Stepping away from the privacy advocate’s point of view, I point you to a blog post by Patricia Seybold. She discusses, at length, how Google and other search engines are dealing with questions about privacy and data retention. Importantly, she provides us all with a clear explanation of what data she expects to be retained from her online activities, and what she expects can be done with that data:

“Here’s my bottom line. I have opted into personalized search for Google, and I know I can control it. I expect the merchants with which I have dealings to maintain a history of our transactions together. And I demand that that transaction history is private to me (and/or my firm, if it’s a business transaction). I own that information. It’s mine. Nobody should be allowed to sell, mine, or otherwise use my personally identifiable trail of activities unless I explicitly opted in. Not 18 months from now, but now.”

As we mentioned earlier this week, Professor Michael Geist spoke at the closing session of the Conference. He noted that we already live in a world where surveillance is common place, and our personal data trail crosses borders and oceans and lives in countless databases.

“Chertoff came to us and said “this is my world, this is my vision, what are you prepared to do about it?”

We have posted the video of Professor Geist’s speech on YouTube, and you can view it below.

Videos are posted in the language of the original speaker.

As the Conference drew to a close, Professor Michael Geist of the University of Ottawa provided a brief but complete summary of the week’s discussions.

Today, in the Toronto Star, he provides a precis of his summary. (available in English only)

He underlines the central message drawn from the opening day from the conference: a message that resonated throughout many of the sessions that followed:

“…In a room full of privacy advocates, Chertoff came not with a peace offering, but rather a confrontational challenge. He unapologetically made the case for greater surveillance in which governments collect an ever-increasing amount of data about their citizens in the name of security…”

Among the many interesting sessions held on Thursday, conference attendees discussed child protection online. The video of this session will be available next week, but we include some highlights below:

Rough notes from the presentation by Valerie Steeves, professor at the University of Ottawa:

• There are increasingly deep levels of intimacy between marketers and children – there’s a thin line between content and commerce
• By opening up child’s private world of play, marketers hope to steer their reactions – by embedding commercial values in a child’s social world
• The crux of the system rests on surveillance

“There’s no way to sugar coat this. In order to learn more about individual consumers, marketers have to resort to ’spying’” – Rob Graham, Rob (2006) Fishing from a Barrel – Using Targeting to Reach the Right People with the Right Ads at the Right Time

• All the major children’s playsites comply with data protection laws – in fact they all market themselves as champions of children’s privacy
• From a human rights perspective, privacy is rooted in dignity and autonomy – as human rights advocates we all need to get past data, security and consent
• We need to start to look at the impact of invasive technologies on how children experience the concepts of privacy in their own lives
• In these children’s sites, the pervasive market research invades privacy – seamless surveillance – colonizing their play – constraining the identities available to them – recasting things like citizenship, friendship, autonomy, choice and control within the framework of the marketplace
• This is the context in which kids are making their decisions about online privacy
• Policy makers think kids don’t care about online privacy
• As we explore the research in all these disciplines – we will see a very very different picture

From Leslie Regan Shade, professor at Concordia University:

• Kids care about their privacy, they care about a lot of issues about relationship privacy – especially what other kids think
• They care about the presentation of themselves online
• Very interesting sense of privacy - they want to control their image, want to control what they look like
• Are very concerned of people who they don’t know in a social network, people who have tagged them in a photo
• They care if the photo is unappealing or depicts them in a situation they do not what their mother to see
• Their grossest thing for kids now is for their parents to be on a Facebook – I’m being stalked!
• Care deeply about their privacy, among small personal networks which are now being extended in digital spaces
• Interesting blurriness between public and private and kids think that what they are doing on these public spaces are private but it’s not.

Privacy and Security: Not Necessarily a Battle to the Death

Reporters at our conference this morning had an opportunity to hear from the U.S. Homeland Security Secretary, Michael Chertoff, about the  relationship between privacy and security. His main conclusion seemed to be that the two seemingly contrary principles could build on each other.

“I actually believe that many of the measures we take serve to enhance security and serve to enhance privacy,” said Chertoff, the keynote speaker at a major conference of privacy commissioners and experts from around the world in Montreal. Canadian Press, September 26, 2007

Here’s how Mr. Chertoff thinks this could work:

By collecting little pieces of information from everyone that aren’t overly private or invasive to gather, security officials can quickly target potential threats and avoid subjecting all travellers to intensive scrutiny or searches. CanWest News Service, September 26, 2007

Update: there’s more discussion of his proposal on Michael Chertoff’s own blog.

We’ve shoehorned over 600 delegates into the conference rooms at the Sheraton Centre in Montreal. Our day began with speeches from:

• Jennifer Stoddart, the Privacy Commissioner
• the Honourable Peter Milliken, the Speaker of the House of Commons
• Secretary Michael Chertoff, the Secretary for Homeland Security

Unfortunately, these speeches won’t be available online - but we may have video of Secretary Chertoff available later in the week.

At the moment, we’ve got the first of many high-powered plenary sessions going on. Warren Allmand, Bruce Schneier, Jacob Kohnstamm and Barry Steinhardt.

And the list goes on. Too bad you’re not here.

Today, we are receiving data protection authorities and privacy advocates from around the world at the 29th International Conference of Data Protection and Privacy Commissioners. 

Over 40 countries will be represented, and nearly 600 delegates. One of the speakers will be Peter Fleischer, the Global Privacy Counsel for Google.

In recent days, Mr. Fleischer and Google have made proposals for the development of a global privacy standard. His suggestion is to begin with the framework put in place by APEC members.

Mr. Fleischer has posted the text of his initial speech proposing these standards, originally delivered to a UNESCO sub-committee meeting in Strasbourg. (The Need for Global Privacy Standards)

He has also posted the text of an op/ed prepared for Eric Schmidt, the CEO of Google, in support of the initiative. (Eric Schmidt on Global Privacy Standards)

Ann Cavoukian, the Ontario Information and Privacy Commissioner, has posted some additional history on the matter as a comment to this last post.

Unfortunately, all these documents are only available in English.

This will be a subject of much discussion – both this week and in months to come.

You know, the Office of the Privacy Commissioner doesn’t want to appear technophobic. We appreciate the benefits of new technology and the ease in communication that social networks like MySpace and Facebook can bring to society.

But we have to remind Canadians that they should be careful about the information they share online. We don’t just mean the usual suspects: birthday, address, social insurance number.

The same technological leaps that have provided us with these social networks have also provided companies with the computing power to scour the very same networks for reams of information. Information that can be used to categorize you.

And this is the subject of a New York Times article from earlier this week: “MySpace to Discuss Effort to Customize Ads”

“A 100-employee team inside the Fox Interactive Media offices … has designed computer algorithms to scour MySpace pages. In the first phase of the program, which the company calls “interest-based targeting,” the algorithms assigned members to one of 10 categories that represents their primary interest, like sports, fashion, finance, video games, autos and health.

The algorithms make their judgments partly on certain keywords in the profile. A member might be obvious by describing himself as a financial information enthusiast, for example. But more than likely the clues are more subtle. He might qualify for that category by listing Donald Trump as a hero, Fortune magazine as a favorite publication or “Wall Street” as a favorite movie.

The system also looks at the groups members belong to, who their friends are, their age and gender, and what ads they have responded to in the past. “Our targeting is a balance of what users say, what they do and what they say they do,” said Adam Bain, executive vice president for production and technology at Fox Interactive.” (New York Times)

Can you imagine your world 13 years from now without surveillance? Well, Robert Gellman certainly can’t and he’s come up with eight “fanciful” but somewhat apocalyptic musings about how watched the average citizen might become. Here’s an abridged version of his list:

“Auto tracking. Every car will be required to have a transponder, and automated highway readers will record all trips. The transponders will allow agencies to monitor driving habits and to issue electronic tickets for violations. The system will collect fees for using congested roads, replace parking meters and prevent undesirable people from driving in certain areas.
Very personalized PC. Every computer will have a static IP address. No one will be able to operate a computer without registering through a token, fingerprint or other identification device.
MySpace is mandatory. Every individual will be required to maintain a personal Web page with basic contact information accessible by the government and the public. People with out-of-date pages will be fined.
Society caught on tape. Surveillance cameras will be even more universal than they are today. You will not be able to walk down a street, enter a store, park in a garage, ride the subway, sit at your desk at work, open your front door or do anything else outside your home without being recorded.
Penniless marketplace. Currency will disappear and all money will be electronic. Every transaction will be permanently tracked. Private money systems will develop using tokens, gold and other forms of intrinsic value.” (Source: Direct Marketing News)

Of course, the underlying point here is that today’s seemingly innocuous surveillance technologies can take on scary lives of their own tomorrow. By that time in the future, these surveillance applications would be the ‘new normal’ for those who don’t remember anything different.

We as regulators can play an active role by continuing to “sound alarms,” about today’s seemingly harmless intrusions with the hope that someone out there becomes concerned enough to just say NO!

Marie Shroff, the Privacy Commissioner of New Zealand, recently spoke to the growing challenge facing privacy advocates, and the public in general, in the face of technological innovations that may erode our personal protections:

“So what do I mean by “privacy pollution”? It’s an idea I see as having some similarity to air pollution: where small blots of contamination build to form blankets of smog. In themselves, they are relatively minor – specks of soot or puffs of smoke – but in combination the effect can be overpowering. Like environmental contaminants, privacy breaches run from serious even criminal, across to minor annoyance…

The key thing is the fact that bothersome material accumulates. Yes, it is pretty insignificant to receive a piece of unwanted SPAM or yet another telemarketing call, but most people receive quite a few unsolicited and unwanted phone calls, letters and emails each week…

The overall effect is that these tiny but insidious measures combine together to shape our behaviour. Together, they contribute to a climate where private space, thoughts and choices are encroached upon and subtly eroded. We must strive to find some way not only of limiting the impact that this has on each of us, but also to find spaces in which we can be free. “

A excerpt from speech delivered by Marie Shroff, the Privacy Commissioner of New Zealand, at the Forum on Privacy and Technology in the 21st Century in Wellington.