That’s Not In The Terms of Service

With the stories this week about the James-Bondish sounding PRISM program, the general public is beginning to learn just how commonly those little bits of their data were being aggregated by the US government into one huge pile for analysis. In the name of “national security”, it appears that many big communications and media companies were only too willing to pass along information generated by their customers to the NSA.

However, as explained by David Sirota, there is a big difference between a corporation collecting our data and when it’s done by a government.

He argued not only that a program sweeping in data from millions of Americans is modest, but also that it is no different than companies analyzing consumer data. Like so many carefully sculpted political talking points, it sounds logical, except when you remember the key facts being omitted — in this case, the fact that the government is using its law enforcement power to obtain the data without the public’s permission. Yes, that’s right: unlike a company with which you personally do business — and with which you sign an agreement about your personal information — the Obama administration is using the government’s unilateral power to simply grab your information across multiple platforms.

For better or worse, if we choose to use Google, Amazon, iTunes, Facebook, and the rest, we generally expect them to analyze and use the data on our activities, usually to sell us more stuff and improve their next quarter results. The fact most of us don’t read their terms of service before clicking Agree is no excuse.

What we don’t expect, and what is not in any TOS I’ve read, if for them to help the government spy on it’s citizens.

Beware of the Clouds

This week Google opened it’s new, highly anticipated cloud storage service called Drive, a direct competitor with Dropbox, Microsoft’s SkyDrive and others.

With all recent the stories about Google’s privacy policies (or their lack privacy concerns?), more than a few observers have pointed out this little piece of their newly unified terms of service agreement that seems to apply to material you store in their cloud.

Screen Shot 2012 04 26 at 12 58 10 PM

I’m not sure I want to give Google the rights to “create derivative works” or “publicly perform” my stuff, even if I cancel my account. Do you?

I imagine the Google lawyers are mulling over all the criticisms and will probably make some changes to the TOS for Drive. In the meantime, I’ll stay with Dropbox which seems to have a better grasp of this whole private storage concept.

By using our Services you provide us with information, files, and folders that you submit to Dropbox (together, “your stuff”). You retain full ownership to your stuff. We don’t claim any ownership to any of it. These Terms do not grant us any rights to your stuff or intellectual property except for the limited rights that are needed to run the Services, as explained below.*

Of course, all of this is null and void if the feds come knocking on their door demanding to peek in my little corner of the cloud.

As they could, without a warrant or my knowledge, under the Cyber Intelligence Sharing and Protection Act of 2011 (CISPA) now being considered in the US House. Go visit the Electronic Frontier Foundation to see why and how to voice your opposition to this latest attempt to violate your privacy in the name of “security” (to keep you Cyber-Snuggly).

And, as always, understand the terms of service before relying on any web service.

Let’s be careful out there.

*And the fact that they also call my intellectual property “stuff” is attractive. :-)

Who Owns Your Digital Identity?

In a recent article for the Guardian (mercifully one British newspaper not owned by Rupert Murdock), Dan Gilmore makes some interesting points about who controls the information you post using social networking tools like Twitter, Facebook, and the current buzz champ of the digerati, Google+.

He says we need to consider not only what we get from these free services but also what we’re giving away in the bargain.

Control, ownership and value are inextricably linked, but having one does not necessarily boost another. Exposure on a site you don’t control may be worth more to you than lack of attention on a site you do. And you may find the social and professional connections you make and enjoy on third-party sites so useful that they’re worth what you are giving up. But it’s worth weighing the tradeoffs.

If you make G+ (or Facebook or Twitter or LinkedIn or Tumblr any other service that hosts your conversations and other “content”) your primary online presence, you are in effect giving away something enormously valuable. You are giving your contributions to the emergent global conversation to a company that values you largely as a contributor of data it can then turn into money.

I’ve never been under the illusion that the content on this site has large amounts of value to anyone but me (certainly not in monetary terms), but since I started doing this many years back, I’ve had the feeling that I would be better off in the long run if my primary online presence was on a site that I owned and was under my control (or as much ownership and control as the public web allows).

It’s not that I fear what Google or Twitter or Tumblr might decide to do with what I post (Facebook can be a little creepy in their decisions around privacy but still not something to fear), I just like to make my own decisions about those little bits of information.

On a related branch of this discussion, we also need to incorporate some of the ideas about which Gilmore is writing* into what we teach kids, and adults for that matter, about creating and maintaining their online image.

Helping them avoid giving away control of their thoughts and ideas to someone else.

*And no, I didn’t miss the irony related to Gilmore posting his ideas on the topic of control to the online edition of a newspaper, although I assumed he was paid for the work.

Facebook Requires Congressional Oversight?

In the past few weeks I’ve read that some congress critters, along with a smattering of states Attorneys General, are calling for public hearings/investigations concerning privacy issues at Facebook.


In many ways this is just another in a long line of don’t-they-have-better-things-to-do, high profile, faux public outrages.

While I haven’t made much use of Facebook for much of anything, I do have an account and have some degree of concern about their seeming lack of concern for user security.

But do the screw-ups of a privately-owned company, whose product is largely recreational and which has little or no impact on America’s economic security, really merit the attention of our national legislature?


Isn’t this more an educational issue? One where people learn, sometimes the hard way, to take responsibility for their own digital imprint.

And about the larger community educating each other and banding together to pressure Facebook into making the changes they want? Or leaving and using other tools for socializing online.

Because no one with a Facebook account signed up for life and, although they don’t make it especially easy, it is still possible to quit.

Let’s face it, this isn’t the first time that a popular internet company has done something to upset a very noisy web minority and it won’t be the last.

However, that doesn’t mean they need to make a federal case out of it.


Recording Your Online Life

Tell me, what ever happened to the concept of keeping the government out of peoples’ lives?  Once upon a time it was a cornerstone of the Republican philosophy.

Not any more.

Republican politicians on Thursday called for a sweeping new federal law that would require all Internet providers and operators of millions of Wi-Fi access points, even hotels, local coffee shops, and home users, to keep records about users for two years to aid police investigations.

Translated, the Internet Safety Act applies not just to AT&T, Comcast, Verizon, and so on–but also to the tens of millions of homes with Wi-Fi access points or wired routers that use the standard method of dynamically assigning temporary addresses. (That method is called Dynamic Host Configuration Protocol, or DHCP.)

I wonder how many people in those “tens of millions of homes” even know that their router keeps records much less how to access them?

However, I’m sure the supporters of this concept will assure us that all these records will be kept secure and will never be abused by anyone, ever.

That’s sarcasm, in case you weren’t sure. :-)