The San Francisco Chronicle recently reported on the rapid development of facial recognition technology. While the increased availability of these robust features is something to celebrate, the privacy implications loom especially large. Combined with online photo storage services and a lack of meaningful limits on government or corporate access to data, facial recognition technology raises serious privacy concerns.

Last month, Google incorporated facial recognition technology in its online photo sharing service, Picasa. The new feature spares us the tedium of hand-tagging personal photos one by one. By analyzing the facial features of the people in your photos, Picasa identifies all the people in your photos for you. No one can deny the positive social benefits of these kinds of services— dozens of digital images filling our pictures folders are begging to be organized and shared. However, policymakers need to address the power of facial recognition technology in the hands of government or corporate snoopers.

What’s to stop a zealous prosecutor from searching the state’s digital database of driver’s license photos for people under 21 whose online Flickr photos show them engaged in underage drinking? What’s to stop an employer from doing the same with a photo taken by a video camera in the lobby of the building where you went for your job interview?

Legally, not much. To its credit, Google has built some important privacy features into Picasa; for example, users can only tag photos in their own account. However, there already are millions of photos available on the public web, through services like Flickr and social networking sites that are public or quasi-public. So far, the law has no rules on who can use those photos and for what purpose. Even if photos are in password protected accounts, government investigators may be a simple subpoena away from forcing the service provider to disclose the photos. In the absence of clear laws, companies offering photo storage services may comply with such subpoenas - or even a mere request from a government official claiming an urgent need.

The courts and legislators need to catch up, starting with a rule that digital photos stored online in a private account should have the same protection as photos stored at home in your closet. Taking advantage of new storage services shouldn’t come at the price of privacy.

The legal implications of personal photos published on publicly-available sites may be harder to deal with. Unfortunately for now we need to think twice about what we post publicly. You can no longer take comfort in the belief that only your friends will recognize you.

The European Commission earlier this week released a paper identifying the following as the key challenges for the next stage of the Internet:

(1) continuing to update broadband infrastructure to improve accessibility and speeds;
(2) keeping the Internet open to new business models and innovation; and
(3) addressing privacy and security concerns.

This is a sound list. From CDT’s perspective, the emphasis on Internet openness is particularly welcome. The paper rightly notes the risk that “traffic management” could be used for anti-competitive purposes. The paper also observes that open standards are crucial. These are essential points in considering the debate over “Internet neutrality.” Innovation has thrived on the Internet precisely because anyone can design applications based on the medium’s common and open protocols. Any application that is built to those standard protocols will work across the whole Internet. An innovator need not seek cooperation or approval from network operators or anyone else; in short, there are no “gatekeepers.” But if individual network operators start departing from open standards and handling traffic differently based on its content, this openness could be significantly undermined. So it is good to see the European Commission acknowledge that this is a serious policy issue, rather than a “solution in search of a problem” (as neutrality opponents have often claimed).
(more…)

War, financial crisis and the fate of a nation hanging in the balance. It sounds like a back-of-the-envelope outline for a spy novel, but it’s actually the current political climate in the U.S. Given that, it’s no surprise that discussion of Internet and technology issues is adrift, and that civil liberties protection has been pushed to the margins during this intense political season.

And yet this election cycle provides a great window of opportunity. The President and Congress will have a chance to take a fresh look at the challenges and opportunities of the Internet and set a policy course for this vital medium that will keep it open, innovative and free.

We often take the Internet for granted. In a short time it has become a powerful engine for innovation, economic growth and democratization. The Internet has changed the way we “do” politics. Ordinary Americans are making their voices heard and organizing online. Political candidates are building online networks of supporters, raising unprecedented funds from small donors, and educating the public on their policies and visions.

A few months ago CDT started a dialogue on what we believe are the key issues impacting the digital work-a-day world where most of us are spending an increasing amount of time. The ideas and feedback flowing from that discussion will help us craft a kind of blueprint for technology policy for use by the new Administration, noting things that can be done right now while also providing a strategy for achieving longer term goals.

Starting this week and following through until the election, CDT will focus on specific issue areas and write about each of them here on our Policy Beta blog. Our President, Leslie Harris, will add another level of insight and commentary on the issue in a companion article published in her Huffington Post column. And for those that want a daily dose of policy prognostication —in 140 characters or less—you can follow our efforts via Twitter.

We encourage you to push these blog postings out to your friends, family, forums and social networks. We welcome comments, criticisms and suggestions, all of which will help us sharpen our message and hone our suggestions for the next Administration and Congress.

Earlier this week, we set out our wish list for what we hoped to hear from witnesses during today’s Senate Commerce Committee hearing on behavioral advertising as this emerging online marketing practice comes under congressional scrutiny.

We are pleased that the telecom companies testifying today, AT&T and Verizon, appear headed in the right direction.

Both companies strongly embraced setting a high bar for engaging in behavioral advertising and challenged the rest of the industry to do the same. Dorothy Attwood, senior vice president of Public Policy and Chief Privacy Officer for AT&T, said her company was committing to a policy of “advance, affirmative consumer consent,” noting that the phrase is “generically referred to as “opt-in.”

Meanwhile, Tom Tauke, Verizon’s executive vice president for Public Affairs, Policy and Communications, said that any kind of consumer protection practices must include “meaningful consent” from the consumer. Tauke went on to explain that “meaningful consent” requires transparency, affirmative choice and consumer control.

Moreover, Attwood made clear that a “consumer’s failure to act will not result in any collection and use by default of the consumer’s information for online behavioral advertising.”
(more…)

Today is the third annual “Earth Day for the Internet,” and there are events all over the country celebrating the Internet, and I hope that you attend one or find a way to help. I’ve just come from an event in D.C. discussing the policy challenges facing the Internet and the ways that the Internet has enhanced the civic dialog. As Ellen Miller of Sunlight Foundation noted, in New York city they’re having an OWD party and rally while we have a policy discussion, but that’s “what we do,” in D.C.; we are creatures of the political climate and policy discussions are what we can offer to the Web. Readers of this blog are well aware what a marvel the Internet is, as well as the obstacles it faces here and abroad. Even so, it’s easy to take the Internet for granted. Luckily, we have a happy hour later today (information below) to balance the policy discussion - we would love to see you there.

Susan Crawford (a CDT fellow) started OneWebDay in 2006, in order to encourage people to become actively involved in the future of the Internet. This year the theme is civic participation in democracy, highlighting the role of the Internet in the upcoming election. People also depend on the Internet for communication, research, collaboration; the Net has become important in almost every facet of life.

To begin the discussion for OneWebDay D.C., Rep. Donna Edwards (D-MD) spoke of her long involvement with Internet issues that started well before she was a lawmaker. She also spoke of how to effectively exploit the Internet for the common good, rather than trying to lock it down. The Congresswoman talked about the obstacles to Internet use in communities without adequate broadband coverage, in some cases that means the public school down the street. We are in an environment with transitions that come more and more quickly, and we must engage all our communities in order to ensure that they can reap those benefits. She spoke of the Internet as a public good, and of our duty to maximize the free, open Internet for everyone. As a young adult, I can’t imagine the world without it.
(more…)

The Senate Commerce Committee has a hearing scheduled on Thursday to hear from ISPs about their plans for implementing behavioral advertising. CDT has been in discussions with many of these companies and believe that some have begun to make a commitment to getting policies and practices right and push others in the online industries to do the same, as they make decisions whether or not to go forward with behavioral targeting plans. Decoding congressional testimony is something of an art form; here’s what we’ll be listening for: words and phrases like “meaningful and affirmative consent,” “transparency,” and “user control.” If you check the box next to each of those you’ll know that things are on the right track, which will be a welcome change from the rhetoric we heard from the CEO of NebuAd during the last Senate hearing on behavioral advertising.

Obviously, the right words do not necessarily equal good practices; there is still hard work to be done to put these concepts into practice in the real work-a-day world.

CDT continues to believe that comprehensive privacy legislation would help to ensure that the privacy rules are rigorous for all and level across the marketplace. We believe that it is in the interest of every company in the Internet space to make sure that this legislation is part of the solution. We look forward to working with any company that is interested in getting to the right balance of legislation, self-regulation and technological solutions.

Television screens increasingly blaze in spaces outside of homes. In many settings, particularly at retail establishments, the TVs are perpetually tuned to a channel with nothing but commercials. In other instances, such as schools and government offices, the screens flash announcements and public safety information. This up-and-coming medium goes by different names, including captive audience networks, but the most common is digital signage.

Now, in a development with significant privacy implications, digital signage is slowly integrating identification technologies. The purpose is to boost audience measurement and exposure. The industry’s eventual wish is to target advertising to individual consumers based on demographics and shopping history.

Currently, most digital signs are just flat screens displayed in some trafficked area, playing a video loop. The contents of the video are often controlled via computer, enabling one master location to control thousands of connected units. However, from an advertiser’s perspective, a shortcoming of digital signage and billboards is the difficulty in determining who sees the display unit. This makes it difficult for advertisers or others to measure the size of the message’s audience and to target specific demographics within that audience. The industry’s solution appears to be teensy-weensy facial recognition cameras.
(more…)

As new technology expands our opportunities for social networking, information gathering, and content sharing, it also raises serious concerns about privacy. Last night, CDT participated in a privacy discussion at a Churchill Club event held at Microsoft in Mountainview, CA. The conversation, titled “Personalization versus Privacy: Balancing Business and Consumer Interests,” tackled issues ranging from government surveillance to targeted advertising and offered perspectives on the U.S. and global regulatory landscape. Panelists from Microsoft and Google, the California Office of Privacy Protection, and Jim Dempsey from CDT shared their views on crafting solutions to privacy problems. The panelists were careful to explain some of their assumptions and some of the technical and legal concepts; that format provided a good introduction and a nuanced treatment of the issues .

Dempsey stressed that effective policy solutions can emerge from a mix of self-regulated business standards, good technology design, government regulation, and consumer education. The effectiveness of this multi-pronged approach was echoed several times throughout the night, most notably when Google announced its new policy to anonymize user IP logs after nine months instead of eighteen. Dempsey pointed out that this is a good example of why we need regulation, since the new policy was in large degree a response to long-standing pressure from the EU.

Google and Microsoft panelists also engaged in some healthy sparring over their recently released browsers. When a question was raised from the audience about Microsoft’s IE8 surpassing Google’s Chrome in privacy enhanced browsing, Nicole Wong, Google’s deputy general council, noted that Chrome was still in beta while the Microsoft product was in its 8th major version. “We should all want more competition for your privacy,” Wong said.

While both companies are innovating in this area with privacy enhanced browsing and cutting down IP log retention time, they both admit that Internet users can’t rely solely on the willingness of business to do the right thing. In terms of consumer privacy, both Microsoft and Google have supported calls for federal privacy legislation. And, as Dempsey pointed out, with government access to unprecedented amounts of information just one subpoena away, we must improve the standards for governmental access.

August is traditionally a slow time in D.C., with Congress out of session and most policymakers looking to escape town for some vacation. But the early part of the month has already seen some significant developments for Internet policy.

First, on August 1, the FCC voted 3-2 to adopt a controversial enforcement action against Comcast for interfering with BitTorrent traffic. As I noted in July, CDT has reservations about the legal basis for the FCC’s assertion of authority to engage in such enforcement. But the kind of tactics Comcast was using pose a real threat to the openness of the Internet, and the FCC’s decision marks the first time the government has stepped in to impose some concrete limits. It’s too early to judge the full impact — in part because the agency has not yet released the actual text of the order — but clearly this is a landmark development in the public debate over Internet neutrality and network management.

Second, on August 4, the 2nd U.S. Circuit Court of Appeals issued an important decision in the case involving Cablevision’s proposed “remote storage” digital video recorder (DVR). CDT helped organize an amicus brief in the case back in 2007, because the lower court ruling that the DVR would infringe copyright threatened to cast a major cloud of copyright risk over services that provide data storage remotely.
(more…)

China’s Public Security Bureau has just ordered all hotels in Beijing and Shanghai —including the most well known U.S.-owned brands— to install government software that spies on all Internet traffic by hotel guests coming to watch the summer Olympic games. The goal is not only to spy on foreign media but also to chill any plans for demonstrations or communications between China’s dissidents and foreign officials.

The hotel owners are naturally outraged; however, if they refuse to comply they are essentially signing a financial death warrant. The Chinese government has warned of financial penalties, suspending access to the Internet, or the loss of an operating license for any hotel that tries to buck the system.

Welcome to the quicksand that is the Chinese Internet. The outrage is well placed but hardly unexpected; earlier this year the U.S. State Department warned travelers to the Olympics that “they have no reasonable expectation of privacy in public or private locations” in China. The fact that China is now reneging on its promise to allow a free media and an open Internet during the Olympics is hardly a surprise.
(more…)