Blog
We were among the lucky ones chosen to present at the 2016 We Robot Conference and for both of us, it was one of the best conferences we have ever attended. We Robot 2016 took place at the University of Miami and was hosted mainly by Professor Michael Froomkin. From the organization to the speakers: everything was amazing! We won’t address every topic discussed at the conference but we will give you a taste of the topics and point you to some interesting readings in this area. Interested parties should also check out the We Robot website and consider applying for next year’s edition, taking place on March 31 & April 1 at Yale University. More…
AI, artificial intelligence, liability, microsoft, privacy, robot law, robots
Things that caught our eye
Like all of you, our team here at theiii were devasted to hear about the passing of Bowie… However, without much ado we do not want to refrain from sharing this piece on the International Association of Privacy Professionals (IAPP)’s Website written by .
So check out “David Bowie just proved that privacy is not dead” to get the answer to our Question and read a heartwarming piece about David Bowie.
We’ll be back soon!
Data Protection, David Bowie, IAPP, privacy
Blog
Today the Court of Justice of the European Union (CJEU) invalidated Decision 2000/520 of the European Commission establishing a safe harbour for transferring personal data from the EU to the US. Furthermore, it clarified and strengthened the role of national Data Protection Authorities when such a safe harbour is issued. The judgment is explained by some highlights, and the post is concluded with the Commission’s response.
More…
Blog
The abrupt death of hitchBOT on August 1, 2015 shocked its fans. hitchBOT, the friendly hitchhiker robot, had traveled across Germany, the Netherlands, Canada and some parts of the USA. In Philadelphia, however, the robot was vandalized—a scenario he had not been programmed to deal with. And so his journey ended. More…
Blog
We would like to follow up on the activities of our Privacy Roundtable, so as to keep you in the loop. As we mentioned in January, we created the “Sankt Galler Privacy Interaction Framework” (short: SG-PIF) – an interdisciplinary approach to analyze current and future privacy issues. One phenomenon that caught our eye was email tracking. More…
Things that caught our eye
The Internet Corporation for Assigned Names and Numbers (ICANN) is considering a change in policy concerning the way in which you can register a domain name. ICANN issued a report in 2013 in which it estimated that some 39% of all domain names is registered by a legal person, 33% by a natural person and some 20 % were registered using a privacy or proxy service. It is these latter 20% of registrations using a privacy service, which shields the personal information of the registrant, that the policy change will impact.
What does a privacy proxy service do?
When registering a domain name, the details provided by the registrar are published online for all to see. Anyone who types in a domain name on any whois service, can find out who registered the domain name, and how you can directly contact them (via telephone or postal address). This was particularly handy in the beginnings of the internet, when it was mainly universities and government agencies that were using this WHOIS database to contact one another, however, it has become a headache for some small and medium businesses and individuals these days who do not wish to have their information be published.
To shield this personal information from the public, privacy services or proxy services (the Service Provider) were created, which show the information of the Privacy Service as opposed to the person behind it (the Customer).
What are the proposed changes?
The changes proposed suggest (see in particular Annex E ) that a Service Provider may be required to disclose the information matters of a possible trademark infringer or copyright infringer, if they provide evidence of such alleged infringements. If a request for disclosure (by the Requester) is brought to the Service Provider, they must then promptly notify the Customer of the complaint and disclosure request. The Customer will then have 15 calendar days to respond. If the Customer considers there to be legitimate reason(s) to object to disclosure, they have to give these reasons to the Service Provider who will communicate these to the Requester. Disclosure cannot be refused any longer ‘solely for a lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; (…) nor can refusal to disclose be solely based on the fact that the request is founded on alleged intellectual property infringement in content on a website associated with the domain name.’ The practice of requiring a court order for disclosing information the Privacy Service is protecting, is thus going to be curtailed by the proposed changes.
Public Comment – Consultation on proposed changes.
Not everyone is pleased with these proposals, and a group called ‘Save Domain Privacy’ set up a website where a petition is opened. The group plans on adding the signatures to their statement, which they’ll send in on 7 July 2015. This date is not chosen out of the blue, rather that is also the closing date for ICANN’s Public Comment on the proposal.
Domain Names, ICANN, privacy
Blog
Disclaimer: Although the issue of memory in a digital society is a very cutting-edge topic, this report can be rather confusing for anyone who hasn’t been thinking about remembering and forgetting in the digital age for as long as I have, I apologize for that. For more insight on the ideas behind this workshop and the project run by the Research Center for Information Law (FIR-HSG) at the University of St.Gallen, Switzerland please take a look at our Wiki.
Last month, I organized and attended the concluding workshop for our (my professors’ and my) project called “Remembering and Forgetting in the Digital Age“. We invited renown scholars from all over the world who in one way or the other deal with memory in the digital age and we were very happy to host guests such Urs Gasser, Viktor Mayer-Schönberger, Michael Arnold, Wesley Shumar and many more. More…
Data Protection, freedom of speech, Memory, privacy, right to be forgotten, value of data
Things that caught our eye
Max Mosley is is the former president of the Fédération Internationale de l’Automobile (FIA) and has been fighting Google for a couple of years now. He has been trying to sue Google for displaying unfortunate pictures of himself at – let’s call it – a”sex party”. According to Anya Proops, on Panopticon, the question Mosley brought to court against Google
“is an important issue for those data subjects who garner significant public attention within the online environment, as was the case with Mr Mosley. The difficulty for such individuals is that online stories or comments about them can proliferate on the internet at such a rate that they cannot practicably achieve the online amnesia they crave.”
On the other hand, public figures like Mosley will always be in the spotlight and of public interest which is why they probably should refrain from taking part in orgies or alike, just saying…
Just last year, a court in Hamburg decided that Google was no longer allowed to display these unflattering and possibly damaging (to Mosley’s reputation) photos. And last week, Mosley finally settled with Google and everyone is hoping that this is the last we hear about Mosley v Google. It is definitely not the last time we will be discussing the European “Right to be Forgotten”!
Data Protection, Forgetting, Google, privacy, Public figures, right to be forgotten
Things that caught our eye
A broad coalition of privacy advocates has sent an open letter to the Dutch Minister of Security and Justice today, asking to suspend any activity on bills that: ‘lead to tracking of citizens without any specific and concrete suspicion against them,’ until the government has developed a ‘vision’ about privacy protection of citizens in the Dutch information society. This vision should then be the subject of a public debate facilitated by the Dutch Government, so that the Dutch people may have the fundamental discussion about privacy and technological development it never had. Preferably the debate would be held not only in Parliament, but also outside of Parliament.
The current bills of which they would like to see legislative action suspended until the public debate has taken place are:
This open letter is signed by a large group of privacy researchers, interest groups and groups such as Amnesty International (Netherlands), Bits of Freedom (the Dutch equivalent of the EFF), Dutch Association of Criminal Lawyers, Dutch Association of Journalists, Privacy First Foundation and many others. There is also a website where individuals may sign the letter.
Some of the aforementioned groups were also a party to the recent interim proceedings in which the Dutch Data Retention Act was struck down, (for more on that see our earlier post, with a translation of the ruling attached).
We will update this post with the response of the Government.
Read the open letter in Dutch here.
Blog
YouNow is a website that went live in the US in 2011 and just came to Switzerland and the rest of the German-speaking world in 2014. It allows its users to broadcast themselves online via their webcam wherever they are and whenever they want. More…
cyberbullying, Data Protection, pedophilia, privacy, social media
Blog
Remember that NYC Taxi data set that allowed you to see who visited a gentlemen’s clubs and which celebrity took a taxi where? Reddit user uluman now seems to have found a way to distinguish Muslim taxi drivers from the set. More…
big data, deanonymization, open data, privacy, sensitive data
Blog
I’ve been meaning to blog about the Privacy Roundtable for a while and now with the New Year and all I’m finally getting around to it. The Privacy Roundtable is – similarly to the iii – an interdisciplinary group of PhD students (there are eight of us to be precise: Lea Aeschlimann, Rehana Harasgama, Flavius Kehr, Christoph Lutz, Veselina Milanova, Severina Müller, Pepe Strathoff & Aurelia Tamò) from the University of St.Gallen who meet more or less regularly to talk about privacy issues of our day and age.
Interdisciplinary, Law, privacy, Psychology, Sociology
Things that caught our eye
You may be familiar with Timehop, an app that draws from information on your social media accounts to remind you of your fondest memories from the past year (or at least what its algorithms think those memories may be). Now another app is out, called Memoir, which, in addition to this algorithmic curation, also allows you to label your memories, organize them and search for memories based on your current location.
The New York Times reporter summarizes the main concern around such apps much better than I would:
“This is perhaps the time to note that these apps remind us that we are putting a lot of information about ourselves out into the world. That information is easier for a third party to retrieve and organize than we might have imagined. Happy holidays!”
You can read the NYT review here.
Blog
Two weeks ago the Article 29 Working Party (WP29) issued Guidelines on the Implementation of Google Spain judgment.
Let’s have a look at how often the WP29 elaborates on the delicate balance between oblivion, erasure or forgetting and the individuals’ right to freedom of expression. More…
Data Protection, Freedom of Expression, privacy, right to be forgotten, Right to Remember
Things that caught our eye
The Guardian reported yesterday that a ‘middle-aged mum of two’ with ‘an impeccable credit record’ who preferred to remain anonymous could not book a B&B via Airbnb because her 50 Facebook friends were not enough to establish that she existed, as she states. The lack of a very abundant online presence (nearly) prevented her from making use of the Airbnb services.
Airbnb requires a verification of the booker’s identity by (1) having a photo as well as both (2) a copy of a passport or driver’s licence and (3) some some proof of her existence online either by linking a Google, LinkedIn or Google account. Verification of both ‘online’ and ‘offline’ identity. That is quite a lot of personal information. Whilst I understand that in the event anything goes wrong it would be good for the ‘host’ to know who he/she was dealing with, but still, why the need to give Airbnb this host of personal information? Airbnb responded to the article in the Guardian with the statement that the new Verified ID system has received “extremely positive feedback”.
The story has a happy ending; in the end the woman got to book via Airbnb.
Three days, three lost bookings, a spate of emails, and two calls to Casey and her colleague in Colorado later, my problem was resolved. I was “escalated” to one of Airbnb’s “verification specialists”, who allowed me to upload my (very grumpy) video directly to him, explaining who I was. Twenty-four hours after that I got my green light. Off I went, and had a wonderful weekend courtesy of my excellent host “Felix”.
Read the full article here.
airbnb, identity, privacy
Blog
Everyone is familiar with this scenario: you want to browse onto a particular website but instead a message pops up warning you that the security certificate of the site is no longer valid. What do you do now? Continue?
More…
Certificate Authorities, Digital certificates, privacy, security
Things that caught our eye
In his open letter to Google John M. Simpson, Privacy Project Director of Consumer Watchdog, is asking them to implement the EU’s “Right to be Forgotten” for US users on a voluntary basis too. His main argument why Google.com should do so, is that removals of links are not automated. Google has to strike a balance between the interests involved and seems to be doing so quite successfully, as Simpson states:
“I was heartened to see – based on Google’s own numbers – that you appear able to strike this balance in Europe and it does not appear to be an undue burden on your resources.”
Data Protection, Google, privacy, right to be forgotten
Blog
A nightmare from the Internet of Things has arrived just in time for Christmas: images from thousands of internet-connected cameras from all over the world are publicly available, online, and ready for anyone to easily view. In September, MailOnline reported about an unspecified website that allows ‘home hackers’ to spy on people through internet-connected cameras. About a week ago, Motherboard‘s Joseph Cox also reported on the website without explicitly mentioning the website’s URL in his article. However, by linking to a WHOIS-record of the website’s domain name, Cox gave away the website’s URL. are now reporting about the website and mention the website’s URL: insecam.com.
From pictures of backyards to schoolyards, detention centres to daycare centers, and even living rooms, you can watch them all on insecam.com. After browsing the website for a while, I saw many pictures of recognizable people having a coffee or working at their office. Below are some less-intrusive examples that hopefully still illustrate the magnitude of the privacy problems at issue.
Things that caught our eye
Judge Steven C. Frucci ruled this week that it does not violate the Fifth Amendment of the U.S. Constitution to compel a criminal defendant to unlock a cellphone with a fingerprint. Whereas unlocking with a pass code requires the defendant to provide personal knowledge, a fingerprint is not considered testimonial because it is biometric information similar to a DNA sample.
The move towards fingerprint secured cellphones was with the goal of providing more security to the owner. This ruling however indicates that while the advanced technology provides more security, it may not provide more privacy.
Read more at: Police can require cellphone fingerprint, not pass code.
iPhone, privacy, Technology
Things that caught our eye
The University of New Mexico’s Computer Sciences department has developed a comic book art style game to address the issue of privacy on the internet. In their research paper, the researchers introduce the game ‘Immaculacy’:
“This interactive story takes the player on a journey, through a world in which personal information is in constant jeopardy. The player is placed in the role of an eighteen-year-old girl, Sydney Carlisle.”
(…)
“Immaculacy is an interactive story that immerses the player in a slightly dystopian world littered with privacy issues. Events unfold in the narrative based on hidden scores kept during gameplay and calculated based on specific decisions made by the player. Ultimately, we hope to create an engaging environment that helps players consider the decisions they are making in their own lives. We give the player experience with many privacy issues through their explorations of a world of hyper surveillance and connectivity.”
While the target audience for the game is very broad: “[i]n general, any smartphone owner or person who uses the Internet on a regular basis can benefit from and enjoy this game”, the rating of the game could reach up to ‘Teen’. The researchers expect that this might be possible “due to the psychological nature of the game.”
The game has been submitted to the CHI Play Student Game Design Competition held last week, for other competitors have a look at the competition’s website.
The game itself also has a website: EXIT | Immaculacy: A Game of Privacy.
Image:
Children, game, privacy
