[IRP] IGF USA

[Katitza Rodriguez]

http://www.elon.edu/e-web/predictions/igf_usa/online_privacy_and_security.xhtml

Internet Governance Forum - USA
Washington, D.C., October 2, 2009



Online games, social networks, cloud computing...
Privacy and Security Implications of Web 2.0

This 2009 IGF-USA session description: ?This session is a discussion  
of the privacy and security implications of Web 2.0, including the  
potential influences of emerging technologies and applications such as  
social networks, cloud computing, online games and virtual worlds. ?

Katitza Rodriguez, director of the International Privacy Project for  
the Electronic Privacy Information Center, was the panel moderator.  
Participants on the panel included Jeff Brueggeman, vice president for  
public policy for AT&T; Michelle Demooy, senior associate for Consumer- 
action.org; Ginger McCall, EPIC staff counsel; and Kathryn D. Ratte of  
the division of privacy and identity protection of the U.S. Federal  
Trade Commission.

Online confidentiality and self-regulation among topics covered

Panelists shared their philosophical differences about online  
confidentiality and self-regulation in a discussion about privacy and  
security implications for Web 2.0 at the Internet Governance Forum-USA  
conference Oct. 2, 2009, in Washington, D.C.
All panelists agreed that online privacy remains an important issue,  
and that corporations have an ethical and legal responsibility to  
ensure that their consumers continue to enjoy some level of anonymity  
and confidentiality online. But they disagreed about whether self- 
regulation or government-enforced standards are the best method to  
achieve that end.

Ginger McCall, EPIC staff counsel, said companies? privacy policies  
are often overwrought with technical and legal jargon, making them  
difficult for users to comprehend. They become too robust that users  
often click through them without much acknowledgement.

"Privacy policies, in my experience, are generally just disclosure  
policies," McCall said. "They don?t exist to protect users? privacy.  
They exist to protect companies from liability."

McCall said an overriding concern is that the policies often allow  
companies to change their guidelines at any time often with no notice  
to the users.

A bigger problem, still, is that companies are able to collect  
information about users without ever providing them with the  
information they have gathered.

?One creative suggestion that I might make is that businesses just  
give consumers everything they know about them,? said Michelle Demooy,  
a senior associate of consumer-action.org. ?If you?re not a bad actor,  
it can?t hurt you to give consumers everything you know about them. It  
can only strengthen your brand going forward.?

Both McCall and Demooy specifically expressed growing anxiety about  
cloud computing, which allows Web hosting services to house the  
documents and data of users on their corporate servers. (Think of  
Google Docs and Gmail, for example.) So what used to be on a person?s  
personal computer is now on a larger server.

?It?s great for information sharing and collaboration, but not for  
privacy,? McCall said. ?But it allows companies or outsiders to create  
detailed profiles of users. We need to see a stronger security system  
and we need to see companies are following through. There needs to be  
a strong regulation of cloud computing. There should be binding legal  
standards, terms of services have to be revised and privacy policies  
must be more transparent.?

Kathryn D. Ratte, from the division of Privacy and Internet Protection  
of the Federal Trade Commission, said the FTC supports self-regulation  
not government directives. She says allowing technologies to emerge  
promotes innovation.

?Our policy has been to enforce self-regulation,? Ratte said. ?We  
analyze what?s going on in the market and put forth standards to  
adhere to. The flexibility allows us in some ways to act more quickly.  
We can just address these issues as they raise issues for consumers.?

Jeff Brueggeman, vice president of public policy for AT&T, said the  
FTC has laid down an ample baseline for legal protection on the  
Internet that certainly needs continual monitoring but not government  
intervention.

"The FTC is taking a proactive but engaged approach," he explained.  
"We don?t give consumers enough credit for the value they place on  
their privacy. More and more privacy is going to be a marketing  
advantage that companies are going to assert on the Internet. What we  
want to have is competition to maintain and secure your privacy, as  
well."

McCall, though, said self-regulation is not a strong enough policy and  
that legislation with teeth is definitely possible.

?Self-regulation in the Internet context fails because there?s not  
really enough transparency about what?s going on and what harm is  
happening,? she said. ?A lack of transparency allows companies to act  
in whatever manner it wants in the short term to make money. It also  
suffers from the problem in that it only allows for possible remedies  
after the fact. Having a real comprehensive regulatory system would  
allow companies to know what?s permissible and not permissible.?

Ratte said consumers do need assurances that their data will be  
securely protected, but the FTC has not taken a stance on  
comprehensive privacy policy legislation. Still, they do advocate that  
companies treat consumers fairly and honestly.

"The FTC has come out strongly saying that the rules that apply at  
time of the collection of data have to continue to apply and if  
there?s a change," she said. "The company should go back to the  
customer and get opt-in consent."

But McCall and Demooy both said vigorous legislation is possible, and  
if companies are acting in good faith and treating consumers with  
respect and responsibility, then they shouldn?t be worried about  
governmental regulations.

?Privacy policies have their place, but they aren?t really helping  
consumers,? Demooy said. ?If they?re not working, let?s not bang our  
hammer against that stone. Let?s try to build something that does.?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.internetrightsandprinciples.org/pipermail/irp-internetrightsandprinciples.org/attachments/20091008/5c9c7095/attachment.htm>