[LINK] (OT) another year to year transition problem
stephen at melbpc.org.au
stephen at melbpc.org.au
Mon Jan 2 16:12:08 AEDT 2012
Rick writes,
> Yikes! I clicked on the comments section of the article to read more,
> and my Facebook name + account + picture popped up in the comment area,
> ready to fill in and forward on to Facebook. And I have never been to
> the Colorado Chan9 site before. I do not like that kind of tracking AT
> ALL. I am considering shutting down my useless Facebook account once
> and for all. What really p**ses me off is the violation of the original
> intent of cookies. Cookies are supposed to be available ONLY to the
> originating site/URL. Of course with web beacons/bugs/cross-tracking,
> we now have this horrendous situation.
Yes agree. And one could guess Google has a large appendage in this pie.
Maybe you'll notice an increase in 'accomodation-targeted' browser ads?
Anyway, what should be done?
The Internet Society (presumably with informed membership) has conducted
a member-survey, and, does have a handle on the broad extent of privacy
matters, and, some member ideas on privacy resolutions going forward.
Do you Rick, and Link privacy-advocates (Roger, Jan etc), or, any Linker
support any of the following Internet Society member privacy suggestions?
http://www.internetsociety.org/privacy-internet-society-membership-survey
Privacy: An Internet Society Membership Survey
Privacy and data protection issues have increasingly gained prominence in
Internet governance discussions.
Indeed, one of the five themes of the Internet Governance Forum 2010
is “Openness, Security and Privacy”, and a number of workshops are
devoted to these issues.
Yet, the concept of privacy, opinions on what challenges are posed by the
digital environment and approaches to protection of personal data vary
from country to country, and within communities. Thus, it is important to
understand these differences when developing Internet policy and laws
concerning privacy.
The Survey
In May 2010, the Internet Society invited its members to participate in a
survey on privacy and data protection. Information was received from
respondents in 65 countries.
The objective of the survey was to gather information from across our
broad membership around the world, specifically focusing on how issues of
privacy & data protection are dealt with in their regulatory environment.
While our principal objective was to gather information to help guide the
Internet Society’s privacy efforts, we also hope that the information
provided by our members will help inform international and regional
dialogue on these issues.
The report is divided into 5 parts:
I: Definitions of Privacy, Personal Data and Personal Information
II: The Present
* Are privacy and data protection high priority issues?
* What are stakeholders doing to address these issues?
* What could and/or should they do?
III: The Future
* The top 5 emerging challenges in the digital environment
* Suggestions and principles to address the top 5 emerging challenges
IV: Laws, Regulations, Principles, Guidelines and other Resources
V: Internet Society Members' Activities
and has the following annexures:
A: Legal definitions of "personal data" and "personal information"
B: Privacy and data protection priority issues
C: What stakeholders are doing to address these issues
D: What stakeholders should or could be doing to address these issues
E: The top 5 emerging challenges
F: Laws, rule, principles or guidelines for protection of personal data
G: Places to look for guidance
H: Internet Society member activities
Survey Results:
The top 5 emerging challenges relating to privacy and the protection of
personal data in the digital environment
It is difficult to succiently and comprehensively express the multitude
of emerging challenges identified by the respondents in a few paragraphs.
However, we have attempted to do this by category (below). The breadth of
identified challenges is itself indicative of the complexity of issues
associated with privacy and data protection in the digital environment.
* Competing issues: privacy vs. convenience; privacy vs. access to public
services; privacy vs. security; privacy vs. law enforcement (e.g. of IPR
rights); privacy vs. identification; anonymity vs. access to information
regarding interests and proximity information
* Connectivity: Increased connectivity; increased online transactions;
increased devices
* Culture: Developing/having a culture of personal data protection
* Data durability: Difficulty correcting false accusations on websites;
information online is there “forever”; getting personal information
removed
* Digital Identity: identity fraud and theft; validating identity without
compromising personal data; lack of anonymity; protection of integrity of
identity
* Ownership, control and responsibility: exchanging data without
informing the individual and/or not seeking their permission/consent;
personal responsibility for own data
* Regulatory: Lack of a legal framework; enacting laws; complexities of
regulating online privacy settings for individuals; inadequate focus on
auditable procedures for data retention; global availability of data but
national laws; insufficient government interest and/or expertise;
potential legislation to ban encryption; lack of resources
* Scope: Determining what is “personal data”
* Surveillance: e.g. by government; Deep Packet Inspection; data
collected by search engines being used by government and enterprise to
profile users
* Technology: Implementing technology to support privacy; Data
aggregation, correlation and analysis tools; tools for speed of
transmission; Cloud computing; No standard data format; IP addresses;
lack of a cohesive set of tools to ensure privacy; lack of encryption
* The economics of privacy: Value of privacy to individuals; value of
personal data to businesses; Impact on trade where countries are
perceived as unsafe destinations for data; high profit margins for
illicit use of personal data
* Transborder: Providing data protection across national borders; lack of
international cooperation; inconsistent standards across countries
(particularly developed vs. developing); lack of global approaches
* Transparency, knowledge and understanding: Insufficient or inadequate
understanding of privacy, personal data, data visibility (i.e. knowing
where data is stored); default settings; insufficient proactive
examination of usage terms before sign-up
* Unauthorised access and use: Illegal and/or unauthorised access to
personal data (e.g. via phishing, hacking, malware, botnets, spam,
spyware, careless installation of file-sharing software etc. and/or
insufficient security)
* Users: Inappropriate use of social media; need for adequate protection
of children
and categories of personal data that were considered particularly
challenging:
Geo-location data
Medical data
Financial data
Credit card data
National ID cards
Biometric data
Suggestions or principles to addess the top 5 emerging challenges
We also invited Internet Society members to provide suggestions or
principles to address the top 5 emerging challenges they identified
regarding “privacy” and the protection of “personal data” in the digital
environment.
Almost all of the responses proposed actions or principles to strengthen
the protection of personal data and/or increase individuals’ awareness of
the importance of protecting their personal data.
A summary of the responses is set out below, separated into various
categories (listed alphabetically):
Business Online
* The right to keep personal details private should be a basic human
right that cannot be signed away by a waiver or “click-thru” agreement
* Assign the burden of protection of personal data to the organisation
not the consumer
* Companies should be required to justify the intended use of personal
data, in a regular review process
* When personal data is collected, the online service provider should
provide a “statement of intended use” describing how the details will be
used, selected from a list of approved statements
* Any privacy arrangement (right to use data) between a customer and a
goods/services provider should expire within a specified period (e.g. 6
months) or require renewal when there are material changes to the provider
* Encourage business to protect data
Certification and Insurance
Establish a widely publicised “trust mark” awarded by an independent body
to websites and social media that:
* satisfy some defined minimum privacy protection standards
* provide good and secure default privacy settings
* clearly explain the effect of the privacy policy and privacy settings
Establishment of a privacy mark system
* Creation of “Privacy Insurance”
Cloud Computing and ISPs
* Keep private data out of the cloud behind protective electronically
protected firewalls that should be provided by ISPs
* ISPs should not communicate their customers’ personal data to
collecting societies
Educate And Raise Awareness
* Build a targeted program to sensitize individuals in developing
countries regarding the risks of disclosure of identity information online
* Help stakeholders and ordinary individuals to understand the dangers
involved and how best to defend themselves
* Provide seminars and education in rural areas
* Educate users and the general public on the importance of privacy and
personal data
* Launch a global campaign highlighting online privacy issues
* More workshops
* Raise individual awareness, and regarding precautionary steps needed to
self-protect
General Principles
* Opt-in rather than Opt-out privacy settings
* The default for new applications using personal data should be “opt in”
* Privacy online is no different than privacy online
* Users should protect their personal data
* Users should be responsible for their disclosure of personal data
* Privacy protection must not conflict with principles of net neutrality
* Users must control collection and use of personal data
* The data owner must always authorise data access and use (in advance)
* Online service providers should not make the sharing of personal data a
prerequisite for access to their services
* "Sensitive" personal data should not be available
Institutional
* The default for new applications using personal data should be “opt in”
* Privacy online is no different than privacy online
* Users should protect their personal data
* Users should be responsible for their disclosure of personal data
* Privacy protection must not conflict with principles of net neutrality
* Users must control collection and use of personal data
* The data owner must always authorise data access and use (in advance)
* Online service providers should not make the sharing of personal data a
prerequisite for access to their services
* "Sensitive" personal data should not be available
* An international organisation dedicated to personal data protection
should be created
* Work together in a multistakeholder environment
* Seek input from the International Association of Privacy Professionals
(IAPP)
* Create regional and global committees for privacy and protection of
personal data
* The views of users and the general public should be taken into account
when developing policies on privacy
* Local governments should remind their citizens of the risks of
disclosing personal information online and provide them with information
regarding services which allow users to block access to particular
websites
* Software and hardware “back doors” should not be available to
governments
International/Local
* Develop international requirements for the handling of personal data
* Strive for local or continent-based solutions as international
solutions may not be politically achievable
* Global harmonisation of essential privacy principles in relation to
social media and "cloud" computing ...
Laws, Implementation, and Enforcement
* Promote and develop methodology and compliance measurement criteria
* Stricter rules, regulations and penalties
* Provide strong personal data protection
* Introduce laws covering privacy/data protection
* Laws should not allow automatic opt-in or automatic renewal of services
* Enforcement agencies should examine the practices of the ISP with
access to users’ data
* Criminal penalties for misuse of personal data for marketing or
harassment
* Encourage policymakers to formulate policy on privacy and leave
implementation to the relevant actors
* Improve enforcement legislation/courts
* Give people channels to denounce abuse
* Mandatory reporting of breaches from private companies
* Update law to reflect new technology
* Educate politicians so they are able to pass appropriate laws
Other
* Consider alternatives for transmission of personal data (e.g. post
rather than email)
Spyware, Malware, and Hacking
* Ban spyware and hacking (through laws)
* Involve the companies offering security solutions to stop spread of
spyware and hacking
Technical Solutions
* The IETF should develop protocols for the verification, sharing and
securing of personal data which are independent of local definitions
* Develop systems which allows individuals to tag personal data with a
privacy policy that can be enforced by an automatic enforcement scheme
(example provided: www.springerlink.com/content/l2u4488247134753)
* Privacy by design should not be optional
* Uniform adoption of last-login time-stamp for online accounts users
login
* Fully customize MS Windows to avoid unattended use of the account
system and related accounts of the operating system
* Restrict RFID applications to the Internet of Things. No embedded RFID
in personal user applications
The Scope Of Privacy
* Develop differentials in privacy
* Corporate/Commercial privacy
* Personal privacy
Understand The Issues
* Conduct a field study
* Set up a taskforce to address the issues
* Case studies on the damage caused by invasion/violation of privacy
WHOIS
* Restrict access to Whois data to law enforcement and to authorised
registries and registrars for the purposes of network management
We would like to thank all our members who participated in this survey.
The responses to this survey are helpful in identifying the wide-ranging
views on privacy and will be useful in guiding the Internet Society’s
future work in this area.
Message sent using MelbPC WebMail Server
More information about the Link
mailing list