Verilocation in the UK is providing a service that lets you pay to pinpoint the location of predefined mobile phone users on a map of the UK (as long as their phone is on). It’s probably very useful for business (and could be handy if you have a friend who calls you telling you they are lost) but I am concerned their privacy protection seems a little inadequate. If you can get ahold of someone’s mobile phone bill and sign and send back a form on their behalf granting permission you can then track your target anywhere. I think their “personal” service is much better from a privacy perspective – that one requires the target phone to reply to an SMS giving their permission to be tracked each time.

Thanks to Smart Mobs for the link.

As Dan Gillmor points out this step means Blogging Goes Big-Time. Google does appear to have an unerring nose for buying up companies and organizations doing cool stuff. It’s just a little worrying that one company might end up controlling large chunks of both web consumption (through search) and web creation (through blogger). Still, it’s hard to argue with something that will give self-publishing a big boost, and Google has mostly used its power responsibly. I have some concerns about their privacy policies though (see this and earlier posts of mine in the same category, and this – admittedly a little paranoid – overview).

One might ask “what bad things could realistically emerge from the Google/Blogger merger anyway?” Well, you may remember last month the Chinese authorities shut access to sites hosted by blogspot.com. I believe that has been resolved already but now Google owns Blogger and there is some evidence that Google is willing to “do business” with China’s censors. See this Wired interview…

I have recently written a review of the academic literature about search engines which had some further Google-related comment.

Other comments have been made by Ben and Mena Trott (who created the software this weblog runs on), Neil Macintosh @ The Guardian, Azeem Azhar and Cory @ BoingBoing.

[Later] There’s also coverage from Slashdot and the BBC.

Lessig aside, two other speakers particularly impressed me. Alberto Escudero Pascual gave a fascinating talk. It was notionally to do with IPv6 – actually it was about privacy. He pointed out that web logs, mobile phone records and, yes, IPv6 packets, contain more metadata that old-fashioned telephone records. Therefore, the old division between “traffic data” – typically available to EU law enforcement authorities without much judicial oversight – and conversations (which are harder to get authorisation to tap) may be artificial – you can find out a lot about someone from their “patterns” without listening in to their actual conversations.

He also pointed out that IPv6’s freeing up of IP addresses allowing them to be assigned permanently to phones or to people could make surveillance easier. It’s true that IPv6 allows for randomising of your IP address, but it also requires you to indicate in your IP address that it is random – thus showing that “you have something to hide”.

There was lots of other interesting stuff in his presentation as well – more than he had time to talk us through in fact.

Alan Davidson also spoke about the work of the Center for Democracy and Technology, discussing how difficult it is to get the public and government interested in public policy problems thrown up by new technologies. He mentioned two scary privacy threats that have been brewing that I was not aware of and revealed how through working with standards bodies the CDT managed to tackle them.

1) RFIDs – wireless tags like bar-codes but storing more data and readable at “tens of metres”. They are already used in industry and are likely to replace barcodes for consumers in the coming years. Very useful for shopping but what about when you have bought an item? Do you want remote readers to be able to know everything you have in your knapsack as you walk around? Thanks to the CDT, the tags will come with the ability to make them “commit suicide”. Of course (as I pointed out) consumers and vendors have to know to use this facility but at least the facility is there.

2) Open Pluggable Edge Services – “application-level intermediaries in the network, for example, at a web proxy cache between the origin server and the client, that would transform or filter content. Examples of proposed OPES services include assembling personalized web pages, adding user-specific regional information to web pages, virus scanning, content adaptation for clients with limited bandwidth, language translation.” All sounds innocuous enough – but it could also be used by less benign intermediaries to seamlessly remove content that, say, a repressive government doesn’t want you to see or to add ads to the web pages you see that the website producer didn’t use. The CDT is helping to put in safeguards – though the requirement that such services should be authorised either by the website or by the reader seems to me possibly inadequate.

It was nice to bump into Steve Bowbrick again at the conference, a surprisingly un-grizzled veteran of the UK commercial Internet – he posted up some pictures including a few rather un-flattering ones of me at the reception.a personal fast loanaccount loann no bank paydayaccount payday advance loan cashcanada loan advance paydayadvance 20 loan instant cashadvance money payday loan cashcash loan online personal advanceloan payday texas advanceloans america payday advancedloan payday america advannceporn amature vids freefree anal sex video adult contentsex group 500 personadult pornography photosblack sex amatuerfree porn amateur videosporn for women amateur sitesaare kanal Maplevels mp3 adjust on6 mp3 minutesmujawwad abdullah mp3 basfar78 dose zenegra viagra2cc credit mortgage lendingpin gambling 9 bowlinghmo 2007 viagrareign acid ringtones Map

Microsoft has agreed to make substantial changes to its “Passport” online identity software (as used by Hotmail and .NET among other MS services) to make it comply more effectively with EU privacy guidelines. As the BBC reports,

European data laws impose significant burdens on those that hold information about customers to try to ensure that it is not abused or stored for long periods without good reason.

The agreement reached with Microsoft means that when Europeans sign up for the service they will be asked to designate themselves as EU residents and then decide how much information they are happy to share with the software giant.

This is the area I am studying at the moment so I found this special report interesting.

It is a little lightweight but cites some useful books. It maintains among other things that the Internet may not after all be a big threat to authoritarian regimes and that it may lead to more direct democracy in democratic countries. It also goes over familiar ground on the issue of privacy.

I was going back through my old “must blog this sometime” bookmarks and came across this hearwarming tale of how thanks in part to a virtual network of messageboards for Mac lovers a man helped police catch a fraudster. Of course it is also a little creepy in that it shows how easily someone’s private details (the criminal’s in this case) can be acquired…

On a similar theme, the BBC reports that both a big-time spammer and John Poindexter, the man in charge of the US Government’s Total Information Awareness program, have had their own privacy violated by vengeful netizens.

I expect this American court decision to be all over the weblogs soon – not only is it a decision in favour of the music industry, it also represents a clear threat to Internet privacy (or the little of it that remains anyway).

The Recording Industry Association of America (RIAA) has convinced a US district court to order Verizon, an ISP, to identify for them a subscriber who had (allegedly) downloaded 600 songs in a single day. Verizon is appealling and has not yet identified him (or her).

A Verizon spokesman suggested that this would allow the RIAA to conduct “fishing expeditions” to find pirates and said that it was in any case possible that the subscriber themselves might not have been responsible for the crime. Perhaps it was a friend passing by? A child in the house?

Well, it seems that the RIAA had in this case identified the pirate uniquely and had some evidence against them so that doesn’t sound like a random fishing expedition to me. The argument that subscribers shouldn’t be held to account over copyright violations is a more interesting one, particularly as wireless Internet access becomes more widespread.

I can certainly imagine a situation where broadband subscribers are held responsible for violations by anyone in their home – that should encourage parents to keep an eye on what their kids are doing online! – but what happens if you make your broadband connection available freely to your neighborhood and a neighbor abuses this? This might have a chilling effect on wireless freenets – or it might encourage those who do share their access to put some kind of monitoring software on their connection to attempt to stop illegal use. Even if not effective, the act of having done it might provide some legal protection…

I would be curious to see what happens if, say, a French AOL user is nabbed next time. Would AOL have to hand them over?

Frank Boosman makes an excellent point about the need to find a way to set levels of privacy on one’s weblog (because it would be better to do that than to have to create several different weblogs each with mostly the same posts but different levels of security.

livejournal has this feature.

One might also extend this idea to “quality rings” where different levels of depth of your thinking were available to different readers, or eventually “payment rings” (like the Salon Premium model) where people could read your blog at one level for free or pay to be able to see the deeper level (or pay per post read at that level?)

… and might just tell Big Brother!

I have just finished an essay on the ethics of search engine behaviour and I wish I had finished reading this New York Times article about Google before I did so. Here’s the key bit:

Google currently does not allow outsiders to gain access to raw [search behaviour] data because of privacy concerns. Searches are logged by time of day, originating I.P. address (information that can be used to link searches to a specific computer), and the sites on which the user clicked. People tell things to search engines that they would never talk about publicly – Viagra, pregnancy scares, fraud, face lifts. What is interesting in the aggregate can be seem an invasion of privacy if narrowed to an individual.

So, does Google ever get subpoenas for its information?

“Google does not comment on the details of legal matters involving Google,” Mr. Brin [Google’s co-founder] responded.”
(emphasis mine)

What on earth is Google doing keeping users’ IP addresses? I just checked and the fact they do this is in their privacy policy (when you can find it). They say, “Google may use your IP address or browser language to determine which language to use when showing search results or advertisements” but surely there are easier ways to get this information. Asking, for example?

True Spies was a recent BBC documentary about how our internal security (MI5) keeps an eye on “subversives” – mostly covering previous decades but with some more up to date information. While it was interesting to hear about some of what happened, it would have been good to hear more about why some of it occurred, and it doesn’t appear to go on to talk about some of the more recent proposed and actual surveillance plans.