Monday, April 16, 2018

Privacy - I Told You So

I rarely say that but on this point, I will.

The Facebook issue of them not protecting data - with Zuckerberg before a congressional committee making the tortured argument that Facebook doesn't "sell" data - makes it glaringly clear that we have a problem in this country with privacy issues.

What's hilarious is that I'm sure somewhere Twitter and Google are glad for the white-hot spotlight on Facebook.  I'd venture that if you use Google gmail (as I do), their scanning of emails for useful words that advertisers like may be worse than Facebook.  (That Facebook was compiling data on people NOT on Facebook but who only got mentioned there by others is also troubling.)

I heard a very unscientific survey where they asked people if they would pay for Facebook if it meant better privacy controls.  I think it was 85% who said "no way."  Well, I'd pay.

Facebook really is a good poster child for technology with which we have a love-hate affair.  I do truly love the many ways that Facebook allows me to connect with others especially on breaking news.  But I'm not sure I believe their gathering of my data is worth it and it's something I am pondering.

One big issue?  Your data is worth money.  Why don't you get a cut of the value of your data?  Why can't we determine we will sell our data rather than give it away?  Somehow Facebook and banks and other business have decided - in their "terms and conditions" which got rough treatment during the Facebook hearings - that we have to give away nearly all our rights to our data in order to get a service.

I note that Zuckerberg had this to say to the committee on Messenger for Kids (basically Facebook for the 6-12 year olds), this via The Mercury News:

Facebook’s CEO repeated the company line defending its introduction of a messaging app for very young children: It just wants to provide a way for parents to keep in touch with their children.

“We heard feedback from thousands of parents and they want control over their communication with kids,” Zuckerberg said. “We built this service to do that. It collects a minimum amount of information.”

But Jim Steyer, president of San Francisco-based Common Sense Media, which is part of the alliance of children’s advocacy groups that in January asked Facebook to pull the plug on Messenger Kids, has his doubts.

“We have no reason to believe Facebook won’t share — or otherwise figure out how to exploit — what they collect on kids,” Steyer said this week. “This pipeline they are building of very young users is a gold mine and Facebook’s track record of changing privacy terms, allowing discriminatory ad targeting, designing products whose goal is to hook consumers, and creating platforms that prize inflammatory content over reasoned debate is not reassuring.”
Who do I believe?  Mr. Steyer over Mr. Zuckerberg. Why?  Because data is the new coin of the realm.  And when you can start collecting data about people, the earlier the better.  Say "trust us" and capture them when they are young so it is all quite normal.

From a recent article in the NY Times,
“Much like a car accident, the harms on social media are low-probablility events with extremely variable outcomes,” he said. “ ‘So what if my boss saw me doing a keg stand?’ But all of a sudden the ‘so what if’ becomes more serious — ‘I get denied insurance or my information is used by a nation state actor to manipulate me.’ ”
“A lot of geeks in the world are looking at Facebook as a redwood that’s starting to fall,” said Mr. Searls, whose given name is David and who created ProjectVRM, a program at Harvard University’s Berkman Klein Center for Internet & Society that seeks to empower internet users to protect personal privacy. “They’re saying, ‘O.K., it’s barn-raising time.’
The scandal swirling around Facebook and Cambridge Analytica has begun to usher in a new era for this once-ignored community of privacy researchers and developers. After years of largely disregarding their warnings about exactly what companies like Facebook were doing — that is, collecting enormous amounts of information on its users and making it available to third parties with little to no oversight — the general public suddenly seemed to care about what they were saying.
Neema Singh Guliani, legislative counsel at the American Civil Liberties Union, recalled the organization’s years of efforts to get Facebook to monitor how third parties were using data. Yet few paid attention at the time, even though the group specifically called out Facebook’s quizzes in 2009. (Cambridge Analytica used a third-party quiz app from an independent researcher to harvest Facebook users’ data.) 
For many developers, this is the right time to push ahead with testing more privacy solutions, including:
- more advanced advertising blockers;
- peer-to-peer browsers that decentralize the internet;
- new encryption techniques;
- and data unions that let users pool their data and sell it themselves.
Others want to treat tech giants more as information fiduciaries, which have a legal responsibility to protect user data.
From the ACLU on districts and 1-1 computers:
There is one concerning matter that many of them are not aware they should be worried about: their school spying on them while using their school-loaned laptop. 

Most Rhode Island school districts participate in “1-1” programs — in which third parties provide free laptop devices to students for the school year. While that should be a good thing, the details are a bit more complicated. We recently found out that most of the state’s participating schools give themselves the ability to remotely spy on their students through these loaned devices. 

We published our findings early this month in a report titled “High School Non-Confidential: How School-Loaned Computers May Be Peering Into Your Home.” The report found that more than 60 percent of Rhode Island school districts today participate in the 1-1 program. It also discovered that a majority of those districts allow school officials or administrators to remotely access the device — while a student is at home, without their knowledge, and without any suspicion of misconduct. We know from an outrageous Pennsylvania case, in which school administrators were found to have activated webcams to spy on students in their homes, that this obvious privacy concern is not hypothetical. 

The ACLU has written a model bill that any state can adapt to protect its students.
No child should have to trade away privacy in exchange for access to cutting-edge technology. Schools should be taking the lead in protecting their students.
One of my goals in the coming months is to finally get some clarity about student data privacy in Seattle Schools.  (Yes, Mr. Krull, I am coming - he's the head of Tech in SPS and getting a larger piece of the BEX/BTA pie all the time.  It's worth watching.)


Watching said...

As far as student privacy, I'm afraid it will be impossible to get the Jeannie back into the bottle.

Beware of the word "free".

Anonymous said...

In addition to the SPS sanctioned student accounts, I'd ask about individual school and classroom use of "free" programs that require students to create an account. Do teachers get parent approval? Does SPS have any related policies around student privacy? Does SPS even know what's going on in individual classrooms? Young students are likely to simply do what a teacher asks, unaware of any issues around maintaining privacy.

cautious parent

Jan said...

Beware -- that is exactly what FB/Google/etc. would like us to think. Oh well, this is all too complicated, and besides, they already have some data, so why bother.

Let us suppose the parent of a 2nd grader decides, now, to prohibit all further use of their child's personal data. Yes -- Big Ed will have years K through 2 -- but in 5 or 6 years, that won't be of much use to them.

We should demand that the District, our state legislators, and Congress, pass laws that robustly protect and prohibit the dissemination or use of student data. This is something where votes outweigh money -- if we could just get people to demand what Europeans already demand of their governments.

Anonymous said...

Jan- you hit the nail on the head. We ALL need some very far-reaching protections in place. Europe is way ahead of the US on this front.

I have trained my kid to disguise their identity online. However, the problem is when institutions force us to give up our data to FB/Google/etc. Such as the SPS student accounts. Or for example, the UW has just decommissioned their email system and have given everyone a choice of UW-Gmail or Microsoft Outlook. Neither of those options is good, with respect to privacy in my opinion. Now, a key point is that UW emails are public and subject to public records requests, but do we have to give all that data to Google tied up with a ribbon? Emails involving novel ideas and technology development? They have them all. Ach.


Anonymous said...

Cautious parent: In my experience, teachers have not asked my permission to sign my kid up for 3rd party accounts. I am very unhappy about it but so far I have not succeeded in getting a solution. Teachers have kind of shrugged at me and previous principal didn't reply to me. I have had other issues to prioritize since the new principal started so haven't been a squeaky wheel about the 3rd party accts yet, but it seems obvious to me that if I'm saying NO to the media release, the school should not be giving Pearson, typing practice people, math practice people, etc., my kid's name, school, and all the work he does on their site to track. How is this not a huge issue? Surely it is not legal. It also breaks all our family rules about not entering real name/location online. I have mentioned this here before and Melissa suggested I contact the board. At some point maybe I will. Will try to get a principal appt. before summer.
Elem. mom

Pragmatic Idealist said...

Facebook is indeed a very bad actor that got caught, but the current mess that the media has (finally) latched onto is only a small fraction of the problem with their business model, and they are far from the only bad actor. Google and other big online “free service” providers are all just as guilty, they’re just more careful. And while they may be happy that the spotlight is on FB for the moment, they are all very afraid of legislation that will affect the deep mining of personal data for profit. Legislation will clearly be necessary, but even that won’t be enough; people need to understand that these services do not come without a cost.

While one might argue that people are just doing this to themselves, most people don’t understand the ramifications of this data collection, not just to individuals, but to our society at large. It’s powerful, and very difficult, if not impossible to control. We had election interference here, but one could argue that other countries are in even worse shape; read about how Facebook is being used in the Philippines as a weapon to root out and even kill political dissenters.

Adults generally opt into this stuff, but in education (EduTech) children and teens are typically opted into data collection systems WITHOUT ANY CHOICE, and told by those in power that they must use these services. Children don’t feel empowered to question this, and are often actively taught to not question those in authority, such as teachers and principals. However, many of those individuals have no idea what’s happening behind the scenes when children use these services. Data is often gathered with extremely fine detail, and a ton of machine learning processing power that’s readily available to even smaller businesses now.

As one example, parents should be very wary as the Naviance system ramps up this coming school year. Naviance has signed contracts with SPS that state they will not sell student data, which sounds good on the surface, and may even be technically accurate. But what they do is sell access to students’ eyeballs while the students are using their services. That’s the same general business model that Facebook and Google use. But in this case our district will be pushing every single student to use these systems, and almost no one understands what’s happening behind the scenes, not the students, not their parents, not the counselors, not their teachers, not the principals. At the end of the day, the students’ activities and data are going to be mined and profiled, and they will be marketed to (by colleges and others), just like Facebook users are, into colleges they think your children fit, and away from colleges they think your children won't fit. This is just wrong.

Parents and students, you have the right to opt out of Naviance and the associated services. Consider it.

PI said...

Sorry, the link above got borked. Trying again.

<a href="https://www.bloomberg.com/news/features/2017-12-07/how-rodrigo-duterte-turned-facebook-into-a-weapon-with-a-little-help-from-facebook”>Facebook is being used in the Philippines as a weapon to root out and even kill political dissenters.</a>

And the raw link, just in case.