Business ethics talk

Business Ethics and Online Privacy

Robert Bodle

Recent ethics research on search engines and social networks

Informational Privacy

“the control over the flow of an individual’s personal information” - Herman T. Tavani (2010).

The collection and use of personal information by:

-government -private companies

Informational privacy concerns increased by Internet -

1) amount of data collected2) speed at which data can be obtained3) duration of time info can be retained4) kind of info acquired

Online privacy - Introduction

Look up your name on Google

How about doing an image search?

What about 123people.com?

Thesis

Statement: The ability of Internet companies to monitor and control our online data, has outflanked any privacy regulations of these industries.

Research Question: What should be done about it from an ethical standpoint?

Privacy Regulation: a comparative view

EU – stakeholder model US – stockholder model

statutory protections statutory protections, privacy policies

enforceable by law self-regulated, largely unenforceable

Responsibility placed on governments and industry

Responsibility placed on the user

The Privacy Act of 1974

Governs collection, maintenance, use, and dissemination of “PII” by Federal agencies

Prohibits disclosure of info without written consent.

But what about private companies?

Privacy regulation of companies: a segmentated approach

Enforced by the US Federal Trade Commission

Kind of Information

The Fair Credit Reporting Act (1970)

Customer Credit Information

Family Educational Rights and Privacy Act (FERPA 1974)

Education Records

Health Insurance Portability and Accountability Act (HIPAA 1996)

Medical Records

The Gramm-Leach-Bliley Act (1999)

Banking Records

The Children's Online Protection Act (COPPA 1998)

Personal info of children under 13

Privacy regulation online

What about privacy regulation for the rest of us?

Well, Rep. Bobby Rush, D-Ill., plans on introducing a privacy bill next week to include a “do not track” provision for customers/users.

#weak

Google and Informational Privacy

Google and Informational Privacy

2007 Privacy Watchdogs declared Google worst search engine in protecting user privacy:

cookie life server logs targeted ads

What does Google Know?

Server logs – information about each search

123.45.67.89 – 25/Mar/2003 10:15:32 – http:google.com/search?q=cars – Firefox 1.07;

Windows NT 5.1 – 740674ce2123e969⇧ Internet Protocol address (unique ID, identifies the computer)

65.27.213.xxx (Google redacts the fourth octet after 9 months)

⇧ Date and time of query⇧ Requested page (including term searched)⇧ Browser and operating system used⇧ Persistent and unique cookie ID

Google also records . . .

Clickstream data - • Search results and ads clicked through

• Different kinds of data– Images– Videos– News stories– Book search

As well as . . .

Google also records . . .

Account data from - • over 45 products and services in the

cloud:

– Google Docs– Gmail– Calendar– Desktop– Mobile– Etc.

How does Google protect user privacy?

Privacy polices and user agreements• But this is just to protect Google

Consumer Education• Videos, blog• shifting responsibility of privacy

protection to the user and away from Google and Fed oversight

Consumer education videos

Consumer education videos

-manage anxieties-simplifies, obscures-no mention of otherservices

Is this meeting the challenge of privacy protection in the cloud?

Facebook's and privacy

Facebook makes constant changes to

privacy settings and introduces new

services without providing the ability for

people to opt out by default.

Facebook's response to privacy?

‘A -blow-forward pattern of disclose first, respond later’ (Hoofnagle & Zimmer) or ‘here now, privacy later’ (ACLU-NC)

Facebook and info privacy

NewsfeedBeaconThe App GapSocial plug-insFacebook's real name policy


Newsfeed (2006)Beacon The App GapSocial plug-insFacebook's real name policy


NewsfeedBeacon (2007) The App GapSocial plug-insFacebook's real name policy

Beacon was part of FB's ad platform, that tracked people's Web activities outside the SNS and reported back to FB on members' activities on third-party sites without users' permission



Social games have access to players info as well as to one's friends’ profile information, making a player’s friends’ data vulnerable. The non transparent process of third-party access to member data has been called the “app gap” by privacy advocates (O'Connell 2009).


Unlike Beacon which broadcasted information about user's web purchases without permission, the “Like” button encourages people to volunteer their tastes and preferences.



Facebook's real name policy deletes accounts that usepseudonyms, but it is dangerous for international activists to use their Real names on Facebook in countries like Egypt or Tunisia, for pro-democracyPurposes.


Facebook's response to activists?

FB sticks by their real name policy even if it

makes activists vulnerable.

What kinds of PII do we share on Facebook?

Friends

News feed

Profile feed

Likes

Movies

Books

Notes

Photo Tags

Photo Albums

Video Tags

Video Uploads

Events

Groups

Check-ins

Real Names

Facebook's revenue modelFacebook is a free service that is supported by

advertising revenue (as well as other contracts with third parties).

Facebook's revenue modelThe more PII Facebook can

solicit, collect and share about us, the more $$ it can charge advertisers for targeted ad placements.

Facebook's response to user privacy?

Self-regulation . .

Or lack thereof.

Informational privacy and social implications

When we share our information online to companies like Google and Facebook we lose our informational self-determination or

-the ability to:• enjoy freedom from interference• make informed decisions• anticipate consequences*

Informational privacy and social implications

Consequences -

Tarnished reputationsLost jobsPersonal Safety (cyberbullying, stalking)Revoked VisasImprisonment

Discussion1) How do you think privacy should be regulated for social networks and search engines?

Self-Regulation? User Responsibility? Industry regulated and enforced by government? All three?

2) What ethical framework supports your view?

Utilitarian? categorical imperative? virtue ethics/professional ethics?

Business Ethics and Online Privacy

Robert Bodle