Comments on: Privacy and Technology http://techliberty.org.nz/privacy-and-technology/ Defending civil liberties in the digital age Wed, 16 May 2012 22:46:29 +0000 hourly 1 http://wordpress.org/?v=3.3.1 By: Thomas Beagle http://techliberty.org.nz/privacy-and-technology/comment-page-1/#comment-4328 Thomas Beagle Wed, 23 Jun 2010 04:32:01 +0000 http://techliberty.org.nz/?p=801#comment-4328 Rich - that's kind of what we're saying. We know the data is being collected, all we can do is try to set some legal limits on how that data can be used. Overseas companies can ignore our laws, but at least Government agencies and companies active in New Zealand will be limited by these laws. Current privacy law includes both but is aimed more at the collection side. And I entirely agree about the problems with harmonisation of privacy laws - after all, I just came from another briefing about the ACTA treaty where international harmonisation is causing problems! Rich – that’s kind of what we’re saying. We know the data is being collected, all we can do is try to set some legal limits on how that data can be used. Overseas companies can ignore our laws, but at least Government agencies and companies active in New Zealand will be limited by these laws. Current privacy law includes both but is aimed more at the collection side.

And I entirely agree about the problems with harmonisation of privacy laws – after all, I just came from another briefing about the ACTA treaty where international harmonisation is causing problems!

]]> By: Thomas Beagle http://techliberty.org.nz/privacy-and-technology/comment-page-1/#comment-4327 Thomas Beagle Wed, 23 Jun 2010 04:28:06 +0000 http://techliberty.org.nz/?p=801#comment-4327 When it comes to "aggregating from multiple sources" the company wouldn't be banned from doing it - rather they would need to comply with the provisions that already exist in the Privacy Act about having to have a good purpose to collect personally identifiable information and they'd need the permission of the person involved. It's already implicit in the Privacy Act, but the idea is that if you aggregate public data about someone you are effectively creating personal information (converting data into information) and therefore the Privacy Act principles should apply to it. As for Google vs the government - I worry about both, but in some ways I'm even more worried about the third party who aggregates information from multiple sources including Google, Twitter, publicly available data and ties it together to infringe my privacy. One obvious example is the one in the article, where people can collect geotagged information from multiple sources and then use it to track your movements - and post that to the web. I'd see that as an unwarranted invasion of privacy. When it comes to “aggregating from multiple sources” the company wouldn’t be banned from doing it – rather they would need to comply with the provisions that already exist in the Privacy Act about having to have a good purpose to collect personally identifiable information and they’d need the permission of the person involved.

It’s already implicit in the Privacy Act, but the idea is that if you aggregate public data about someone you are effectively creating personal information (converting data into information) and therefore the Privacy Act principles should apply to it.

As for Google vs the government – I worry about both, but in some ways I’m even more worried about the third party who aggregates information from multiple sources including Google, Twitter, publicly available data and ties it together to infringe my privacy.

One obvious example is the one in the article, where people can collect geotagged information from multiple sources and then use it to track your movements – and post that to the web. I’d see that as an unwarranted invasion of privacy.

]]> By: Rich http://techliberty.org.nz/privacy-and-technology/comment-page-1/#comment-4326 Rich Wed, 23 Jun 2010 02:41:09 +0000 http://techliberty.org.nz/?p=801#comment-4326 I kinda agree with Eric. What worries me is not that my personal data will be collected and stored (it has been for years, and by people like the grocery and bus company, as well as higher-tech enterprises), but that it will be used against me. Maybe we can't put the genie back in the box, and people will have to accept that they *will* know stuff about each other, and with that comes a higher requirement of tolerance. I'd also suggest that "international harmonisation" of proscriptive laws could easily end up with us having a restrictive legal framework we can't change democratically (a bit like drug and copyright law). What if I *want* to use a service that aggregates data from multiple sources - do I need people's permission to have their face pop up on my Android when they text me? I'd be wary of replacing the problem of corporate invasion of privacy with another one - a further are of net censorship. I kinda agree with Eric. What worries me is not that my personal data will be collected and stored (it has been for years, and by people like the grocery and bus company, as well as higher-tech enterprises), but that it will be used against me.

Maybe we can’t put the genie back in the box, and people will have to accept that they *will* know stuff about each other, and with that comes a higher requirement of tolerance.

I’d also suggest that “international harmonisation” of proscriptive laws could easily end up with us having a restrictive legal framework we can’t change democratically (a bit like drug and copyright law). What if I *want* to use a service that aggregates data from multiple sources – do I need people’s permission to have their face pop up on my Android when they text me?

I’d be wary of replacing the problem of corporate invasion of privacy with another one – a further are of net censorship.

]]> By: David Zanetti http://techliberty.org.nz/privacy-and-technology/comment-page-1/#comment-4325 David Zanetti Tue, 22 Jun 2010 23:48:06 +0000 http://techliberty.org.nz/?p=801#comment-4325 What is collected today by Google is tomorrow the basis of fishing trips for crimes. The EU has already adopted a measure which expects Google to turn data it's collected over to authorities for a currently limited range of crimes, but the chances of this remaining limited are slim. Aggregation of data is also a way of turning anonymised data into much more precise information about people. This means while, for example, you might be happy with a company releasing anonymised data about your activities, because you can't be readily identified from solely that release, if you patch together enough of those sources you can end up with a highly accurate and specific set of information about you. For example, your MAC address does not identify you personally as-is. Gathered from, say, wireless broadcasts, we can assert where that MAC address is, your address. But your MAC address is also used as the basis of IPv6 addresses, attached to cookies, and then to your login on a website. Now armed with anonymous wifi data I can assert your location even if you have never provided it to me or given me that right. What is collected today by Google is tomorrow the basis of fishing trips for crimes. The EU has already adopted a measure which expects Google to turn data it’s collected over to authorities for a currently limited range of crimes, but the chances of this remaining limited are slim.

Aggregation of data is also a way of turning anonymised data into much more precise information about people. This means while, for example, you might be happy with a company releasing anonymised data about your activities, because you can’t be readily identified from solely that release, if you patch together enough of those sources you can end up with a highly accurate and specific set of information about you.

For example, your MAC address does not identify you personally as-is. Gathered from, say, wireless broadcasts, we can assert where that MAC address is, your address. But your MAC address is also used as the basis of IPv6 addresses, attached to cookies, and then to your login on a website. Now armed with anonymous wifi data I can assert your location even if you have never provided it to me or given me that right.

]]> By: Eric Crampton http://techliberty.org.nz/privacy-and-technology/comment-page-1/#comment-4323 Eric Crampton Tue, 22 Jun 2010 22:05:47 +0000 http://techliberty.org.nz/?p=801#comment-4323 I may be odd man out on this one, but I'm far less worried about Google collecting information on me from my search and web traffic than I am about government collecting information about me. What's the most Google will do with the data: sell it on to folks for targeted marketing campaigns? Try to give me more accurate information about the kinds of products or services I might wish to purchase? But government having the same kind of data could lead to targeted taxes based on diet and consumption or worse. "Aggregating from multiple sources": a company would then be banned from combining data from their customer mailing list with information from the phone book? Hmmm. I may be odd man out on this one, but I’m far less worried about Google collecting information on me from my search and web traffic than I am about government collecting information about me. What’s the most Google will do with the data: sell it on to folks for targeted marketing campaigns? Try to give me more accurate information about the kinds of products or services I might wish to purchase? But government having the same kind of data could lead to targeted taxes based on diet and consumption or worse.

“Aggregating from multiple sources”: a company would then be banned from combining data from their customer mailing list with information from the phone book? Hmmm.

]]>