I attended this year’s Computers, Freedom, and Privacy conference and spent time in sessions on privacy in large data sets, deep packet inspection and network neutrality, the role of privacy in venture capital pitches, and what businesses are doing to secure privacy. In addition, a collection of us worked for some time to produce a rough draft of the Social Network Users’ Bill of Rights that was subsequently discussed and ratified by the conference participants. In this post, I want to speak to the motivations of the Bill of Rights, characteristics of social networking and Bill proper, a few hopeful outcomes resulting from the Bill’s instantiation and conclude by denoting a concerns around the Bill’s creation and consequent challenges for moving it forward.
First, let me speak to the motivation behind the Bill. Social networking environments are increasingly becoming the places where individuals store key information – contact information, photos, thoughts and reflections, video – and genuinely becoming integrated into the political. This integration was particularly poignantly demonstrated last year when the American State Department asked Twitter to delay upgrades that would disrupt service and stem the information flowing out of Iran following the illegitimate election of President Ahmadinejad. Social networks have already been tied into the economic and social landscapes in profound ways: we see infrastructure costs for maintaining core business functionality approaching zero and the labor that was historically required for initiating conversations and meetings, to say nothing of shared authorship, have been integrated into social networking platforms themselves. Social networking, under this rubric, extends beyond sites such as Facebook and MySpace, and encapsulate companies like Google and Yahoo!, WordPress, and Digg, and their associated product offerings. Social networking extends well beyond social media; we can turn to Mashable’s collection of twenty characteristics included in the term ’social networking’ for guidance as to what the term captures: Read more…
One of the largest network vendors in the world is planning to offer their ISP partners an opportunity to modify HTTP headers to get ISPs into the advertising racket. Juniper Networks, which sells routers to ISPs, is partnering with Feeva, an advertising solutions company, to modify data packets’ header information so that the packets will include geographic information. These modified packets will be transmitted to any and all websites that the customer visits, and will see individuals receive targeted advertisements according to their geographical location. Effectively, Juniper’s proposal may see ISPs leverage their existing customer service information to modify customers’ data traffic for the purposes of enhancing the geographic relevance of online advertising. This poses an extreme danger to citizens’ locational and communicative privacy.
Should ISPs adopt Juniper’s add-on, we will be witnessing yet another instance of repugnant ‘innovation’ that ISPs are regularly demonstrating in their efforts to enhance their revenue streams. We have already seen them forcibly redirect customers’ DNS requests to ad-laden pages, provide (ineffective) ‘anti-infringement’ software to shield citizens from threats posed by three-strikes laws, and alter the payload content of data packets for advertising. After touching the payload – and oftentimes being burned by regulators – it seems as though the header is the next point of the packet that is to be modified in the sole interest of the ISPs and to the detriment of customers’ privacy. Read more…
Apple’s entrance into the mobile advertising marketplace was born with their announcement of iAd. Alongside iAd comes persistent locational surveillance of Apple’s customers for the advantage of advertisers and Apple. The company’s advertising platform is controversial because Apple gives it a privileged position in their operating system, iOS4, and because the platform can draw on an iPhone’s locational awareness (using the phone’s GPS functionality) to deliver up targeted ads.
In this post I’m going to first give a brief background on iAd and some of the broader issues surrounding Apple’s deployment of their advertising platform. From there, I want to recap what Steve Jobs stated in a recent interview at the All Things Digital 8 concerning how Apple approaches locational surveillance through their mobile devices and then launch into an analysis of Apple’s recently changed terms of service for iOS4 devices as it relates to collecting, sharing, and retaining records on an iPhone’s geographic location. I’ll finish by noting that Apple may have inadvertently gotten itself into serious trouble as a result of its heavy-handed control of the iAd environment combined with modifying the privacy-related elements of their terms of service: Apple seems to have awoken the German data protection authorities. Hopefully the Germans can bring some transparency to a company regularly cloaked in secrecy.
Apple launched the iAd beta earlier this year and integrates the advertising platform into their mobile environment such that ads are seen within applications, and clicking on ads avoids taking individuals out of the particular applications that the customers are using. iAds can access core iOS4 functionality, including locational information, and can be coded using HTML 5 to provide rich advertising experiences. iAd was only made possible following Apple’s January acquisition of Quattro, a mobile advertising agency. Quattro was purchased after Apple was previously foiled in acquiring AdMob by Google last year (with the FTC recently citing iAd as a contributing reason why the Google transaction was permitted to go through). Ostensibly, the rich advertising from iAds is intended to help developers produce cheap and free applications for Apple’s mobile devices while retaining a long-term, ad-based, revenue stream. Arguably, with Apple taking a 40% cut of all advertising revenue and limiting access to the largest rich-media mobile platform in the world, advertising makes sense for their own bottom line and its just nice that they can ‘help’ developers along the way… Read more…
Forrester has come out with a report that, in Susana Schwartz’s summary, “suggests that more should be done to integrate data about [ISPs’] customers’ online behaviours to offline systems.” In effect, to assist ISPs monetize their networks they need to aggregate a lot more data, in very intelligent ways. The killer section of the actual report is summarized by a Forrester researcher as follows:
“By integrating online and offline data, operators and their enterprise customers could add information about customers’ online behaviors to existing customer profiles so that CSRs could more efficiently handle calls and provide more relevant cross sell/upsell opportunities,” Stanhope said. “So much of the customer experience now comes from online activities that there is a huge repository of data that should be pushed deeper into enterprises for insights about interactions; enterprises collect so much data about what people do and see on their Web sites, yet they do little to draw insight.”
The aim of this is to ‘help’ customers find services they unknowingly are interested in, while making ‘more intelligence’ available to customer service representatives when customers call in. We’re talking about a genuinely massive aggregation of data that goes through ISP gateways and a dissolution of Chinese firewalls that presently segregate network logs with (most) subscriber information. Just so you don’t think that I’m reading into this too deeply, Stanhope (a senior analyst of consumer intelligence with Forrester Research) said to Schwartz:
Our clients are starting to plan for and lay the technical foundational by looking at how to bring together disparate environments, like CRM databases and customer databases, and then what they have to do to gather Web data, social media and search data so they can leverage what they already have … Many are now starting to look at how that can be a hub for Web data, which can be leveraged by other systems.
It’s this kind of language that gets privacy advocates both annoyed and worried. Annoyed, because such a massive aggregation and usage of personal data would constitute a gross privacy violation - both in terms of national laws and social norms - and worried because of the relative opaque curtain separating their investigations from the goings-on of ISPs. When we read words such as Stanhope’s, correlate it with the vendor-speak surrounding deep packet inspection, and look at the technology’s usage in developing consumer profiles, there is a feeling that everyone is saying that DPI won’t and can’t be used for massive data aggregation as configured…but it could and (Stanhope hopes) likely will once the time is right.
Canada has a strong regulatory position against the use of DPI or other network forensics for the kind of actions that Stanhope is encouraging. This said, given that ‘research’ groups like Forrester along with other parties that pitch products to ISPs are making similar noises (as demonstrated at last year’s Canadian Telecom Summit) a nagging pit in my stomach reminds me that constant vigilance is required to maintain those regulatory positions and keep ISPs from bitting into a very profitable - but poisonous for Canadians’ privacy - apple.
