Ars Technica has an interview with Google’s deputy general counsel Nicole Wong and security/privacy engineer Alma Whitten about privacy issues related to the company’s products and services. “While the “good guy/bad guy” and “don’t be evil” quotes may seem too cute by half to some, Wong and Whitten made a strong pitch for the truth of both slogans. In their view, Google really is fighting the good fight when it comes to your online privacy,” Ars Technica says.

Google logs an astonishing amount of data, including the search logs from its flagship product. It keeps this data indefinitely, so searching for a combination of yourwife’sname and youraddress and “rat poison in her cereal” is not a particularly smart idea (though search users do this sort of thing anyway).

But the company does “anonymize” this data eventually. The last octet of the IP address is wiped after nine months, which means there are 254 possibilities for the IP address in question (.0 and .255 are reserved addresses). After 18 months, Google anonymizes the unique cookie data stored in these logs. Read more »

NextGov reports on a presentation at the RSA Conference about privacy by security expert Bruce Schneier.

The session focused on the responsibilities that all generations currently hold to protect privacy and ensure individuals, not technological systems, have control.

Young people are used to living very public lives, Schneier said, but they also put a high priority on protecting their privacy. At the same time, while social networking sites appear to tout privacy, they deliberately make it difficult to be salient, he added. And as more and more children grow up around social networking, new social norms will be set. [...]

As a result, Schneier suggested that it’s the responsibility of all generations to come together to either accept the new balance of privacy that technology comes up with, or work to set the balance. [...]

“My prediction is that just as we today look back at the beginning of the previous century and wonder how the titans of industry could ignore pollution, our children are going to look at us on decisions we made about protecting privacy and giving individuals control,” Schneier said.

The San Jose Mercury News reports on an issue I’ve discussed before: digital signage advertising and the privacy questions related to that type of targeted behavioral marketing.

Using technology from top Silicon Valley companies such as Cisco and Intel, advertisers are creating a new breed of digital signs that can be customized depending on a viewer’s age and gender.

Already starting to appear in selected malls and other spots around the country, the signs have the potential to revolutionize the retailing industry, but their intrusiveness has led to criticism from privacy advocates and nervousness from some in the marketing industry itself. [...]

Businesses insist the signs are good for them and for consumers because they can offer more focused and effective advertising. [...] Read more »

The Congressional Research Service (a nonpartisan department of the Library of Congress created to assist legislators) has published a report concerning the federal government’s information security capabilities and data privacy protections. The report, “Federal Information Security and Data Breach Notification Laws, RL34120 (Jan. 28, 2010)” is available through Open CRS. Not all CRS reports are made public, though the department is funded by taxpayer money. Open CRS, a project of the Center for Democracy & Technology, gathers and archives publicly accessible CRS Reports, ones that are already in the public domain. Here’s the summary:

The following report describes information security and data breach notification requirements included in the Privacy Act, the Federal Information Security Management Act, Office of Management and Budget Guidance, the Veterans Affairs Information Security Act, the Health Insurance Portability and Accountability Act, the Health Information Technology for Economic and Clinical Health Act, the Gramm-Leach-Bliley Act, the Federal Trade Commission Act, and the Fair Credit Reporting Act. Also included in this report is a brief summary of the Payment Card Industry Data Security Standard (PCI DSS), an industry regulation developed by VISA, MasterCard, and other bank card distributors. Read more »

The Associated Press reports that the federal government is trying to calm fears among the public about the security and privacy of Census data.

In a letter to Congress, the Obama administration provided its legal position that census data cannot be disclosed under the Patriot Act, the nation’s main counterterrorism law. The government has previously given legal assurances the information will not be used for immigration enforcement.

“If Congress intended to override these protections it would say so clearly and explicitly,” wrote Assistant Attorney General Ronald Weich.

The legal assurance had been a sticking point for some minority groups, particularly South Asian and Muslim Americans, who argued that an ambiguity in federal laws could leave their census data open for use in prosecutions involving national security. Some said they could not feel confident in filling out the forms based on solely the verbal promises of Commerce Secretary Gary Locke and other census officials who said the data will not be shared with other federal agencies. [...] Read more »

Science Daily reports on a new study by researchers at Duke University and Emory University concerning a possible targeted behavioral advertising tool.

So-called “neuromarketing” takes the tools of modern brain science, like the functional MRI, and applies them to the somewhat abstract likes and dislikes of customer decision-making.

Though this raises the specter of marketers being able to read people’s minds (more than they already do), neuromarketing may prove to be an affordable way for marketers to gather information that was previously unobtainable, or that consumers themselves may not even be fully aware of, says Dan Ariely, the James B. Duke professor of psychology and behavioral economics at Duke. [...]

Neuromarketing may never be cheap enough to replace focus groups and other methods used to assess existing products and advertising, but it could have real promise in gauging the conscious and unconscious reactions of consumers in the design phase of such varied products as “food, entertainment, buildings and political candidates,” Ariely says.