Ah, the hazards of flirting around on the internet!
Using an elaborate fake online persona, Cuban exile and activist Luis Dominguez scored an invitation to Cuba from none other than Antonio Castro (son of Fidel).
Dominguez introduced himself as “Claudia Valencia”, a beautiful Colombian woman who “met” Castro at a baseball game in Colombia (apparently there really were a lot of foxy ladies at that stadium in Cartagena). A months-long correspondence ensued, including online chats that lasted as long as six hours, ABC News reports.
Although “Claudia” usually kept her chats with Castro focused on romantic topics, Dominguez told ABC that he was able to use “Claudia” to get insight on Fidel Castro’s health, information he then shared with officials in Miami.
“On Jan. 15, in Miami, the rumors were huge that his father was dying,” Dominguez said. “That night, he spent over an hour and a half talking to me. To me, that meant that his father was alive and that proved to be correct.”
Dominguez didn’t actually gather much valuable intel, but the propaganda value of the correspondence should be considerable, at least outside of Cuba. (Inside, internet access is limited.) Dominguez has posted much of it online (in Spanish).
It’s not exactly live-tweeting the revolution in Iran, but “Claudia Valencia” is a modest example of how global electronic communications can be used to rattle sclerotic regimes.
Whenever people talk about why information matters, it’s easy to throw around abstract formulations about transparency and the free flow of information. I do it all the time. But this story from the Columbus Dispatch on how universities around the country are using a federal law on student privacy to withhold information has some great concrete examples of why disclosure is so important, and why not disclosing isn’t actually protecting anyone’s privacy
Basic background: FERPA or the Family Educational and Rights Privacy Act generally prohibits schools from disclosing students’ “education records” without written permission from the student (if 18 and older) or the student’s parent. But interpretations of FERPA vary widely from school to school.
The Columbus Dispatch discovered that many schools cite FERPA as a reason to withhold documents that arguably don’t fit into the definition of an “education record.” In response to the Dispatch’s requests, FERPA was cited as a reason not to disclose reports of NCAA violations, lists of people designated to receive athletes’ complimentary admission to football games, and football players’ summer employment documents. Without such records, it is “virtually impossible to decipher what is going on inside a $5 billion college-sports world that is funded by fans, donors, alumni, television networks and, at most schools, taxpayers.”
The article didn’t just ask you to be shocked and horrified on principle that the university was keeping secrets. It told you exactly who is being hurt and in what ways:
1. Other students and the public. In addition to potential misuse of taxpayer funds, “some universities are covering up criminal behavior in the name of student privacy.”
2. The athletes themselves.
When news that a quarterback at OSU had accepted $500 from a booster went public, the Columbus lawyer and Ohio State fan was “swamped with e-mails from current or former collegiate athletes across the country.”
“They all were saying thank you, that it was out of hand at their school, too,” Webster said.
Before giving money to Smith, booster Robert Q. Baker had tripped up at least two other Ohio State football players. But those problems didn’t become public until after the Smith incident.
If not for Webster’s intervention, it’s impossible to know how many other players might have been approached by Baker, now banned by Ohio State from his luxury suite at Ohio Stadium. Baker was not banned until after public disclosure of the facts.
And ultimately, the universities are hurting
3. The schools themselves and their athletic programs.
All of those schools deleted names and many details of such violations from public records.
Those violations resulted in financial losses, damaged reputations and, in some cases, forfeiture of athletic victories.
The Final Four banners were removed from Ohio State’s Value City Arena because of NCAA rule-breaking. That violation involved former men’s basketball coach Jim O’Brien’s gift of money to a potential recruit and illegal benefits and academic help given to another player. Those violations cost the school more than $1.3 million in legal fees and NCAA penalties.
Florida State currently is spending about $200,000 to appeal one sanction of its numerous NCAA penalties in the cheating scandal. It is trying to preserve football victories so that Bobby Bowden might retire as the winningest football coach in college history.
The story illustrates a difficult but really important truth about information and disclosure. In the end, we’re all better off when we have more information, even those of us who think we have something to lose. This might not be true all the time, but it’s true most of the time. People who think they’re protecting their own interests by withholding information are often taking a rather dim, short-term view of their situation. And certainly, “privacy” isn’t what gets protected in the end.
PayPal is following the personal information trail you’re leaving online to verify that you’re a real person, even before you sign up for a PayPal account.
It reminds me of something my friend Sharon said when she bought a house last year. She Googled her new neighbors, and when she found nothing about them online, she started to wonder if they were spies, or maybe in the Witness Protection Program.
We’re all freaked out when we type our own names into 123people or pipl and find our home addresses staring back at us. But it’s sort of gratifying to know that all that information out there is also authenticating us, and conversely, helping to detect potential fraud. Would Clark Rockefeller, otherwise known as Christian Karl Gerhartsreiter, have been as successful conning people all these years if his ex-wife had Googled him in 1995?
When we started this survey of privacy policies, our goal was simple: find out what these policies actually say. But our larger goal was to place the promises companies made about users’ privacy in a larger context—how do these companies view data? Do they see it as something that wholly belongs to them? Because ultimately, their attitude towards this data very much shapes their attitude towards user privacy.
In the last couple of years, we’ve seen an unprecedented amount of online data collection that’s happened largely surreptitiously. We can’t say that we, as users, haven’t gotten something in return. The “free” services on the internet have been paid for with our personal information. But the way the information has been collected has prevented us negotiating with the benefit of full information. In other words, we haven’t gotten a good deal. The data we’ve provided is so valuable, we should have struck a harder bargain.
And I think more and more people are starting to feel that way. Even though most only feel a vague discomfort at this point, it’s unlikely that companies like RealAge will be able to continue what they’ve been doing.
For us at CDP, the fear is that we’ll throw the baby out with the bathwater. We don’t want to shut down data collection altogether—we just want companies to stop thinking of our data as their data and their data alone. We want to be able to share in the incredible value that this data has, so that we as a society can all benefit from the data collection and analysis capabilities we’ve developed. Of course, that’s only possible with stronger privacy protections than are available now, which is why privacy is such an important issue for us to understand.
So what would it look like for us to “share” in the value of data? It might sound crazy that companies collecting all this data would ever share data with their users, but it’s already happening.
Google, as a company that believes it’s in the business of information rather than advertising, does make some sincere efforts to provide data to the public. Google Trends may be intended for advertisers, but it also provides the whole world with information on what people are searching for. Google Flu Trends is a natural outgrowth of that, and some researchers believe this data can be helpful in determining where flu outbreaks are going to occur faster than reporting by clinics.
Some companies, like eBay and Amazon, have built their data collection into the service they provide to their customers. Some of the information they collect on transactions and ratings can be viewed by all users. Anyone looking to bid on an item on eBay can see how other buyers have rated that seller. A user of Amazon looking to buy a new digital camera can view what other buyers considered.
Although Wikipedia is a bit different as a nonprofit, the service it provides also actively incorporates public disclosure of the data collected. The contributions of any one editor can be seen in aggregate and aggregate stats on website activity are also available to the general public. This information is important in the self-policing that is essential for Wikipedia to maintain any credibility.
Although the amount of data these companies are sharing with their users and the public is miniscule compared to the amount of data they’ve actually collected from us, it raises the possibility that data collection could happen in a completely different way than it does now. Companies could make more obvious that data collection is happening, and instead of scaring users away, give users some reason to participate in the collection of data. The whole process could be one in which users are openly engaged, rather than one in which users feel hoodwinked.
So this is our goal at CDP: what do we need to do in terms of privacy protection, both in terms of technologies and social norms, to make this model of data collection possible?
It’s bad enough that most of the “choices” we have in privacy today are either, “Accept our terms or don’t use the service.” But then the terms can change at any time?
Nearly every privacy policy I looked at had some variation on these words: “Please note that this Privacy Policy may change from time to time.” If the changes are “material,” which is a legal phrase meaning “actually affects your rights,” then all data that’s collected under the prior terms will remain subject to those terms. Data that’s collected after the change, though, will be subject to the new terms, and the onus is put on the user to check back and see if the terms have changed.
Most companies, like Google, Yahoo, and Microsoft, promise to make an effort to let you know that material changes have been made, by contacting you or posting the changes prominently. Some, like New York Times Digital and Facebook, promise that material changes won’t go into effect for six months, giving their users some time to find out.
Recently, Facebook decided to test out the right they had reserved to change the terms of use. Facebook wanted to amend the terms of its license to the content provided by Facebook members. Although it wasn’t actually a term in the privacy policy, it implicated users’ privacy rights as it involved personal content they had uploaded to Facebook. Facebook claimed that its new terms of use didn’t materially change users’ rights but merely clarified what was already happening with data. For example, if user A decides to send a message to user B, and then A deletes her account, the message A sent to B will not be deleted from B’s account. The information is no longer belongs only to user A.
However, Facebook’s unilateral attempt to change the terms of use provoked such uproar that the changes were withdrawn. Instead, two new documents were created, Facebook Principles and Statement of Rights and Responsibilties, and users were given the option to discuss and vote on these documents before they go into effect. Ultimately, the new versions were approved by vote of Facebook members.
Facebook is certainly not a model of privacy protection, but this incident is illuminating. Legally, Facebook could change its terms without its members’ approval. But practically, it couldn’t. There’s been some debate over whether angry users understood the changes and what they meant, but that’s almost irrelevant. Facebook couldn’t simply dictate the terms of its relationship with its users any more, given that its greatest asset is the content created by its users.
It may seem counterintuitive, but it’s not surprising that some of the most visible and effective consumer efforts to change how a company uses personal information have stemmed from an online service based on voluntary sharing. The more people are given opportunities to participate in how information is shared, the better people can understand what it means for a company to share their information and the more likely they are to feel empowered to shape what happens to their information. Facebook can’t offer the service that it does without the content generated by its users. But as it’s begun to realize, its users then have to be a part of decisions about the way that content is used.
We all know privacy policies are frustrating, inadequate, and difficult to understand. So it’s good to remember that all our privacy battles don’t have to be fought on their terms.
Real Privacy. More Data.
"Real Privacy" means
