Categories
Privacy

Facebook Privacy Concerns

Facebook officially launched its new controversial privacy settings which will have a significant instant impact on the extent to which private information is shared on it. Facebook claims that these new changes will help make it easier for users to decide what to share and with whom, but the reality is that the amount of information that can be set to private has been reduced and the default privacy settings are now configured to have most content shared with the everyone on Facebook and beyond.

The original success of Facebook over other social networks such as MySpace is believed to be attributed to the high levels of privacy it allowed its users to have. Previously, users had the option to share some of their personal data, such as their profile picture, with certain groups of users, such as friends only, however, profile picture, gender, current city, networks, the pages the user is a fan of, and some other personal information, are all now treated as publicly available information which cannot be hidden from anyone if the user chooses to put them on Facebook.
Another major change in the new privacy scheme is that default settings for writing new status updates and sharing pictures and other content, are set to be shared with everyone instead of friends only. This means that when you make a new status update this update will be visible to everyone whether or not you have them as friends, and as a lot of content on Facebook can be indexed by search engines such as Google, this means that even people not on Facebook may find your status updates if they make a relevant search. While privacy settings for such a feature could be configured to a more private option, the majority of users do not check their settings and very few people would realize that their old default settings were changed to the new default settings for sharing everything with everyone without them taking any action!

The new changes in privacy settings do have some new options that could allow users to have better privacy. For example, users now have the option to have per-status update privacy restrictions so that you post an item that you share only with your close friends or only with your work colleagues without affecting the rest of your updates.

It is widely believed that the new changes in Facebook privacy settings were made to push people to share more information with everyone, while this might not be in the interest of the majority of the users, Facebook hopes that this would enable it to compete with services such as Twitter – which by default makes users share their micro status updates openly. However, the purpose of Facebook is totally different from that of Twitter and Facebook’s attempt to expand into Twitter might be faced with a backlash.

If you are on Facebook and you regularly share private pictures of your family and friends, you might want to make sure you check the new privacy settings of Facebook and set your content to be viewable only by the groups of people you desire. If you would not like everyone to know that you are a fan of a certain page, you have no option but to unsubscribe from that page. The same goes for your profile picture, and other information classified as publicly available information, which you will have to remove completely from Facebook if you do not want everyone to see it.

The nature of Facebook is changing and this might be a reflection of the increased willingness of people to share more things online, but I doubt that the majority of people appreciate the impact this information could have on their social and professional life. It is still very unwise to share private information without any restrictions as it would be very hard, if not impossible, to get them off the internet afterwards.

Categories
Data Protection Privacy

Personal Data in the Digital Age

The internet in Oman has developed a great deal in recent years, we now have fast speed internet spreading across the country and we have an extensive reach of high speed wireless internet as well. However, the way the content of this internet is regulated and censored did not see much of a development since the Internet was first introduced in the 90s.

Oman is one of the more liberal and tolerant countries in the Gulf and no major websites such as YouTube, Flickr, or Facebook were ever blocked. The recent report on internet censorship issued by the OpenNet Initiative found that there is no evidence of any political Internet censorship in Oman and the majority of Internet censorship is made on social and cultural grounds, for example, hacking and pornographic websites are usually blocked, but websites that criticize government officials are not. The government usually uses legal methods, such as criminal law to deal with issues of defamation and breach of confidence to hold authors accountable for what they write. However, the government will not block their website.

The aim of the censorship process is to protect society values and help prevent minors from being exposed to pornographic material. The process by which such websites are selected and blocked is arranged by an automation software that is operated by Omantel. This software is expected to use a number search and indexing methods to know which websites to block.

Using the method of censorship to help “protect” society values might have worked in the early days of the Internet when the number of websites was small and manageable, but we now live in an age where the Internet is massively expanding every second due to low cost for hosting websites and the expansion in user-generated content. It is now impossible to be able to block all pornographic websites when there are hundreds new of them being created every single minute.

The result is a failing system that cannot logically protect us from all pornographic websites, instead, the automated nature of censorship leads to overblocking clean websites that have no offending content. There are also a number of specialist users who need access to websites that may include “offending content”, such as nudity, for medical or research purposes – but such users cannot access these websites here due to the fact that they are classified as offending websites.

The regulators should admit the fact that such censorship is not a solution, anybody can do a Google image for porn right now to be entertained with loads of offending materials. The internet is expanding as we speak and there is no way to “block” it at the top yet allow people to use it efficiently as the same time.

If it is society values which we aim to protect, then we should educate parents and families on how to use software protection shields on their own computers to protect their kids from accessing any offending websites or restricting their access to a limited number of websites to visit. Specialist users and students should be able to have the option to have unfiltered internet if they would like to access websites that feature nudity for legitimate purposes.

Categories
Privacy

Omani Spam

Email is one of the most abused methods for sending spam as more than 75% of all emails sent in the world are spam messages. I take all logically reasonable methods to protect my email address from being collected by spambots, but like everyone else on this planet, somehow spam still ends up collecting in my inbox. It is very unlikely for me to be fooled by an email scam and I will never buy something from a company that sends me an unsolicited email, but I still hate the amount of time it takes me to go through my email inbox on daily basis to find real messages in the piles of advertisements I never asked for.

Even though spam filters have developed over the years and a great number of spam messages will be recognized and blocked by most email clients, spammers have always been one step ahead of filter technologies and have developed advanced techniques for making sure that their messages are not detected. That is the reason why the best method for combating spam is by relying on legislation rather than technology.

Many countries around the world have criminalized spam and impose various restrictions on those who attempt to send mass commercial messages to the public, such restrictions include the requirement to enable end users to opt-out of any mailing list, prohibition of hiding the sender’s identity, and the prohibition of the collection of email addresses without the consent of their owners.

Until very recently the use of email marketing was not a mainstream strategy for companies in Oman, but along with the growth of the use of the internet in the country came the awareness of the ease at which products and services can be marketed using simple email messages, and now even companies in Oman participate in the shameful act of spam. I personally received an unsolicited email message advertising an upcoming technology exhibition in Muscat, an email message about a local IT solutions company advertising its services to install Google apps for businesses, and many other countless messages from random Omani online discussion boards. I am sure I never gave my email address to any of these senders and none of these messages instructed me on how to unsubscribe.

I doubt that any of these companies think about the consequences of their bulk messages and I do not think that they consider themselves as spammers, yet even though they ought to know that what they are doing is unacceptable, they are still technically not doing anything illegal as the law in Oman does not prohibit sending an unsolicited commercial message to anyone. This got to change before the use of email in Oman becomes bloated with advertisements and online scams.

Until the law clearly makes this an offense, you can play your role in fighting spam by always using the ‘report spam’ or ‘mark as spam’ button if it is made available by your email provider, this helps in detecting future messages as spam for you and other people. Make sure that you do not ever trust a company that sends you an unsolicited email, and never send advertisements yourself to other people who do not explicitly tell you that they are interested in receiving them!

This post was originally published as a column on Muscat Daily.

Categories
Copyright Privacy

DRM and Privacy

DRM & Privacy
(Photo credits: bejealousofme)

One of the less frequently talked about drawbacks of DRM is the possible impact of DRM on the end-users privacy. The purpose of DRM is to restrict the illegal copying or use of copyright works. In order to achieve this goal, some DRM technologies require authentications and force the user to identify himself in order to access the digital products he wishes to use. Personal information of the purchaser could be attached to the digital file downloaded such as this name, email address, or an account reference. As DRM spreads, we might end up in a situation where an individual cannot purchase or use any digital goods without giving up him anonymity.

Akester argues that this could potentially be in conflict in the EU with Article 8 of the European Convention on Human Rights on the right to respect private and family life. Akester believes that most DRM systems are made with little regard to privacy.

A possible problem with a more direct impact on users is the ability of certain DRM technologies to install themselves on the end-users machine with the purpose of tracking the use of work in question. In the year 2005, Sony BMG was caught in a scandal for including a special “rootkit software” that installs itself when a user plays a music CD by the label. This rootkit had the effect of rendering the end-users computer vulnerable for attacks. The rootkit was eventually labeled by makers of Anti-virus and Microsoft as a spyware. Sony BMG was faced with a number of class actions which the company settled.

However, the law in most jurisdictions would make attempting to circumvent DRM in order to protect the users machine or to access the purchased copyright work without compromising one’s privacy illegal.

Links:

Categories
Data Protection Privacy

Is Google Street View Legal in the UK?

Google Street View

A lot of fuss is happening in the UK regarding the legality of Google Street View. Though the service has been out in the US for about two years now, the UK only got it last month. Many people, including Privacy International, believe that that service is illegal in the UK. Google was aware that the original format of the service would have potentially violated UK legislation, but it consulted the ICO which approved the service when Google stated that it will blur the faces of pedestrians and car number plates.

Some people still argue that their privacy is infringed, but do they have any basis for this argument? 

There are two grounds for suing for the “privacy” violation in the UK, the first is through the Data Protection Act 1998 and the second is through the Article 8 on Privacy of the Human Rights Act 1998.

I will discuss the DPA in this post and will discuss Artile 8 in another post.

Does Google Street View Violate the DPA 1998?

The DPA 1998 covers personal data related to identifiable living persons when processed by a data collector. On its face, Google might fall under the act as it the scope of the act is very wide to include any information related to individual processed in any way using a computer. However, looking closer at the definitions of the these terms might indicate otherwise.

First of all, the personal data (in this case the photograph of the individual and their location when photographed by Google) must ‘relate’ to an identifiable person. The requirement for the info to ‘relate’ to the person is not defined by the act, but the court said in the case of Durant v Financial Services Authority [2003] EWCA Civ 1746 that the mere inclusion of someone’s information in the data is not sufficient for it to ‘relate’ to him. The person must be the ‘focus’ of the  information for it to relate to him and it must affect his privacy whether in his personal, family life, business or professional capacity.

There mere inclusion of someone’s photo on the street in an incidental manner which does not show him as a focus nor affects his privacy in anyway will probably not be held by the court to be falling under the DPA. This means will exclude these pictures from the scope of the act.

In circumstances where a person is the focus of a photograph and the picture shows him in a situation that infringes his privacy that person will be covered by the act if that person is identifiable. Google has tried to blur as many faces as it can. If this person cannot be identified by looking at the picture then that information is not covered by the act. The fact that the person can be identified by using the Google Street View information with other information taken from other sources which help identify the person will not bring the information within the scope of the act.

There are no such thing as the right not have to someone’s house or neighbourhood photographed. The DPA is about personal information and not about owned objects or companies.

Even if someone’s data is considered to fall under the DPA, that does not give them the right to ask for that information to be removed – except in situation of direct marketing or situations where the information causes substantial unwarranted damage or distress.

There is no requirement for a person to ‘consent’ to have his information processed under the DPA if the data collector satisfies any of the conditions of Schedule 2 of the act.

Google’s original form of Street View might have violated the DPA, but their current form with blurred faces and number plates would not violate the DPA if it works correctly to make the individuals unidentifiable. The majority of people photographed in the public not doing anything private would not be subject to the DPA even if there faces were not covered as the information would not be considered to be ‘related’ to them if Durant is to be applied.