Wednesday, July 25, 2007 and Microsoft call for privacy standards

According to PC World, will be the first major search engine to offer an anonymous searching option to users. Their new AskEraser feature will give users the option to request that their search data not be stored.

This is in stark contrast to Google’s recent announcement that they will reduce the time they save search data from over 30 years to “only” two years. In spite of Google’s voluntary reduction in cookie life, European privacy experts, among others, have soundly criticized the lifespan of Google’s cookies:

"Compared to the previous lifetime of 30 years, the period of two years seems to be short," Schaar wrote in an email. "But from a data-protection perspective, and considering the fact that the user's search behaviour is recorded and can be analysed for any purposes, this period is still too long."
Meanwhile, Microsoft has joined in calling on technology leaders to find a way to meet their need for advertising data without compromising user privacy:

"The first step is, we'll be in contact with all the other players in this space and talk about what a summit might look like," said Cullen. "We're very happy to host it, if that's the answer ... both Microsoft and think that this is the time to make this happen."

Microsoft is planning to allow users to opt out of having their search data used to generate targeted advertising on Microsoft's Web sites, and under a new privacy policy, plans to scrub all search query data of any user-identifiable information after 18 months. While this is in part a shot at Google, it is encouraging to see some leadership within the industry to safeguard the privacy of their users’ search data.

The ability to search anonymously is essential in allowing individuals to explore any area of inquiry without fear of discovery or retribution. When companies track user data, their primary motivation is to inform their decisions about advertising. The abuse of search data has additional implications if the data is merged with that of advertisers, as I wrote in an earlier post about the proposed Google and DoubleClick merger.

When search data is breached, the consequences could be far more serious than mere embarassment. About a year ago, AOL inadvertently released the search data for about 650,000 searches on their site and New York Times reporters were actually able to identify one of the searchers. Breaches of this magnitude and specificity could ruin careers and reputations, while creating a chilling effect on the exploration and sharing of ideas over the Internet.

Google needs to stop hedging on privacy and get on board with this initiative.

Tuesday, July 17, 2007

What's next for net neutrality?

Over 29,000 comments were submitted to the FCC since they opened their inquiry into net neutrality in March. About 670 additional comments were filed by groups and individual Internet users yesterday, the deadline for responding.

IT World has a summary of some of the comments received, including this one:
Bonnie Bennett of California seemed to take a more individual approach in her e-mail to the FCC. "Free, unlimited access to the Internet is the modern-day version of how to educate the citizenry of a well-functioning democracy," she wrote. "Big companies and global corporations care a lot about profits and stockholders but not much about educating citizens."

Even Google and Microsoft have been advocating through the Computer & Communications Industry Association for a net neutrality rule to address the lack of competition among broadband providers:

Broadband providers "insult the commission's expertise by summarily proclaiming
the broadband access market competitive without any specific evidence of
competition," the group said.

The other side of the issue was represented in comments by Hands Off the Internet, an advocacy group representing AT&T Inc., Alcatel-Lucent SA, the American Conservative Union and other organizations:

"There is no current or anticipated content discrimination or service degradation justifying new regulations by the commission," wrote Christopher Wolf, co-chairman of Hands Off the Internet. "Moreover, regulation could well thwart Internet growth and make consumer access unfairly expensive."

Tim Berners-Lee, the man who invented the World Wide Web in 1989 at CERN weighed in on the side of regulation in an interview in IT World:

I think it's very important to keep an open Internet for whoever you are. This is called Net neutrality. It's very important to preserve Net neutrality for the future.

So, what’s next? Will government regulation be introduced or will the free market be allowed to determine this issue? Based on what I’ve read in the past month or so, I have a feeling that the FCC will advocate the hands-off approach supported by the recent FTC report, which cited existing anti-trust laws and a complaints procedure to protect consumers. Stay tuned….

Related posts:

Time is running out for net neutrality
Federal Trade Commission report on net neutrality
Net neutrality: 21 days left to save the Internet

Monday, July 9, 2007

Time is running out for Net Neutrality

Just 6 days remain in the Federal Communications Commission’s public inquiry into whether it should protect Net Neutrality and the outlook isn’t good. A few weeks ago, the Federal Trade Commission issued a report recommending against legislation to protect net neutrality. The IDC, one of the few big voices actually in favour of net neutrality, is predicting that “regulation around net neutrality will be decided in favor of facilities-based broadband providers like AT&T, Verizon, and Comcast.”

Why should you care? According to

The consequences of a world without Net Neutrality would be devastating. Innovation would be stifled, competition limited, and access to information restricted. Consumer choice and the free market would be sacrificed to the interests of a few corporate executives.

On the Internet, consumers are in ultimate control — deciding between content, applications and services available anywhere, no matter who owns the network. There's no middleman. But without Net Neutrality, the Internet will look more like cable TV. Network owners will decide which channels, content and applications are available; consumers will have to choose from their menu.

The free and open Internet brings with it the revolutionary possibility that any Internet site could have the reach of a TV or radio station. The loss of Net Neutrality would end this unparalleled opportunity for freedom of expression.

The Internet has always been driven by innovation. Web sites and services succeeded or failed on their own merit. Without Net Neutrality, decisions now made collectively by millions of users will be made in corporate boardrooms. The choice we face now is whether we can choose the content and services we want, or whether the broadband barons will choose for us.

Why should Canadians care? Michael Geist wrote an excellent article in the Toronto Star about Canadian culture and the issue of net neutrality:

Ensuring access is also an important part of the equation, as regulators should preserve the right of Canadians to access the content of their choice on the Internet through net neutrality legislation.

So, if you care, act now while there is still time:

1. Watch the video for a primer on the issue.

2. Learn more. The Digital Nomad has an informative post with links to more information.

3. Sign the petitions at Save the Internet or today.

4. Spread the word through your own blog with a post on the topic and with one of these U.S. badges or Canadian badges.

Tuesday, July 3, 2007

Privacy Rights and Terror Investigations

Two recent developments on the international cooperation front provide some redress to concerns about privacy and information-sharing between governments. The introduction of no-fly lists in the U.S., Canada and the E.U., as well as the increasingly globalised nature of personal information in data banks has raised questions about how this information will be shared with and used by foreign governments.

A tragic example of the failure to provide protection to citizens in these areas is the story of Maher Arar, a story familiar to most Canadians:

Maher Arar, a Syrian-born Canadian citizen was detained during a layover at John F. Kennedy International Airport in September 2002 on his way home to his family in Canada. He was held in solitary confinement in the U.S. for nearly two weeks, interrogated, and denied meaningful access to a lawyer. The Bush administration labeled him a member of Al Qaeda and rendered him, not to Canada, his home and country of citizenship, but to Syrian intelligence authorities, known by the U.S. government to practice torture.While in Syria, he was regularly tortured for almost a year before being released to Canada. Both the Canadian and Syrian governments have publicly cleared Arar of any links to terrorism. The United States government, however, refuses to clear Arar’s name and continues to have both him and his family on a watchlist.
Mr. Arar’s incarceration was the result, in part, of misleading information provided by the RCMP, which eventually led to the resignation of the RCMP commissioner. Following Mr. Arar’s return to Canada, there were several intentional disclosures to the public from his file, which appeared to be made in order to justify the actions of the security agencies involved. These disclosures were in violation of Mr. Arar’s privacy rights.

In our increasingly globalised economy, the volume of personal data crossing borders represents a growing threat to personal privacy. In an effort to counter the threat, the Organization for Economic Cooperation and Development (OECD) has issued a report proposing amendments to data privacy legislation as well as enhancements to international cooperation in the field of privacy protection:
When personal information moves across borders it may put at increased risk the
ability of individuals to exercise privacy rights to protect themselves from the
unlawful use or disclosure of that information. At the same time, the authorities charged with enforcing privacy laws may find that they are unable to pursue complaints or conduct investigations relating to the activities of organisations outside their borders. Their efforts to work together in the cross-border context may also be hampered by insufficient preventative or remedial powers, inconsistent legal regimes, and practical obstacles like resource constraints. In this context, a consensus has emerged on the need to promote closer co-operation among privacy law enforcement authorities to help them exchange information and carry out investigations with their foreign counterparts.
While most OECD member countries have enacted privacy legislation, Canada's Privacy Commissioner Jennifer Stoddard has pointed out that different rules in different countries were not only causing unease among citizens and companies, but were also leading to more red tape and higher costs.

Meanwhile, The European Union and the U.S. have reached a provisional deal on exchanging information about transatlantic air passengers. According to a TechWorld News story, the U.S. will be required to adhere to "strict data retention obligations," including retaining both used and unused data for no more than five years.
The United States and European Union share views on combating terrorism but
"these activities should be done in full respect for fundamental rights," said
Franco Frattini, the EU's justice and home affairs commissioner.
While privacy protections need to go even further than these two initiatives, it is encouraging to see some developments that attempt to preserve individual privacy rights and hopefully prevent a recurrence of the nightmare that Maher Arar experienced.