Wednesday, October 17, 2007

Facebook ordered to get tougher on privacy for children

In response to a spate of issues involving sexual predators using MySpace, Facebook began promoting itself as a safe online environment for children. To test their claims, investigators from the New York Attorney General’s office posed as teenagers and within a matter of days after posting their profiles on Facebook, had received numerous sexually suggestive messages from adults. Their complaints, registered using Facebook’s online form, went unanswered for weeks.

As a result of their investigation, New York state prosecutors accused Facebook of false advertising and the New York Times reports that yesterday, Facebook was ordered to immediately post stronger warnings about the risks to children using the site and to provide a quicker response to thousands of complaints daily about inappropriate sexual messages.

The changes are part of a settlement with the New York attorney general, Andrew M. Cuomo, whose office last month announced that it had been investigating whether the Web site misled users by promoting itself as a place where minors were safe from sexual predators.

Mr. Cuomo said the settlement would serve as a “new model” under which law enforcement and Internet companies could work together to protect children and recognize that they share responsibility to police illegal activity online.
By using consumer-protection laws to tackle the thorny problem of Internet safety, Mr. Cuomo appears to be building on the tactics of his predecessor, Gov. Eliot Spitzer, who used state laws to prosecute fraud on Wall Street.

“Any site where you are attracting young people, you must assume you are simultaneously attracting those who would prey on young people,” Mr. Cuomo said in an interview. “Whether you are a shoe company or you’re an Internet company, consumer protection laws apply.”

Chris Kelly, Facebook’s chief privacy officer, stood beside Mr. Cuomo to announce the deal and called the settlement part of the company’s effort to grow while maintaining users’ sense of safety and community. “We actually think we’ll end up attracting more people” because of the new measures, he said.

The settlement also requires Facebook to hire an independent company to track its responses to complaints and to report twice a year to Facebook and the attorney general.

In an earlier post, I expressed concern about Facebook’s default “wide-open” privacy settings and their announcement that profiles would be made available to third parties and eventually over the Internet using an automatic opt-in model. I complained to Facebook about this practice and my particular concern about the risks to minors. While their response was timely, coming within a few days of my original complaint, it completely skirted my concerns about using a negative opt-out, as well as the issue of putting children at risk:

We appreciate your feedback and will take it into consideration moving forward. Please keep in mind that a public search listing is simply a basic search result that allows people to know that you have a Facebook profile even if they do not yet use the site. Your public search listing will only be available if you allow “Everyone” to search for you on Facebook and have the “Allow anyone to see my public search listing” checkbox toggled on. You can adjust these settings from the Search section of the Privacy page.

Also note that people who do not yet use Facebook will not be able to interact with you or view your full information without registering with the site. Your public search listing will not affect any of your normal Search privacy settings. A non-Facebook user viewing your result would see the same search result if they registered with the site.

Your public search listing will also eventually appear in search engine indexes, making it even easier for your friends to connect with you. To change this option, please go to the Search section of the Privacy page and deselect the option to “Allow my public listing to be indexed by external search engines.”

By more efficiently connecting people, we hope that we can make your experience more meaningful on the site. Let me know if you have any further questions.

Thanks for contacting Facebook,

Customer Support Representative
If Facebook truly cared about their users' privacy, and particularly the privacy of minors, their user profiles would default to allow maximum privacy, allowing users to choose to opt in to make their profiles available for searching on the Web. In light of these kinds of policies and their response to valid privacy concerns, it’s encouraging to see the privacy practices of social-networking sites like Facebook coming under closer scrutiny, particularly with respect to the safety of children.

Tuesday, October 9, 2007

Librarians: best knowledge managers for our new world

From the b.eye Business Information Network, Dr. Ramon C. Barquin has an informative article about the role that modern librarians can play in the brave new information world.

If there is one profession that has traditionally been underutilized in terms of the contribution they can make to business intelligence and knowledge management, it is the librarians.

...Finding anything and making sense out of it as we move from intelligence to knowledge will be very challenging. ...I would take every major portal where navigation is a problem and give a group of librarians the job of improving it.

...That is where librarians can make a big difference. Give them the right tools, and they will become the best knowledge managers for our new world.

Read the rest here.

Saturday, October 6, 2007

Homeland Security's Chertoff: more surveillance, less privacy

Americans are increasingly more willing to trade privacy for security, according to a recent Washington Post poll, and comments by Michael Chertoff, U.S. Secretary of Homeland Security at the International Data Protection and Privacy Commissioner's conference in Montreal earlier this week reflect this outlook.

Michael Geist reported on the BBC news site about Chertoff’s presentation at this year’s global privacy conference, where the theme was “Terra Incognita”, the latin term for unknown lands:

In a room full of privacy advocates, Chertoff came not with a peace offering, but rather a confrontational challenge.

He unapologetically made the case for greater surveillance in which governments collect an ever-increasing amount of data about their citizens in the name of security.

For example, in support of his security agenda, he noted that US forces in Iraq once gathered a single fingerprint from a steering wheel of a vehicle that was used in a bombing attack and matched it to one obtained years earlier at a US border crossing.

He added that there was a similar instance in England, where one fingerprint in a London home linked to a bombing was matched to a fingerprint gathered at a US airport (the identified person was actually innocent of wrongdoing, however).

Chertoff explained that in the autumn the US intends to expand its fingerprinting collection program by requiring all non-Canadians entering his country to provide prints of all ten fingers (it currently requires two fingerprints).

In the process, his vision of a broad surveillance society - supported by massive databases of biometric data collected from hundreds of millions of people - presented a chilling future. Rather than terra incognita, Chertoff seemed to say there is a known reality about our future course and there is little that the privacy community can do about it.

David Brin’s book The Transparent Society discusses the illusion of privacy and advocates making most information available to everyone to ensure greater transparency and accountability. Security does seem to be prevailing over privacy, and, ironically, greater openness is regarded as the means to safeguard personal liberties. It’s a frightening prospect in many ways, but perhaps a more palatable option than the current move to consolidate information into the hands of government, corporations, the military or police.

Chertoff's observations are provocative and may lead our privacy commissioners to shift the debate from "privacy versus security" to focus more on issues of accountability and oversight.

Tuesday, September 11, 2007

2020: The future of surveillance

Imagine a world where …

- every single one of your activities outside your home was monitored on closed-circuit cameras

- your computer’s ip address was fixed, allowing anyone to track your activity and making your computer a hot property for thieves wanting to hide their identity

- all monetary currency has disappeared and your electronic transactions are all tracked, unless you pay extra to "scrub" your transaction

- you will be required by law to wear an identity transponder at all times so that you can be readily identified

- your insurance company is able to monitor the groceries you buy and what you consume in a restaurant in order to charge higher rates to subscribers who eat junk foods

These are just some of the predictions forecast in DM News by Robert Gellman, a Washington-based privacy and information policy consultant and former chief counsel to the U.S. House subcommittee on information, justice, transportation and agriculture.

2020 is just 13 years away – how close are we to living in the world that Gellman predicts?

Photo by: Gavin Stewart, Creative Commons Attribution 2.0

Thursday, September 6, 2007

Facebook uses negative opt-out to make profiles public

Facebook users received notifications this week that the company is planning to make user profiles available to non-users and eventually make them searchable on the Internet, as reported today by the BBC:

The function will initially allow anyone who is not registered with the site to search for a specific person. More controversially, in a month's time, the feature will also allow people to track down Facebook members via search engines such as Google.

The firm said that the information being revealed is minimal.

… The public search listing will show the thumbnail picture of a Facebook member from their profile page as well as links allowing people to interact with them. But, in order to add someone as a friend or send them a message, the person will have to be registered with Facebook.

Users who want to restrict what information is available to the public or
opt out of the feature altogether can change their privacy settings. They have a
month to do so.

Facebook originated as a “closed” space, targeting university and college students whose e-mail addresses had to originate from their academic institution’s domain. Last year, Facebook opened its service to anyone, but part of the appeal to users is the ability to restrict access to your profile within the Facebook environment.

Now, Facebook is pulling down the walls of their environment and allowing anyone, anywhere to see its users’ profiles – unless users choose to opt out. The negative opt-out technique means that if users do not respond, Facebook will assume they have granted permission for their profiles to be made public.

Roger’s Cable in Canada tried the negative option technique in the mid-90’s, delivering a package of new speciality services with automatic increased costs to customers’ bills. Customers were outraged, the company backed away from their plan and by 1999, Canadian parliament outlawed the practice.

The negative opt-out is at best unfair and at worst a huge violation of trust:

It presumes that everyone will read the opt-out notification within the month – there are purportedly 39 million Facebook accounts, a large percentage of which have likely become inactive or are used infrequently, so those users’ information will probably go public without their knowledge or consent.

It takes advantage of a low response rate. Studies have shown that only about 15% of users will respond to a negative opt-out. Facebook stands to make a greater profit using this method than requiring users to opt in.

It takes advantage of the relationship developed between service provider and customer. Facebook is presuming that it can use its customers’ information in whichever way it deems fit, with a minimum of input from users.

It puts users – including minors – at risk by exposing their profile information to the wider world. Many Facebook users are not well-informed about the myriad of privacy settings required to lock down one’s profile. Many users leave their entire profile, including date of birth, workplace, residential neighbourhood and status (e.g. “I’m vacationing in Aruba all week!”) open to entire networks of thousands of members to view. While users’ entire profiles will not be available to search on the Web - not yet, anyway – it opens the door for greater abuse.

In using the negative opt-out technique, Facebook is violating the trust and the privacy of millions of loyal users. If users and regulators allow Facebook to proceed with this tactic - what's next? What other web services do you use that may decide to share your personal information or web history with a third party, assuming that your silence to a negative option grants them your "permission"?

Saturday, September 1, 2007

Lessons from the massive privacy breach at

Last week’s massive security breach affecting is a reminder of what is at stake as we all come to rely on web-based services for everything from shopping to dating to job searching. For those unfamiliar with the service, is an international job search site, where employers can post job ads and employees can post their resumes and apply for positions. According to CRN Business:

The stolen data, which was found on a remote server and shut down by this week, included users' names, addresses, phone numbers and e-mail addresses. Symantec security researchers first reported the incident last week, although it's still not clear when the breach first occurred.

The data was collected by the Trojan Infostealer.Monstres, which likely used stolen login credentials of legitimate employment recruiters to gain access to the site's resume database, according to a posting by Symantec researcher Amado Hidalgo on Symantec's Web site. The unsuspecting job seekers whose information was stolen then became the victims of various phishing e-mail scams attempting to empty their bank accounts.
Last week’s reports indicated that a staggering 1.3 million individuals’ data had been stolen, but’s CEO Sal Iannuzzi is now saying that the breach is likely even larger:
To be safe, he said, all users should assume that their contact information has been taken.
While Monster is assuring users that it is working to improve security on their site and contacting users about ways they can ensure their privacy, this is too little too late given that millions of users’ confidential data, including names, residential addresses, e-mail addresses, home telephone numbers, cell phone numbers and employment history have been stolen by individuals who have not been identified or arrested for purposes yet unknown. It is not yet known if any financial transaction data has been stolen.

Ianuzzi offers little comfort to Monster’s customers:
"I want to be clear and I want to be frank: There is no guaranteed fix," Iannuzzi said. "I wish I could say . . . there will be absolutely no way that the Monster site can be compromised. I cannot ever make that promise, and no Internet company can." (emphasis is mine).
This is a sobering reality check to all of us who share information and make transactions on the Web – that there are no iron-clad guarantees for the security of your data, financial or otherwise. It is up to individuals to stop and think before providing any personally identifiable information to access a service or conduct a transaction over the Internet.

Some ways you can reduce your risk:

1. When signing up for a Web service – anything from Facebook to Ticketmaster alerts to a blogging utility – how much personally identifiable information are you required to provide? How important is the service to you when weighed against the risk of your personal data being stolen or unlawfully accessed?

2. Could you access this service in another way? For example, is it possible to apply for a job by e-mailing the employer directly, rather than uploading all of your application data to a Web service?

3. When you are making an on-line purchase, be sure the vendor is providing a secure means of making the transaction – look for the https:// prefix in the URL (e.g. https:// You should see a lock box on your screen if the site is secure.

4. Make sure you run anti-virus software regularly to ensure that key sniffers are not at work on your computer. Because you cannot be assured that this is happening in libraries and internet cafes, don’t access your on-line banking service or make financial transactions on public Internet computers.

5. If you are using a wireless Internet connection, secure it to ensure that no one can access your computer.

6. When making a transaction online, always decline the option for the service to retain your credit card information. The inconvenience of re-keying this information is not worth the risk of a data breach.

7. Vote with your feet and with your money. Don't support companies or services that aren't taking data security seriously. If you have a concern about the amount of personal data you are required to provide in order to access a service, don't go ahead with the transaction. Write the companies and let them know your concerns. Read their privacy policy thoroughly.

Unfortunately, even using these precautions will not eliminate your risk. A few months ago, I wrote about how in-person shoppers at TJ Maxx stores had their credit card information stolen because the company’s databases were breached and they retained the data far longer than required to support the transaction. Regulations to protect consumers are lagging and differ from country to country and within state and provincial jurisdictions. Many companies are lax in protecting consumers and do not provide the level of I.T. support required to secure data.

Most of us wouldn’t leave our houses without locking the doors, but we can so easily become complacent about the amount and type of personal information we share in our day-to-day activities.
Always ask yourself: is the convenience worth the potential risk?

Monday, August 27, 2007

This is Privacy Awareness Week

Privacy Awareness Week is a promotional campaign first initiated by Privacy Victoria (Australia) in 2001. This year, for the first time, Privacy Awareness Week has gone international.

The week is an opportunity for organizations and agencies covered by privacy legislation to promote privacy awareness to their staff, customers, and to the wider community. The theme for Privacy Awareness Week 2007 is ‘Privacy is your business'.

Do you know your rights and obligations with respect to privacy? Organizations, governments, and government agencies in many countries are bound by a variety of privacy laws. As consumers, each of us is responsible to understand what our rights and responsibilities are under those laws.

Learn more about your rights!

In Australia: Privacy Victoria

Tuesday, August 21, 2007

Andrew Feldmar on the Colbert Report

Back in April, I wrote about Canadian researcher Andrew Feldmar, who was held at the border and subsequently barred from entry into the U.S. because a border guard googled his name and discovered he'd tried LSD in the name of scholarly research over 30 years ago.

Last night, the Colbert Report submitted a "Nailed 'em" report on Feldmar's story, which you can view today on the show's website. Today, the Tyee published an account by Feldmar's son about filming the episode, which in typical Colbert style points out the lunacy behind a policy that would bar from entry into the U.S. a respected researcher who has never been charged or convicted of a criminal offense.

Wednesday, July 25, 2007 and Microsoft call for privacy standards

According to PC World, will be the first major search engine to offer an anonymous searching option to users. Their new AskEraser feature will give users the option to request that their search data not be stored.

This is in stark contrast to Google’s recent announcement that they will reduce the time they save search data from over 30 years to “only” two years. In spite of Google’s voluntary reduction in cookie life, European privacy experts, among others, have soundly criticized the lifespan of Google’s cookies:

"Compared to the previous lifetime of 30 years, the period of two years seems to be short," Schaar wrote in an email. "But from a data-protection perspective, and considering the fact that the user's search behaviour is recorded and can be analysed for any purposes, this period is still too long."
Meanwhile, Microsoft has joined in calling on technology leaders to find a way to meet their need for advertising data without compromising user privacy:

"The first step is, we'll be in contact with all the other players in this space and talk about what a summit might look like," said Cullen. "We're very happy to host it, if that's the answer ... both Microsoft and think that this is the time to make this happen."

Microsoft is planning to allow users to opt out of having their search data used to generate targeted advertising on Microsoft's Web sites, and under a new privacy policy, plans to scrub all search query data of any user-identifiable information after 18 months. While this is in part a shot at Google, it is encouraging to see some leadership within the industry to safeguard the privacy of their users’ search data.

The ability to search anonymously is essential in allowing individuals to explore any area of inquiry without fear of discovery or retribution. When companies track user data, their primary motivation is to inform their decisions about advertising. The abuse of search data has additional implications if the data is merged with that of advertisers, as I wrote in an earlier post about the proposed Google and DoubleClick merger.

When search data is breached, the consequences could be far more serious than mere embarassment. About a year ago, AOL inadvertently released the search data for about 650,000 searches on their site and New York Times reporters were actually able to identify one of the searchers. Breaches of this magnitude and specificity could ruin careers and reputations, while creating a chilling effect on the exploration and sharing of ideas over the Internet.

Google needs to stop hedging on privacy and get on board with this initiative.

Tuesday, July 17, 2007

What's next for net neutrality?

Over 29,000 comments were submitted to the FCC since they opened their inquiry into net neutrality in March. About 670 additional comments were filed by groups and individual Internet users yesterday, the deadline for responding.

IT World has a summary of some of the comments received, including this one:
Bonnie Bennett of California seemed to take a more individual approach in her e-mail to the FCC. "Free, unlimited access to the Internet is the modern-day version of how to educate the citizenry of a well-functioning democracy," she wrote. "Big companies and global corporations care a lot about profits and stockholders but not much about educating citizens."

Even Google and Microsoft have been advocating through the Computer & Communications Industry Association for a net neutrality rule to address the lack of competition among broadband providers:

Broadband providers "insult the commission's expertise by summarily proclaiming
the broadband access market competitive without any specific evidence of
competition," the group said.

The other side of the issue was represented in comments by Hands Off the Internet, an advocacy group representing AT&T Inc., Alcatel-Lucent SA, the American Conservative Union and other organizations:

"There is no current or anticipated content discrimination or service degradation justifying new regulations by the commission," wrote Christopher Wolf, co-chairman of Hands Off the Internet. "Moreover, regulation could well thwart Internet growth and make consumer access unfairly expensive."

Tim Berners-Lee, the man who invented the World Wide Web in 1989 at CERN weighed in on the side of regulation in an interview in IT World:

I think it's very important to keep an open Internet for whoever you are. This is called Net neutrality. It's very important to preserve Net neutrality for the future.

So, what’s next? Will government regulation be introduced or will the free market be allowed to determine this issue? Based on what I’ve read in the past month or so, I have a feeling that the FCC will advocate the hands-off approach supported by the recent FTC report, which cited existing anti-trust laws and a complaints procedure to protect consumers. Stay tuned….

Related posts:

Time is running out for net neutrality
Federal Trade Commission report on net neutrality
Net neutrality: 21 days left to save the Internet

Monday, July 9, 2007

Time is running out for Net Neutrality

Just 6 days remain in the Federal Communications Commission’s public inquiry into whether it should protect Net Neutrality and the outlook isn’t good. A few weeks ago, the Federal Trade Commission issued a report recommending against legislation to protect net neutrality. The IDC, one of the few big voices actually in favour of net neutrality, is predicting that “regulation around net neutrality will be decided in favor of facilities-based broadband providers like AT&T, Verizon, and Comcast.”

Why should you care? According to

The consequences of a world without Net Neutrality would be devastating. Innovation would be stifled, competition limited, and access to information restricted. Consumer choice and the free market would be sacrificed to the interests of a few corporate executives.

On the Internet, consumers are in ultimate control — deciding between content, applications and services available anywhere, no matter who owns the network. There's no middleman. But without Net Neutrality, the Internet will look more like cable TV. Network owners will decide which channels, content and applications are available; consumers will have to choose from their menu.

The free and open Internet brings with it the revolutionary possibility that any Internet site could have the reach of a TV or radio station. The loss of Net Neutrality would end this unparalleled opportunity for freedom of expression.

The Internet has always been driven by innovation. Web sites and services succeeded or failed on their own merit. Without Net Neutrality, decisions now made collectively by millions of users will be made in corporate boardrooms. The choice we face now is whether we can choose the content and services we want, or whether the broadband barons will choose for us.

Why should Canadians care? Michael Geist wrote an excellent article in the Toronto Star about Canadian culture and the issue of net neutrality:

Ensuring access is also an important part of the equation, as regulators should preserve the right of Canadians to access the content of their choice on the Internet through net neutrality legislation.

So, if you care, act now while there is still time:

1. Watch the video for a primer on the issue.

2. Learn more. The Digital Nomad has an informative post with links to more information.

3. Sign the petitions at Save the Internet or today.

4. Spread the word through your own blog with a post on the topic and with one of these U.S. badges or Canadian badges.

Tuesday, July 3, 2007

Privacy Rights and Terror Investigations

Two recent developments on the international cooperation front provide some redress to concerns about privacy and information-sharing between governments. The introduction of no-fly lists in the U.S., Canada and the E.U., as well as the increasingly globalised nature of personal information in data banks has raised questions about how this information will be shared with and used by foreign governments.

A tragic example of the failure to provide protection to citizens in these areas is the story of Maher Arar, a story familiar to most Canadians:

Maher Arar, a Syrian-born Canadian citizen was detained during a layover at John F. Kennedy International Airport in September 2002 on his way home to his family in Canada. He was held in solitary confinement in the U.S. for nearly two weeks, interrogated, and denied meaningful access to a lawyer. The Bush administration labeled him a member of Al Qaeda and rendered him, not to Canada, his home and country of citizenship, but to Syrian intelligence authorities, known by the U.S. government to practice torture.While in Syria, he was regularly tortured for almost a year before being released to Canada. Both the Canadian and Syrian governments have publicly cleared Arar of any links to terrorism. The United States government, however, refuses to clear Arar’s name and continues to have both him and his family on a watchlist.
Mr. Arar’s incarceration was the result, in part, of misleading information provided by the RCMP, which eventually led to the resignation of the RCMP commissioner. Following Mr. Arar’s return to Canada, there were several intentional disclosures to the public from his file, which appeared to be made in order to justify the actions of the security agencies involved. These disclosures were in violation of Mr. Arar’s privacy rights.

In our increasingly globalised economy, the volume of personal data crossing borders represents a growing threat to personal privacy. In an effort to counter the threat, the Organization for Economic Cooperation and Development (OECD) has issued a report proposing amendments to data privacy legislation as well as enhancements to international cooperation in the field of privacy protection:
When personal information moves across borders it may put at increased risk the
ability of individuals to exercise privacy rights to protect themselves from the
unlawful use or disclosure of that information. At the same time, the authorities charged with enforcing privacy laws may find that they are unable to pursue complaints or conduct investigations relating to the activities of organisations outside their borders. Their efforts to work together in the cross-border context may also be hampered by insufficient preventative or remedial powers, inconsistent legal regimes, and practical obstacles like resource constraints. In this context, a consensus has emerged on the need to promote closer co-operation among privacy law enforcement authorities to help them exchange information and carry out investigations with their foreign counterparts.
While most OECD member countries have enacted privacy legislation, Canada's Privacy Commissioner Jennifer Stoddard has pointed out that different rules in different countries were not only causing unease among citizens and companies, but were also leading to more red tape and higher costs.

Meanwhile, The European Union and the U.S. have reached a provisional deal on exchanging information about transatlantic air passengers. According to a TechWorld News story, the U.S. will be required to adhere to "strict data retention obligations," including retaining both used and unused data for no more than five years.
The United States and European Union share views on combating terrorism but
"these activities should be done in full respect for fundamental rights," said
Franco Frattini, the EU's justice and home affairs commissioner.
While privacy protections need to go even further than these two initiatives, it is encouraging to see some developments that attempt to preserve individual privacy rights and hopefully prevent a recurrence of the nightmare that Maher Arar experienced.

Thursday, June 28, 2007

Federal Trade Commission report on Net Neutrality

The Federal Trade Commission (FTC) has issued their report on Broadband Connectivity Competition and are warning against legislation to ensure net neutrality.

An Internet News article reports:

The FTC was unable to find any significant market failure or
demonstrated consumer harm from conduct by broadband providers.

"Policy makers should be wary of calls for network neutrality regulation simply because we do not know what the net effects of potential conduct by broadband providers will be on consumers," the report states. "Similarly, we do not know what net effects regulation to proscribe such conduct would have on consumers."
To learn more, read my earlier post , or click one of the buttons in the sidebar.

Tuesday, June 26, 2007

Update on SBINet and the Arivaca Tower

The Arivaca Tower, part of the Secure Border Initiative or SBINet is getting some attention from U.S. national media. The New York Times , U.S. News and World Report and Washington Technology all have recent in-depth stories.

The launch of the high-tech virtual fence along Arizona's border with Mexico has been delayed due to technical problems. According to an Arizona Republic article:

Boeing has installed all nine portable 98-foot towers, cameras, radar and ground sensors. It has fitted 50 patrol vehicles with computer links. Mobile and central command bases have also been linked to the network. The idea is to give front-line agents and commanders up-to-the-second pictures of all the activity in their areas.But the cameras and sensors convey inconsistent information. Software glitches and integrating all the information have proved challenging.
Today the U.S. Senate voted to revive an immigration bill, supported by both Arizona's senators, that would tighten border security, create a temporary guest worker program and grant immediate legal status to millions of undocumented workers in the United States.

For background information, read my earlier posts about the Arivaca Tower.

Sunday, June 24, 2007

Net Neutrality: 21 days left to save the Internet

When we log on to the Internet, we expect to be able to access any site we want, regardless of whether it is run by a major corporation or a home-based business owner. Net Neutrality means that Internet Service providers cannot discriminate by speeding up or slowing down access to Web content based on its source, ownership or destination.

The largest telecommunications companies want to be able to regulate what we access, including the ability to block their competitor’s sites and to tax content providers to guarantee the speed of delivery of their content.

Save the Internet is a movement in the U.S., urging citizens to tell Congress to preserve Net Neutrality and help ensure that the benefits and promise of the Internet are available to all Americans.

In Canada, Michael Geist has set up a petition at urging the Canadian government to stand up and protect the future of the Canadian Internet.

While the definition of net neutrality is open to some debate, at the core is the commitment to ensuring that Internet service providers treat all content and applications equally with no privileges, degrading of service or prioritization based on the content's source, ownership or destination.
What you can do:

1. Watch the video for a primer on the issue.
2. Learn more. The Digital Nomad has an informative post with links to more information.
3. Sign the petitions at Save the Internet or today.
4. Spread the word through your own blog with a post on the topic and with one of these U.S. badges or Canadian badges.

Act now - there are only 21 days left to preserve a free and open Internet!

Thursday, June 21, 2007

15 Steps: Privacy is your responsibility

When it comes to privacy, many people believe that if they have nothing to hide, they have nothing to fear. In a world where more and more of our personal information is becoming vulnerable, we need to be reminded that privacy is our right and we must take responsibility to protect it.

Even if you are in the “nothing to hide” camp, I highly recommend you read Michael Beck’s (aka The Digital Nomad) privacy series at his blog, The Sovereign Journey. This blog is “dedicated to exploring the use of emerging technology to promote the self-ownership concepts of Natural Law, Personal Freedom, and Self-determination.”

His series will outline the 15 steps that you can take to safeguard your personal privacy. I’ll be up-front: Michael kindly reviewed my blog a few weeks ago and I’m pleased to return the favour, as we share a common interest in keeping the issue of privacy on everyone’s radar screens.

Michael’s newer blog, The Rugged Notebooks Blog, is unique as it specifically reviews technology and gadgets for those with a rugged lifestyle or occupation:

Maybe you are a digital nomad always on the go and need something a little tougher, or you work in harsh surroundings related to heat, humidity, variable atmospheric conditions, or you have an occupation requiring a computer that simply won’t let you down in extreme conditions…no matter if you accidentally drop it in water, in oil, or even a fire, then what you need is a ruggedized computer, aka "RuggedNotebooks”.
So, whether you’re a digital nomad or chained to your desktop, what steps are you taking to safeguard your privacy?

Sunday, June 17, 2007

Canada's No-Fly list could be linked to biometrics

Canada new “no-fly” list, to be known as “Passenger Protect”, takes effect on June 18th and according to an Ottawa Citizen report, the federal transport minister isn’t ruling out linking the names to biometric data in the long term. The Canadian no-fly list will have hundreds of names, rather than the tens of thousands on the U.S. list. Names will be added to the list based on information supplied by CSIS and the RCMP.

In an earlier post, I wrote about the risks associated with biometrics and DNA-enabled travel documents, data security and the potential impact on individual privacy. The first steps toward collecting biometric data are already underway in both the U.S. and Canada:

The United States already scans the fingerprints of foreign visitors entering the country and stores the information in a database. Visitors from Canada and some countries are excluded from the program.

Meanwhile, Transport Canada has bulked up security at airports by issuing biometric ID cards to staff who work in "restricted areas."

Canada’s Privacy Commissioner, Jennifer Stoddart has spoken out against the no-fly list, along with other privacy advocates such as Pippa Lawson, director of CIPPIC. Citizens could be the subject of mistaken identity and personal information collected by governments could make citizens vulnerable when traveling abroad or if their information is stolen or abused. The potential for abuse was highlighted at the Air India inquiry, where a Transport Minister acknowledged that the no-fly list could be shared with foreign governments.

While airlines could be fined up to $25,000 if they disclose personal information about individuals on the list, there appear to be little safeguards provided to prevent foreign governments from using or abusing this information. Passengers who feel they have been mistakenly placed on the no-fly list can appeal to the Office of Reconsideration, but are not allowed to know why their name was originally placed on the list.

Canadians are entitled to strong and rigorous guarantees from their federal government about the uses and limits of the collection and dissemination of personal information. The implications of misuse and abuse are far too serious for anything less.

Friday, June 15, 2007

Privacy has a true market value

An obsessive and self-destructive screenwriter, Albert Feeld finds his life spiraling out of control as he is diagnosed with pancreatic cancer and it seems the characters from his screenplay are coming to life all around him. As he lays on his deathbed, his final strained words to his publisher are: “No … biography!” Three hundred years later, Feeld’s head, which was cryogenically frozen after his death is brought to life in a lab where scientists are studying human memory, but also extracting his memories to be broadcast as a form of entertainment – a future version of reality television. In this dystopian future, a group of terrorists fighting for “Reality or Nothing” are the final guardians of human values, including the right to privacy. As the television mogul capitalizing on Feeld’s memories says: “Who would want made-up stories from a hack when you can mainline into the real thing? At last, privacy has a true market value.”

This is just the briefest synopsis of Dennis Potter’s brilliant companion miniseries Karaoke and Cold Lazarus. You may not have heard of Potter (pictured above), but you’ve probably seen some of his work, such as Pennies from Heaven and The Singing Detective (British and U.S. version). Potter is also a fascinating and tragic individual, who suffered from a rare form of acute psoriasis; a painful condition which left him somewhat disfigured and required frequent hospitalization. He began writing Karaoke and Cold Lazarus shortly after being diagnosed with terminal pancreatic cancer and struggled to complete the stories before his death in March 1994. His wife tragically died one week before him, of breast cancer.

Why am I writing about Dennis Potter and his final works? Because when I saw Karaoke and Cold Lazarus over ten years ago on the CBC, I thought the miniseries was one of the most original, innovative and moving programs I had ever seen. As I’ve been writing so much about privacy on this blog, I recently recalled the image of Daniel Feeld’s severed head with a tear streaming down his cheek after a particularly personal memory is broadcast to the world without his consent. Daniel Feeld, who felt he was losing control when he was alive and feared the publication of a biography following his death, is sentenced to a hellish eternity where he is forced, helpless, to re-live and share his most intimate thoughts and memories.

In our present, where countless private and government databanks have the potential to be merged and form a picture of the most private details of our lives, thoughts and activities, Potter’s words “Privacy has a true market value” seem far more prophetic than they did when this miniseries was first broadcast.

I wish I could link you to the DVD of this great miniseries, but sadly, the rights are being fought out between Channel 4 and the BBC, and no commercial copies exist, so the best I can do is link to Potter’s screenplay. If Channel 4 and the BBC ever get it sorted out – and they owe it to the memory of Potter to do so and to do it soon – I’ll be among the first of Potter’s fans to let you know.

Wednesday, June 13, 2007

TJ Maxx: Privacy and Consumer Apathy

Information Week is reporting on the financial statements for TJ Maxx following the massive security breach last year and – surprise! – sales at the retailer are up 6% over last year.

Given the scale of the breach – customer financial information dating back to 2003 was stolen – and the revelation that TJ Maxx was retaining far more information on customers far longer than required to support the transaction, I am surprised that sales did not go down. What message are customers sending to retailers about the importance of privacy and the trust that consumers place in them when making a transaction? Are customers so weary of hearing about security breaches that they have become apathetic to the issue?

It’s not that TJ Maxx hasn’t made an effort to redress the problem:

The company reported a charge of $20 million, or 0.5% of net sales for the last
quarter of 2006 toward investigating and containing the computer intrusion, work
to improve the company's computer security and systems, communicating with
customers, and technical, legal, and other related costs
And many irate consumers are taking the issue to court:

TJX is facing class-action lawsuits from customers in state and federal courts
in Alabama, California, Illinois, Massachusetts, Michigan, Ohio, and Puerto
Rico, as well as in provincial Canadian courts in Alberta, British Columbia,
Manitoba, Ontario, Quebec, and Saskatchewan. Additional class-action suits from
financial institutions affected by the computer intrusion -- those
credit and debit cards used during the time of the intrusion
-- have been
filed against TJX in federal court in Massachusetts. All-told, nine lawsuits
have been filed against TJX since April 17.
Still, it is stunning that a retailer can expose consumers to one of the largest and most costly security breaches in history and the shoppers just keep on shopping.

Saturday, June 9, 2007

More Local Reaction to the Arivaca Tower

A tip of the hat to Otto at Otto's Random Thoughts, who alerted me to Southwind Dancer, a blog by local Arivacans about the Arivaca Tower. Along with Arivaca AZ Online , this blog provides good insight to the issues facing residents living in the shadow of the Tower. The image at right is a copy of a poster from the Arivaca AZ Online site, which I hope they won't mind me reproducing here. Arivacans appear to be well-organized in their protest against this Department of Homeland Security pilot project (click the "Secure Border Initiative" label at the end of this entry to see all of my previous posts on this topic).

As Otto is leaving Arivaca soon to take the post of Associate Professor of International and Comparative Politics at American University of Central Asia, I wanted to thank him for pointing me to these local resources and wish him all the very best in his exciting new role. I'll be continuing to follow developments on the Arivaca Tower in future posts.

Tuesday, June 5, 2007

Biometrics and DNA-enabled passports

About 10 years ago, a large brown envelope arrived in my mailbox from my old alma mater. It contained a request for me to participate in a long-term research study that the university was undertaking on the effects of drinking water from Lake Ontario, which I had been drinking for most of my life. The large brown envelope also contained a much tinier brown envelope into which I was to deposit the clippings of all ten of my toenails. Once I got past the "ew…gross" factor, I began to ponder the implications of sending away little pieces of my DNA that were to go on file for a decades-long study. Despite the assurances from this well-respected university that my toenail clippings would be kept secure and not used for any other purpose, I opted not to participate, as I just did not feel comfortable with the prospect.

Fast-forward a decade and it appears that our governments will eventually be forcing us to provide DNA samples, if we ever want to travel outside the country, that is. According to a CanWest News report:

Canadians will inevitably have to carry travel documents with their DNA,
biometrics or other biological identifiers in order to ensure secure border
travel to the United States, according to a new white paper to be revealed to
government officials in Ottawa Monday.

Although some technology, such as DNA-enabled passports or driver's
licences, may be a long way off, terror threats and other looming risks mean
governments must begin to seriously consider how they will introduce those
measures in the future, [said Michael Hawes, executive director of the
Foundation for Educational Exchange between Canada and the United States of

The white paper will outline the implications of the U.S.’s Western Hemisphere Travel Initiative, which earlier this year required Canadians flying into the U.S. to carry a passport and which will require all Canadians driving or walking across the border to have a passport by 2008.

A few toenail clippings in a university researcher’s file cabinet are a minor concern compared to a DNA profile being available in electronic format to my own government, let alone a foreign government. While the purpose is to guarantee that I am who I say I am when traveling in and out of my country, what would happen if the electronic representation of my DNA were stolen? Just ask someone who shares a similar name to someone on the U.S. "no-fly" list how easy it is to prove who they are: how much more difficult and dangerous will it be if your DNA profile is stolen or altered?

It raises the question of ownership of the data and informed consent to citizens about how it will be used. Citizens should have assurances that their DNA profile will not be collected or saved by foreign governments and that the information will not be made available to other government agencies or third parties. Genetic information from DNA and other biometric information can be dangerous not only if it is used to assume someone’s identity, but also if it reveals health or social information that could be used in a negative way against the owner.

The use of biometrics and DNA seems inevitable in an increasingly security-obsessed world. As citizens we need to pay very close attention to these initiatives and the laws in place to protect our identity.

Thursday, May 31, 2007

What type of technology user are you?

So, are you an omnivore, a connector or a productivity enhancer? Do you feel connected, but hassled; light, but satisfied; or just plain indifferent? Do you know someone who’s completely off the network?

These are some of the ten distinct groups of users that a recent PEW Internet Study discovered when researching the assets, actions and attitudes of Americans toward information and communication technology (ICT).

The ten groups fit broadly into three categories: high-end or “elite” tech users comprising 31% of American adults, medium or “middle of the road” tech users consisting of 20%, and low-level adopters or those with “few tech assets”, accounting for a whopping 49% of American adults.

Elite Tech Users (31% of American adults)

Omnivores 8% - They have the most information gadgets and services, which they use voraciously to participate in cyberspace and express themselves online and do a range of Web 2.0 activities such as blogging or managing their own Web pages.

Connectors 7% - Between featured-packed cell phones and frequent online use, they connect to people and manage digital content using ICTs – all with high levels of satisfaction about how ICTs let them work with community groups and pursue hobbies.

Lackluster Veterans 8% - They are frequent users of the internet and less avid about cell phones. They are not thrilled with ICT-enabled connectivity.

Productivity Enhancers 8% -They have strongly positive views about how technology lets them keep up with others, do their jobs, and learn new things.

Middle-of-the road Tech Users (20%)

Mobile Centrics 10% - They fully embrace the functionality of their cell phones. They use the internet, but not often, and like how ICTs connect them to others.

Connected But Hassled 10% - They have invested in a lot of technology, but they find the connectivity intrusive and information something of a burden.

Few Tech Assets (49%)

Inexperienced Experimenters 8% - They occasionally take advantage of interactivity, but if they had more experience, they might do more with ICTs.

Light But Satisfied 15% - They have some technology, but it does not play a central role in their daily lives. They are satisfied with what ICTs do for them.

Indifferents 11% - Despite having either cell phones or online access, these users use ICTs only intermittently and find connectivity annoying.

Off the Network 15% - Those with neither cell phones nor internet connectivity tend to be older adults who are content with old media.

This study provides a wealth of information for private sector marketing as well as service planning in the public sector. The fact that almost half of adult Americans make little or no use of ICT, demonstrates that service delivery in the public sector cannot exclude traditional methods, such as television, radio, newspapers and telephone. At the other end of the spectrum, however, are the so-called “elite” for whom ICT is a core component of their lives and who expect ICT to provide all the information and services they require.

Some interesting results about demographics, gender and ethnicity were revealed as well. The typical “omnivore” is a young male in his twenties, while the typical “connector” is a female in her late thirties. “Lackluster veterans” are predominantly white, while “omnivores” are an ethnically diverse group. As exposure to broadband, wireless and other information technologies increasingly happens in schools, the more tech-oriented groups tend to be higher-educated. Not surprisingly, the most tech-oriented groups tend to be decades younger than the least tech-oriented groups.

Given the high adoption rate of cell phone use across all categories, one would expect the availability of WAP-enabled websites and web-based services to increase. Conversely, about 15% of adult Americans don’t have a cellphone and never go online. This “off the network” group, who are in their 60’s and older, are likely to live a long time and are the least likely to transition into new technologies.

While the elites are showing the way of the future, there are a significant number of people with few tech assets who will still require traditional methods of service delivery for many years to come.

Tuesday, May 29, 2007

Blogvertising: Ethics in advertising for bloggers

Many blogs are using pay-per-click ads to generate revenue and as long as the ads don’t get in the way of the content, most readers don’t really mind. Many bloggers, however, are now providing advertising in the form of paid blog posts that are often disguised as spontaneous product reviews. For the reader, this can be misleading, particularly if the writer doesn’t provide a clear statement to indicate that they are providing a paid review.

For the uninitiated, services such as Pay-Per-Post, Review Me and Sponsored Reviews offer pay to bloggers to post product reviews on their blogs. While it isn’t stated explicitly, the expectation certainly appears to be that the paid posts will be largely positive in tone. Bloggers with high traffic ratings will be paid most, as they obviously have a wider audience. The intent of advertisers is to do more than create good “word of mouth” for their products; they are also looking to drive traffic to their own websites, thereby increasing their own ranking on search engines and thus, ensuring a better hit rate at their point of sale.

So, where’s the harm? I don’t have any issue with bloggers trying to generate revenue through their sites. Blogging can be hard work and time-consuming, so a small pay-off for the time and effort seems fair. It becomes harmful when the blogger has developed a trust relationship with readers and then violates it by not being explicit about the intention of their sponsored posts.

Many bloggers use a disclosure policy and badge, such as those provided at to inform readers that they earn revenue from advertisers and that they may endorse products in their writing. But this kind of “blanket” disclosure policy is not sufficient if readers have no way of knowing which post is an authentic, unpaid and therefore, unbiased commentary and which is a paid, and probably biased product review.

The ethical approach for bloggers is three-fold:

1. If you are planning to introduce advertising and paid reviews to your blog, write a post about it so you inform your readers up-front. If you have been developing a following and a trusted relationship with your readers, you owe it to them to be honest.
2. Post a disclosure policy. If your approach to revenue generation changes, be sure to update your policy accordingly.
3. Provide a disclosure statement at the start of each and every paid post, such as “This is a paid review”. It is unethical to omit the statement and very misleading to leave it as a “gotcha!” at the end of the post.
If you’re an interesting blogger with a reputation for being honest with your readers, they will tolerate the occasional paid post, as long as you’re up-front about it. If you’re not, readers will eventually get wise and move on.

Sunday, May 27, 2007

Photos of the new Arivaca Tower

J. Otto Pohl at Otto's Random Thoughts has a link to photos of the Arivaca Tower, which was constructed in just a few days this week. (For the background on this story, please read the following series of posts: SBI#1, SBI#2, and SBI#3.)

The tower is not yet operational, but local citizens are planning to thwart all of the cameras, radar and GPS technology by making full use of recreational land in the immediate vicinity of the tower.
Just a mile and a half from Main Street, it's a perfect place to hike, bike, birdwatch, target practice, picnic, and hold drumming ceremonies on the sacred space it abuts. Let's have some fun!
It will be interesting to see what impact this form of protest will have on the tower's effectiveness in preventing illegal border crossing.

Friday, May 25, 2007

My selections for the Thinking Blogger award

I was selected the other day by Theresa at Sleeping Kitten –Dancing Dog for a Thinking Blogger award. Theresa was recently awarded one herself for writing so eloquently on topics ranging from childhood memories to respecting one’s parents to pride and anger.

The Thinking Blogger meme was started by Ilker Yoldas at The Thinking Blog, with the premise “Too many blogs, not enough thoughts!”. I’m very honoured that Theresa thought that what I’m writing here is thought-provoking, as this blog was intended as a place for me to explore ideas, document my research and hopefully engage others in discussion. I’m pleased to accept the award and pay it forward to five other bloggers because I would like to promote those who think before they write, who do some research, who explore and who ask provocative questions.

In nominating these five*, I want to make it clear that none of them are under any obligation to accept the award, link back to me or to carry on the meme; this is simply an opportunity to point others to blogs that I respect and have come to read regularly:

Adam at One-eyed View – A thought-provoking blogger, writing on everything from technology to politics to the environment to social issues to censorship and popular culture.

Johno at Graphic Design Art and Typography Blog - Explores all of these topics and more. An attractive blog that is also insightful and engaging.

Diamond VVV1 at MyBootsnMe – Exploring regional parks in and around the Vancouver, British Columbia area, with beautiful photos, thoughtful reflections and a style that brings the area to life for the reader.

David at smallSHIFT - This new blog is built around the belief that technology in the hands of passionate users can inspire change, empower individuals and make a difference. This is one to watch.

Stephen at Don’t Trip Up - Extremely well-researched and in-depth analysis of British politics and current affairs, with a centre-left perspective.
I hope you’ll drop by these blogs and see for yourself why they are deserving of the “Thinking Blogger” award.
*Should you choose to participate, please make sure you pass this list of rules to the blogs you are tagging.

The participation rules are simple:
1. If, and only if, you get tagged, write a post with links to 5 blogs that make you think,
2. Link to this post so that people can easily find the exact origin of the meme,
3. Optional: Proudly display the 'Thinking Blogger Award' with a link to the post that you wrote (here is an alternative silver version if gold doesn't fit your blog).

Thursday, May 24, 2007

Unmanned drones secure U.S. borders

It seems the more I read about the U.S. Secure Border Initiative, the less I want to know.

In addition to the networks of towers with radar, video cameras and GPS tracking, Homeland Security will be patrolling sections of the Canadian border with unmanned drones. The Unmanned Aircraft Systems (UAS), known as the MQ-9 Predator "B" or the "Reaper," is a significantly improved version of a variation of the MQ-1 Predator used by the U.S. Air Force in Afghanistan and Iraq. The first will be deployed along the border between North Dakota and Manitoba before the end of 2007.

While fewer than 10,000 people were detained for entering the U.S. illegally via Canada in 2004, U.S. officials are concerned about drug smuggling, terrorist risks and the smuggling of Asian migrants via the northern border.

"What we are looking to build is a virtual fence, a 21st-century virtual fence,"
U.S. Homeland Security Secretary Michael Chertoff said.
In 1987, U.S. President Ronald Reagan stood at the Brandenburg Gate in Berlin and admonished Soviet leader Mikhail Gorbachev to “tear down this wall”. Thirty years later, a virtual wall of surveillance is being constructed along the 49th parallel.

Sunday, May 20, 2007

Local Reaction to the Arivaca Tower and SBInet

Imagine the government is planning to build a 98 foot (30 metre) tower on the edge of your small town, where guards monitoring the adjacent national border will use radar and live video streaming to transmit the images and GPS locations of people crossing the border illegally to the laptops of guards waiting on the ground. At any time in this rural area, a 130 decibel "hailer-horn" could sound, disrupting the peace of your day, startling horses and their riders and scattering local birds and wildlife. Twenty-four hours a day, seven days a week.

This is the reality facing the residents of Arivaca, Arizona, the town which will serve as the pilot project for U.S. Homeland Security’s Secure Border Initiative or SBInet. The tower is scheduled to be erected this week. I wrote a few days ago about the privacy concerns this may raise for Canadian and Mexican citizens living near the U.S. borders and the proposed network of 10,000 kilometres (6,213 miles) of towers. J. Otto Pohl, a resident of Arivaca who has been writing about the tower in his blog Otto’s Random Thoughts pointed me to several local articles about the tower and the reaction of local residents. This is an enormous intrusion in their lives and they have been given very little notice and no real consultation by Homeland Security or Boeing.

What is more discouraging is the tremendous cost and apparent failure of this kind of technology in securing the borders. One year ago, The Washington Post wrote about SBI net and the checkered record of similar kinds of multi-billion dollar surveillance technologies:

If the military could seal a 6,000-mile border for $2 billion, Iraq's borders would have been sealed two years ago," said Andrew F. Krepinevich Jr., executive director of the Center for Strategic and Budgetary Assessments, a defense think tank.
The small town of Arivaca will serve as the proving ground for SBInet and local residents appear to have an uphill battle in ensuring their concerns are heard. Hopefully the amount of international attention given this story will not disappear once the tower goes up.

Meanwhile, under the Western Hemisphere Travel Initiative (WHTI), Canadians are facing huge line-ups at Passport Offices, as under the new American law every Canadian is now expected to produce a passport when flying across the border and a year from now, in order to cross the border by land. Until recently, a driver’s licence was adequate, particularly for a daytrip of cross-border shopping or visiting family and friends. The United States is implementing the WHTI to increase border security. The initiative stems from the Intelligence Reform and Terrorism Prevention Act of 2004, which is based on the 9/11 Commission Report.

Politicians in Canada and the U.S. have often boasted about sharing the longest, undefended border; those days are about to become a distant memory as a vast network of towers and surveillance equipment is erected along the border over the next few years.

Thursday, May 17, 2007

U.S. Border Surveillance Goes High Tech

A high-tech network of nine surveillance towers in Arizona is the first of many more like it to be erected as part of the U.S.’s Secure Border Initiative, the National Post reported today. Residents of the small town with the dubious distinction of serving as a pilot for this initiative are up in arms about the government’s ability to observe and record every public activity in their ordinary lives.

"It's like Big Brother. It will place the whole town under surveillance," said C Hues, a community activist, as residents gathered for a meeting late Tuesday with customs and border patrol representatives.

"The government will be able to watch and record every movement we make, 24 hours a day. It will be like living in a prison yard," she added.

In 2006, over 1 million people were arrested for illegally attempting to cross the Mexican border into the United States. One of the towers to be constructed just south of the town will be 30-metres (98 feet) high and topped with cameras and radar. Images and video captured at the tower will be streamed live to troupers on the ground, along with GPS coordinates.

The ability to monitor the activities of the residents of one town of 1500 may not be a big concern to many people. But the Secure Border Initiative isn’t limited to the little town of Arivaca, Arizona. Over the next few years, similar networks of towers, with cameras and radar will be constructed along over 10,000 kilometres (6,213 miles) of the Mexican and Canadian borders. Conceivably, hundreds of thousands of residents along the borders of all three countries may come under the scrutiny of these cameras.

It isn’t a stretch to be concerned about how this recorded information could be used, given the recent experience of Andrew Feldmar who was barred from entering the U.S. after a border guard googled his name and didn’t like what he read. The residents of Arivaca, Arizona are fighting the construction of the massive surveillance network in their town and I hope that other Americans will be just as alarmed about this attack on privacy.

In the meantime, how will the Mexican and Canadian governments respond to cross-border surveillance of their citizens? Will our right to privacy be traded away in the name of U.S. national security?

Tuesday, May 15, 2007

Trendspotting: Patterns in Blog Statistics

Has anyone else noticed that their blog statistics regularly peak on Tuesdays? For the past six weeks, this has been the trend in my stats and I wondered if it was the result of my own activity, or if there is some predictable pattern occurring across the blogosphere.

Hits to my blog increase steadily over the weekend, peaking on Tuesdays and then dropping off sharply on Wednesdays, only to start the same climb upward all over again.

I wondered if I tend to spend more time on the care and feeding of and at the weekend and if that might be influencing the numbers. But this past weekend, I spent very little time on those two sites and the pattern is exerting itself once again this week.

Could it be that we all lose energy for visiting blogs and Web surfing mid-way through the work-week? Do we tend to visit other blogs and comment more toward the weekend, leading to a "spill-over" effect that peaks on Tuesdays? I’d be interested to hear if others are noticing this trend or even a different one. Any explanations?

I love a good mystery!

Friday, May 11, 2007

Cops want covert cameras in public places

Police in Victoria, British Columbia want to install security cameras in public areas around the provincial capital in a bid to fight crime and reduce vandalism. I wrote an earlier post about the plethora of surveillance cameras in public areas and motorways in the United Kingdom and the concern that this was creating a “surveillance society” there.

What’s different about the Victoria proposal is that while cameras in the U.K are visible to the public, police in Victoria want the cameras to be hidden. The rationale for hiding the cameras from public view is unclear. Visible cameras are designed to serve as a deterrent to crime, with the criticism that they only serve to move crime along to other areas. Hidden cameras are designed to catch criminals in the act, and could be argued to have a wider impact in deterring crime, as no one knows for sure where the cameras are located and when they are being watched.

Meanwhile, in a six-month pilot project, police in Toronto are extending the use of visible closed-circuit cameras from the downtown into residential areas with high crime.

"Wherever the analysis tells us that violence is likely to take place...those
are the areas we will use the technology," said police chief, Bill Blair.

Back in the U.K, police are building on their massive network of fixed cameras, by carrying camcorders with them on the beat in an increased effort to cut crime and reduce "anti-social behaviour. "

Sgt Craig Donald, of the INA's Safer Community Team, said: "Equipping officers with hand-held cameras has had great success elsewhere with reductions in anti-social behaviour and crime being recorded.

"It's a very effective way to secure evidence to support a prosecution and it's certainly a deterrent as people don't usually want to commit a crime if they think there is a chance they could be identified at a later stage."

The reactions from citizens in every jurisdiction where police surveillance cameras are being used is inevitably mixed. Some support the cameras as they believe they will improve social order and reduce crime, and besides, they’re not doing anything wrong. Others object to the intrusion into their privacy and how the very presence of the cameras may alter their decisions. When cameras are visible, people can at least choose to avoid them. Hidden cameras have a greater chilling effect on the average citizen, as they never know when or where they could be filmed.

What if you’re a gay man who regularly attends a local gay bar? Or, you are a concerned citizen who wants to participate in public protest rally against a police or government decision? Or, you’re seeking medical attention and you don’t want anyone to know about it? Would the presence of visible security cameras, or the threat of being monitored by hidden cameras make you think twice before participating in any of these lawful activities?

While the evidence to support the claims that cameras reduce crime is in dispute, the use of this surveillance technology by police is here to stay and citizens need to be informed about how and why it is being used. Police must be held to the highest standard of accountability to ensure transparency and to ensure that privacy laws are not violated. In our efforts to reduce crime and improve social order, we should not trade away our rights to privacy and to participate fully in society without fear.

So, as you go about your business today - do you really know if you’re being watched?

Monday, May 7, 2007

Shooting the messenger : Taking the Internet to court

Just for a moment, put yourself in the shoes of these two men:

Case No. 1: You’re just an average guy who meets a nice girl and you begin dating. After a few months, the new relationship sours and you decide to move on. But your ex-girlfriend doesn’t move on. She is angry and decides to warn everyone about you on a website called Using an anonymous username, she posts a photo of you, along with your full name, city and state and writes an invective-laden comment, accusing you of being a herpes-infected homosexual or bisexual, who passed on a sexually transmitted disease, and fathered numerous illegitimate children. You ask the website owner to pull the post, but learn that your only recourse is to post a comment as rebuttal to the offending post. The original post will remain, searchable to anyone who accesses the site, just by looking up your name.

Case No. 2: You’re a prominent businessman, with clients primarily in the legal and judicial profession. You decide to join a fledgling political party and soon become the party’s campaign manager and financier. You make some decisions that aren’t popular with some of the party members and they use websites such as Wikipedia and P2Pnet to criticize your decisions. But some go further, posting anonymous statements which you maintain are untrue and which you fear will seriously damage your professional and political reputation. You ask the site hosts to remove the offending posts, but they are either unable or unwilling to comply with your requests, or they do not comply quickly enough.

What would you – what could you – do next? Ignore the posts? Put up your own website to refute the libelous statements against you? Try to track down the anonymous posters and sue them? Or, sue the site hosts?

In both cases, the men at the centre of these attacks decided to fight back in court by suing the site hosts.

In the first scenario, Todd Hollis took the owner of website, Tasha Cunningham to court for allowing the posts in the first place and for refusing to pull them down. (Shout out to one-eyed view for bringing this site to my attention. He has an interesting post about it here). The factors leading to the judge’s decision to dismiss the case were not about the damage that may have been done to the plaintiff, nor about the fact that Ms. Cunningham is merely the messenger, not the originator of the message. The decision was made based on old-fashioned jurisdictional law: because the website originates in Florida and the lawsuit was filed in Pennsylvania, it was determined, through statistics from the site’s on-line shop, that few people in Pennsylvania would have seen the site. Therefore, the contacts in Pennsylvania were limited. It seems the door is open for Hollis to re-file his suit in Florida. In the meantime, he is planning to sue the woman who anonymously made the posting, which remains to this day on

In the second scenario, Wayne Crookes decided last month to file suit against three sites: Google, and Because Crookes is Canadian, this case has been filed in British Columbia, Canada. In a recent interview with the Globe and Mail, Crookes says that he is holding the site hosts responsible for the offending anonymous posts:

"I hope that the outcome is that people will realize they have obligations
and that they will be forced to accept responsibility for their actions. The
larger the organization, the greater the expectation that they will be held
accountable for their actions."

Both of these cases have wide implications for site hosts, free speech and anonymity.

Already, the Wikipedia article about Wayne Crookes has been all but expunged to the point that it is challenging to find the posts which ignited the lawsuit in the first place. What chilling effect will this particular lawsuit and others like it have on site hosts, as the laws vary from one jurisdiction to another?

Will more individuals feel less inclined to put their names to posts, even if they strongly feel they are serving a wider public good? Should there be a looser set of criteria for libel if one is a public figure, working in the public trust, such as Mr. Crookes, versus a more rigorous standard for the average citizen, like Mr. Hollis?

Anonymity on the internet is essential to giving a voice to those who might otherwise be silenced. We don’t all live in truly democratic nations, and the Internet is a global community. Even in Western democratic nations, whistleblowers still need extraordinary protections if they choose to go public.

It will be interesting to follow these two cases on both sides of the border – one private citizen, one public figure. How will the judges decide what is more important – the greater good, or the rights of the individual? The odds seem to favour the greater good, which will likely be small comfort to Mr Hollis and Mr. Crookes.

Just put yourself in their shoes.

Saturday, May 5, 2007

Yes, I am a librarian!

Evelyn: Look, I... I may not be an explorer, or an adventurer or a treasure-seeker, or a gunfighter, Mr. O'Connell, but I am proud of what I am.

Rick: And what is that?

Evelyn: I... am a librarian.

From The Mummy (1999) starring Rachel Weisz and Brendan Fraser

I get some of the most interesting reactions when I tell people that I am a librarian. The most common is “You don’t look like a librarian!”. Oops, sorry, I guess I left my bun and horn-rimmed glasses at home tonight. The second most common reaction is “Oh, so you must really like to read” or – my favourite – “It must be nice to get paid to read books all day”. The most interesting reaction was when I told one of my new neighbours that I had worked as a library manager. Her response was similar to that of someone spitting a mouthful of coffee when they've heard something shockingly funny, then she looked embarrassed and stammered: “I’ve never actually met a librarian before!”.

Well, I certainly didn’t become a librarian for the prestige or the glamour. I decided to become a librarian because I had always enjoyed being in libraries and immersing myself in the world of ideas. All that knowledge that could just be pulled off the shelf to read, and to take home – for free! I liked the idea of teaching people and helping them learn, of being the person who knew just what you were looking for and just where to find it. It was the late 80’s when I decided to do a Master’s degree in Library and Information Science, so there was no Internet, not a lot of people had computers in their home (although my Dad bought me and my brother a Commodore VIC-20 way back in 1981!). When I graduated, I was sure that I would be working at the information desk in a public library in a large urban centre somewhere, getting to know the regular customers and their interests, hearing about their families, and generally becoming part of the local community.

It didn’t exactly work out that way, as cutbacks in the public sector in the early 90’s meant there were very few jobs in public libraries. So my career, like many librarians I know, has been decidedly unconventional. Although, unconventional is probably the way most librarians would describe their jobs anyway!

So, to help conquer the stereotype, here is my list of Things You Wouldn’t Think a Librarian Would Do (but I’ve actually done all of these in my library career!):

1. Interview a panel of architects for a new building design
2. Work with a team to develop a handicapped accessible high school library
3. Teach Boolean logic and other search skills to teachers
4. Work with a lawyer to develop a major systems contract
5. Implement a media management system
6. Work as a systems analyst
7. Write software training documentation
8. Manage millions of dollars in budget
9. Implement an electronic document management system
10. Write Requests for Proposal for large-scale projects
11. Test barcode readers for elementary schools, with the assistance of a group of third graders
12. Know the difference between CODABAR and CODE39 barcodes (sad, but true)
13. Investigate RFID technology
14. Oversee the implementation of Self Service Check-out technology

Seventeen years after graduating with an MLIS, I’ve had a very different career than I expected I would, in fact, it seems I’ve had about 3 careers so far. But it’s all been interesting and the qualities that attracted me to librarianship in the first place – curiosity, finding and organizing information, sharing ideas, helping people – have all been essential skills in my career.

So, like Evie Carnahan, I am proud of what I am. Yes, Mr. O'Connell, I ... am a librarian.