Tag Archives: privacy

Rule 41 and Digital Privacy Rights

Photo of wooden gavel on a black computer keyboard.Proposed changes to Rule 41 of the Federal Rules of Criminal Procedure would allow a judge to authorize a search and seizure outside of their jurisdiction. For example, a Massachusetts judge could authorize a search in Alaska or even in a foreign country. This would mainly apply to government electronic hacking efforts into computers and computer networks. The changes have been approved by the Supreme Court and will go into effect on December 1 unless challenged by Congress.

I believe this is a slippery slope that threatens the Fourth Amendment protections against unreasonable searches and seizures. What are the implications of this possible erosion of privacy on our own computers and networks?

The Fourth Amendment

The Fourth Amendment was added as part of the bill of rights in 1791 and deals with the search of homes and private property without a properly executed search warrant. It stems from the almost unlimited powers granted to British tax collectors to search homes and property for contraband that wasn’t being returned to King George in the form of taxes. Those who drafted the Fourth Amendment could not foresee 21st century technologies and interconnected systems. At issue now is whether a warrant can be issued remotely and whether one warrant can be issued for hundreds or even thousands of systems through surveillance and hacking.

No Expectation of Privacy

Senior U.S. District Judge Henry Coke Morgan Jr. recently ruled, “people should have no expectation of privacy on their home PCs because no connected computer ‘is immune from invasion.’” This is a ruling associated with a case of government takeover and surveillance of a site on the dark web for the purpose of collecting networking information of visitors. One warrant was issued for many searches, including those outside of the United States. The judge in this case argued that even that one warrant was not necessary because the defendants were engaged in illegal activity and took measures to hide those activities behind the anonymity of the dark web.

Digital Rights

Advocates such as the Electronic Frontier Foundation are challenging this ruling and filed an amicus brief in this case, but to no avail. My main question is how much privacy should we expect on our personal systems and in our transactions on the web? This case maintains that because there are so many hacking attempts we should have no expectation of privacy, even from our government. This seems like a spurious argument at best. I have written before about the notion of geographical boundaries and how those boundaries are disappearing as we engage in more electronic transactions. This case and the proposed changes to Rule 41 only accelerate the dissolution of boundaries.

Thoughts

My aim is to make you aware of the activities and rulings that could affect your right to privacy, particularly digital privacy. Is there cause for concern? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Customer Data: The New Capital

Fingerprint weighted against a dollar sign.Sports Authority, a retail chain of sporting goods stores, recently filed for bankruptcy and sold off all of their assets. One of the highest bids was for their name, e-commerce site and customer data, bought by rival Dick’s Sporting Goods for $15 million. In contrast, a package of several store leases went for only $8 million and naming rights to Sports Authority Field, also known as Mile High Stadium, home of the Denver Broncos, is still on the auction block. It appears that customer information is the new desired capital, but what does that say about our privacy and the use of our personal information? Is it truly for sale to the highest bidder? Did we actually agree to that?

Privacy Policies

The Sports Authority privacy policy states, “We may transfer your personal information in the event of a corporate sale, merger, acquisition, dissolution or similar event.” Information collected and stored at the Sports Authority website includes full name, street address, e-mail address, telephone number, credit card number, and credit card expiration date. This is not unique to Sports Authority; other online retailers collect the same information and include a similar caveat in their privacy policies. It is up to the consumer to read and understand that clause and decide whether it is worth the risk.

Relationships

When signing up for rewards programs I agree to hand over my personal information, regardless of whether I read the privacy policy or not, but I expect our relationship to end if the company is dissolved. In the case of Sports Authority, my intended relationship was with them and not with Dick’s Sporting Goods or someone else. Is there a step in the process that lets me break off the deal should I not want to be solicited by the highest bidder?

Thoughts

With value on customer data comes responsibility to customers who have disclosed their information and expect at least a minimum of privacy and discretion. Privacy advocates are watching these developments closely. They are concerned that the new owners will not adhere to the original privacy agreement and will use the customer information in ways not originally agreed upon.

Let me know your thoughts on buying and selling customer information. It is not a new idea. I have received solicitations from car dealers for years based on information available from the division of motor vehicles. What is new is how easy it is to collect, buy, and sell this information and the amount of associated customer information collected, which can be put up for sale to the highest bidder.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Brexit and the Technology Industry

Puzzle with the national flag of great Britain and European Union on a world map background.The recent decision by Britain to exit the European Union (Brexit) has people asking a lot of questions. Some analysts are pondering British technology regulations and the state of the technology industry post European Union. There are surprising implications that perhaps have not been considered but probably would not have made a difference in the vote.

Silicon Roundabout

An area in East London has been dubbed Silicon Roundabout for the concentration of high-tech firms, particularly start-ups. In a 2013 Guardian article, director of Twilio Europe James Parton cites reasons for locating a hub in London, “…London was a natural choice for our first office outside of the U.S. Language, accessibility to rest of Europe, a vibrant start-up ecosystem, the financial market, talent and flexible business conditions were all contributing factors.” Other areas of Britain have attracted high-tech heavyweights and start-ups alike.

With Brexit, some of those desirable qualities could disappear. Accessibility to the single EU market is in jeopardy, which could result in less than favorable trade arrangements and higher tariffs for companies operating in an independent Britain. A recent BBC article suggests that Berlin, for example, will actively court those tech start-ups and venture capitalists that have been pouring money into Britain. In making her pitch, Cordelia Yzer, Berlin Senator for Commerce and Technology, said, “They are welcome, their talent is more than welcome. It’s a great place to live and we also speak English. Berlin is a place where their dreams can come true.”

High Finance

Another potential issue for tech firms in Britain is access to capital. Start-ups in particular, but all tech firms in general, are capital-intensive operations mainly used for talent and equipment. A recent Reuters article reports that Standard and Poors and Fitch Rating recently dropped their credit rating for the country. This could make it harder or more expensive for companies to borrow capital for expansion or for a start-up. These companies could consider other EU centers such as Berlin or Paris, where funds are less expensive.

Data Privacy

The EU and the U.S. are working on the latest changes to their data privacy agreement. The EU has some of the toughest privacy laws in the world with Germany and France leading the charge in areas such as “the right to be forgotten,” which require companies such as Google to erase all internet history of an individual upon their request. Britain has pushed for less stringent regulations but it remains to be seen whether they will still abide by the EU-U.S. data privacy agreement. That brings up the question of whether data flowing through Britain will still adhere to those standards, or will it be less secure?

Thoughts

The exit is still being planned, though EU countries are pushing to get it done sooner rather than later. With the separation come questions for high-tech companies and consumers. These will be sorted out over time and I will be watching the developments with interest. Can you think of any tech benefits or drawbacks to a post-EU Britain? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Implementing Privacy Policy Across Borders

Image of a padlock surrounded by gold stars on a blue field.Digital privacy and security often go hand in hand and the two will continue to be center stage in terms of information management in 2016. As we continue to work through the freedoms and accessibility that come with our connected world, we need to take a broader view than just our community and country. How will digital policy in other parts of the world affect the way we conduct business and how we protect our digital identity? An article this week about emerging policy in the European Union (EU) helped me understand the implications for my own digital persona.

Secondary Use

The EU has developed privacy and data protection reforms that could be enacted within two years. According to the new legislation, a European citizen’s information cannot be used for a secondary purpose without their consent. For example, if I agree to reveal my current location to use Google Maps or to find the nearest Olive Garden, that piece of information cannot also be used to target me for a local gym membership advertisement. Anyone intending to sell personal data would need to know the potential buyers ahead of time and must get permission from all individuals whose data may be sold. Because it will be difficult to limit this to EU citizens it could become wide-ranging. This also has implications for anyone doing data mining and analytics to create and sell information or profiles.

Profiling

Personal profiling is also covered in this recently passed legislation. While not prohibited, it places the burden on the profiler to reveal the information collected and algorithms used to create the portrait. If I eat out every Tuesday night, shop for groceries every Thursday night, and have recently searched online for chef schools, someone could conclude that I am tired of restaurant food and could target me with an ad for a local kitchen store. Before that happens however, I have the right to know just how that data mined profile is created, according to the new legislation. While this helps me as a consumer, as an IT professional I have to be careful conducting any data mining or analytics and now have to be transparent in my work and intent.

In The Cloud

While I applaud the EU for its sweeping reforms I think they will be difficult to enact and enforce. Here is the dilemma for me: how do I reconcile geographical boundaries with cloud boundaries, which by definition are ethereal? For example, as an EU citizen, the data collected about me could be housed on cloud servers in Frankfurt or Mumbai or Buenos Aires or Atlanta. Do the laws refer to me as a citizen living within the European geographical boundaries? Or do they refer to the location of my data? What if I am a German resident but my data is housed and mined outside of the EU? What then?

Thoughts

The European legislation is still at least two years away from being enacted. In that time we need to broaden our thinking beyond government boundaries and create worldwide policies regarding security and privacy. It would be difficult to specifically mark all data belonging to citizens of a particular country, but it would be easier to apply the same standard for users worldwide. It will take a concerted effort to think beyond controlled boundaries and work together to consider what is best for all digital citizens. Do you think we will ever be able to agree on global digital policies? Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

The Double Edged Sword of Information Availability

Photo of man using a smart phone in front of a computer.I recently came across the Harvard Genome Project. For the project, a team of Harvard researchers are collecting personal genome information to share with researchers who hope to create breakthroughs in disease eradication and prevention. It struck me that with our ability to share information and make it available to different groups, either intentionally or unintentionally, we have created a double-edged sword. On the one hand, with technology we have greatly expanded research opportunities and created the infrastructure to track down long lost relatives. On the other hand, our privacy may be jeopardized if that research information falls into the wrong hands or if a long lost relative prefers to stay lost. Is the genie out of the bottle, or are we still in control of the exabytes of information in the cloud, some of it personal?

Research for a Brighter Tomorrow

The Internet that we know today was born as the ARPANET under a contract to the United States Advanced Research Projects Agency. Its original intent was to connect research facilities to share information. In December 1969, Stanford University, University of California Santa Barbara, University of California Los Angeles, and the University of Utah were connected to collaborate and advance research. By 1971, several other prominent universities, private research firms, and government agencies had joined ARPANET, extending the geographical reach well beyond the southwestern U.S. The original Internet was intended to further scientific research, not to share cat videos. In that vein, the Harvard project exemplifies the positive aspects of information sharing.

Technology and Democracy

Before we were all connected by technology, there was radio and television, which are “one to many” media. One broadcast, such as the nightly news or a presidential fireside chat, went out to those who chose to listen or watch. There was no way to give feedback or to refute what might be misinformation. Now people around the world can share real time information on developing stories; we no longer have to wait until the five o’clock news or place complete trust in the newscaster.

We can also take on the role of broadcaster. We can participate more deeply in the democratic process by speaking out on issues of the day and join with others to have an impact on legislation that affects our lives. Whether we live in the safety of the U.S. or in a war ravaged country, we have a voice and it can be heard, thanks to technology.

The downside is the ability to spread misinformation. It is important that we choose carefully the news sources that we trust. The Onion has made a sport of parodying trending news but their articles are sometimes quoted as facts. It is up to each one of us to distinguish truth from fiction.

The Privacy Issue

I wrote a blog in July highlighting the breach of private information submitted to the website Ashley Madison. Users expected their personal information to remain private, but hackers who broke into the site published that information. This is where I wonder if the genie is out of the bottle and any information we choose to share, be it our genome data, private photos, our current location, or politically sensitive information, should be considered potentially public. Would we conduct ourselves online differently if we expected our information to go public? Would we be more careful?

Thoughts

Technology advances have allowed us to share research, information, product reviews, political news, or even to find each other. I believe though that with this new power and connectivity comes responsibility that we sometimes take lightly. We need to approach this new world with eyes wide open. Let me know your thoughts.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Technology Trends in Law Enforcement

Photo of a police officer typing on a laptop computer.There have been a lot of technology updates in law enforcement just in the last five years. Some things such as body cameras are controversial due to privacy issues; others such as Tasers are controversial due to the potential for misuse, but can save lives when used instead of a gun to subdue a suspect. This week I will highlight a few of the newest technologies that are used on the beat and in the back room.

Body Cameras

First there were car mounted cameras, and now more officers are being outfitted with body cameras. The theory is that officers will use greater discretion in their interaction with the public if they know that their actions are recorded, and ideally the public will behave better as well. Granted, they only work if they are turned on and that is still up to the wearer, but there are also back end technology issues to deal with. The Los Angeles Police Department has approximately 9,000 officers, so if each officer recorded on average one hour a day, that would be 9,000 hours of video each day that need to be stored and catalogued. Where is that kept? On a local server or in the cloud? Who is going to extract the exact footage when questions arise? Are the videos tagged such that a query can be run to compare best practices or patterns of abuse? The initial cost of the camera is only the beginning; there are many other considerations.

Tasers

Electronic control devices used by officers today hearken back to the cattle prod, which was invented in the late 1800s. Officers actually used cattle prods in the 1960s to break up unruly crowds, so the device of today is a true technological advance. The modern Taser was patented in 1974 by NASA researcher Jack Cover, for use by law enforcement. The original design used gunpowder to eject electrodes; now they use compressed air or nitrogen gas as a propulsion system. Studies show the voltage can cause cardiac arrest in some people, but the device has been used over the last forty years as an alternative to firearms. There have been concerns expressed about inappropriate use of Tasers; however, when used appropriately they can offer a non-lethal alternative to firearms.

License Plate Readers

Automatic License Plate Readers (ALPR) have been in place for close to 10 years and are installed on either police vehicles or on stationary objects such as bridges or signs. These readers take pictures of license plates at the rate of one per second on vehicles traveling up to 100 miles per hour. They commonly use infrared for night vision and the image can be compared with a database to track the movement of a vehicle. They are frequently used at toll-booths, particularly during off hours. I received a notice last year that I owed a toll for crossing the George Washington Bridge into New York and realized that it was for a vehicle registered in my name that my son was driving. When the plate image was captured, it was quickly linked to me through vehicle registration. While they are useful for such applications, there are concerns that the technology may be used to track innocent citizens. In a Wired magazine article earlier this year, the American Civil Liberties Union (ACLU) uncovered documents that show that the FBI temporarily halted purchase of these devices in 2012 due to privacy concerns. The worry is that agencies such as the FBI might use the devices, algorithms, and data analytics to track a person and even predict their future movements. This is big data analytics at work.

Social Media

Law enforcement agencies are using social media to promote a public image and to engage the public to help solve crimes and find missing persons. It is also used by agencies to track felons who are thought to be in possession of firearms or other items that put them in violation of their parole or probation. Facebook in January announced that it would include Amber Alerts in their news feed to widen the search for missing children.

Thoughts

New technologies enable law enforcement to do their job more efficiently and more effectively. They are still sorting out the privacy issues, but the same is true for GoPro cameras and drones. We need to be deliberate in drawing the line between protecting personal privacy and allowing the use of potentially invasive tools to protect the public and officers.

What are your thoughts? Are there other cool tools that I missed? Are we doing a good job of balancing the use of technology for the greater good and the right to personal privacy? Let me know.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional and assistant professor of practice for the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Tech Trends: My Predictions for 2015

Webbmedia Group recently released their 2015 trend report for disruptive technologies that will affect us in the coming year. I sometimes wish we could take a year off from new trends, but at the same time I am excited about some technologies that are taking shape and their potential impact on our lives. In this blog post I will cover just a few technology trends that I believe will soon go mainstream.

Smart Virtual Personal Assistants

Predictive technology will continue to make its way into our lives. Google, Apple, Yahoo, and other tech companies have or will be integrating predictive technologies into their products. This technology uses natural language input and processing and attempts to anticipate our next thought or move. As an example, Emu, which was acquired by Google last year, monitors text conversations and will suggest nearby movie theaters and movies based on your geolocation and recent movie views, all based on your text conversation. Another application of predictive technology is Amazon Echo, which is a new, voice-activated, cloud-connected wireless speaker that acts as a personal assistant. Alexa is the voice behind Echo; you can ask her questions, tell her to play music, have her set alarms or appointment reminders, and more. Think Siri for the home. Echo is currently available for purchase by invitation only, but will most likely be widely sold in 2015.

Privacy

With ongoing privacy concerns, look for new applications and devices that seek to protect users from hackers and government prying. Expect an increase in ultra-private phones and watch for new methods of authentication, such as private key technology, which was previously used primarily in corporate networks.

Ephemerality

Applications like Snapchat have become popular mainly due to their ephemeral nature. Your post or message is guaranteed to disappear after a period of time. Look for the same technology to appear in other sites, such as Facebook. We will soon have the ability to predetermine a lifespan for files and posts.

Heads Up Displays

Things may be quiet on the Glass front right now, but companies such as Innovega are refining their iOptik technology into sleek glasses and even into contact lenses. Cyborgs cannot be far behind. Also look for more heads up displays in automobiles that show speed or other driving parameters.

Proximity Sensing

With advanced beacon sensing, proximity sensing will become more ubiquitous. This technology allows a business or individual to broadcast messages to you when you are within range. This is a good thing when trying to find your ride after the big NFL game, but may be intrusive when walking through a large metropolitan area and being bombarded by advertisements. It will be interesting to observe the tradeoff people make between privacy, as mentioned above, and convenience.

Thoughts

There are exciting new technologies coming on the market, many of which will help make life better. Some will become intrusive, however. As I watch the evolution of technology solutions, I am always interested in that intersection. Will we be mindful enough to preserve our privacy while enjoying the convenience of predictive or assistive technology? Let me know your thoughts, and let me know what you are looking forward to next year.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

The Drone Controversy: Do Personal Drones Compromise Privacy?

I was recently asked to research personal drones. While I have been watching the development of drones for some time, I didn’t know much about the details, so this is a perfect opportunity to learn.

Definition

The term drone originally referred to the unmanned aerial vehicle (UAV) or unmanned aerial system (UAS) used by militaries to navigate war zones. Some of these were and are used for surveillance and some even carry weapons. This term often conjures up safety or privacy concerns. Personal drones, in contrast, are remote controlled vehicles typically priced under $1,000 that are small enough to be carried by one person. Personal drones often carry GoPro style cameras, but no weapons. They are commonly used for recreational filming or in industries such as farming or mining to view terrain or crops.  Unlike satellite images, drones can provide video as opposed to still images, and they can deliver those images on a cloudy day.

Availability

A new personal drone is the Iris+ by 3D Robotics, which is a quadcopter available from Amazon for $750, base price. This drone weighs 8.2 pounds and comes with a mount for a GoPro camera. Paired with a GPS enabled Android device, you can set it to provide third person viewing. Synch it with your smartphone or wearable and it will follow you on your adventure, creating the ultimate selfie. Skydiving, surfing or skiing can now be filmed as if you had your own videographer. Paired with a tablet, you can draw the flight path that you want it to take and it becomes completely autonomous. This unit has a flight time of 16-22 minutes on one battery charge.

Another popular personal drone is the DJI Phantom 2 Quadcopter. This has a flight time of 25-28 minutes and comes with a mount for a GoPro 3 camera. You can program a flight path for this device by pairing it with an iPad. This unit weighs in at 9 pounds and sells for a base price of $829.

There are also kits available for hobbyists who want to build their own drones or micro drones that fit in the palm of a hand. Personal drones are becoming more popular and more available, but are they legal?

Legality

Are personal drones legal to fly? It depends. If you live in Washington D.C., the answer is no. According to an article earlier this year in Time magazine, there is a Flight Restricted Zone for ten nautical miles surrounding Reagan International Airport. This includes even small personal drones. Yosemite National Park in California and Zion National Park in Utah have similar bans, according to the article. Outside of those areas it is legal to fly a drone, based on FAA policy, if it remains under 400 feet. If you are within three miles of an airport you must notify the tower that you will be flying your drone. There is no cohesive policy yet from the FAA, so I expect that there will be a patchwork of policies that will be put in place until an umbrella policy is enacted. In other words, we are still in the wild, wild west on this one.

Privacy

Legality is one thing, but privacy is a completely different issue. As a society, we are still struggling with issues of privacy concerning Google Earth from satellites or Google street view from roving cars. Google does a reasonable job of filtering out faces and license plates, but there have been lawsuits by people who claim they are recognizable in the images, thus breaching their privacy. Personal drones can go where satellite and car cameras cannot, so we are going to have to collectively deal with how we respect each other’s privacy now that we can fly a camera into someone’s backyard.  What are proper boundaries we can agree on? What actions need to fall under a policy or law?

Thoughts

I think this is a case where new technology has gotten out in front of policy. How we use this technology will determine how laws are shaped. Personal drones have many applications, from entertainment to farming to mining to disaster relief. I can see a personal drone or drones being used to survey damage from a natural or manmade disaster.  They could help aid organizations quickly develop relief plans and possibly even save lives.

There are a lot of positive applications for drones if only we are careful about how we use them and how we respect others’ rights. The future use or restriction of this technology is up to us. Let me know how you feel about the use of personal drones.  Are you excited or apprehensive? Do you think they represent an opportunity or a threat? Let me know.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

Pervasive Computing: Lifelogging and the Quantifiable Self

We recently shared an article on our Facebook page about a new mobile app developed to analyze and detect whether a person is stressed or even depressed. This app falls under the category of “lifelogging,” which is tracking personal activity data like exercising, sleeping, and eating. Going one step further, if you take the raw data and try to draw correlations to help you improve your life, you are entering into an area called “quantified self.” Personally, I like my life fairly unquantified, even though I am always trying to improve.

The app to detect depression was developed by a group of Dartmouth researchers, and their findings were presented at the ACM International Joint Conference on Pervasive and Ubiquitous Computing, held last month in Seattle. This is a fairly new area and one that interests me, so I went through the proceedings to see what I could learn. I think that some such apps and devices could be helpful to those willing to use the data they collect to work towards a goal, but other people might go overboard in data collection, with no plan to act on what they learn. Some of them are technologies to deal with other technologies that are already deployed.

Ongoing Research

Also at the recent ACM conference, there was a presentation titled “Promoting Interpersonal Hand-to-Hand Touch for Vibrant Workplace with Electrodermal Sensor Watch.” This uses a simple wrist-mounted thermal detection device to record high-fives and rewards the user with points for multiple touch encounters.  It is designed to encourage more touch in the workplace, which the researchers equate with higher employee satisfaction. Basically, this is the gamification of personal touch.

There was also research on methods for detecting public restrooms to automatically turn off the data-logging feature for devices such as Google Glass and other video logging systems. Apparently there are some areas of lifelogging that are still socially taboo.

Other research focused on Internet-connected, video logging home security systems and how receptive parents and teens are to them. Not surprisingly, the study found that parents liked the ability to remotely monitor their homes, while teens felt that it was an invasion of privacy for a parent to remotely monitor their movements.

We have the technology to perform pervasive computing, but I think that we will continue to struggle with the appropriateness of lifelogging, particularly when it involves others. There are issues of privacy and issues of personal space and freedom that we need to deal with as this technology becomes more prevalent.

 Thoughts

Socrates is reported to have said, “A life unexamined is not worth living.” I wonder, what is the value of a life TOO examined? It appears that technology is making that possible. Are we losing the mystery and surprise in life? Are we losing some of the spontaneity that makes life interesting when we plot and calculate and manage every twist and turn? The technology makes a hyper-examined life possible but the choice is still ours as to how or if we want to use it.

Have you used a lifelogging application or device? Did it help you, or was it more noise than value? Were you able to change your habits or behavior because of it?  Let me know. I would love to hear about your experiences.

Author Kelly BrownAbout Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.

How Much Privacy?

Eye peering through computer codeI read an article recently in the MIT Technology Review titled “Laws and Ethics Can’t Keep Pace with Technology”. It helped me to understand that laws naturally follow our actions and experiments and there can sometimes be a lag between the action and the law. As technology development cycles become shorter, I expect the lag to become greater as we wrestle with exactly what needs to be regulated and in what form. With that in mind, I started thinking about privacy and security. Specifically, what message are we sending to our lawmakers about privacy? Do our words match our actions? Are we asking for laws that we are not truly passionate about, at least in deed?

HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) was passed in 1996 in response to a need to protect health information and the need to transport patient information securely from doctor to doctor. Within the HIPAA legislation, there is a privacy rule and a security rule. According to the U.S. Health and Human Services (HHS):

The Privacy Rule establishes national standards for the protection of certain health information. The Security Rule establishes a national set of security standards for protecting certain health information that is held or transferred in electronic form.

The Security Rule operationalizes the Privacy Rule and sets standards for maintaining and transporting patient information. This is a case where a privacy need was met but it did not come to fruition until there were some lapses of security surrounding patient information. It took a strong call to action before standards were formulated and established.

Current Privacy Debate

There are some serious lapses currently in how we handle customer or personally identifiable information (PII), such as credit card and social security numbers. I am thinking of TJX and the security lapse that lasted from mid-2005 to December 2006. It is estimated that 47.5 million customer records were stolen. More recently was the Target security breach, which left customer information vulnerable to theft. Target announced that they are moving to a more secure “chip and pin” card system, but this is of little consequence to those Target customers that have already been affected. The barn door is open and the cows are out. When breaches such as this happen, we are all outraged and there is a temporary furor, but then we go back to using the same card, downloading unsecure apps and shopping at unsecure websites. Are we really angry enough to ask for laws calling for stronger protection of our personal information? What if it inconveniences us? What if we could no longer find our best friend whose smart phone is constantly broadcasting their geolocation?

The Flip Side

I believe that there is a lot of complacency and apathy today in terms of privacy and security. There are a lot of apps that gather our personal information. They can and do so because we allow and enable them. While there is a growing number of people concerned about their privacy and security, flawed applications and flawed financial cards have become a way of doing business. It is becoming difficult to find alternate paths to work in a secure world. Although flawed applications and flawed financial cards have become a way of doing business, there are a growing number of people who are concerned about their privacy and security.

Thoughts

I don’t think that new laws are necessarily the best way to generate a sense of responsibility for our own security, but we need to stand up and vote with our feet and our pocketbooks to say, “I choose to keep my personal information private, and I will only deal with others that will do the same”. Let me know your thoughts.

About Kelly BrownAuthor Kelly Brown

Kelly Brown is an IT professional, adjunct faculty for the University of Oregon, and academic director of the UO Applied Information Management Master’s Degree Program. He writes about IT and business topics that keep him up at night.