Here are a few stories of interest concerning privacy that I found during the holiday break:
We’ve discussed before how data from social-networking sites such as Facebook and MySpace are being used to gather evidence in criminal trials, against employees and applicants to jobs (including police recruits), applicants to colleges and graduate schools, politicians and high school students. Now, the Jerusalem Post reports that social-networking sites are being used to catch women suspected of avoiding military service in Israel:
The IDF says it has used Facebook to help catch 1,000 women lying about their religious background to avoid military service. On Monday, the Knesset Foreign Affairs and Defense Committee and the Constitution, Law and Justice Committee met to discuss religious women’s exemption from military service.
Brig.-Gen. Amir Rogovsky told the committees that the IDF has six investigation offices looking for women who falsely declare that they are religious. One woman who claimed to be observant posted a photo on Facebook of herself eating in a non-kosher restaurant, and women posting photos in immodest clothing were also reported.
Investigators also sent invitations to parties ostensibly taking place on Friday nights, and then caught the “religious” women who came. […]
Religious women are exempt from the army, if they sign a declaration that they maintain a religious lifestyle, do not travel on Shabbat and do not eat non-kosher foods. The military has 60 days to challenge the declaration.
Cloud computing contracts often contain significant business risks for end user organisations, according to independent research by UK academics. Some contracts even have clauses disclaiming responsibility for keeping the user’s data secure or intact. Others reserve the right to terminate accounts for apparent lack of use, which is potentially important if they are used for occasional backup or disaster recovery purposes, according to the Cloud Legal Project at Queen Mary, University of London. […]
The Cloud Legal Project surveyed 31 Cloud computing contracts from 27 different providers and found that many included clauses that could have a significant impact, often negative, on the rights and interests of customers. Only three of the contracts surveyed – Google Apps Premier, Iron Mountain and Salesforce CRM – state that changes to the T&C may only be in writing with the agreement of both parties. […]
The Cloud Legal Project survey found that many Cloud providers claimed to be able to amend their contracts unilaterally, simply by posting an updated version on the web. […]
While the validity of these terms may be challenged under consumer protection laws, “users of cloud services may face practical obstacles to bringing a claim for data loss or privacy breach against a provider that seems local online but is in fact based in another continent,” the authors warn.
In May, Congressman Rick Boucher (D-Va.) and Cliff Stearns (R-Fla.) — who are Chairman and Ranking Member of the Subcommittee on Communications, Technology, and the Internet of the U.S. House Committee on Energy and Commerce — released a discussion draft of a new privacy bill. Privacy Lives joined nine leading privacy and consumer organizations in calling for changes to the Boucher-Stearns bill, urging much stronger provisions to protect consumer privacy both online and off.
In July, Congressman Bobby Rush (D-Illinois) (Chairman of the Subcommittee on Commerce, Trade, and Consumer Protection of the U.S. House Committee on Energy and Commerce) introduced a privacy bill (pdf) called the Best Practices Act of 2010. And he held a hearing, where advocates and industry representatives debated the provisions of the legislation. A new hearing is scheduled for Dec. 2, reports the National Journal:
A House Energy and Commerce subcommittee plans to hold a hearing next week on whether Congress should pass legislation mandating the creation of a “do-not-track” list that could allow consumers to opt-out of being tracked while on the Internet.
The Dec. 2nd hearing is being held by the Commerce, Trade and Consumer Protection Subcommittee. Subcommittee Chairman Bobby Rush, D-Ill., introduced privacy legislation earlier this year. A Rush aide told Tech Daily Dose last month that Rush is weighing whether to add legislation to his privacy bill that would mandate the creation of a do-not-track list, which would be modeled after the Do-Not-Call list that allows consumers to opt out of receiving most telemarketing calls.
The Wall Street Journal continues its in-depth report, “What They Know,” about the state of surveillance in the United States and how these surveillance programs affect individual privacy. In the latest installment, the Journal reports on a consumer profiling technology called “deep packet inspection.” DPI is confusing to most consumers. Here is a simplified explanation of how this works: When you send an e-mail or visit a Web site, your information is broken into packets of data and directed to the Internet destination requested. Internet Service Providers (“ISPs”) have traditionally only done DPI (where you can read the contents of an e-mail or determine which Web site a customer visits) in order to do systems testing (identifying computer viruses, etc.). Technological advances have made DPI easier, and the content-reading can be done in almost real-time. The Journal says the use of deep packet inspection for targeted behavioral advertising to online consumers is on the cusp of resurgence:
The technology, known as “deep packet inspection,” is capable of reading and analyzing the “packets” of data traveling across the Internet. It can be far more powerful than “cookies” and other techniques commonly used to track people online because it can be used to monitor all online activity, not just Web browsing. Spy agencies use the technology for surveillance.
Now, two U.S. companies, Kindsight Inc. and Phorm Inc., are pitching deep packet inspection services as a way for Internet service providers to claim a share of the lucrative online ad market. Kindsight and Phorm say they protect people’s privacy with steps that include obtaining their consent. They also say they don’t use the full power of the technology, and refrain from reading email and analyzing sensitive online activities.
Use of deep packet inspection this way would nonetheless give advertisers the ability to show ads to people based on extremely detailed profiles of their Internet activity. To persuade Internet users to opt in to be profiled, Kindsight will offer a free security service, while Phorm promises to provide customized web content such as news articles tailored to users’ interests. Both would share ad revenue with the ISPs. […]
Two large ISPs in Brazil—Oi, a unit of Tele Norte Leste Participacoes SA, and Telefonica SA—currently have deals with Phorm. Oi, Brazil’s largest broadband provider with about 4.5 million customers, has launched the product initially with about 10,000 people in Rio De Janeiro. […]
This isn’t the first time ISPs have tried this. Two years ago, ISPs in the U.S. and Britain signed deals with companies offering deep packet inspection services and a cut of ad revenue. Those pacts fell apart after a privacy outcry. In the U.K., an uproar ensued after BT Group PLC admitted it had tested Phorm’s technology on some subscribers without telling them. Last year, BT and two other British ISPs that explored deploying Phorm’s service—Virgin Media Inc. and TalkTalk—abandoned it.