Tag: Privacy

2013 in review: how to use your users’ collected data

With a few days of interval I received two very different ways of reviewing data collected by users of “activity trackers”.

Jawbone_20140117-075010b The first one came from Jawbone (although I don’t own the UP, I might have subscribed to one of their mailing-lists earlier) and is also publicly available here. Named “2013, the big sleep” it a kind of infographics of how public (and mostly American) events influenced sleep of the “UP Community”. Here data about all (or at least a lot of) UP users were aggregated and shown. This is Big Data! This is a wonderful and quantitative insight on the impact of public event on sleep! But this is also a public display of (aggregated) individual data (something that UP users most probably agreed by default when accepting the policy, sometimes when they first used their device).

The second way came from Fitbit, also via e-mail. There was written how many steps I took in total as well as my most and least active periods / days of 2013. At the bottom there was a link to a public page comparing distances traveled in general with what it could mean in the animal kingdom (see below or here). This is not Big Data (although I am sure Fitbit have access to all these data). But at the same time (aggregated) individual data are not shared with the general public (although here again I am sure a similar policy apply to Fitbit users).

Different companies, different ways to handle the data … I hope people will realise the implication of sharing their data in an automated ways in such centralized services.

Fitbit2_20140117-075745

Privacy -vs- information conservation time

In my opinion privacy issues are a by-product of information conservation times reaching infinite.

For centuries and more humans were used to their own type of memory. When information reaches the brain, it is stored in short-term memory. When relevant and/or repeated, it is gradually consolidated into long-term memory (this is roughly the process).

Schematic memory consolidation process

The invention of oral transmission of knowledge, written transmission (incl. Gutenberg) and, to a certain extend, internet, all these successively increased the duration of retention of information shared with others. The switch from oral to written transmission of knowledge also sped up the dissemination of information as well as its fixed, un-(or less-) interpreted nature.

Duration of information over time

With the internet (“1.0” in order to put some buzzword) the duration of information is also extended but somehow limited ; it was merely a copy of printing (except speed of transmission). Take this blog, for instance: information stored here will stay as long as I maintain or keep the engine alive. The day I decide to delete it, information is gone. And the goal of internet was to be able to reach information where it is issued, even if there are troubles in communication pipes.

However on top of this internet came a serie of tools like search engines (“Google”) and centralized social networks (“Facebook”). Now this information is copied, duplicated, reproduced, either because of the digital nature of the medium that allows that with ease. But also because these services deliberately concentrate the information otherwise spread. Google concentrate (part of) the information in its own datacenters in order to extract other types of information and serves searches faster. Facebook (and other centralized social networks) asks users to voluntarily keep their (private) information in their own data repository. And apparently the NSA is also building its own database about us at its premises.

In my opinion, whenever we were sharing information before, privacy issues were already there (what do you share? to whom? in which context? …). But the duration of information is now becoming an issue.

Google+ API started

Logo Google PlusGoogle+ (G+) is a social networking and identity service operated by Google. It started a few months ago like a closed service from where you can’t get out any data and where the only possible interaction (read/write/play) is only possible via the official interfaces (i.e. the web and android clients). Google promised to release a public API and it partly did so tonight, here.

As they stated, “this initial API release is focused on public data only — it lets you read information that people have shared publicly on Google+” (emphasis is mine). So you can already take most of your data out of G+ (note that it was already possible to download your G+ stream with Takeout from the Google Data Liberation Front). As usual, it’s a RESTful API with OAuth authorization. It comes with its own rules and terms (it could be interesting to add to GooDiff). The next step would be to be able to directly write something on Google+.

I only tried to try the examples so far. But unfortunately I got an authorization error. I won’t go further for tonight but their error screen is interesting 🙂

Error 400 screen - Bad request - Google+ API

A question of a few centimetres

It’s funny to see that in a short span of time, a few centimetres can make a difference. This month, Austria authorised Niko Alm to wear a pasta strainer as “religious headgear” on his driving-licence (BBC). This month too, Belgian law banned women from wearing the full Islamic veil in public (BBC).

Well, the Belgian law doesn’t exactly formally forbid the Islamic veil although it was often named as the “anti-burqa law”. The exact terms are:

Seront punis d’une amende de quinze euros à vingt-cinq euros et d’un emprisonnement d’un jour à sept jours ou d’une de ces peines seulement, ceux qui, sauf dispositions légales contraires, se présentent dans les lieux accessibles au public le visage masqué ou dissimulé en tout ou en partie, de manière telle qu’ils ne soient pas identifiables.
Toutefois, ne sont pas visés par l’alinéa 1er, ceux qui circulent dans les lieux accessibles au public le visage masqué ou dissimulé en tout ou en partie de manière telle qu’ils ne soient pas indentifiables et ce, en vertu de règlements de travail ou d’une ordonnance de police à l’occasion de manifestations festives.

The automated Google translation gives:

Shall be punished by a fine of fifteen to twenty-five euros euros and imprisonment from one day to seven days or one of these penalties, who, unless required by law, occur in places accessible to public masked or concealed in whole or in part, in such a way that they are not identifiable.
However, are not covered by paragraph 1, those that circulate in places accessible to the public masked or concealed in whole or in part in such a way that they are not identifiable and that, under regulations of work or Order of Police on the occasion of festivities.

This is even more scary: the law basically asks everyone to clearly show her/his face in public spaces except for work (e.g. construction workers with dust protection) or when the police explicitly authorised it during events. If it’s too cold in winter and your hood is hiding part of your face, you may be arrested. On top of that, you add the increasing number of CCTV in operation in Belgium as well as some good face recognition software and you have a tightly controlled society. 😦

Photo credits. Left: Masked by Katayun on Flickr (CC-by-nc-sa). Right: Heiliger Führerschein (Episode #6 – Das Finale) on Niko Alm’s blog.

Facebook updates: nothing to fuss about

So Facebook, the current paramount social website, updated its website with the possibility to download all your data (among other updates). I don’t see why people need to fuss about this.

Although maybe useful, the important is not to be able to retrieve your data. After all, if your pictures are on Facebook, they were previously on your computer / camera / whatever. So you should already have them (and Facebook sends them to you in a zip file? what a feature!). Unless Facebook allows you to also download data about you but uploaded by others; this is a bit more interesting from a sociological / academic point of view (what has been posted about you). And then? A “big” step towards interoperability between social websites? Are you joking? For interoperability, you need 2 partners and, to my knowledge, no other websites (social or not) are currently offering the possibility to upload data from Facebook. Will it arrive? I’m sure of it. Is it secure? I doubt it: nothing is 100% secure in IT, Facebook is no exception. But this is still not important!

The important thing would have been to have total control on your data. The ability to post data. The ability to effectively remove data (Facebook policy explicitely states nothing is necessarily physically erased, not even your account if you decide to close it!). The ability to remove data about you posted by others. The ability to control data posted about your children. The ability to have real privacy.

So, why do I blog this? I don’t really get why people are so excited about this feature. Oxford building a new library [1, 2], why and how, this has nothing to do with the topic of this post but this is news!

Bodleian Library: Divinity School
Photo credit: Bodleian Library: Divinity School by Beth Hoffmann on Flickr (CC-by-nc-sa)

Belgian State Security report 2008

When I first opened the Belgian State Security Report 2008 (PDF in French or in Dutch), I had the a feeling of déjà vu: the cover picture is in fact a part of the Great Court of the British Museum in London, UK. Strange for a report on Belgian security and surveillance …

The British Museum as illustration for a Security report
Comparison between an actual photo of the British Museum Great Court (left, by Guillermo Viciano, under CC-by-sa) and the cover of the Belgian State Security Report 2008 (right)

Then I saw it’s only a light version for the web, not the full version. I had a look at the Justice website and the Security web page but I couldn’t find the original version (if you have the full version, I’m interested).

The report summarizes all the activities done by the Security in 2008, including the groups, countries and activities watched, a report on the cases where it was involved (Belliraj, Benali, Trabelsi cases, a.o.) and a broad view of what they did to check people background, protect some others and check various accreditations.

The most interesting part for me, however, was a short description of a bill about data collection methods by the Security. This bill was submitted to the Belgian Senate in December 2008 and was recently adopted (the full text is here, in French). It’s now submitted to the Belgian king for signature.

Briefly, this bill modifies an existing law from 1998 and, among other things, tells apart ordinary data collection methods from specific (articles 18/7 and 18/8) and exceptional ones (articles starting from 18/9). As expected, the bill allows the use of techniques to intercept and read private communications between persons. The bill also allows entering into computer systems, removing protections, installing spyware, decrypting and collecting data (but it does not allow their destruction).

All these methods are controlled post hoc by two different bodies, an ad hoc administrative commission composed of magistrates (renewed each year by the king following a suggestion by the government) and a permanent “R” committee. Specific and exceptional methods needs to be approved first by the administrative commission but there is always the possibility for the Security hierarchy to bypass this and send a written notice to the commission later on. How many times can this last step be forgotten?

Although it’s nice to have the reference to the bill and be able to look for it on the internet, I would have liked to see some statistics about how many times these specific and exceptional measures were applied, how many times they were refused by the administrative commission, how many times the hierarchy allowed a mission and informed the commission later on, etc. in the same way they proudly show graphs of the number of hours spent protecting VIPs. I know details are protected by secret but it would still have been nice to have an idea on how often these methods are used.

Live picture from the Bruxelles Grand Place

On the Bruxelles website, you can watch from and move a webcam on the Grand Place. The resolution is good enough to distinguish faces in you zoom. But what is more interesting (imho), is that the stream from the webcam is just a stream of still images from http://www.brucity.be/webcam.jpg. The image below was the current image from the webcam when you loaded this page ; reload the page to see another picture …

webcam Grand Place Bruxelles

Now you can watch people on the Bruxelles Grand Place and watch what is interesting for people operating the webcam …