Privacy in the Twenty-First Century

Privacy policy wordcloud

For the next couple of months we will be focusing on the rapidly growing area of privacy concerns that are raised by the technologies that are ubiquitous in our current age.

In our houses, new devices such as refrigerators and home thermostats are connected to the internet — but who is also looking at our milk or when we have set our thermostats to ‘away’?

Or, in another arena entirely, large organizations like universities collect huge amounts of data on their customers (read: students) and then use that data to mine for information about what is likely to happen to them (for example, which students are likely to not do well in a specific course). In addition to the tricky philosophical issues involved in this kind of big data research, there are also questions of privacy. Who should see these predictive analytics? Should students know what predictions are being made about them? Should their teachers? Their advisors? The legislature? The police? These questions about the right way to use Big Data are being discussed and debated in universities around the world.

Thursday, Jan. 26 is National Data Privacy Day and the Privacy Office, C&IT and University Libraries are sponsoring a web-based talk from 1 to 2 p.m. in the Simons Room (on the first floor of Purdy/Kresge Library; refreshments will be provided).

The speaker is Cindy Compert, who is Chief Technology Officer for Data Security and Privacy at IBM. Further details about the talk can be found here:

http://events.educause.edu/educause-live/webinars/2017/big-data-whats-the-big-deal

Later this spring, additional live speakers will be announced. Watch this space and campus announcements elsewhere for details.

The goal of this campaign is to raise awareness of privacy as an important issue and perhaps to gather a group of people on this campus who are interested in ongoing conversation about these issues.


Image source: http://www.top10bestwebsitebuilders.com/how-to-create-a-website/free/free-privacy-policy-generator

Help us help you–participate in the ECAR survey

Many WSU faculty (50% of them, to be precise) have been receiving requests to take part in a national survey of faculty attitudes towards technology at the university. The survey is being run by Educause, the national educational IT organization. This is the second year this survey has been run, and last year’s survey produced some interesting results about faculty interests and desires around everything computing-related.

Last year’s results, which are available in ‘infographic’ format here:

http://net.educause.edu/ir/library/pdf/ers1407/eig1407.pdf

Some relevant findings from last year:

  • Nationally, fewer than fifty percent of faculty are satisfied with IT support for research.
  • Opinions on the use of smartphones in class are mixed, with about half of faculty banning or discouraging them and only a third encouraging or requiring laptops (I myself don’t see how I could ban smartphones, and I’ve taught classes where laptops were required because we were all learning how to use some online tool).
  • Many faculty feel they could be better at using web-based content and online collaboration tools in their courses, but there was less enthusiasm about social media as a teaching tool.

There are two versions of the survey, one that takes about twenty minutes to half an hour, and another that takes only ten minutes. Whichever one you choose, your participation will be greatly appreciated, and will help C&IT plan our investments for the next couple of years.

Look for a reminder and your personalized invitation to join in the survey tomorrow. If you don’t get one, you’ll be asked to participate in a more general survey of IT satisfaction that all other faculty, staff and students will take part in later this semester.

SPSS—Now Free for all Wayne State Students!!

SPSS Logo

We now have a license for all WSU students to download a copy of SPSS, the best-known commercial statistical software package. Any registered student is entitled to download a copy to their personal computer for free. Because of the way SPSS is licensed, it is only valid until the end of June of this year, but students can update the license starting in July 2015.

Because access is online students can do the download 24/7. They just need to visit

https://commerce.wayne.edu/clearinghouse/

and log in with their WSU AccessID and password. Click ‘Student Software’, then choose SPSS from the column on the left, then select the product wanted. Detailed instructions can be found here.

Availability is restricted to students enrolled in a degree program. It must be installed on a personally-owned computer, and cannot be used for work-related purposes by those who are also employees (and, alas, it’s not available for free for those who are ‘just’ employees). Contact clearinghouse@wayne.edu if there are problems getting to the SPSS link.

Replace Pipeline with Academica in your Bookmarks, soon

Pipeline is about to be replaced with a totally new, social-media-oriented website/portal called Academica. It is device-agnostic, which means it works with all computers, all tablets and most smartphones (something people have been requesting for almost as long as there have been smartphones).

It’s also smart itself. It remembers the tasks within the system that you use most, and bubbles them up to the front page so that most common tasks are always one click away. For example, if you’re a faculty member it will put Download Classlists and TravelWayne up front and center, but if you have to approve timesheets that link will be right there as well. In general most tasks should be no more than one, or at most two clicks away.

It also comes with a built-in messaging system that is similar in features to Twitter. It allows you to use hashtags (#hashtag) and mentions (@GeoffNathan). There will be streams associated with a number of common topics of discussion, as well as streams for departments and one for each class being taught.

Academica is still being developed (technically it’s in beta), but you’re welcome to try it right now. Just go to academica.wayne.edu and log in as usual. You will have the option to switch to exclusive use of Academica (instead of Pipeline), but there is always a button available to switch back to the old Pipeline interface if you need to.
Since it’s still under development, C&IT is looking for feedback, which you can send by writing to academica@wayne.edu, or by going to http://computing.wayne.edu/academicafeedback .

The official roll-out will be some time in the fall, but feel free to play with it now. Who knows, you may never want to switch back to Pipeline. Academica and Pipeline will both be available at first, but Pipeline will be shut down in the 2014-2015 academic year when we are confident that Academica can support all of our campus needs.

Here’s a preview of what the interface looks like, showing only the links part:

Academica Links Section

Maybe our students aren’t so savvy after all

And maybe we aren’t either.

An article in this week’s Chronicle suggests that we’re on shaky grounds if we assume our students know tons about how the Internet works and what that means for their (and our) future.

A couple of faculty  at Northwestern (Eszter Hargittai and Brayden King) teach a course called ‘Managing your Online Reputation’, where they encourage students to find out what the Internet knows about them and think about what it’s advertising to the world.

Their idea is that students should be encouraged not only not to post videos of stupid things they might have done, but also to think about posting (tweeting, instagramming, tumblr-ing) positive views about their skills, attainments, knowledge and capabilities in a way that the usual searches will turn up not only nothing bad, but rather some good stuff.

The course was based partly on research by one of the faculty (Hargittai) that showed that, contrary to what many of us believe, many students today know less about online life than most of us. For example,

about one-third of the survey respondents could not identify the correct description of the ‘bcc’ email function. More than one-quarter said they had not adjusted the privacy settings or content of social-media profiles for job-seeking purposes.

My experience has been that I have a few students who are really tech-savvy, a few who have no idea what they are doing, and the rest somewhere in between. And, of course,  being tech savvy is a moving target. I’ve been doing email since 1990, so I certainly understand how that works. But I only joined Instagram about a month ago, and Tumblr  a few weeks earlier than that, mostly to follow a nephew who’s traveling around the world and documenting it on Tumblr.

On the third hand, I actually understand what the Heartbleed vulnerability is exploiting (and I even understand what that last sentence means…).

Anyway, some food for thought.

And, for a contrary view, try this. And for an even more contrary view on brand-building, there’s this.

 

Attend a Live Webinar This Thursday on Internet Privacy

Speaker: Robert Ellis Smith, privacy expert and publisher of Privacy Journal

Date: January 30, 2014

Time: 1-2 p.m. ET

Location: TRC located in the Purdy/Kresge Library

Join me as I host a a free, hour-long nationally broadcast webinar, “Location, Location, Location.” Two contradictory federal court decisions in 1979 and in December 2013 focus on whether the National Security Agency’s massive data collection program is constitutional. The NSA argues that their actions are legal because they do not probe into the content of phone calls, only the digits dialed to and from a phone. A 1979 U.S. Supreme Court opinion held that collecting data on dialed phone numbers, but not acquiring the content of the calls does not require a prior court order.

Today that decision does not make sense. The extent to which many people rely on their phones means dialing information establishes patterns of personal relationships and can reveal private interests, needs, and even our locations. This information can include employment or credit information, and can be far more sensitive than our commonly disclosed medical and financial records. It has the potential to be every bit as revealing and damaging as the content of our conversations.

Everyone who is exposed to this new technology must recognize this new reality. The principles of fair information practice do not fit this important change in sensitivity. And, of course, the new reality may change again in an instant. This is an example of how learning the historical development of privacy concerns helps us focus our efforts on what is most important today, not on concerns of the last century.

Light refreshments will be provided.

If there is sufficient interest a discussion will follow, or a further local forum will be arranged.

Bruce Schneier says 1984 is already here

Bruce Schneier is a well-known security guru. He started out as a specialist in computer-based encryption, wrote a book for non-computer scientists about how public-key encryption worked, then became interested in the whole notion of security, both computer-based and physical, and finally, has just published a book on how society manages bad actors–in fact, how it defines them in the first place. I’ve met him a few times (he gave a talk here a few years ago) and I’m going to write a review of his latest book here in a few weeks.

But last week he had a scary article (CNN website) about how we’re already living in the surveillance state depicted in Orwell’s 1984  that I think everyone should read, so I’m (kinda) retweeting it

here

As always, any thoughts would be appreciated.

 

 

Are we doomed?

I don’t often just post somebody else’s blog, but this is radical enough, and intersects with my interests, so I thought I’d just point to it.

If you have your own comments, you might add them below.

HASTAC Website

It’s Not Just Facebook! What Every College Student Should Know About Online Privacy

The title says it all. This is another in the series of webinars on how to protect your privacy in our online world. Three online privacy experts, Merri Beth Lavagnino, Chief Privacy Officer & Compliance Officer, Indiana University, Jane Rosenthal, Director, Privacy Office, University of Kansas, and Kent Wada, Chief Privacy Officer & Director, Strategic IT Policy, UCLA will talk about how to protect your online life and reputation.

The date is January 30, the place is the Purdy/Kresge Auditorium, the time is 1 PM, for an hour, and no registration is needed–just come in and sit down. And, although this is directed towards students, most of us have online lives. I know I’ll be there.

Some musings on email privacy (yours and mine)

In the fallout from the Petraeus incident there has been much discussion about the privacy of email, and for good reason.

I will assume that everyone knows that CIA Director David Petraeus resigned recently because he was found to be having an affair with his biographer Paula Broadwell. This became ‘known’ in a complex way. A second woman (or third, if you count Petraeus’ wife), Jill Kelley, received some rude anonymous email messages and asked an FBI agent friend (we can presume ‘friend’–he had sent her shirtless pictures of himself) to investigate. Despite the fact that sending weird emails is not a federal crime, the FBI obtained subpoenas for IP logs (i.e. logs identifying which computer address(es) had sent the messages). These turned out to be the same computers that Paula Broadwell had used at various times (and they could then subpoena hotel IP records, WiFi network records and so on).

Note that the FBI obtained all these records without a warrant (and therefore without showing ‘probable cause’ that a crime had been committed). Having shown that Broadwell’s email account contents were ‘relevant’ to their investigation they then subpoenaed, and received access to her Gmail accounts. And within those accounts they found tons of correspondence between her and Petraeus. Interestingly, Broadwell and Petraeus used an old spy’s trick to correspond–they shared an account, and stored the messages as ‘drafts’, thus never sending the actual messages from one account to another. Unfortunately for their romance, you don’t need to send an email message to leave a trail–all you have to do is connect to an email system.

As Julian Sanchez has pointed out, ‘the demand for access to Broadwell’s emails was just one of 6,321 requests for user data—covering 16,281 user accounts—fielded by Google alone in the past six months’.
Aside from the titillating details, why should we care about this? It’s very simple–at least potentially, nothing you put in an email is private. The Feds can look at it whenever they want, and they don’t need a search warrant. Of course, there’s no specific reason to be worried that they will look at your email, especially if you have done nothing to attract their attention.

And, of course, attracting the FBI (or TSA’s) attention is quite unrelated to whether you have done anything wrong (witness screaming toddlers being groped by TSA agents and the FBI’s legendary attempts to blackmail Martin Luther King Jr.)  And, all jokes aside, I myself spent about six months on the TSA’s ‘selectee’ list in 2004-5, which meant that I couldn’t fly without an extensive interview at the gate every time I flew. To the best of my knowledge I have not consorted with bad guys, nor is my name similar to that of someone who is. So I don’t accept the ‘if you have nothing to hide, you have nothing to worry about’ as an answer.

Most of us believe our ‘persons, houses, papers and effects’ are protected against ‘unreasonable search and seizure’ (it’s called the 4th Amendment). However, in a bizarre reinterpretation of that statement, the Electronic Communications Privacy Act (passed in 1986, right at the beginning of widespread use of email) states that email messages stored on servers for more than 180 days are considered to be ‘abandoned’, and hence no judicial review is required for law enforcement to request it’ [1]. This was because in the eighties email was always downloaded to your computer, unlike the current cloud-based email systems (such as Gmail, Wayne Connect and Microsoft’s Live Mail), where many of us keep years of correspondence online. Clearly the ECPA is grossly out of date, and there have been movements in congress to update it. However, law enforcement, never an interest group to give itself more obstacles, has been lobbying heavily to make retrieval of stored email even easier for an alphabet soup of government agencies. As this is written there are conflicting reports[2] on whether Sen. Patrick Leahy is trying to prevent this or to encourage it in a new bill being discussed in the lame-duck congress.

Notes:

[1] http://en.wikipedia.org/wiki/Electronic_Communications_Privacy_Act

[2] http://news.cnet.com/8301-13578_3-57552687-38/leahy-scuttles-his-warrantless-e-mail-surveillance-bill/ (Declan McCullagh)

Additional references:

http://www.nytimes.com/2012/11/14/us/david-petraeus-case-raises-concerns-about-americans-privacy.html (New York Times coverage)
http://www.sfgate.com/news/article/Privacy-law-can-t-keep-up-with-digital-age-4047236.php
http://www.thenewamerican.com/usnews/politics/item/13710-sen-leahy-drops-controversial-warrantless-e-mail-surveillance-bill