All posts in Privacy

Mountain Lion, Closed Systems, Privacy, and Device Churn

Posted February 16th, 2012 by Bill

Some interesting dates from the not-so-distant past:

December, 2009: "Apple has said it rejects 10 percent of submissions for being 'inappropriate,' in some cases because they try to steal personal data".

November, 2011: Apple kicks a security researcher out of its developer program for developing a proof of concept that shows how to exploit a security hole. The best part: the researcher had reported the flaw three weeks earlier.

February, 2012: An approved app, available in the App Store, is caught uploading entire address books (aka, stealing personal data), without user consent or knowledge. This app was never pulled from the App store, and an updated (non-address stealing version) is still available.

Apple has done a great job of pairing marketing hype with security through obscurity. Apple has created the appearance of a secure system (trust us! we're the gatekeepers!) but the holes in this system keep reappearing. I'm not saying that other systems are any more or less secure; however, other systems don't attempt to parlay a walled ecosystem into the equivalent of a secure environment. There have been instances of security fixes being delayed as a result of Apple's review process, resulting in users having no alternative to compromised apps, and no knowledge of the compromise.

However, despite these issues, Apple supporters - and especially Apple supporters within education - go to great lengths to describe how satisfied they are with their Apple purchases, and how they are not bothered by the increasingly intertwined way that the Apple ecosystem shuts out alternatives. Concerns about student privacy, and how iTunes accounts are effectively required to use iPads and other Mac products, have died down. People seem to have accepted that school in the 21st century requires paying companies to take over your personal data and usage patterns, and mine them for information.

But really, how many people who have gone deep into Apple could express anything but satisfaction, or even intense excitement? What are the alternatives?

Can you imagine a tech director walking into their boss and saying, "Well, this Apple hardware and software was okay, but with a little hindsight they aren't really necessary for learning, and there are other options that look promising, and might even be cheaper. I'd like to explore some other avenues. Oh, and one last thing: sorry about the several hundred thousand/millions we've spent on that hardware and software, and sorry that a good percentage of our faculty and student creative output is locked into apps that don't work on anything else but Apple stuff."

Of course people that have gone all in with Apple will be delighted with the results. The alternative is admitting that resources were squandered on something that was untested, and proved to be not as awesome as the sales teams/fanboys promised. People who have gone heavily into Apple need for Apple to be the best thing ever, as that reinforces their "vision."

So, when I read about the release of Mountain Lion, and how this is a move to annual release cycles of OS upgrades, and how people will now get the chance to upgrade every year (as opposed to having to upgrade every year), it's a move that makes sense for the direction Apple is heading: toward a fully closed ecosystem where people are pushed into frequent upgrade paths leading to increased device churn.

And learning? No problem. There's got to be an app for that.

But the one thing that doesn't surprise me is the name: Mountain Lion. Mountain lions love sheep.

Image Credit: "Rotten Apple" taken by Vince Wingate, published under an Attribution Share-Alike license.

Social Media and Cooperative Surveillance

Posted June 20th, 2011 by Bill

So the Bruins won the Super Bowl. Or something like that.

And in the aftermath, people rioted in Vancouver. And in those riots, pictures and videos were taken.

And some people took it upon themselves to identify the rioters.

And after the aftermath - with nearly 170 people treated in hospitals, volunteers cleaning up the city, people began to ask questions about surveillance and the role of social media.

In the comments of her post linked above, Alexandra Samuel extends her original thoughts to include the "slippery slope" argument:

I don't see how we can claim to be uncomfortable with mass surveillance -- to fear Big Brother -- but then make exceptions when it's convenient, or feels important. This is a slippery slope and we can't draw too many simple lines -- even a line based on exposing illegal behaviour (as opposed to legal but controversial). Remember that there are places where it's illegal to smoke dope, or criticize the government, or hold hands with someone who is the same gender as you. Do we accept social media surveillance in those contexts?

To start, it's worth pointing out that most slippery slope arguments aren't worth the air required to set them loose. A "slippery slope" argument assumes that we live in a world with moral absolutes, and that making a "wrong" choice plunges us into the abyss of uncertainty and ambiguity.

But with that said, to all those who argue that using social media to identify rioters to the state are engaging in community surveillance/crowdsourcing big brother/engaging in nefarious deeds to further the expansion of the omnipresent nanny state: you are late to the game. That ship has sailed. People are reporting on one another, and have been for years, well before the advent of the social web. Perversely enough, people using Facebook are complicit in building their own Panopticon. And, in using sites like Facebook - where people throw their contact information, their interests, the places they like to go, the people they like and dislike, things they buy, games they play (and how they play them), what they look like, what their friends look like, etc, etc - people leave a broad data trail. Even rough data shows a lot about individuals; more sophisticated datasets allow for more sophisticated predictions.

It would be interesting to look at what could be discerned from a person's datastream on Facebook, combined with the data accessible via the phones and laptops we use, and how close that woud come to supporting the data needed to make the Information Awareness Office a reality.

But to return to the argument of what constitutes an appropriate use for social media, and what level of privacy is reasonable to expect: we need to ground these conversations within the historical reality that people have been disagreeing, behaving badly, attempting to avoid responsibility - and then talking about it - for centuries (as an aside, Augustine would have had an AWESOME twitter feed). Social media just lets us get the word out faster.

And, if you are now concerned about privacy, and the relationship between surveillance, privacy, and the state, there is one thing you can do right now to make it better: stop using Facebook, Foursquare, Twitter, etc, as outreach and communication tools. To use social media is to participate in a continuous act of cooperative surveillance: sometimes we're watching ourselves, sometimes we're watching others, sometimes we're being watched, but the difference between sharing and observing is largely a matter of the side of the window you're on.

For the many self-proclaimed "social media consultants": stop advocating an expanded use of Facebook, Twitter, etc, to the detriment of an organization's primary web site. If you have engaged in such unseemly behavior in the past, it's never too late to admit your mistakes. Just stop repeating them. And if you have been working in social media for more than 15 minutes and are actually surprised by privacy implications, you can always go back to selling cars.

Seriously, though, if you are giving advice to an organization that does social justice work, be very careful of the relationships you encourage them to foster on external social sites. Given Facebook's unclear direction in China, the ease in which apps can access and store user data, the way bugs leak private data, and Facebook's own hamfisted "privacy" efforts (from Beacon to facial recognition and everything in between), encouraging social justice-oriented groups to work on Facebook could be putting people at unnecessary risk.

As we talk about privacy and surveillance, we need to remember that a key difference between a surveillance tool and a tool for individual or collective empowerment is who controls the data, and how that data is used.

Image Credit: "Patrice Bergeron" taken by slidingsideways, published under an Attribution Non-Commercial No Derivatives license.

Google and Data Collection

Posted October 24th, 2010 by Bill

Last May, Google announced that it had accidentally collected personally identifiable information as part of capturing data for the Street View functionality of Google Maps.

A look at the technical aspects of what was collected, and why, tends to support Google's explanation that this was accidental, and not anywhere near as big a deal as people wanted it to be.

Please don't misunderstand - Google has plenty of issues with user privacy, and the ramifications for student privacy as more K-12 schools transition to Google Apps are mind-boggling. But, the kerfuffle over data collected for Street View is overblown.

Moreover, Google appears to be taking steps to mitigate this, and they are candid about their role in the failure, and clear about the steps they are taking to improve it. Other companies with widespread privacy issues (cough cough Facebook cough cough) could learn from how Google is handling this.

Image Credit: Photo "New 'Camera'" taken by Sherman Tan, published under an Attribution license.

Bad Execution As A Feature

Posted October 10th, 2010 by Bill

A great new feature that comes with the Facebook Groups: any friend can add you to any group, without your permission.

And, it's really easy to impersonate someone!

So, I wonder how long it will take for a teacher to get in trouble for belonging to a group they were added to by a "friend."

I don't know how many more times I'll need to say this, but I'll add this additional time to the pile of others: Facebook is a business, and Facebook only cares about your interests up to the point where they can study them and profit from access to them. That is why they allow you to "connect" with things. Any benefit you receive is purely incidental.

Have Fun Explaining This To Parents As Your School Transitions To Google Apps

Posted September 14th, 2010 by Bill

While this is likely an isolated incident, it certainly raises questions about what happens to a student's personal information (also known as their thoughts, and portions of the intellectual explorations that make up their life) when it is sent to a large company. In this case, an engineer at Google was allegedly fired for accessing the accounts of minors:

In other cases involving teens of both sexes, Barksdale exhibited a similar pattern of aggressively violating others' privacy, according to our source. He accessed contact lists and chat transcripts, and in one case quoted from an IM that he'd looked up behind the person's back. (He later apologized to one for retrieving the information without her knowledge.) In another incident, Barksdale unblocked himself from a Gtalk buddy list even though the teen in question had taken steps to cut communications with the Google engineer.

So, as schools make decisions to outsource essential services to external companies (aka the cloud), it's worth remembering that there are people working around the clock to keep the cloud running. Most of these people do the right thing all of the time, but for schools rolling these services out (and requiring students to use them as part of their school work) what recourse would you have if your student's privacy was violated? More to the point, how would you know? Is there even any guarantee that you would be told?

At what point does convenience trump the ability to guarantee your students and your parents that you have taken reasonable steps to ensure the privacy and integrity of work done within your school?

Why Privacy Matters, the Tinfoil Hat Version

Posted February 19th, 2010 by Bill

~~Hi. We're your new overlords.~~

Hi. We're Apple.

~~We are delighted to inform you that regulations require you to carry a device that:~~

a. Tells us where you are at all times;

b. Records who you talk with, and for how long;

c. Can be used to record exactly what you say, and the responses of other participants in these conversations;

d. Collects email and text messages sent by you and to you.

You will never be informed when this information is examined by anyone.

Buy a phone. It's cool.

~~You must tell us everything you do, no matter how trivial. Identify your friends and acquaintances, and how you know them. We expect you to check in with us at least several times a day, every day.~~

Install apps for Facebook, Twitter, and Foursquare.

~~Tell us everything you are curious about.~~

Install apps for Google and/or Bing.

Pay us, because tracking you and sorting through all the information you give us takes time and we need to pay people to do it. Additionally, we need to sell your data to advertisers, marketers, or possibly just hand it over to law enforcement regardless of whether or not they have any legal right to have it, and your data doesn't package itself. Your data is worth money, and you must pay us because we value your data. We value it so much that we will sell it, because that lets us make more money. So pay us. We need to continue watching you.

You will be charged a reasonable monthly fee for these services.

Thank you,

Your new overlords

Schools, the Internet, and Privacy

Posted February 11th, 2010 by Bill

In a recent listserv conversation, a participant asked about the steps schools are taking to monitor student computer use. One question dealt with the frequency with which browser histories on student machines were parsed, not as part of any examination into any suspected incidents, but as part of routine supervision and oversight of students.

I've seen more threads like this than I can count. Much of the impetus behind the more intrusive forms of supervision comes from a good motive: the desire to keep kids safe. High profile cases power calls for more supervision, as do "consultants" who conduct seminars tailored for the fears of parents and administrators (as an aside, if I remember the research correctly, scare tactics have been shown to have limited effectiveness for a short time period with students at or around middle school age. Scare tactics don't do much for older students. If any of my three readers knows better info on this, please share it in the comments).

But -- as people who work in and with schools, as people who help kids develop the skills to make rational, meaningful decisions about the world in which they live -- when do we have a responsibility to push back against well-intentioned but misguided efforts that conflate security with supervision?

Within the last two weeks, there have been news stories about the FBI wanting access to geolocation data obtained from cell phones, and the FBI wanting to require ISP's to retain web browsing records for two years. As we have seen before, even access to anonymized search records show an incredible amount of information about an individual. In the recent past, there was some outcry against the government requesting borrowing records from public libraries, and the entire question of warrantless wiretapping raised some hackles.

But the outcry against intrusions on privacy takes place against a backdrop where it's normal to share a steady stream of details about your life. My concern is that, if we make our schools into places where "normal" means having your browsing history tracked daily, people will take that level of supervision for granted. For a child born in 2002, a government that uses warrantless wiretapping is part of the fabric of their lives.

As teachers, as parents, as people who run schools, as people who care about kids: how are we empowering kids to develop their distinct interests, to take informed risks, to explore freely, and to know that it's okay to have hopes, fears, and dreams that are private, and intrinsically theirs until they choose to share?

I was at Educon 2.2 a little while back, and at that meetup we spent a lot of time talking about what school can and should be. I have been working on a follow-up post about the session, but I sense that as I try to make some sense about what learning can be within a context where there is a growing tension between constructive guidance and overbearing observation, part of what we all need to learn is how to deconstruct the myth that being observed and tracked makes us safer.

There Is No Such Thing As A Privacy Setting On Facebook

Posted December 17th, 2009 by Bill

All of the recent discussion about Facebook's change to its privacy policy obscures one frequently minimized point: privacy doesn't really exist on Facebook. While there is minimal control over what appears onscreen, this should not be confused with real, actual privacy, or the ability to control what is known about you. Facebook has your information, and by virtue of using their site, you have provided them a degree of control over your personal information.

This becomes particularly apparent when looking at Third Party Application developers. These external applications can access data in ways that are not immediately obvious to the end user, and in some cases this seems to work against people's obvious desires. In short: third party applications get the same access as the account that installed them, so if your privacy settings are set to friends only, and a third party app installed by a friend requests your information, it can get it. So, your privacy is as good as your least discrete friend's judgment.

But issues around abusing privacy aren't new for Facebook. They have these types of issues a few times a year, every year. Flash back to the launch of Beacon:

"Facebook still collects your data. Whether or not they show it onscreen or not is only marginally relevant. They have records of how you have used their site, and that information is valuable to people who want to sell you things."

Facebook has a well worn track record of disastrous handling of user data. In the beginning of 2009, Facebook pre-emptively changed their ToS. People were not happy, but people should not be surprised, as this is normal behavior for Facebook.

And Facebook's current "privacy policy" has some gems -- really, there are too many to list, but my favorite is probably from Section 3: Information You Share With Third Parties: "We take steps to ensure that others use information that you share on Facebook in a manner consistent with your privacy settings, but we cannot guarantee that they will follow our rules." Translation: People will get your information through our site, and we don't really have much/any control over what they do with your information.

And, of course, Facebook can change their privacy settings at will, thus eliminating the illusory value of these settings in the first place, as illustrated by this very conversation.

Some other good reads on this:

The Facebook Blog: http://blog.facebook.com/blog.php?post=197943902130
Electronic Frontier Foundation: http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-...
From ReadWriteWeb: http://www.readwriteweb.com/archives/facebooks_privacy_move_violates_con...

Why Facebook Blows

Posted June 24th, 2009 by Bill

Some thoughts after reading this piece in Wired (although this actual blog post could have been written anytime in the last few years).

Let's imagine that the US Government announced that they had started a web site. On this site, you needed to enter your personal information, including an address, and various interests. Once this was done, you could tell the government – via the web site – all about your day to day activities: what you read, where you were going, what movies you like, etc. Then, you could identify your friends, and upload pictures and video of these friends.

This is a small subset of what Facebook users do every day, by choice. Facebook is probably the single largest opt-in surveillance program ever seen. If any government ever tried to build a site like this – even with an ostensibly worthwhile goal, like mapping public services to people based on interest, geographic location, and perceived need – the outcry would be deafening.

Facebook's "services" – and I'm thinking specifically of Facebook Connect – extend that surveillance to what people do on sites outside of Facebook. However, Facebook's internal search – powered by their deal with Microsoft – will provide an enormous amount of raw data about what individual people want. Given that these searches will be conducted by people logged in to Facebook, the search strings used can be mapped to specific individuals. As we have seen before, even a little bit of information about search strings can lead to some awkward revelations.

When people get a glimpse of how much Facebook knows about them, they generally freak out. Yet, the freak outs subside, and people keep plugging away, adding more data into the system.

Okay, time to go. Need to update my status:

Adjusted my tinfoil hat. It had tilted precariously back, exposing most of my frontal lobe.

Google Apps, and Privacy

Posted March 12th, 2009 by Bill

I came across another discussion on the use of Google Apps within K12 organizations -- this is a lightly edited version of my reply in that thread:

With Google Apps, the real value for Google isn't in "owning" your content. The value for them is in mining it, and then using that information to hone their business selling ads and working with affiliate advertisers -- and their privacy policy expressly states that your data will be used in this way.

From Google's Privacy Policy, at http://www.google.com/privacypolicy.html

Log information – When you access Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser.

So, they can track a request for a specific web site to a specific user, and can keep track of what an individual does over time.

Affiliated Google Services on other sites – We offer some of our services on or through other web sites. Personal information that you provide to those sites may be sent to Google in order to deliver the service. We process such information under this Privacy Policy. The affiliated sites through which our services are offered may have different privacy practices and we encourage you to read their privacy policies.

The approximate translation: when using Google Apps, you might get sent to another site, and this site might have a different privacy policy, and this site might share a different set of your private information with us. You may or may not know when this is happening, but it's your responsibility to know when to check for the privacy policy of these sites.

Then, the policy goes on to list why Google is collecting this information:

Providing our services, including the display of customized content and advertising;

Auditing, research and analysis in order to maintain, protect and improve our services;

I've chosen a very small section of the privacy policy here, but the full policy goes into much more detail, including info about geographical data.

For a sense of what can be inferred from even very rough user data, take a look at the fallout that occurred when AOL released search data from it's userbase. This search data is nowhere near as precise as what Google collects, but it still revealed an astonishing range of information about its users.

So, when schools are using Google Apps, every member of that community is participating in unpaid marketing research. If you are buying Google Apps as part of a service, you are paying to participate in market research.

As a closing thought, I'd like to hear the conversation that ensued if a person walked into the head of school's/principal's office and said the following:

"I'd like to enroll all of our Middle School students in an unpaid marketing research program. They'll never know it's going on, and every facet of their online collaboration will be tracked as part of the study. Oh, and it comes with email."