In the past two weeks, I have had the feeling that issues surrounding the use corporations make of our data have been everywhere. Let’s take a look at a few of these news.
The first news came from a fight between Facebook and Google about how our lists of contacts may be transferred from one place to another. It starts with a piece of news that shouldn’t surprise anybody:
Facebook doesn’t want to give up its tight-knit control of your personal information. The company has officially banned Google’s recently-launched Friend Connect service, which would allow you to pull your personal data out of Facebook and use it elsewhere.
If we think about what facebook owns, it isn’t much. You can build pages with widgets that every other social site has, they can make money from advertising, and they have your information. And apparently, they value this information, at least enough that they don’t want to share it with their competitors.
The interesting part of the Facebook model, which is shown in the article, is that it is a block hole. Why so? Not because users can’t get their data out; because developers can’t, as clearly stated in the developer terms of service:
You may not store any Facebook Properties in any Data Repository which enables any third party (other than the Applicable Facebook User for such Facebook Properties) to access or share the Facebook Properties without our prior written consent.
At least, this is very clear. Nobody can use your data, as soon as it gets into Facebook (the interesting thing is that Facebook offers you to get it from its competitors). Well at least, you voluntarily entered it, and you have the opportunity to read the TOS. But then, what about the information that you don’t really enter anywhere?
Another article discusses the fact that ISPs may look at what you do on Internet. This is even scarier. Some ISPs use deep packet inspection (self-explanatory) to inspect every packet that you send from your computer in order to establish a very detailed profile of your needs and sell that to advertisers.
Of course, the ACLU is after them, and there are some laws, at least in the US, that may make this practice illegal. One of the limits is that this practice is very close to wiretapping, which is illegal unless you are involved with law enforcement (and even then, there are conditions). There are other possible issues, which are described in the article.
The really incredible part here is that the ISPs act like they own this data. As we are moving to triple-play and more grouped offers, this could be scary. In my particular case, my ISP offers an IP phone service, TV programs, and also happens to be my cell phone operator. I definitely don’t want them to take all this information and put them together, for at least two reasons:
- This is a breach of my privacy, as I am not deliberately giving them the information. Neither do my kids, who are also using the computer and watching the TV; and I don’t want them to receive targeted advertising, because they are easy targets.
- This also causes me concern about the confidentiality constraints of my job. I don’t do confidential stuff on my home computer, but I often use it to gather public information related to my customers, and I would not want this information to reach my competitors. Even worse, some of my customers are competitors of my ISP.
I may be naive, but I still believe that this scenario is a bit far-fetched, in particular for the industrial spying base. Nevertheless, I would like to see clear limits about the ownership of my information.
We then get to the third article on the topic. Bruce Schneier’s Wired commentary was also about our data. He gives many examples, and he reaches the same conclusion as I do:
We need to take back our data.
Our data is a part of us. It’s intimate and personal, and we have basic rights to it. It should be protected from unwanted touch.
This is it. The problem, of course, is that we have almost no way of doing that. We are a bit better protected in Europe, but in many cases we are also a bit more naive, in believing that authorities like France’s CNIL actually adress this problem. With the extension of internet, the CNIL cannot do its work, especially because it is French, and the internet isn’t, even when it is french-speaking. Laws can do the job, and we definitely need to work with our lawmakers. But this is not sufficient.
I would argue with Bruce Schneier that education is also very important. My older daughter has been using computer at school as soon as she knew how to read (and at home, way before that). And she watches TV, too. It is very difficult to make her understand that she should not trust everything on internet, that not everything she sees is true. As a parent, this is a daunting task. I don’t want to tell them how questionable Wikipedia sometimes is, because I am very happy when she uses Wikipedia rather than some “games for girls” site. However, by the time she is a teenager, somebody will have to do it, and I guess that this person will have to be me. We need to educate our children about how precious their personal information is, and how they should protect this data.
And then, smart cards (especialy the big ones) may be of some use. After all, my Carte Vitale((the French national health card.)) is keeping my health data private, and I guess that another card could keep some more of my information private.
No Comments