Have you created a ShazzleMail account on your smartphone? This is a required first step.

Yes No

Free Encrypted Email

Posts Tagged ‘#Google’

private

Just Don’t Call It Privacy

September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads only to men or just to people between the ages of 25 and 36?

How about when Google collects the whereabouts of its users — even after they deliberately turn off location history?

Or when AT&T shares its mobile customers’ locations with data brokers?

American policymakers often refer to such issues using a default umbrella term: privacy. That at least is the framework for a Senate Commerce Committee hearing scheduled for this Wednesday titled “Examining Safeguards for Consumer Data Privacy.”

After a spate of recent data-mining scandals — including Russian-sponsored ads on Facebook aimed at influencing African-Americans not to vote — some members of Congress are now rallying behind the idea of a new federal consumer privacy law.
At this week’s hearing, legislators plan to ask executives from Amazon, AT&T, Google, Twitter and other companies about their privacy policies. Senators also want the companies to explain “what Congress can do to promote clear privacy expectations without hurting innovation,” according to the hearing notice.

There’s just one flaw with this setup.

In a surveillance economy where companies track, analyze and capitalize on our clicks, the issue at hand isn’t privacy. The problem is unfettered data exploitation and its potential deleterious consequences — among them, unequal consumer treatment, financial fraud, identity theft, manipulative marketing and discrimination.
In other words, asking companies whose business models revolve around exploiting data-based consumer-influence techniques to explain their privacy policies seems about as useful as asking sharks to hold forth on veganism.

“Congress should not be examining privacy policies,” Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a prominent digital rights nonprofit, told me last week. “They should be examining business practices. They should be examining how these firms collect and use the personal data of customers, of internet users.”

The Senate Commerce hearing, however, doesn’t seem designed to investigate commercial surveillance and influence practices that might merit government oversight.
For one thing, only industry executives are currently set to testify. And most of them are lawyers and policy experts, not engineers versed in the mechanics of data-mining algorithms.

Companies are sending their “policy and law folks to Washington to make the government go away — not the engineering folks who actually understand these systems in depth and can talk through alternatives,” Jonathan Mayer, an assistant professor of computer science and public affairs at Princeton University, told me.

That may be because Congress is under industry pressure.

California recently passed a new privacy law that would give Californians some power over the data companies’ hold on them. Industry groups hope to defang that statute by pushing Congress to pass federal privacy legislation that would overrule state laws. The industry-stacked Senate hearing lineup seems designed to pave the way for that, said Danielle Citron, a law professor at the University of Maryland.

Frederick Hill, a spokesman for the Senate Commerce Committee, said the group planned future hearings that would include other voices, such as consumer groups. But “for the first hearing,” Mr. Hill said, “the committee is bringing in companies most consumers recognize to make the discussion about privacy more relatable.”

What is at stake here isn’t privacy, the right not to be observed. It’s how companies can use our data to invisibly shunt us in directions that may benefit them more than us.

Many consumers know that digital services and ad tech companies track and analyze their activities. And they accept, or are at least resigned to, data-mining in exchange for conveniences like customized newsfeeds and ads.

But revelations about Russian election interference and Cambridge Analytica, the voter-profiling company that obtained information on millions of Facebook users, have made it clear that data-driven influence campaigns can scale quickly and cause societal harm.
And that leads to a larger question: Do we want a future in which companies can freely parse the photos we posted last year, or the location data from the fitness apps we used last week, to infer whether we are stressed or depressed or financially strapped or emotionally vulnerable — and take advantage of that?

“Say I sound sick when I am talking to Alexa, maybe they would show me medicine as a suggestion on Amazon,” said Franziska Roesner, an assistant professor of computer science at the University of Washington, using a hypothetical example of Amazon’s voice assistant. “What happens when the inferences are wrong?”

(Amazon said it does not use Alexa data for product recommendations or marketing.)

It’s tough to answer those questions right now when there are often gulfs between the innocuous ways companies explain their data practices to consumers and the details they divulge about their targeting techniques to advertisers.

AT&T’s privacy policy says the mobile phone and cable TV provider may use third-party data to categorize subscribers, without using their real names, into interest segments and show them ads accordingly. That sounds reasonable enough.

Here’s what it means in practice: AT&T can find out which subscribers have indigestion — or at least which ones bought over-the-counter drugs to treat it.

In a case study for advertisers, AT&T describes segmenting DirecTV subscribers who bought antacids and then targeting them with ads for the medication. The firm was also able to track those subscribers’ spending. Households who saw the antacid ads spent 725 percent more on the drugs than a national audience.

Michael Balmoris, a spokesman for AT&T, said the company’s privacy policy was “transparent and precise, and describes in plain language how we use information and the choices we give customers.”
But consumer advocates hope senators will press AT&T, Amazon and other companies this week to provide more details on their consumer-profiling practices. “We want an inside look on the analytics and how they’re categorizing, ranking, rating and scoring us,” Professor Citron said.

Given the increased public scrutiny, some companies are tweaking their tactics.

AT&T recently said it would stop sharing users’ location details with data brokers. Facebook said it had stopped allowing advertisers to use sensitive categories, like race or religion, to exclude people from seeing ads. Google created a feature for users to download masses of their data, including a list of all the sites Google has tracked them on.

Government officials in Europe are not waiting for companies to police themselves. In May, the European Union introduced a tough new data protection law that curbs some data-mining.

It requires companies to obtain explicit permission from European users before collecting personal details on sensitive subjects like their religion, health or sex life. It gives European users the right to see all of the information companies hold about them — including any algorithmic scores or inferences.

European users also have the right not to be subject to completely automated decisions that could significantly affect them, such as credit algorithms that use a person’s data to decide whether a bank should grant him or her a loan.

Of course, privacy still matters. But Congress now has an opportunity to press companies like Amazon on broader public issues. It could require them to disclose exactly how they use data extracted from consumers. And it could force companies to give consumers some rights over that data.

Tags: , , ,

2f211d498f833

Google’s new program to track shoppers sparks a federal privacy complaint

August 2, 2017

A prominent privacy rights watchdog is asking the Federal Trade Commission to investigate a new Google advertising program that ties consumers’ online behavior to their purchases in brick-and-mortar stores.

The legal complaint from the Electronic Privacy Information Center, to be filed with the FTC on Monday, alleges that Google is newly gaining access to a trove of highly sensitive information — the credit and debit card purchase records of the majority of U.S. consumers — without revealing how they got the information or giving consumers meaningful ways to opt out. Moreover, the group claims that the search giant is relying on a secretive technical method to protect the data — a method that should be audited by outsiders and is likely vulnerable to hacks or other data breaches.

“Google is seeking to extend its dominance from the online world to the real, offline world, and the FTC really needs to look at that,” said Marc Rotenberg, the organization’s executive director.
Google called its advertising approach “common” and said it had “invested in building a new, custom encryption technology that ensures users’ data remains private, secure and anonymous.”
The Washington Post detailed Google’s program, Store Sales Measurement, in May. Executives have hailed it as a “revolutionary” breakthrough in advertisers’ abilities to track consumer behavior. The company said that, for the first time, it would be able to prove, with a high degree of confidence, that clicks on online ads led to purchases at the cash register of physical stores.

To do this, Google said it had obtained access to the credit and debit card records of 70 percent of U.S. consumers. It had then developed a mathematical formula that would anonymize and encrypt the transaction data, and then automatically match the transactions to the millions of U.S. users of Google and Google-owned services such as Gmail, search, YouTube and maps. This approach prevents Google from accessing the credit or debit card data for individuals.

But the company did not disclose the mathematical formula it uses to protect consumers’ data. In a statement, Google said it had taken pains to build custom encryption technology that ensures the data the company receives remains private and anonymous.
The privacy organization is asking the government not to take Google’s word for it and to review the algorithm itself. In its complaint, the organization said the mathematical technique that Store Sales Measurement is based on, CryptDB, has known security
flaws. Researchers hacked into a CryptDB-protected health-care database in 2015, accessing more than 50 percent of the stored records.

Google also would not disclose which companies were providing it with the transaction records. When asked if users had consented to having their credit and debit transactions shared, Google would not specifically say. The company replied it requires that its unnamed partners have “the rights necessary” to use this data.

In its complaint, reviewed by The Washington Post, the privacy group alleges that if consumers don’t know how Google gets its purchase data, then they cannot make an informed decision about which cards not to use or where not to shop if they don’t want their purchases tracked. The organization points out that purchases can reveal medical conditions, religious beliefs and other intimate information.

Google also told The Post that it does not have access to the names or other personal information of the credit and debit card users, and that it does not share any information about individual Google users with partners.

Advertisers receive aggregate information. For example, for an ad campaign for sneakers that received 10,000 clicks, the advertiser learns that 12 percent of the clickers made a purchase.

Users can opt out anytime, Google says. To do so, users of Google’s products can go to their My Activity Page, click on Activity Controls, and uncheck “Web and Web Activity,” Google says.

The privacy group says the opt-out settings and the descriptions of what users are opting out of are confusing and opaque. The group says the company continues to store server and click data even when Web and App Activity is turned off, and that to opt out of everything requires a labyrinthine process of going to a number of third-party sites. Meanwhile, opting out of location-tracking requires going to a separate button and interface. None of the opt out descriptions specifically describes credit card data.
n 2011 and 2012, Google paid multi-million-dollar fines to settle FTC charges on privacy issues. In 2011, in response to a case brought by the Electronic Privacy Information Center, Google settled FTC charges that it used deceptive tactics and violated its own privacy promises when it launched its social network, Google Buzz. In the 2012 case, for $22.5 million, Google was charged with misrepresenting its privacy promises to users of Apple’s Safari browser, who were under the impression that they could opt out of ad tracking.

Tags: , , ,

fb featured image

US court may snatch privacy rights on Facebook, Google data

February 16, 2017

BERLIN: A Philadelphia court has made the unfortunate decision to reopen the legal debate on whether the US has the right to access e-mails stored on foreign servers if they belong to US companies. If Magistrate Thomas Rueter’s ruling stands, anyone using US based internet companies will have to live with the knowledge that, as far as the US government is concerned, it’s America wherever they operate.

That’s a dangerous approach that hurts the international expansion of US tech companies. Privacy-minded customers in Europe are already suspicious of the US government’s cooperation with the tech giants, revealed by National Security Agency leaker Edward Snowden. Nationalist politicians in some countries want to ban cross-border personal data transfers.

Last July, Microsoft won a landmark case against the US government, in which it argued it didn’t have to hand over e-mails stored on a server in Dublin to investigators working on a drug case. The US Court of Appeals for the Second Circuit agreed with the corporation, ruling that the US Congress never meant the Stored Communications Act to apply extra territorially.

Just two weeks ago, the court allowed the ruling to stand. US internet companies have assumed that if communications are stored abroad, they are out of the US authorities’ reach.

Acting on that understanding, Google refused to disclose two users’ data to the Federal Bureau of Investigation, and the FBI went to court in Philadelphia. Unlike Microsoft, Google doesn’t even know the physical location of a file: its artificial intelligencebased system constantly optimises storage.

Judge Rueter refused to be bound by the Microsoft precedent. In his ruling, he said : “When Google produces the electronic data in accordance with the search warrants and the Government views it, the actual invasion of the account holders’ privacy -the searches -will occur in the United States.“ Within that logic, any information, public or private, that the US government can locate using computers on US territory is fair game. And if the logic applies, the European Union wasted its time last year as it tried to establish an acceptable privacy standard for US companies operating in Europe.

A new framework for these companies became necessary after the European Court of Justice struck down the EU’s so-called safe harbour agreement with the US, which allowed internet companies to shuttle personal data back and forth between the two jurisdictions based on an understanding that the US provided adequate protection for users’ privacy.

The so-called Privacy Shield is still pretty permissive, allowing companies to self-certify their commitment to user privacy, but it simplifies redress and gives European data privacy authorities more power over cross-border communication.

US court may snatch privacy rights on Facebook, Google data

If, however, the US decides that it can just take the data from foreign servers, the new agreement will be rendered meaningless. For US companies, this will mean a need to invent new private arrangements. It appointed Deutsche Telekom “data trustee“ for two data centres in Germany, making it impossible for anyone to obtain any information from the servers without the permission of the trustee and, ultimately, the client.Such tricks, however, may not stand up in US courts, if other judges agree with Rueter.

The US Supreme Court will probably have to take a stand on the issue.

Waiting for a decision, millions of foreigners must decide whether to cut their losses in this front of the online privacy wars: It may no longer be OK to expose their lives to US corporations.

Tags: , , ,

images

EU privacy proposal could dent Facebook, Gmail ad revenue

January 11, 2017

By Julia Fioretti | BRUSSELS
Online messaging services such as WhatsApp, iMessage and Gmail will face tougher rules on how they can track users under a proposal presented by the European Union executive on Tuesday which could hurt companies reliant on advertising.

The web companies would have to guarantee the confidentiality of their customers’ conversations and get their consent before tracking them online to target them with personalized advertisements.

For example, email services such as Gmail and Hotmail will not be able to scan customers’ emails to serve them with targeted advertisements without getting their explicit agreement.

Most free online services rely on advertising to fund themselves.

Spending on online advertising in 2015 was 36.4 billion euros, according to the Internet Advertising Bureau (IAB).

The proposal by the European Commission extends some rules that now apply to telecom operators to web companies offering calls and messages using the internet, known as “Over-The-Top” (OTT) services, and seeks to close a perceived regulatory gap between the telecoms industry and mainly U.S. Internet giants such as Facebook, Google and Microsoft.

It would allow telecoms companies to use customer metadata, such as the duration and location of calls, as well as content to provide additional services and so make more money, although the telecoms lobby group ETNO said they remain more constrained than their tech competitors.

The proposal will also require web browsers to ask users upon installation whether they want to allow websites to place cookies on their browsers to deliver personalized advertisements.

A previous version of the proposal would have forced browsers to set the default settings as not allowing cookies which are the small files placed on people’s computers when they visit a website containing information about their browsing activity.

“It’s up to our people to say yes or no,” said Andrus Ansip, Commission vice-president for the digital single market.

Online advertisers say such rules would undermine many websites’ ability to fund themselves and keep offering free services.

“It will particularly hit those companies that … find it most difficult to talk directly to end users and what I mean by that is tech companies that operate in the background and sort of facilitate the buying and selling of advertising rather than the ones that the user directly engages with,” said Yves Schwarzbart, head of policy and regulatory affairs at the IAB.

“There is no doubt that it is time for the entire ecosystem to become more transparent and fair to all of the stakeholders. Users want easy access to trustworthy sources of information while feeling safe with the data they share,” Elad Natanson said.

Companies falling foul of the new law will face fines of up to 4.0 percent of their global turnover, in line with a separate data protection law set to enter into force in 2018.

The proposal will need to be approved by the European Parliament and member states before becoming law.

Tags: , , ,

3500

Google’s ad tracking is as creepy as Facebook’s. Here’s how to disable it

October 26, 2016

Google in June deleted a clause in its privacy settings that said it would not combine cookie information with personal information without consent.
ince Google changed the way it tracks its users across the internet in June 2016, users’ personally identifiable information from Gmail, YouTube and other accounts has been merged with their browsing records from across the web.

An analysis of the changes conducted by Propublica details how the company had previously pledged to keep these two data sets separate to protect individuals’ privacy, but updated its privacy settings in June to delete a clause that said “we will not combine DoubleClick cookie information with personally identifiable information unless we have your opt-in consent”.

ProPublica highlights that when Google first made the changes in June, they received little scrutiny. Media reports focused on the tools the company introduced to allow users to view and manage ad tracking rather than the new powers Google gained.

DoubleClick is an advertising serving and tracking company that Google bought in 2007. DoubleClick uses web cookies to track browsing behaviour online by their IP address to deliver targeted ads. It can make a good guess about your location and habits, but it doesn’t know your true identity.
Google, on the other hand, has users’ (mostly) real names, email accounts and search data.

At the time of the acquisition, a number of consumer groups made a complaint to the Federal Trade Commission arguing that bringing these data sets together would represent a huge invasion of privacy, giving the company access to more information about the internet activities of consumers than any other company in the world.

Sergey Brin reassured privacy campaigners, saying: “Overall, we care very much about end-user privacy, and that will take a number one priority when we talk about advertising products.”

In 2012, Google made a controversial update to its privacy policy to allow it to share data about users between different Google services, but it kept DoubleClick separate.

In practice, this means that Google can now, if it wanted to, build up even richer profiles of named individuals’ online activity. It also means that the DoubleClick ads that follow people on the web could be personalized based on the keywords that individuals use in Gmail.

Google isn’t the first company to track individuals in this way. Facebook has been tracking logged-in users (and even non-users) by name across the internet whenever they visit websites with Facebook “like” or “share” buttons.

Google says that the change is optional and is aimed at giving people better control over their data.

“Google is actually quite late to this game. By now, most of the websites you visit are already sharing your activity with a wide network of third parties who share, collaborate, link and de-link personal information in order to target ads,” said Jules Polonetsky from Future of Privacy Forum.

“Some users may appreciate relevant advertising, many others may not. What’s critical is that there are easy ways for those who want to avoid the more robust types of data targeting to be able to take easy steps to do so.”
Technology companies argue that such tracking allows them to deliver much more targeted, relevant advertising across the internet. Paul Ohm from the Center of Privacy and Technology at Georgetown law school told Propublica that the fact that Google kept personally identifiable information and DoubleClick data separate was “a really significant last stand”.

“It was a border wall between being watched everywhere and maintaining a tiny semblance of privacy. That wall has just fallen.”

A Google spokeswoman said that its advertising system had been designed before the smartphone revolution, and that the update in June made it easier for users to control their ad preferences across multiple devices.

The company says that more than one billion Google users have accessed the ‘My Account’ settings that let them control how their data is used.

“Before we launched this update, we tested it around the world with the goal of understanding how to provide users with clear choice and transparency,” Google said. “As a result, it is 100% optional – if users do not opt-in to these changes, their Google experience will remain unchanged. Equally important: we provided prominent user notifications about this change in easy-to-understand language as well as simple tools that let users control or delete their data.”

Users that don’t want to be tracked in this way can visit the activity controls section of their account page on Google, unticking the box marked “Include Chrome browsing history and activity from websites and apps that use Google services”.

Tags: , , ,

Introducing ShazzleMail Email and How it Works

Privacy is your Fundamental Human Right.

Our Daily Blog
venmo
What’s Wrong With Your Venmo Account, and How to Fix It
December 4, 2018

ILLUSTRATION: RICHARD BORGE By Katherine Bindley Dec. 4, 2018 9:02 a.m. ET Few social-media e...

Read more
private
Private Blockchains Could Be Compatible with EU Privacy Rules, Research Shows
November 12, 2018

Private blockchains, such as interbanking platforms set to share information on customers, could be...

Read more
apple
Apple launches privacy portal, initiatives
October 18, 2018

Apple (NASDAQ:AAPL) launches a new privacy website letting users find personal data the company has ...

Read more
private
Just Don’t Call It Privacy
September 23, 2018

What do you call it when employers use Facebook’s advertising platform to show certain job ads onl...

Read more
static2.politico.com
Privacy and security: no simple solution, warns Rachel Dixon
September 18, 2018

The tide is turning when it comes to privacy and security, with Australians gradually becoming more ...

Read more