Posts tagged "privacy"

#SXSW: Don't Worry, Privacy is Alive! (But Tech is Stupid)

We’ve certainly heard plenty from CEOs about privacy being dead and all, but considering the heat coming from related debates, perhaps it’s time to hear from the opposing team.

Danah Boyd, social media researcher for Microsoft, took the stage at this year’s SXSW conference, and with her 10+ years in the social realm, claimed privacy is alive (but not well), and schooled us on the intricacies of screw-ups from some of the biggest names out there: Google and Facebook.

Where Google Went Wrong

It was such huge news that even if you’re not big on Internet life, chances are you’re aware that the blogosphere virtually bitch-slapped Google Buzz back to the laboratory. The arguments mainly revolved around privacy flaws—even Google has admitted to releasing the tool much too early—but Boyd made an interesting point: Nothing the Buzz team did was technologically wrong—it was just stupid.

What does that mean? It means Google tripped up on a personal expectation level. After all, regardless of how difficult it was to find them, the options to opt out of all the things that sent users into conniption fits were available since day one.

Here’s a look at Google’s non-technical mistakes, according to Boyd:

Google launched a public-facing service within a very private one. That is, the outspoken Buzz set up shop within Gmail. For many tech geeks it was a logical move on Google’s part simply because Gmail is used regularly by a ton of people. But the integration of opposing natures confused a lot of non-tech users, and caused them to believe their e-mails were being made publicly accessible

Google assumed that people would opt-out of Buzz if they didn't want to participate. “I'm going to give them the benefit of the doubt on this one because a more insidious framing would be to say that they wanted to force people into opting-in because this makes the service more viral and more monetizable,” said Boyd. “While I'm trying not to let conspiracy theories cloud my analysis, I can't help but notice that more and more companies are opting people in and waiting until they flip out to adjust privacy settings.”

Where Facebook Went Wrong

Perhaps you remember Facebook's changes in December? The world's favorite social network asked users to reconsider their privacy settings via popup. Unfortunately, tons of users bypassed the popup as if it were an ad because they just wanted to get to Facebook itself. Problem is, if the popup wasn’t addressed, Facebook automatically changed all of the "negligent" user’s settings to public.

This from a platform  that built its reputation on being a closed network—something users have always valued in a big way. 

“By continuously arguing that Privacy is Dead, technologists justify their efforts to make publicly available data more public,” continued Boyd. “But there's a big difference between something being publicly available and being publicized. I worry about how others are going to publicize this publicly available Facebook data and, more importantly, who will get hurt in the cross-fire.”

Ass [Out of] U [and] Me

Do you see a pattern here? It looks like networks are assuming what users want rather than asking them. Unfortunately, that logic would only work if everyone thought like a technologist and loved the idea of optimizing absolutely everything.

"What's at stake here is often not about whether or not something is public or private, but how public or private it is,” explained Boyd. “People are not used to having the paparazzi trail after them every time they leave their house. Yet, when we argue that there's nothing wrong with making something that happens in public more public, we are basically arguing that we have the right to sick the paparazzi on everyone, to turn anyone into a public figure."

The point? We’re a fickle bunch. Just because we put material in public places doesn’t mean we want it aggregated. And just because something is publically accessible doesn’t mean we want it publicized. And using information in unexpected ways is a recipe for disastrous media coverage.

What Hath We Wrought?

And so, what to do? Boyd says there's no magical formula for understanding privacy and publicity (rats). But she left us with some valuable words to chew on:

Wanting privacy is not about needing something to hide. It’s about wanting to maintain control. Often, privacy isn't about hiding; it's about creating space to open up. If you remember that privacy is about maintaining a sense of control, you can understand why Privacy is Not Dead. There are good reasons to engage in public; there always have been. But wanting to be in public doesn’t mean wanting to lose control.

And finally, for all the techies out there:

You are shaping the future. How you handle these challenging issues will affect a generation. Make sure you're creating the future you want to live in.

GRC Roll-up: Google Buzz, HITECH and Protecting High Value Data

This week, GRC chases social media, hospitals find themselves unprepared for new changes in records management and corporations risk losing valuable data.

Privacy v. Google Buzz

It’s not often that the worlds of social media and GRC overlap, but such is the case with Google Buzz. As you probably know, Buzz is Google’s social networking and messaging tool designed to integrate into Gmail.

As the rest of the world tries to figure out how exactly to embrace Buzz, financial advisers are also trying to figure out the compliance and regulatory ramifications. Since Google automatically enrolled Gmail users to the Buzz service and revealed the identities of the people whom they email most frequently — users' full names, not their nicknames — to every one of their contacts.

Additionally, financial advisory professionals must archive their social media content, and at present Buzz doesn’t offer an easy solution. Concerns over privacy are at the heart of the matter, of course. Just another way that social media is shifting the line between private and public that is sure to keep the financial industry up at night.

HITECH Leaves Many Unprepared

New privacy and security requirements for health information technology contained in the economic stimulus law have gone into effect. Already providers are reporting difficulties in complying with the new rules.

The Health Information Technology for Economic and Clinical Health (HITECH) Act is intended to increase the use of Electronic Health Records (EHR) by physicians and hospitals and according to a recent survey, nearly a third of the 200 hospitals said they are not ready to meet all the law’s privacy and security requirements by the deadlines.

Much of the uncertainty points to a requirement of significant resources for implementation, but little guidance for how to do it. 

Protecting High Value Data from Spammers

It’s becoming easier and easier to execute successful spamming strategies online. According to a NetWitness' report, 68,000 account logins were stolen from 75,000 botted PCs in corporate networks and as a result corporations are having a difficult time keeping ahead of it.

Organizations without continuous, real-time monitoring in place will find themselves unable to detect this type of activity. Rather than focusing on the defense of network perimeters or on meeting compliance checklists, corporations can be better prepared by focusing on protecting high-value corporate data.