The Boucher Bill

Issues of behavioral advertising and online collection of personally identifiable information have been major issues of late. I previously blogged about behavioral advertising and the different ways online advertisers can track you as you move around the internet. But behavioral advertisers aren’t the only source of concern.

Large social networking sites have access to a bewildering amount of personally identifiable and potentially very private data. Sure they have privacy policies in which they claim to respect your privacy but most of the policies also state that the company can change their privacy policy at any time and the new policy immediately applies to all exiting data they have on you. The EFF recently posted a nice time lapse of Facebook’s privacy policy changes from 2005 to 2010 and the New York times recently showed that the current Facebook privacy policy is longer than the US Constitution.   Amongst its many clauses is the fact that other websites are automatically given access to your data when you use Facebook Connect, developers can infinitely store your data, and any applications your friends use have the right to access and store your data too.

The Boucher Bill is an attempt by law makers to force organizations who collect data online and off to provide informed consent to their consumers. The information law group has an excellent breakdown of the Boucher Bill which is definitely worth a read.

Some major points from the bill:

  • Organizations need to provide privacy policies but they can assume that users who use the service have implicitly consented to the policy (opt-out).
  • The bill requires companies to have users opt-in to major privacy policy changes.
  • Express affirmative consent (opt-in) must be obtained before personal data can be sold to other organizations.
  • Organizations can share personally identifiable information with parents and affiliates without notifying users provided the information is not used for marketing purposes.
  • Organizations must provide the policy and get express consent (opt-in) from customers before collecting any sensitive information such as medial information.
  • Consumers must opt-in to any sharing of location information.
  • Organizations cannot collect information about consumer’s browsing across site behavior unless they obtain express consent from the consumer before collecting information (0pt-in).
  • Organizations collecting information from less than 5,000 people per year are exempt.

Update: The CDT has a set of comments on the Boucher Bill.

Architecture Is Policy: The Legal and Social Impact of Technical Design Decisions

Over on the CUPS blog I wrote up a summery of the EFF board panel on the legal and social impact of technical design decisions.

Abstract:

Technology design can maximize or decimate our basic rights to free speech, privacy, property ownership, and creative thought.  Board members of the Electronic Frontier Foundation (EFF) discuss some good and bad design decisions through the years and the societal impact of those decisions.

Value of “who is stalking me” functionality

The Register has an interesting story today on a Facebook app which claims to offer the ability to see who is looking at your profile information but really is just a spam application. The claim is of course bogus as Facebook doesn’t give any application information about who has viewed your profile. Instead the application posts all over your wall and sends out spam messages with the goal of getting ad revenue from people visiting the site and adding the application.

What is interesting about this is that people are intrigued enough by an app that offers feedback on who has viewed their profile that they are continuously falling for the scam. In fact there are at least 25 different versions of this application on Facebook.

Behavioral Advertising

Behavioral advertising is used by groups, such as online advertisers, to track users as they move around the internet. This method allows third parties to infer and learn significant amounts of information about users and their browsing habits. Members of my research lab, CUPS, have studied how users perceive the issues surrounding behavioral advertising.

Researchers in the Computer Science Department at Worcester Polytechnic Institute are interested in educating users about what information your browser shares with web pages it visits. They setup a web page called What They Know where users can go to see what information they are broadcasting. Users visitors can also see the trends from past visitors.

Update: EFF has a site you can visit which shows the identifiable information your browser broadcasts to every site you visit.

Update: What They Know has published a report of their findings.