You Might be Interested In

This post, by co-op student Erin Siksay, is cross-posted from our youth blog.

I searched myself online the other day and came up with a profile I had created some years ago, complete with picture and date of birth, name, and e-mail address. So many websites require at least some personal information in order to view exclusive content or enjoy the services provided by the website, it gets difficult keeping track of all the websites I’ve signed up for. Inevitably, some end up being neglected or forgotten. Then, years later, they pop up when I’m feeling bored (and perhaps narcissistic) and searching myself online.

I had the website e-mail me my username and password so I could delete the account (and all of its revealing information) from their server so it wouldn’t appear in the search engine queue. (Luckily I’ve used the same e-mail address for many years). If you find yourself in the same situation but with an unknown or expired e-mail address, you can always write to the moderators or developers of the website and request that your profile be taken down or removed.

You may be selective with what information you put into an online profile, but with lots of profiles online it can become difficult to keep track of exactly what personal information is available on the web. One website might require a postal code, another a birthdate. Pieced together, these separate profiles can reveal a lot about the user. This combined profile can then be used for targeted marketing or even more malicious purposes.

Make sure your profile doesn’t come back to haunt you.

March is Fraud Prevention Month. Throughout the month of March, every day, the OPC will be highlighting a fraud prevention tip on Twitter. You can also learn more about identity theft here.

The combination of microblogging services like Twitter and location-aware social networking games on your mobile device like Foursquare is like the Red Bull and vodka of the internet – it’s one big party until your great-aunt’s end table is smashed.

Twitter, of course, enables its users to post short 140-character messages. Social networking games like Foursquare encourage players to post their precise location information in order to gain points – the more locations you “check in”, the more points you gain. These “check-ins” can also be automatically posted to a player’s Twitter or Facebook account.

A couple of Dutch developers have created a site called PleaseRobMe to point out the dangers of posting so much information on your whereabouts.

Don’t get us wrong, we love the whole location-aware thing. The information is very interesting and can be used to create some pretty awesome applications….  The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home. So here we are; on one end we’re leaving lights on when we’re going on a holiday, and on the other we’re telling everybody on the internet we’re not home.

The creators of PleaseRobMe point out that users could be putting others around them at risk as well. Foursquare players, for example might also be posting location information for places they frequent…like the homes of friends and family.

The site – which took developers four hours to build – is a witty little reminder to consider the possible repurcussions of what we post online.

To commemorate Data Privacy Day today, we offer up our latest Top Ten list…The Top 10 Ways Your Privacy is Threatened:

10. Surveillance cameras, swipe cards, Internet searches – as you go about your daily routine you actually leave a trail of data behind you for others to collect, merge, analyze and even sell, often without your knowledge or consent.

9. New and exciting technologies are emerging daily; but often your personal information is the cost of admission. Think about the information you have surrendered just to play online games, join virtual worlds, or even shop online.

8. Millions of people post all sorts of personal information about themselves, their family and their friends on social networking sites without reviewing the privacy policies, modifying the privacy settings, or considering how this information can be used or misused by others.

7. Governments are indiscriminately collecting mountains of personal data in the name of national security and public safety.

6. Businesses are collecting more and more information about an ever-greater number of people, often without having appropriate means to protect the information or dispose of it.

5. Data breaches happen every day in both the public and private sectors. Recent incidents have exposed the personal information of millions of people. In fact, you could already have been one of those people, but due to the lack of mandatory breach reporting laws in Canada, you may never even be informed.

4. Fraudsters have become extremely devious and technologically savvy. From the other side of the planet, they can steal your personal information. These days, you need to shred documents, protect your computer, watch out for fraudulent e-mails, be on guard against pretexting and much more.

3. Identity theft, which is fuelled by excessive personal information collection and failure to protect it, is rampant – and it is becoming a very lucrative business for criminals.

2. We live in a global society where information flows freely around the world – from person to person; jurisdiction to jurisdiction; public sector to private sector – and all privacy protection laws are not created equal.

1. The notion that “if you have nothing to hide, you have nothing to fear”. Privacy is an essential freedom that shapes our society; an internationally recognized human right; and the foundation of modern democracy – but if we don’t value our privacy or stand up for it as our right, it will be eroded over time.

What are you doing to take note of Data Privacy Day? Check out our Data Privacy Day page for new information and material demonstrating the importance of data privacy issues and encouraging people to become better guardians of their own personal information. And be sure to share with us how you protect your personal information for a chance to win one of our T-shirts!

Recently, a journalist for Wired magazine attempted to live a location-aware lifestyle. That means he tried to take advantage of the GPS capabilities of every electronic tool he could get his hands on, linking all his activities to his location and then transmitting that data to his network.

In his article, Mat Honan describes one period of introspection – and comes away with a startling realization:

To test whether I was being paranoid, I ran a little experiment. On a sunny Saturday, I spotted a woman in Golden Gate Park taking a photo with a 3G iPhone. Because iPhones embed geodata into photos that users upload to Flickr or Picasa, iPhone shots can be automatically placed on a map. At home I searched the Flickr map, and score — a shot from today. I clicked through to the user’s photostream and determined it was the woman I had seen earlier. After adjusting the settings so that only her shots appeared on the map, I saw a cluster of images in one location. Clicking on them revealed photos of an apartment interior — a bedroom, a kitchen, a filthy living room. Now I know where she lives.

This Christmas, Internet company Yahoo gave its users an early Christmas present – a  new data retention policy, promising to anonymize user data after 90 days.

The information found in user log files has been a contentious issue – while some argue the data itself might not contain personally identifiable information about the user, it can still be used to create a snapshot of that user, providing useful tidbits like where and when they go online, and what they’re searching for. When you combine that information with, say,  account information from a web-based e-mail account, photo blog, or personal profile on a social networking site, the snapshot that emerges is a fairly detailed one. (Over at slaw.ca, David Fraser explains how these log files work.)

On Christmas Eve, the New York Times supported Yahoo’s announcement in an editorial calling Yahoo’s new policy “considerably better” than those of Google or Microsoft when it came to protecting the privacy of its users. “Internet users should be able to control how much of their personal data companies keep,” said the Gray Lady.

We say it’s all about personal control.

South of the border, Sony Music recently settled with the U.S. Federal Trade Commission (FTC) after the FTC filed a suit against Sony claiming the company had violated children’s privacy rights.

Last Wednesday, the FTC accused Sony of being in violation of the Children’s Online Privacy Protection Act, or COPPA, by collecting, maintaining and disclosing personal information of children under the age of 13 without parental consent.

The FTC estimates that Sony collected the personal information of about 30,000 children on 196 websites operated by Sony Music. That includes names, addresses, mobile phone numbers, e-mail addresses, dates of birth, ZIP codes, usernames and gender. But that’s not all:

“Many of these sites also enable children to create personal fan pages, review artists’ albums, upload photos or videos, post comments on message boards and in online forums, and engage in private messaging.”

The following day, Sony and the FTC announced the suit had been settled, with the company agreeing to pay a fine of $1 million, put in place a screening process that complies with the FTC rules and hire a Web compliance officer to monitor the issue. The fine is reportedly the largest settlement for a case involving COPPA, which came into effect in 2000.

One way (and a fairly simplistic way at that) to view this settlement is that it works out to about $33 for each child’s information.

But these kids – and the rest of Sony’s website visitors – may see the value of their information in another way. A recent study by IBM found that people – and especially younger people – were willing to trade away their information for incentives like free high quality music or videos, discounts to favourite stores and air travel or hotel points:

“Close to 60 percent of total respondents were willing to provide information about themselves — such as age, gender, lifestyle or communications preferences — in exchange for something of value. Younger respondents had fewer concerns about revealing personal preferences, and a sizeable portion of participants over the age of 45 were also willing to share information about themselves. However, all respondents indicated the need for perceived value and incentives as a trade-off to provide personal information.”

And finally – what’s your information worth on the black market?

Cybercrime is big business – now reportedly even bigger than the international drug trade. In this world, credit card information can be bought and sold for as little as $1, and entire identities can be purchased for $5.

So how much is your information worth? As much as you care to protect it.

In 2000, this 15-year-old hacker brought down some of the most heavily visited websites on the net: Amazon, eBay, CNN, Yahoo!. At the time, reports claimed the hack caused a billion dollars’ worth of damage to these companies.

Since that time, cybercrime has become big business, with some reports suggesting it’s on par with or bigger than the illicit drug trade. Identity theft features prominently in this underground frontier, with credit card information and entire identities up for sale by the thousands.

Tonight, CBC is airing Web Warriors, a one-hour documentary with an exclusive look at the world of hackers, and the cyber-sleuths who pursue them. If you miss it on TV, the entire documentary is available on CBC’s site as well.

And on the subject of teenage hackers, we’d like to point you towards Little Brother, the novel for young adults by BoingBoing blog coeditor Cory Doctorow. Little Brother takes place in the not-so-distant future where a group of teens use technology to protest the ever-increasing government surveillance around them. It’s a story that looks at hacking, jamming and surveillance, and offers insight into the privacy vs. security debate…all through the eyes of a 17-year-old.

Increasingly, employers are looking at how to tackle the thorny issue of employees’ use of social networking sites like Facebook, Myspace and LinkedIn.

It’s a challenge all employers will have to face, given the growing ranks of social network site users here in Canada and around the world. What’s more, a recent study out of Ryerson University identified a new digital divide between young Canadians who socialize online frequently and regularly, and the employers and managers for whom they work. Their study found that the two groups – younger employees and older employers – have differing viewpoints on privacy when it comes to online networks. Furthermore, researchers found that, by and large, employers currently don’t have policies, guidelines or practices in place that govern the use of social networking sites in the workplace.

However, a small number of employers are starting to. So far, the responses by employers have varied widely – from banning outright all workplace access to social networking sites, to developing codes of conduct and guidelines for employees’ online activities.

The Trades Union Congress in the U.K. has developed a toolkit on IT security for their members, with one section devoted solely to social networks and privacy for employers and employees. They’ve also got a briefing note on online social networking and the implications for human resources managers.

In the coming weeks, we’ll be releasing our own guidelines to help employers draft their own policies on the use of social network sites in the workplace.

To date, both the U.K. and the province of Ontario have issued their own advice on social networking and work, from the employee’s perspective – be sure to take a look at those as well.

Yesterday, the CRTC rendered its decision on ISP’s traffic shaping practices. It announced that it was denying the Canadian Internet Service Providers’ (CAIP) request that Bell Canada, which provides wholesale ADSL services to smaller ISPs across the country, cease the traffic-shaping practices it has adopted for its wholesale customers.

“Based on the evidence before us, we found that the measures employed by Bell Canada to manage its network were not discriminatory. Bell Canada applied the same traffic-shaping practices to wholesale customers as it did to its own retail customers,” said Konrad von Finckenstein, Q.C., Chairman of the CRTC.

Moreover, the CRTC recognized that traffic-shaping “raises a number of questions” for both end-users and ISPs and has decided to hold a public hearing next July to consider them.

We’ll be following the public hearing closely, and here’s why: Internet traffic management requires the use of can use deep packet inspection (DPI) technology – technology that can “read” packets of information flowing through the Internet. In this case, packets are being read to identify specific Internet activities – like the use of peer-to-peer (P2P) file-sharing applications. That same technology can be used to read a whole lot more about what you do on the Internet: what you’re watching, downloading or reading, who you’re talking to, what you’re saying, as well as where you are and who you are.

As we’ve mentioned on this blog, our office is already looking into a complaint about DPI and we expect to have a decision soon.

The time has come for net neutrality, both as an economic and a social policy issue, to be examined by the Canadian government. And we look forward to being a part of that discussion.