactions shared, Google would not specifically say. The company replied it requires that its unnamed partners have “the rights necessary” to use this data.

In its complaint, reviewed by The Washington Post, the privacy group alleges that if consumers don’t know how Google gets its purchase data, then they cannot make an informed decision about which cards not to use or where not to shop if they don’t want their purchases tracked. The organization points out that purchases can reveal medical conditions, religious beliefs and other intimate information.

Google also told The Post that it does not have access to the names or other personal information of the credit and debit card users, and that it does not share any information about individual Google users with partners.

Advertisers receive aggregate information. For example, for an ad campaign for sneakers that received 10,000 clicks, the advertiser learns that 12 percent of the clickers made a purchase.

Users can opt out anytime, Google says. To do so, users of Google’s products can go to their My Activity Page, click on Activity Controls, and uncheck “Web and Web Activity,” Google says.

The privacy group says the opt-out settings and the descriptions of what users are opting out of are confusing and opaque. The group says the company continues to store server and click data even when Web and App Activity is turned off, and that to opt out of everything requires a labyrinthine process of going to a number of third-party sites. Meanwhile, opting out of location-tracking requires going to a separate button and interface. None of the opt out descriptions specifically describes credit card data.
n 2011 and 2012, Google paid multi-million-dollar fines to settle FTC charges on privacy issues. In 2011, in response to a case brought by the Electronic Privacy Information Center, Google settled FTC charges that it used deceptive tactics and violated its own privacy promises when it launched its social network, Google Buzz. In the 2012 case, for $22.5 million, Google was charged with misrepresenting its privacy promises to users of Apple’s Safari browser, who were under the impression that they could opt out of ad tracking.

Tags: , , ,

fb featured image

US court may snatch privacy rights on Facebook, Google data

February 16, 2017

BERLIN: A Philadelphia court has made the unfortunate decision to reopen the legal debate on whether the US has the right to access e-mails stored on foreign servers if they belong to US companies. If Magistrate Thomas Rueter’s ruling stands, anyone using US based internet companies will have to live with the knowledge that, as far as the US government is concerned, it’s America wherever they operate.

That’s a dangerous approach that hurts the international expansion of US tech companies. Privacy-minded customers in Europe are already suspicious of the US government’s cooperation with the tech giants, revealed by National Security Agency leaker Edward Snowden. Nationalist politicians in some countries want to ban cross-border personal data transfers.

Last July, Microsoft won a landmark case against the US government, in which it argued it didn’t have to hand over e-mails stored on a server in Dublin to investigators working on a drug case. The US Court of Appeals for the Second Circuit agreed with the corporation, ruling that the US Congress never meant the Stored Communications Act to apply extra territorially.

Just two weeks ago, the court allowed the ruling to stand. US internet companies have assumed that if communications are stored abroad, they are out of the US authorities’ reach.

Acting on that understanding, Google refused to disclose two users’ data to the Federal Bureau of Investigation, and the FBI went to court in Philadelphia. Unlike Microsoft, Google doesn’t even know the physical location of a file: its artificial intelligencebased system constantly optimises storage.

Judge Rueter refused to be bound by the Microsoft precedent. In his ruling, he said : “When Google produces the electronic data in accordance with the search warrants and the Government views it, the actual invasion of the account holders’ privacy -the searches -will occur in the United States.“ Within that logic, any information, public or private, that the US government can locate using computers on US territory is fair game. And if the logic applies, the European Union wasted its time last year as it tried to establish an acceptable privacy standard for US companies operating in Europe.

A new framework for these companies became necessary after the European Court of Justice struck down the EU’s so-called safe harbour agreement with the US, which allowed internet companies to shuttle personal data back and forth between the two jurisdictions based on an understanding that the US provided adequate protection for users’ privacy.

The so-called Privacy Shield is still pretty permissive, allowing companies to self-certify their commitment to user privacy, but it simplifies redress and gives European data privacy authorities more power over cross-border communication.

US court may snatch privacy rights on Facebook, Google data

If, however, the US decides that it can just take the data from foreign servers, the new agreement will be rendered meaningless. For US companies, this will mean a need to invent new private arrangements. It appointed Deutsche Telekom “data trustee“ for two data centres in Germany, making it impossible for anyone to obtain any information from the servers without the permission of the trustee and, ultimately, the client.Such tricks, however, may not stand up in US courts, if other judges agree with Rueter.

The US Supreme Court will probably have to take a stand on the issue.

Waiting for a decision, millions of foreigners must decide whether to cut their losses in this front of the online privacy wars: It may no longer be OK to expose their lives to US corporations.

Tags: , , ,

images

EU privacy proposal could dent Facebook, Gmail ad revenue

January 11, 2017

By Julia Fioretti | BRUSSELS
Online messaging services such as WhatsApp, iMessage and Gmail will face tougher rules on how they can track users under a proposal presented by the European Union executive on Tuesday which could hurt companies reliant on advertising.

The web companies would have to guarantee the confidentiality of their customers’ conversations and get their consent before tracking them online to target them with personalized advertisements.

For example, email services such as Gmail and Hotmail will not be able to scan customers’ emails to serve them with targeted advertisements without getting their explicit agreement.

Most free online services rely on advertising to fund themselves.

Spending on online advertising in 2015 was 36.4 billion euros, according to the Internet Advertising Bureau (IAB).

The proposal by the European Commission extends some rules that now apply to telecom operators to web companies offering calls and messages using the internet, known as “Over-The-Top” (OTT) services, and seeks to close a perceived regulatory gap between the telecoms industry and mainly U.S. Internet giants such as Facebook, Google and Microsoft.

It would allow telecoms companies to use customer metadata, such as the duration and location of calls, as well as content to provide additional services and so make more money, although the telecoms lobby group ETNO said they remain more constrained than their tech competitors.

The proposal will also require web browsers to ask users upon installation whether they want to allow websites to place cookies on their browsers to deliver personalized advertisements.

A previous version of the proposal would have forced browsers to set the default settings as not allowing cookies which are the small files placed on people’s computers when they visit a website containing information about their browsing activity.

“It’s up to our people to say yes or no,” said Andrus Ansip, Commission vice-president for the digital single market.

Online advertisers say such rules would undermine many websites’ ability to fund themselves and keep offering free services.

“It will particularly hit those companies that … find it most difficult to talk directly to end users and what I mean by that is tech companies that operate in the background and sort of facilitate the buying and selling of advertising rather than the ones that the user directly engages with,” said Yves Schwarzbart, head of policy and regulatory affairs at the IAB.

“There is no doubt that it is time for the entire ecosystem to become more transparent and fair to all of the stakeholders. Users want easy access to trustworthy sources of information while feeling safe with the data they share,” Elad Natanson said.

Companies falling foul of the new law will face fines of up to 4.0 percent of their global turnover, in line with a separate data protection law set to enter into force in 2018.

The proposal will need to be approved by the European Parliament and member states before becoming law.

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
4000
Wikipedia co-founder slams Mark Zuckerberg, Twitter and the ‘appalling’ internet
July 8, 2019

Elizabeth Schulze Wikpedia Co-Founder Larry Sanger said in an interview social media companies ...

Read more
venmo_pub_priv
Why America Needs a Thoughtful Federal Privacy Law
June 26, 2019

More than a dozen privacy bills have been introduced in this Congress. Here’s what it needs to do....

Read more
privacy-coins-and-bitcoin-dominance-guide
9 Important Privacy Settings for Windows 10
June 3, 2019

Matt Powell On Jun 3, 2019 At first glance, the Digital Age may seem like a wonderful thing. And ...

Read more
apple
Apple exec dismisses Google CEO’s criticism over turning privacy into a ‘luxury good’
May 29, 2019

By Jacob Kastrenakes@jake_k May 27, 2019, 12:18pm EDT Apple’s software chief, Craig Federigh...

Read more
telegram-3m
Your Privacy Is Our Business
April 30, 2019

Let us reassure you: You’re worried only because you don’t understand anything about anything. ...

Read more