And so another 'digital age' comedy
begins, with every country that enjoys tweeking the US adding their
two cents to the story.
Hong
Kong lets Snowden leave to Moscow, with Cuba among possible
destinations
Edward
Snowden left for Moscow on Sunday and his final destination may be
Cuba,
Ecuador, Iceland or Venezuela, according to various reports. The
move is bound to infuriate Washington, wherever he ends up.
Another perspective.
The
Surveillance-Marketing Complex, Coming Soon to a Computer Near You
… As James Risen and Nick Wingfield
reported yesterday in the New York Times, the interests of
tech companies and the NSA have been converging over the past decade
in two ways. The first way is fairly prosaic: Lots of Silicon Valley
companies are in the business of selling stuff to the NSA: storage
hardware, sophisticated communications equipment, data analytics
software, and more.
… But there's a second way that the
interests of Fort Meade and Santa Clara County have converged: These
days, they're fundamentally in the same business. The NSA calls it
surveillance, and all the rest of us just call it spying. Silicon
Valley, conversely, wouldn't be caught dead calling it that. They
call it "targeted advertising" or "monetizing the
social network." But it's pretty much the same thing.
Welcome to the “World Wide Web,”
where exceptions are the rule!
Google
News in Germany asks publishers to opt-in for indexing, sidesteps
copyright fees
Despite its "Defend
Your Net" campaign last year, Google was unable to fully put
the brakes on changes to German copyright law that may mean it has to
pay
up for news excerpts it indexes. As a result, the company
announced that unlike the other 60 countries where Google News
operates by relying on sources to opt out of inclusion by request,
robots.txt file or meta tags, it's requiring German publishers to
opt-in. According to Google, it's pushing six billion visits per
month to publishers worldwide as a free service, not something it
should have to pay for. As TechCrunch points out, the issue
comes as a result of the new German law that allows search engines to
continue to publish snippets of news without paying, but isn't clear
about just how much information that can include.
Interesting for a discussion starter,
but totally impractical as a regulation.
Joseph J. Lazzarotti writes:
Most breach
notification mandates require a notice be provided without
unreasonable delay. In some cases, such as under HIPAA, the same
standard applies but also with an outside date to provide the notice
– 60 days. Proposed
regulations under the Affordable Care Act would require
notification to the Department of Health and Human Services in one
hour!
In §155.280(c)(3)
we propose that [Federally-facilitated Exchanges or FFEs],
non-Exchange entities associated with FFEs, and State Exchanges
must report all privacy and security incidents and breaches to HHS
within one hour of discovering the incident or breach. We also
propose that a non-Exchange entity associated with a State
Exchange must report all privacy and security incidents and
breaches to the State Exchange with which they are associated.
Read more on Lexology.
Perhaps something for my next
Statistics class?
What do consumers expect in the way of
data security and privacy protections when they sign up for a premium
subscription service?
I was reading up on the class action
lawsuit against LinkedIn following their breach last year, and
discovered that the plaintiff had
retained Serge Egelman, who conducted
two new surveys in April on this question. His survey
methodology and results were submitted to the court as exhibits, and
I’ve uploaded the whole filing here
(Exhibit A starts on p. 32, Exhibit A-2 with methodology begins on p.
43). In his declaration, Egelman states:
First, through a
review of the existing academic literature, I determined that
consumers incorporate data security and privacy concerns, costs, and
benefits into their purchasing and consumption decisions, and that
consumers are often willing to pay a premium for information
security.
Second, through a
survey I conducted the week of April 1, 2013, I determined that when
consumers pay for a “premium” social networking service, they
expect their information to be protected with a heightened level of
security, and that, at a bare minimum,
industry-standard security protocols will be used to guard their
information.
Third, through a
survey conducted the week of April 22, 2013, I determined that an
internet service using industry-standard security practices has
higher utility to consumers than a service with substandard security.
I also determined that when consumers are evaluating the utility of
a website or internet service, privacy and security concerns factor
heavily into that evaluation, and that consumers will choose a
website or internet service with industry-standard security practices
over an otherwise identical service with substandard security.
Reading his methodology and results, I
think his data support a conclusion that when thinking about data
security and privacy is prompted (as by the wording of survey
response alternatives), consumers will consider a business’s
security standards and expect – and be willing to pay more for –
better data security. These two surveys do not,
however, show that consumers actually consider data security at all
in making their decisions about a premium subscription service,
outside of a structured survey. Then, too, the
correlations he reports for some findings, while statistically
significant, do not actually account for much of the variance in
respondents’ answers (effect sizes were not reported, but are
easily estimated for Pearson correlations). Egelman addresses the
fact that many people do not actually read privacy policies or
security assurances in his discussion, where he notes how when
security or privacy concerns are noted by experts or the media, the
word spreads quickly and people will voice their concerns or put
pressure on businesses. He uses this to argue that had LinkedIn not
overstated their data security, their allegedly substandard security
would have been noted, discussed publicly, and would have influenced
subscribers’ decisions as to whether to pay for premium services.
I suspect he’s probably right on that.
The litigation aside, I
think it’s unfortunate that his research on consumer expectations
is first being presented as a court exhibit instead of in a privacy
or security forum where it might receive greater
discussion, and I hope this blog post serves to make others aware of
his research so we can discuss it.
No comments:
Post a Comment