Data breach is the Exxon Valdez of privacy

Crews clean up the oil soaked beach on Naked Island in the Prince William Sound, on April 2, 1989, after the oil spill caused by the Exxon tanker Valdez.   REUTERS/Mike Blake- Michael Fertik is the founder and CEO of, an online privacy and reputation management company. He is a member of the World Economic Forum Agenda Council on Internet Security and recipient of the WEF Technology Pioneer 2011 Award. The opinions expressed are his own. -

Last week’s Epsilon data breach is the Exxon Valdez of privacy. It is a wake-up call that it is time to reform our privacy infrastructure from the ground up, much as the Exxon Valdez oil spill of 1989 should have served as the wake-up call to reform our energy delivery infrastructure to prevent disasters like last year’s BP Deepwater Horizon spill.

On Friday, the email marketing firm Epsilon revealed that tens of millions of private names and email addresses were stolen, putting millions of people at risk of fraud. Intruders were able to harvest names and email addresses that belong to customers of companies like Best Buy, Capital One, and J.P. Morgan. Banks and retailers gave this data to Epsilon to run email marketing campaigns. In turn, someone penetrated Epsilon’s security, and was able to download millions of names and addresses, which presumably are being sold on the black market at this very moment.

The immediate result will be literally billions of spam and fraud messages flooding inboxes around the world, many trying to trick users into giving up financial information to scammers. But the real impact of Epsilon is to bring home the dangers of corporate strip-mining of our personal information. Just as the Valdez spill proved that there is no perfectly safe way to transport petroleum, every incident like Epsilon should teach us that there is simply no perfectly safe way to transport and store massive amounts of private data.

Companies like Epsilon store your personal data in huge databases, each containing millions of pieces of personal information. Each of these personal information databases is like a supertanker plying the high seas. When everything goes exactly as planned, there is admittedly little risk. But, if the Exxon Valdez, the Deepwater Horizon, and countless smaller spills have taught us anything, it is that things always deviate from the plan. And no company can possibly foresee every way that data storage can go wrong: a disgruntled employee, a skilled hacker, a sloppy IT staffer, a new attack on web servers, or possibilities that we haven’t thought of yet—there will always be unanticipated flaws and unforeseen shoals.

Lawsuits will pressure Apple and Google to protect user privacy

On December 17, the Wall Street Journal published an investigative story that detailed how popular iPhone and Android apps like Pandora, The Weather Channel and Angry Birds breach user privacy. Less than a week later, the first lawsuits were filed.

So far, two suits seeking class action status have been filed, pushing for a ban on the sharing by apps of personal data like geo-location and phone numbers with advertisers. They also seek monetary compensation. The defendants include the developers of the apps in question as well as Apple. Google, which developed the Android platform, may face similar suits.

Smartphone owners who are concerned about advertisers receiving personal data without their consent may be encouraged if these lawsuits lead to stronger protection. But for Apple and Google they complicate matters. There is a fundamental tension between making mobile ads a valuable platform for advertisers and respecting the privacy of mobile device users. It’s going to take a long time to untangle the whole mess, and the lawsuits apply pressure to find a quick solution.

Privacy regulation and the “free” Internet

Adam Thierer is a senior research fellow at the Mercatus Center at George Mason University. The views expressed are his own.

Would you like to pay $20 a month for Facebook, or a dime every time you did a search on Google or Bing?  That’s potentially what is at stake if the Obama administration and advocates of stepped-up regulation of online advertising get their way.

The Internet feels like the ultimate free lunch.  Once we pay for basic access, a cornucopia of seemingly free services and content is at our fingertips.  But those services don’t just fall to Earth like manna from heaven.  What powers the “free” Internet are data collection and advertising. In essence, the relationship between consumers and online content and service providers isn’t governed by any formal contract, but rather by an unwritten quid pro quo: tolerate some ads or we’ll be forced to charge you for service.  Most consumers gladly take that deal—even if many of them gripe about annoying or intrusive ads, at times.

Why Web Giants would benefit from a ‘do not track’ policy

The Federal Trade Commission has issued a report recommending that browsers include a “Do Not Track” mechanism that would allow people to surf the web without sites collecting and sharing data about their activities. In the same way that the “Do Not Call” list hampered that ability of some (but alas, not all) telemarketers to interrupt our dinners with unwanted calls, the idea sounds like bad news for web sites that target ads based on such data.

But in the end, such a move could be just what web giants like Google and Facebook need to get their users to opt in to sharing data, rather than opting out.

Opting out of telemarketing calls is a fairly black and white decision. You either hate them or you don’t mind them. But online privacy is a much murkier affair. On the one hand, behavioral data can help sites serve ads or deliver sponsored-search results that are – theoretically, at least – of interest. Increasingly, they are being used to improve the web experiences as well, whether it’s Netflix using your viewing history to recommend new movies, or apps like Foursquare using geolocation.

Should you trust Facebook with your email?

INTERNET-SOCIALMEDIA/PRIVACY- Michael Fertik is the CEO and Founder of ReputationDefender, the online privacy and reputation company. The views expressed are his own. -

Facebook already knows a massive amount about you.  They know your age, what you look like, what you like, what you do for fun, where you go, what you eat, whom you know, whom you know well, whom you sleep with, who your best friends and family are, and, again, how old they are, what they like, and so on.

On top of that, Facebook has a well-known history of privacy breaches or at least snafus.  Publicly they seem committed to the notion that privacy is dead.  Their CEO and Founder has said as much.

Sun Valley – Google’s Larry Page: Stop stressing about search data privacy

LarryPage at SunValley 2010Hey you Mr. Privacy Nut,

Google co-founder Larry Page has a message for you: Stop worrying about how data about your Web searching habits might be abused. Your search data is there to serve a greater good.

“It’s always easy to be fearful of a hypothetical bad thing that could happen in the future, and yet the data of these kinds of (search) logs and so on are actually very, very useful,” Page told reporters at a briefing in Sun Valley on Thursday.

He cited the company’s recent work using search data to figure out which regions in the US were experiencing flu outbreaks. Google was able to detect the flu more accurately than the government, Page said, and probably could save it tens of millions of dollars in the process.

Google walks into privacy Buzz-saw

Google touted its 176 million Gmail users as a key advantage in its latest attempt to break into the red-hot social networking market, dominated by the likes of Facebook and Twitter. But email may turn out to be Google’s Achilles heel.

Less than four days after introducing Google Buzz, a social networking service that is built-in to Gmail, the company is already moving to address a growing privacy backlash.

GoogBuzzAt issue is the network of contacts that Buzz automatically creates for new users based on their existing email contacts, saving people the laborious chore of manually building a social graph from scratch.

Facebook privacy backlash in FTC’s hands

The grousing about Facebook’s recent privacy changes is now an official complaint.

The Electronic Privacy Information Center, along with eight other groups, filed a complaint with the U.S. Federal Trade Commission on Thursday urging the regulator to open an investigation into Facebook’s new privacy settings.

FB11Facebook’s privacy changes “violate user expectations, diminish user privacy and contradict Facebook’s own representations,” reads the 29-page complaint, which accuses the world’s No.1 Internet social networking company of engaging in unfair and deceptive practices.

Google: Don’t Fear the Cloud

Google doesn’t want you to be afraid of the cloud.

The company announced a new feature on Thursday that lets people view all the personal information they’ve entered into Google’s sundry Web-based products over the years.

The information in Google’s new Dashboard covers everything from your personal account information for email and other Google services, to your viewing history on YouTube and the photos you’ve uploaded to Picasa. It’s information that was always accessible in the past, but Google is now making it viewable in one, all-inclusive snapshot.

Privacy advocates have long warned that Google is accumulating too much information about people through its broad menu of Web-based services and not providing enough insight into how the information is being used.