In November, Privacy Lives joined 28 groups (including the Center for Democracy & Technology, Center for National Security Studies, and Special Libraries Association) in sending a letter (pdf) to the White House urging that the administration make the Privacy and Civil Liberties Oversight Board selection process “a priority and ensure that nominations to the Board are made to the Senate before the end of the first session of the 111th Congress, so that a Board can be seated early next year.” Several months later, the Board remains vacant and no nominations have been made. (For the history of the Board, read a previous post.)

Now, Privacy Lives joins more than 30 groups (including the ACLU, American Library Association, Defending Dissent Foundation and September 11th Families for Peaceful Tomorrows) in again urging (pdf) President Obama nominate individuals to fill the board. The groups explained that it is more critical than ever that the board convene. “As a result of the attempted Christmas Day bombing, your Administration and Congress are considering numerous policy changes that impact the privacy and freedoms of Americans, including expanding watch lists and more intrusive searches at airports. It is crucial that you nominate qualified individuals to serve on the PCLOB, so that it may begin to provide guidance as new policies and procedures are developed.” Read more »

What’s “digital signage”? Most people have heard of the term connected with billboards or other screens that have cameras (and facial-recognition technology) to watch people watching ads in order to improve their marketing. The digital signs log data such as gender, approximate age and how long someone looks at an advertisement. This is supposed to help build a better billboard — one that is tailored specifically to the individual standing in front of it. However, the data-gathering and surveillance practices raise substantial privacy questions.

One example of digital signage advertising is the Castrol project in the UK. The oil company bought the car registration data of millions of motorists. Then, the company set up giant digital billboards that scanned UK motorists’ license plates, ran the plates through a database and instantly displayed on the billboards what the best oil would be for that specific driver’s car. The license-plate scanning technology allowed each car to be read as if it were tagged with data, and that tagged data interacted with the intelligent computing technology in the billboard, allowing for advertising targeted to that specific driver. There was a public uproar, and the company quickly ended the project.

The advertising industry is aware of the significant privacy questions raised by the use of digital signage. POPAI (a digital signage industry association) released “Best Practices: Recommended Code of Conduct for Consumer Tracking Research,” but these best practices are not enough. Privacy and consumer groups have released two new sets of privacy protection frameworks for the digital signage industry. Read more »

In a story about the Apple iPad (an electronic touch screen tablet that will be released next month), the Financial Times reveals something interesting about Apple and privacy: the company restricts the consumer data it shares with its partners. This has caused problems in the company’s negotiations for content with newspaper and magazine publishers, the Times reports. Content publishers and providers mine and track consumer data in order to target behavioral advertising.

Ownership of subscriber information and pricing have emerged as key issues.

Apple’s practice of sharing with its partners little consumer data beyond sales volume is a problem. “Is it a dealbreaker? It’s pretty damn close,” said one senior media executive of a US metropolitan daily newspaper.

Publishers have spent decades collecting information about subscribers that influence marketing plans and, in some cases, the content of the publication itself. Apple’s policy would separate them from their most valuable asset, publishing executives said.

Behavioral advertising is where a user’s online activity is tracked so that ads can be served based on the user’s behavior. Increasingly, electronic information from consumers is collected, compiled, and sold — this is all done without reasonable safeguards. Privacy Lives has urged federal agencies, lawmakers, and the advertising industry to strengthen protections of consumer privacy. Read more »

On Friday, Privacy Lives joined eight groups in filing comments (pdf) to the Federal Communications Commission in response to a public notice (pdf) in which the agency sought comments on “on the use of personal information, identity management services, and privacy protection against broadband applications.” The groups urged the FCC to consider all avenues it may use to protect consumers, “including exercising its ancillary jurisdiction to address broadband privacy issues, and working with Congress and the Federal Trade Commission (“FTC”), which has substantial expertise in consumer privacy protection.”

MediaPost includes the groups’ filing in a story about a filing by the Interactive Advertising Bureau (the online marketing industry’s principal trade and lobbying group) that urges the FCC against addressing privacy questions as part of the agency’s broadband plan.

“IAB believes that regulation by the commission, or potentially conflicting regulations from multiple government agencies, could stifle the Internet,” the trade group said in a letter to the FCC. “Existing robust self-regulatory principles provide consumers with strong protections in a manner that has allowed the Internet to thrive, thereby benefiting the U.S. economy.” [...]

The group reiterated its stance that Web companies can protect consumers’ privacy by complying with self-regulatory principles. “Unlike formal regulations, which can become quickly outdated in the face of evolving technologies, self-regulation provides industry with a nimble way of responding to new challenges presented by the evolving Internet ecosystem,” states the letter, which was signed by IAB Vice President for Public Policy Mike Zaneis. [...] Read more »

Privacy Lives joins eight groups in submitting comments (pdf) to the Federal Communications Commission recommending stronger consumer privacy protections. The FCC sought comments (pdf) “on the use of personal information, identity management services, and privacy protection against broadband applications.” The groups said that “substantial threats to our privacy and related consumer protection issues” can arise from the business practices and policies of broadband, mobile and other advertising companies.

The consumer advocacy groups said: “(1) There are significant problems concerning the collection and use of personal data by companies, especially sensitive data and children’s data; (2) The FCC should not rely on industry self-regulatory models because they do not adequately protect consumer privacy; and (3) The principles and standards that should serve as the foundation of consumer privacy protection should be the Fair Information Practices, especially as they are implemented in the OECD Guidelines on data privacy.” The Fair Information Practices were created in 1973 by the U.S. Department of Health, Education and Welfare. “Congress has reaffirmed its commitment to the Fair Information Practices numerous times. Congress used the Fair Information Practices as the basis of the Privacy Act of 1974, which restricts the amount of personal data that Federal agencies can collect and requires agencies to be transparent in their information practices. When Congress created the Department of Homeland Security’s Privacy Office several years ago, Fair Information Practices were included in the establishing legislation,” the groups said.

In explaining point (2), the groups said that both sets of self-regulatory guidelines by the U.S. Interactive Advertising Bureau (“IAB”), the online marketing industry’s principal trade and lobbying group, [guidelines here (pdf)] and Network Advertising Initiative [guidelines here (pdf)] have narrow definitions for “sensitive information” and “personally identifiable information,” focusing on the traditional ideas of identification numbers or addresses. Read more »

I launched this blog on May 22, 2008, and I am amazed that I have already hit 1,000 posts. It feels like I just started writing about daily intrusions into individual privacy. Some days have been better than others, but I continue to enjoy working on this site. I am appreciative of my readers’ support and your engaging questions. I will continue writing about privacy and civiil liberty issues and hope that you will keep reading for the next 1,000 posts. Here are a few posts that I found most interesting from the last year and a half.

• FBI Solicits Informants to Infiltrate Protests, Again

• Charter Drops Plan to Track Customers’ Browsing, But Two Other Companies Consider Same Tactics

• Google, Viacom Agree to Mask User IDs, IP Addresses in YouTube Case

• European Court of Human Rights: Keeping Innocent Individuals’ DNA in Criminal Database Violates Human Rights

• Update: Supreme Court Upholds Search Arising From Error In Police Database

• Department of Justice Report: 3.4 Million Americans Are Victims of Stalking

• What the Federal Government Is Saying About Fusion Centers and Civil Liberties

• Senate Democrats Propose to Require All U.S. Workers to Submit Fingerprints, Eye Scans

• Privacy and the Erin Andrews Secret Videotape Case

• Taking a Closer Look at Cloud Computing, Privacy and Security