VirtualMV/Web Development/Web Site Issues/Privacy/Content

Privacy
The term "privacy" means many things in different contexts. Different people, cultures, and nations have a wide variety of expectations about how much privacy a person is entitled to or what constitutes an invasion of privacy.

Wikipedia defines the following types of privacy (Privacy, 2014) :
 * Personal Privacy
 * Informational
 * Organisational
 * Spiritual and intellectual

Internet Privacy.
 * According to Technopedia (What is internet privacy?, 2014)
 * The privacy and security level of personal data published via the Internet. It is a broad term that refers to a variety of factors, techniques and technologies used to protect sensitive and private data, communications, and preferences.
 * Internet privacy and anonymity are paramount to users, especially as e-commerce continues to gain traction. Privacy violations and threat risks are standard considerations for any website under development.

In New Zealand

 * Wikipedia have a discusion page "Right to privacy in New Zealand (2014)"

Managing Privacy in Software development

 * 1) More isn’t always better (Collecting lots of data is seductive but in a privacy context can create risk)
 * 2) Avoid treating your user’s contacts as your own (“Share” buttons and social media sign-in widgets are not an all-access pass into your user’s address book)
 * 3) Provide a fair trade for the data you collect (User data is undeniably valuable and collecting it isn’t inherently wrong, but collect with a fair trade mindset — making sure the people who give you their information are getting something in return: e.g. personalised experience)
 * 4) Understand all the privacy conditions you yourself are agreeing to (If you use third party services, like analytics or ad networks, make sure you are aware of their data collection practices as well as your own — they could impact your users)
 * 5) There is no “one policy fits all” when it comes to privacy(legal requirements and user expectations can vary widely)
 * 6) *In the US, non-technical consumers care more about their social circle tracking their online behavior than companies or the government.
 * 7) *Thailand, relatives share and swap devices freely with each other, with little desire to create individual accounts or erase their personal data.
 * 8) *Germany and most of Europe, consumers are quite sensitive about sharing their personal information with companies and governments, and those countries have strict laws to reflect that stance.
 * 9) *Brazil, the middle class is more concerned about thieves physically stealing their devices (particularly mobile phones) than about online piracy.

Five Potential Privacy Pitfalls for App Developers (2014)

NZ Privacy Act 1993
The Privacy Act 1993 establishes 12 Privacy Principles, which apply to the storage and dissemination of information relating to an individual, and can be summarised as:


 * 1) Information must be collected for a lawful purpose related to a business
 * 2) Information must come from the person concerned except where it is publicly available. (There are eight more exceptions to getting information from the person concerned.)
 * 3) A person must be made aware of the purpose for collecting information about them unless it is public information and should know who it's going to.
 * 4) Personal information must not be collected by unlawful, unfair or unreasonably intrusive means.
 * 5) Information must be protected against loss, change or misuse.
 * 6) It must be readily available to the person who is allowed to correct it.
 * 7) If a correction is not agreed to, the person concerned is entitled to have a statement of that correction attached to the information.
 * 8) Before using the information about a person it must be accurate, up to date, complete, relevant and not misleading
 * 9) Personal information should not be kept longer than it can lawfully be used.
 * 10) Information collected for one use must not then be used for anything else. There are exceptions including that it has been published or the information is in a public register.
 * 11) Personal information may not be disclosed for other purposes unless there are reasonable grounds that are listed under the Act.
 * 12) A "unique identifier" or number given for one purpose should not generally be used by a different agency as their unique identifier.

"The purpose of the Act is not to stifle information, but to give people some measure of control over information used about them", says Bruce Slane, Privacy Commissioner 1994.
 * He said the following points applied (Bennett, 1994, Aug 15) :
 * Information should be gathered openly and fairly with the knowledge of the individual.
 * It should only be used for the purpose it was obtained, kept up to date, and be accessible to the individual.
 * Personal Information should not be passed on without the consent of the person concerned.
 * Penalties for non-compliance are severe with damages of up to $200,000 possible.
 * The NZ Privacy Act contains 12 principles
 * Newspapers, the Queen, courts, MPs, and Governor General are among those exempted from complying with the Act.

Your privacy on the Internet depends on your ability to control both the amount of personal information that you provide and who has access to that information (Protect your privacy on the Internet, 2014). ). Microsoft in http://www.microsoft.com/security/online-privacy/prevent.aspx offers practical advice to help increase your privacy online.

'''Quote by Sun Microsystem’s CEO Scott McNealy concerning internet privacy in 1999: “You have zero privacy anyway. Get over it.”'''


 * 1) Individuals on the web site (photos, email addresses, bios)
 * 2) Where they may be included in the images
 * 3) Privacy Policy should be included on the site

Using Photos of Individuals
In New Zealand you can pretty much take a picture of a stranger in a public place (unless you are using it as a means of harassment) and publish that image without breaching the privacy act. However, putting yourself in the subject’s shoes - it would of course, be good manners to ask permission. If you do intend to sell or license photographs of people it is good practice to use talent release forms and a release from liability for the actions of the purchaser. Example talent release form. http://www.mediacollege.com/downloads/forms/talent-release.html

Commercial use of images - considerations
Images of strangers used commercially without permission can cause problems - if that person takes exception to being seen to be endorsing a product, the company advertising that product can be prosecuted under the fair trading act (however it is unlikely the photographer would be prosecuted) Reference: NZ Photographer Issue 16 June 23 2010 – sourced from pdf file.

Doxing

 * When a person is "doxed", all their personal information is made available for all users to see. Names, addresses, phone numbers and school/work are not spared, and this usually leads to the person ceasing all ties with said websites, if not the interwebs as a whole (Doxing, n.d.).
 * Doxing: What Is Doxing and How Do They Do It (YouTube)
 * Sites
 * pipl Try entering your name to see what appears
 * whois To identify data about someone with a web site
 * ancestry Allows a "hacker" to trace a person from your family tree

2011 May 02: Sony PlayStation Network Hacked

 * The Privacy Commissioner is watching Sony closely after the hacking of its PlayStation Network placed personal information, which could include credit card details, of potentially more than 300,000 New Zealanders at risk.
 * 77 million accounts were exposed to the attack on the network - an online service that lets PlayStation 3 and PlayStation Portable owners play multiplayer games online and purchase content such as games and music.
 * personal information such as names, addresses, email addresses and login passwords had been stolen, but could not say whether credit card data which it had encrypted  had been accessed.
 * Sony Australia said more than 1.5 million Australian user accounts including potentially 280,000 credit card numbers were in the hands of hackers
 * "This is a chilling example of the danger of personal data 'honeypots', a single point of failure that provides networked access to the data of thousands or millions of people and thus proves an irresistible lure to hackers, crackers and cybercriminals from around the world," David Vaile, executive director of UNSW's Cyberspace Law and Policy Centre, said.

Ref: 300,000 Kiwis' details may have been exposed (Rogers, 2011)

2011, March 24: Government email interception
Google allege China is interfering with Google's Gmail service, blocking email messages and making them appear as technical glitches. "There is no technical issue on our side--we have checked extensively," a Google spokesperson says. "This is a government blockage carefully designed to look like the problem is with Gmail." The unrest in the Middle East is believed to have prompted China to tighten communications access. Google says an attack from within China causes the Web application to freeze when users click the send button or take other actions. Gmail is blocked sporadically, halting access to the site for only a few minutes before the user's connection is restored. Security experts say China is likely using invisible intermediary servers to intercept network messages. Such transparent proxies would enable the government to quickly modify the content of communications before relaying the messages. How China and Others Are Altering Web Traffic (Lemos, 2011 March 24)

2010, Dec: Wikileaks
An example of how difficult privacy can be to contain on the web is wikileaks.

WikiLeaks Avoids Shutdown as Supporters Worldwide Go on the Offensive

(Warrick & Pegoraro, 2010)

The resilience of WikiLeaks despite attempts to shut it down is a testament to the extreme difficulty governments face in their attempts to control the Internet. "The Internet is an extremely open system with very low barriers to access and use," says Google's Vint Cerf. "The ease of moving digital information around makes it very difficult to suppress once it is accessible."

When WikiLeaks was blocked from using its primary Internet host, it shifted to another, while the number of mirror WikiLeaks sites exploded to more than 1,000.

Angry WikiLeaks' advocates launched attacks against sites that have severed ties to the group, including sites that stopped taking donations; PayPal, Visa and Mastercard, and the lawyers used to try to shut down the site.

WikiLeaks was targeted for shutdown because it disclosed sensitive U.S. diplomatic cables, but continued to publish them online, defying efforts to impede its access to funding and Web resources. WikiLeaks' lack of a central headquarters makes it immune to legal and political pressure, while outsiders' closure attempts are complicated by the organization's multi-continental Web infrastructure. "Something that's illegal in some countries but not others is very hard to keep off the Net, even though there's been some success in keeping it out of the countries where it's illegal," notes Internet Systems Consortium president Paul Vixie.

Resources

 * A Guide to the Privacy Act 1993 (n.d.)


 * Privacy and Profiling on the Web (Dunn, Gwertzman, Layman, & Partovi, 1997)

Comments

 * Vmvadmin(7 months ago)Reply HideBlockApproveEdit
 * 2010-10-23: Flash cookies: Code That Tracks Users’ Browsing Prompts Lawsuits. http://www.nytimes.com/2010/09/21/technology/21cookie.html?_r=1