Privacy and Security

From New Media Business Blog

Jump to: navigation, search

In 1999, Tim O’Reilly described the Internet as Web 2.0. O'Reilly saw the evolution of the Internet from a one way communication tool to a platform that would allow users to “interact and collaborate with each other in a social media dialogue as creators of user generated content in a virtual community."[1] Since the late 90’s, the Internet has been developing into the platform that we know today. Its applications continue grow, as corporations are able to use the vast amounts of data they create to better understand their customers. This benefits both parties, as corporations are able to understand the internal and external factors that affect their relationship with customers allowing them to create better products that are more tailored to the customers needs. [2]


With data mining applications growing, corporations are consistently required to update their terms and conditions for their end-users. Using data for purposes that are not stated in the terms and conditions is an infringement of individual privacy and can lead to negative publicity and/or legal consequences. However, terms and conditions documents are largely made to be unreadable for the average person. A survey by Fairer Finance found that 73% of people do not read the fine print of the terms and conditions they are agreeing to, companies know this and use this to their advantage. [3]


Therefore, to protect these individuals, the government legislates privacy and security laws and guidelines for corporations and consumers. Some of this legislation helps reduce the knowledge deficit of individuals understand and to protect what data is secure and what data the consumer owns a right to.


Contents

Security Vs. Privacy

Internet security is defined as branch of internet computer security, which involves browser security, network security, and the system security as a whole. [4] The internet acts as a hub of transferring information. By this definition, Internet security is the safety of information through the system applications from the sender to the desired recipient.


Internet privacy is defined as the right of personal privacy in storing, re-purposing, and sharing of information with other bodies over the internet. Internet privacy deals with content on a individual level whereas internet security looks whether the information is accessed or taken by a third party without the permission of the information’s owner.

Privacy, Security & Governments

The government represents one of the largest stakeholders where information security is concerned. They are responsible for the legislating security laws to protect corporate and individual privacy and enforcing them when they are broken. Furthermore, they are also responsible for the safety of the nation as a whole.


Legislation tends to be reactive, especially when it comes to information privacy due to the explosive growth in information communications technology. In recent times, government has had a difficult experience trying to ensure that the legislation equally benefits all stakeholders. Furthermore, due to the location of the stored data, foreign legislation makes it more difficult for a national government to ensure an individual’s privacy on the internet.


Canadian Privacy Law

Personal Information Protection and Electronic Documents Act (PIPEDA)

The Personal Information Protection and Electronic Documents Act (PIPEDA or the PIPED Act) is a Canadian law relating to data privacy. [5] It governs how private sector organizations collect, use and disclose personal information in the course of commercial business. In addition, the Act contains various provisions to facilitate the use of electronic documents. PIPEDA became law on 13 April 2000 to promote consumer trust in electronic commerce [6]. The act was also intended to reassure the European Union that the Canadian privacy law was adequate to protect the personal information of European citizens.


In Canada, the PIPEDA is considered the most important, comprehensive & relatively fair privacy legislation. Provisions include:


"Personal Information", as specified in PIPEDA, is as follows:

Information about an identifiable individual, but does not include the name, title or business address or telephone number of an employee of an organization.

The law gives individuals the right to

  • Know why an organization collects, uses or discloses their personal information;
  • Expect an organization to collect, use or disclose their personal information reasonably and appropriately, and not use the information for any purpose other than that to which they have consented;
  • Know who in the organization is responsible for protecting their personal information;
  • Expect an organization to protect their personal information by taking appropriate security measures;
  • Expect the personal information an organization holds about them to be accurate, complete and up-to-date;
  • Obtain access to their personal information and ask for corrections if necessary; and
  • Complain about how an organization handles their personal information if they feel their privacy rights have not been respected.

The law requires organizations to

  • Obtain consent when they collect, use or disclose their personal information;
  • Supply an individual with a product or a service even if they refuse consent for the collection, use or disclosure of your personal information unless that information is essential to the transaction;
  • Collect information by fair and lawful means; and
  • Have personal information policies that are clear, understandable and readily available.[7]

Canadian Anti-Spam Legislation (CASL) [8]

An act to promote the efficiency and adaptability of the Canadian economy by regulating certain activities that discourage reliance on electronic means of carrying out commercial activities, and to amend the Canadian Radio-television and Telecommunications Commission Act, the Competition Act, the Personal Information Protection and Electronic Documents Act and the Telecommunications Act.

Under CASL, it is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless (a) the person to whom the message is sent has consented to receiving it, whether the consent is express or implied; and (b) the message complies with prescribed form and content requirements.

Some enforcement provisions include

  • Examine anything that is found in the place
    • Use any computer system found in the place — or cause it to be used — to examine data contained in, or available to, the system
    • Remove anything found in the place for examination or copying
    • Prohibit or limit access to all or part of the place.

Penalty:

The maximum penalty for a violation is $1,000,000 in the case of an individual, and $10,000,000 in the case of any other person


Reception

The legislation has come under heavy criticism as many see it reducing the competitiveness of Canadian firms due to their perceived inability to partake in marketing through e-mail. However, Michael Geist describes this law as a step towards ensuring individuals can have more control over their privacy on the internet as they can now have the option of providing information through e-mail whereas before it may have been unsolicited when people made mistakes [9].

Most criticism has been targeted towards the enforcement. There is an important debate on the power of the state and their ability to use something as minuscule as spam to have the right to raid personal equipment, files and computers. Critics argue this an excessive infringement of individuals and businesses privacy. The other major criticism is that the CRTC cannot control companies based outside of Canada, and since the internet is a global network many companies based out of countries such as Malaysia will still be able to send Canadian consumers spam, as the CRTC won't be able to collect the fine from them. However for public institutions in places like the US where this could damage their reputation and ability to do business. This is forcing some American institutions to follow the law as well. If this law proves to have a positive effect other countries may adopt it, because dealing with spam is a global phenomenon , unless companies and public institutions can convince the government that pursuing this kind of legislation won't warrant a net positive benefit. [10]

Lobbying

Lobbying is the act of attempting to influence decisions made by officials in the government, usually legislators or members of regulatory agencies. Lobbying is done by many different types of individuals and organized groups, including individuals in the private sector, corporations, fellow legislators or government officials, or advocacy groups (special interests). Professional lobbyists are people are paid by corporations or organizations to try and influence legislation on behalf of a group or individual who hires them. Governments often define and regulate organized group lobbying that become too influential[11].

Money in Politics

While lobbying has been justified as a tool to inform government officials of the evolving needs of the population, it can be a double edged sword as the world of big business uses its power to influence government decisions in order to make higher profits, rather than act in line with the opinion of the major of citizens.

According to Opensecrets.org, a research based non-profit dedicated to tracking money in politics, total lobbying spending has increased from $1.45 Billion in 1998 to $3.24 Billion in 2013, a 223% increase. [12]

Categories spent in[13]:

All-time expenditure in Lobbying by Industry

Lobbying by Technology Companies

Lobbying Spending by Tech Companies in 2012

­The all time spending list on lobbying cites “Computers/Internet” as the 5th highest[14] on the list of spenders at $1.619 Billion. As the Internet has only recently become a large, booming industry, the ranking exemplifies the accelerated rate at which technology companies have invested in lobbying and how important gaining influence on policy is to the major corporations.

E.g, in 2012, Google spent over $14 million in lobbying making it the 2nd highest spender in lobbying that year. Google is not alone in their spending:[15]

All-time lobbying expenditure by sector


An example of the power of lobbying by Google is their actions during the 2011 FTC anti-trust investigations. Google used its influence to set up academic conferences in partnership with the Law School at George Mason University to have a “vibrant” discussion on Internet competition. It used its influence among congress to invite select individuals to these conferences to ensure that Google’s interest was shown in conjunction to the FTC hearing so they may secure a positive result. [16]


“Technology issues are a big — and growing — part of policy debates in Washington, and it is important for us to be part of that discussion,” said Susan Molinari, a Republican former congresswoman from New York who works as Google’s top lobbyist. “We aim to help policymakers understand Google’s business and the work we do to keep the Internet open and spur economic opportunity.”
[17]

WikiLeaks

WikiLeaks is an international, online, non-profit, journalistic organization, which publishes secret information, news leaks, and classified media from anonymous sources. The organization has predominately been represented by Julian Assange, who is now generally considered as the founder. [18]Between 2006 and 2012, WikiLeaks released millions of documents outlining private & confidential communications between influential individuals and groups related to the U.S, Canadian, European & other foreign governments.


The first document “leaked” by WikiLeaks was in December 2006, which was a decision to assassinate government officials signed by Sheik Hasan Dahir Aweys, a Somalian liberation leader [19]. The organization’s rise to fame was its release of a video, which showed Iraqi journalists being shot down by an Apache helicopter in order to suppress evidence in 2010. [20]

WikiLeaks is now widely regarded as a precursor to the NSA scandal and a main channel of Edward Snowden's whistle blowing activities regarding PRISM and large scale government spying on its people, and international political leaders.

Government Spying

In June 2013, Edward Snowden, a system’s administrator working at the National Security Agency of the United States, disclosed thousands of classified documents on several media outlets that revealed that the U.S. Government was spying on its own citizens, and global political leaders.

Snowden’s leaked documents uncovered the existence of numerous global surveillance programs run by the NSA and the “Five Eyes” with the cooperation of telecommunication companies and foreign governments.

Boundless Informant

A big data analysis and data visualization tool used by the NSA to summarize the organization’s world wide data collection activities. [21]

Image of the tool caching information

PRISM

A clandestine mass electronic surveillance data mining program launched in 2007 which collects stored internet communications based on demands made to internet companies such as Google.[22]

Snowden’s documents indicate that PRISM is "the number one source of raw intelligence used for NSA analytic reports". The following slide was part of the leaked documents and essentially outlines the major providers of information and the types of information which the NSA would require.[23]

Leaked Presentation Slide on PRISM


Alleged NSA internal slides included in the disclosures purported to show that the NSA could unilaterally access data and perform "extensive, in-depth surveillance on live communications and stored information" with examples including email, video and voice chat, videos, photos, voice-over-IP chats (such as Skype), file transfers, and social networking details. [24]


XKeyscore

XKeyscore or XKEYSCORE (abbreviated as XKS) is a formerly secret computer system first used by the United States National Security Agency for searching and analyzing Internet data it collects worldwide every day. The program has been shared with other spy agencies including Australia's Defence Signals Directorate, New Zealand's Government Communications Security Bureau and the German Bundesnachrichtendienst. [25]

Tempora

Tempora uses intercepts on the fibre-optic cables that make up the backbone of the internet to gain access to large amounts of internet users' personal data. The intercepts are placed in the United Kingdom and overseas, with the knowledge of companies owning either the cables or landing stations. [26]

FASCIA

FASCIA is a massive database of the U.S. National Security Agency that contains trillions of device-location records that are collected from a variety of sources.[27]

Corporate Applications & Security

Data Mining

Data mining is the analysis of observational data sets to find relationships and summarize the data in ways that are understandable and useful.[28]. The collection of data enables companies to find trends among "internal" factors (price, product positioning, or staff skills) and "external" factors (economic indicators, competition, and customer psychographics) [29]

For businesses, data mining is used to discover patterns and relationships in the data to help make better decisions. Specific applications of data mining include: market segmentation, market basket analysis, fraud detection, direct marketing, interactive marketing, customer turnover, and trend analysis.


Data Mining Applications

Data mining has changed the way companies target their customer. Data mining creates more value for marketing dollars, streamline outreach, and categorize consumer in segments based on psychographics, interests etc. For example, when you go to a bank and open a bank account, the information you provide is stored in the bank’s database. Every transaction that occurs through the account whether it is at that bank or at another is recorded, with the time, amount, date, etc.

There are negative effects of data mining. Companies need to revise their terms and conditions so that they can legally store and use the data for the application of data mining. Otherwise they may be subject to legal infringements. An example of a company that employs data mining on a massive scale is WalMart. WalMart captures point-of-sale transactions from over 2,900 stores across 6 countries and continuously transmits this data to a massive data warehouse. WalMart allows its 3,500+ suppliers to access data on their products and perform data analyses. This data helps suppliers identify customer buying patterns at the store, as well as helping WalMart to have better supply chain management.

Cloud Computing


Cloud computing is a way to access computing resources that are stored on an internet network from anywhere in the world[30] This network is consists of massive servers, which allow the management, storage and acquiring of data at any given point in time. Businesses are able to pay increasingly able to do this at a low cost through cloud storage corporations.

Over the past decade cloud applications have boomed and have become an important part of everyday life. One noteworthy example is Google which uses a private cloud to provide its customers prominent services such as, email access, document applications, text translations, maps, and web analytics.


Benefits of Cloud Computing

The following are some of the possible benefits for those who use cloud computing-based services and applications: Cost Reduction — Companies reduce their capital expenditures as they don’t have to invest in infrastructure. Scalability/Flexibility — Companies can start with deploying small resources initially and then grow rapidly, having the flexibility to easily scale as needed. Reliability — Services using multiple redundant sites can support business continuity and disaster recovery. Maintenance — Cloud service providers do the system maintenance. Mobile Accessible — Mobile workers have increased productivity due to systems accessible in an infrastructure available from anywhere, provided they can access the servers.[31]


Challenges

The following are some of the notable challenges associated with cloud computing:

Security and Privacy — A hot issue surrounding cloud computing since cloud computing has the possibility of sending, storing and processing data in multiple jurisdictions. Depending on data protection laws and approaches, this may create problems of jurisdiction. Furthermore, there is a risk that information can be used or accessed by the organization or the cloud infomediary for purposes beyond those for which consent was originally given. The other major problem is that if the cloud network is hacked into multiple companies could be affected, increasing its value as a target to hackers.

Continuously Evolving — User requirements are continuously evolving, as are the requirements for interfaces, networking, and storage. This means that a “cloud,” especially a public one, does not remain static and is continuously evolving. This could be problematic because updates are beyond the company’s control and it the updates may confuse employees.

Consumer Lack of Control — Another issue that has become a concern; the recent events of Amazon deciding to remove already purchased copies of a particular novel from people’s Kindle libraries without their consent. It highlights that letting the power reside in the provider of a site can and does create unforeseen problems and risks for consumers.


Cyber Security

Cybercrime refers to any criminal activities related to computing & information networks [32]. Recently, cybercrime has wrecked havoc in the Canadian society. According to a report by Norton examining online consumer behavior, attitude, security habits and financial costs of cybercrime, the cost to Canadians was approximately $3 billion in 2013, up from 1.4 billion in 2012.[33] Furthermore, over 7 million Canadians were victims of cybercrime last year with the average cost per person approximately at $380. [34]

Corporate Security

Keeping a customer’s trust is a big part of any type of business. Losing trust can result in financial losses, a negative public image, and strained relations with other stakeholders. Companies invest large amounts of money into gathering data about their customers and tracking their interactions so that they can better understand their customer’s desires. This information is used to create a better relationship with their customers and increase their spending. With all the data that companies gather, the topic of data security becomes a more prominent issue. Companies from big to small are vulnerable to breaches and attacks due to not having the right security protocols active in their organization. The Governance of Enterprise Security: CyLab 2012 Report, released by Carnegie Mellon CyLab measured the Financial, Industrial, Energy, and Telecom/IT industries focus on security and their security policies [35]. The sector that had the best IT security is the financial sector. However, the interesting part is the fact that only 44% of financial companies actively address computer and IT security. When the leading industry in the economy for IT security has less than half of its companies say they are actively trying to protect their data it shows that companies are approaching this reactively instead of proactively.


Given the number of hacks have increased in the last 10 years and “the average cost of a data breach in 2011 was approximately $5.5 million dollars according to a study by the Ponemon Institute” [36] . A price tag this big should constitute a need for companies to regularly try to get better at securing their information. Yet these issues aren’t being considered ongoing or being continually looked at by the top executive team. One of the main reasons for the lack of development is that IT security concerns are not voiced out at the top management level of most companies. The financial industry has the highest instance of having a CISO (Chief Information Security Officer) at 76% and CSO (Chief Security Officer) at 63% [37]. That means that close to 25% of companies in the most security conscious industry don’t have someone directly responsible to raise security concerns at the top level; in other industries this number is even bigger.


The other organizational mindset that is inhibiting companies from being proactive about their IT security is that IT security is not being seen as a business problem but a technical problem. The biggest proof of this is that “Forty-two percent of financial sector respondents indicated that their boards rarely or never review annual privacy and security budgets and 39% rarely or never review roles and responsibilities.” [38] When companies are making IT Security such a minor issue from the top executive team to the board of the company it is little wonder why companies are increasingly being hacked. If top management are responsible for their companies’ strategy, for ensuring that value is created for the shareholders, and communities they operate in, it is absurd that IT security isn’t seen as a core part of that message.


Bring Your Own Device

Bring your Own Device (BYOD) is trend that has becoming increasingly popular in the workplace. The Concept allows employees to use their smartphones and other devices with their work applications; thus, increasing their productivity and overall efficiency. Employers have been accepting the trend more and more as it is reducing their overall cost and provide intangible benefits for employees. Gartner predicted that by 2017 half of all employers will require employees to bring their own devices for work purposes [39]. This increasing trend will put a strain on company security, which isn’t doing well right now. According to Gartner there are three central focuses of a successful integration of BYOD: Governance and Compliance, Mobile Device Management, and Security. The three biggest challenges with governance and compliance are managing the multiple different operating systems, screen resolutions, and connection locations. Being able to manage each employee who has 2-5 different devices that they want to connect with [40] results in the need for a system with a higher level of sophistication and flexibility built into it.


The other side of governance is risk and controlling that risk [41]. Managing the risk of data leaks in this complex system, and managing how easily you can track, find, and block these leaks while ensuring that the security controls don’t impede the user’s ability to use the system [42]. These are goals can be in competition with one another and have to be balanced so that the corporation can capture the benefits of BYOD while not exposing itself to unnecessary security flaws. Mobile Device Management is focused around managing user expectations with cost [43]. Since employees experience in using their mobile devices is based on a consumer experience rather than a business experience they are used to the system working a distinct way. When creating the system companies need to ensure that users adopt the system to justify the cost. They also need to ensure that the organization benefits are created. Customizing an interface can be costly and the budget for the system will constrain the system architecture how much tailoring can be done.


Security issues mainly surround data leaks, network protection, and managing lost or stolen devices [44]. Data leaks are becoming increasingly important to avoid because businesses are losing: market share, customer goodwill, and the trust of customers. The lost trust can have very strong negative effects on the bottom line; Target’s recent data breach is a prime example of this. The main focuses on network protection are around the connection to company Wi-Fi, and the connection and flow of data from company servers to the employee’s device [45]. Managing lost and stolen devices is a big issue because a lost device provides a direct portal into the corporate architecture. Therefore, many companies take preventative measures such as remote wiping and have employees log into a secure channel before having access to information.


Why Should Companies Care?

Theft

According to a survey conducted by PCWorld, a tech magazine, cybercrime cost corporations 56% more in 2011 in comparison to 2010. The survey indicated that the median cost incurred by 50 randomly picked companies was $5.9 million. [46]

Effect on Operations

Cyber-crime tools such as viruses may cause organizational systems to operate improperly. Insidious attacks such as DDOS (Distributed Denial of Service) can make computers and network resources unavailable to users[47], which may shutdown a company’s operations. For a web-based organization, such attacks are detrimental as they may not be able to offer services to their customers, halting all incoming cash flows and incur costs in resuming services.

Maintenance

Increasing cyber crime has changed the way companies conduct business. Costs of security maintenance have become a realistic issue, as extensive training is required for employees so they may be aware of potential security issues and behave accordingly. [48] As it is virtually impossible to completely secure data and systems, organizations need to invest in proper security audits and keep in mind that IT maintenance costs are a necessary evil.


Hackers

Hackers are defined as individuals or groups who seek bugs and loopholes in computer systems & networks. Majority of them fall under the following:

White Hat

White hat hackers are often paid consultants who work for companies in order to find system any bugs or security issues in a companies' system. The hackers then report the issues to the company.

Black Hat

A hacker who “violates computer security for little reason beyond maliciousness or personal gain” [49]is called a Black Hat hacker. These individuals or groups break into systems in order to steal and/or delete information. Black hat hackers are considered a dominant reason of cyber-crime.

Grey Hat

A combination between a Black Hat and White Hat hacker can be defined as a Grey Hat hacker. Grey Hats may break into systems in order to ask for compensation from companies.

These professional bug hunters’ have grown in popularity recently as companies like Facebook, Google and Yahoo! have utilized their services to audit their systems. By providing open compensation for bug reports, companies have found this crowd sourced approach of system auditing as a relatively cost efficient in comparison to in-house information auditing. [50]

Individual Privacy

FaceBook’s Psychological Study

Over time metadata and big data have proven to be useful in determining trends, analyzing behaviour, and drawing inferences about the future. One of the most controversial topics lately has been FaceBook’s psychological study. Researchers from FaceBook, Cornell University, and the University of California worked together on this weeklong experiment to see the impact of emotive language on user posts. [51]

This experiment was conducted in 2012 and had 700,000 users participate without their consent. The study involved the removal or addition of emotive words from people’s newsfeed to test the effect on their own statuses and likes. [52] According to the American Psychological Association, all psychological studies need to have informed consent from the patient including a description of the purpose, confidentiality notice, guideline of rights, and consequences (if any).[53] The debate that was at hand with FaceBook’s experiment was whether the terms and conditions implied that this consent was given or if it had to be obtained at a later date. At the time of the study, FaceBook’s terms allowed them to conduct the study but this was frowned upon later as people began to question whether the terms and conditions had given implicit consent for psychological experiments[54]. Thus, the question that people have been wondering has been is, “was the study illegal or unethical?

It’s important to note that the controversy behind this study only became apparent when the results were published. Both academic institutions failed to raise their ethical concerns when conducting the experiment. The involvement of academic institutions makes the study more grey than black and white because rather than seeking profit they are seeking to build the public knowledge, which in and of itself is an admirable goal. Furthermore, they did not face any scrutiny from the media about their participation in the study, or about their lack of obtaining consent from subjects. According to several sources, they were able to breach the ethics of obtaining consent through the fine print of FaceBook’s terms and conditions. The question is, does that make it right?


Government Support

The department of Defense launched a campaign called the Minerva Initiative in 2008. This Initiative was launched to “build deeper understanding of the social, cultural, and political dynamics that shape regions of strategic interest around the world.”[55] The government program sponsors approximately $6 million annually to research in areas of “social, cultural, and political dynamics”. Some of their research topics include:

It can become very evident that the boundaries of this program are endless as the three areas of focus shape all interests around the world.

The Department of Defense denied its involvement with the research conducted for the “Experimental evidence of massive-scale emotional contagion through social networks" (FaceBook experiment‘s research findings). The interesting part is that a co-author, Jeffrey Hancock of the article received a Minerva grant in 2009. An extract from Cornell University stated, “The study was funded in part by the James S. McDonnell Foundation and the Army Research Office.” However, when Cornell was questioned about this statement, they responded saying it was a mistake.[56] Though it hasn’t been proven, there are numerous sources that have deemed that the DoD did in fact fund this research project.[57]

With the involvement of the DoD, an individual’s right to privacy also becomes a very grey area. The issue is, who has the right to use this data and what other parties can use user information? Does individual privacy exist?


Terms & Conditions

Today, terms and conditions must be accepted to use any subscription service, website, or app. The terms and conditions can range in length. There have been studies that have been conducted on how humans respond to different formats for user agreements. These include the font, font size, language used, paragraph structure, bold terms, number of pages, etc. According to Fairer Finance Survey, 73% of people do not read the fine print of terms and conditions. Of the people that do read it (27%), approximately 5% of those people understand what they are reading.[58] This is a concerning fact when we consider how many people don’t understand what privacy rights they are giving up. Using the example of FaceBook, a clause in their data use policy states:

“For example, in addition to helping people see and find things that you do and share, we may use the information we receive about you ... for internal operations, including troubleshooting, data analysis, testing, research and service improvement.”[59]

Thus, there is little mention of the limitations or the full extent of the applications of user data. They used this as a rationale when conducting their experiment back in 2012.

Other user agreements involve users allowing the company and third parties (such as governmental agencies) the ability to access their information. Depending on where the data is stored, different country laws apply to the use of stored information. For instance, FaceBook being an American company has its data stored in the United States. This allows FaceBook as well as the NSA to access information as and when they please.


Social Media Management

With all the different social media platforms that people use today, it’s important that people uphold a good image online. This includes content that they post, pictures they are tagged in, places they visit, etc. Our entire lives can be mapped out on social media sites. This can paint a very skewed picture of an individual, especially since first impressions “stick” to people. For instance, the picture below depicts an individual who has drank too much and passed out in a bathroom. This is one of the last places an individual would want to find themselves. Not to mention, there is now a photograph that is likely to go on the internet and circulate for months to come.

What makes matters worse is that this individual may not be able to have this picture removed. In recent months, social media websites have been faced with data ownership issues. Whose property is this picture? Is it the person the picture is of, the person who took it, or does it belong to FaceBook? According to FaceBook’s terms, the person who took the picture owns it, but the person that the picture is of can ask for this to be removed if necessary [60]. In essence, it is harder to have something removed after the fact than it is to prevent the post from occurring in the first place.

References

  1. Wikipedia - Web 2.0 Retrieved from: http://en.wikipedia.org/wiki/Web_2.0
  2. Frand, Jason. "Data Mining: What is Data Mining?." . http://www.anderson.ucla.edu/faculty/jason.frand/teacher/technologies/palace/datamining.htm (accessed July 29, 2014)
  3. Glancey, Robert. "Comment is free Will you read this article about terms and conditions? You really should do" Retrieved from: http://www.theguardian.com/commentisfree/2014/apr/24/terms-and-conditions-online-small-print-information
  4. Gralla, Preston (2007). How the Internet Works. Indianapolis: Que Pub. ISBN 0-7897-2132-5.
  5. McClennan, Jennifer P.; Schick, Vadim (2007). "O, Privacy: Canada's Importance in the Development of the International Data Privacy Regime". Georgetown Journal of International Law 38: 669–693.
  6. Section 7, subparagraph (3)(c.1)(ii) of the act. Retrieved From: http://laws-lois.justice.gc.ca/eng/acts/P-8.6/page-3.html#h-6
  7. Wikipedia - PIPEDA Retrieved From: http://en.wikipedia.org/wiki/Personal_Information_Protection_and_Electronic_Documents_Act#Overview
  8. Government of Canada - Fightspam.gc.ca Retrieved from: http://fightspam.gc.ca/eic/site/030.nsf/eng/home
  9. Bookman, Barry Michael Geist’s defense of Canada’s indefensible anti-spam law CASL Retrieved From: http://www.barrysookman.com/2014/07/14/michael-geists-defense-of-canadas-indefensible-anti-spam-law-casl
  10. Straumsheim, Carl "Permission to Spam" Retrieved from: http://www.insidehighered.com/news/2014/07/09/us-institutions-may-run-afoul-new-canadian-anti-spam-law
  11. Wikipedia - Lobbying - Retrieved From: http://en.wikipedia.org/wiki/Lobbying
  12. Opensecrets. Retrieved From: http://www.opensecrets.org/lobby/
  13. Opensecrets. Retrieved From: http://www.opensecrets.org/lobby/
  14. Opensecrets. Retrieved From: http://www.opensecrets.org/lobby/
  15. Opensecrets. Retrieved From: http://www.opensecrets.org/lobby/
  16. Hamburger, Tom "Google, once disdainful of lobbying, now a master of Washington influence" Retrieved From: http://www.washingtonpost.com/politics/how-google-is-transforming-power-and-politicsgoogle-once-disdainful-of-lobbying-now-a-master-of-washington-influence/2014/04/12/51648b92-b4d3-11e3-8cb6-284052554d74_story.html
  17. Hamburger, Tom "Google, once disdainful of lobbying, now a master of Washington influence" Retrieved From: http://www.washingtonpost.com/politics/how-google-is-transforming-power-and-politicsgoogle-once-disdainful-of-lobbying-now-a-master-of-washington-influence/2014/04/12/51648b92-b4d3-11e3-8cb6-284052554d74_story.html
  18. Wikileaks.org - Retrieved From: https://wikileaks.org/
  19. Khatchadourian, Raffi (7 June 2010). "No Secrets: Julian Assange's Mission for total transparency". The New Yorker. Archived from the original on 2011-08-27. Retrieved 8 June 2010.
  20. McGreal, Chris (5 April 2010). "Wikileaks reveals video showing US air crew shooting down Iraqi civilians". The Guardian (London). Archived from the original on 2011-06-26. Retrieved 15 December 2010.
  21. Glenn Greenwald and Ewen MacAskill (June 8, 2013). "Boundless Informant: the NSA's secret tool to track global surveillance data". The Guardian (London). Retrieved June 12, 2013.
  22. Gellman, Barton; Poitras, Laura (June 6, 2013). "US Intelligence Mining Data from Nine U.S. Internet Companies in Broad Secret Program". The Washington Post. Retrieved June 15, 2013.
  23. Staff (June 6, 2013). "NSA Slides Explain the PRISM Data-Collection Program". The Washington Post. Retrieved June 15, 2013.
  24. Greenwald, Glenn; MacAskill, Ewen (June 6, 2013). "NSA Taps in to Internet Giants' Systems to Mine User Data, Secret Files Reveal – Top-Secret Prism Program Claims Direct Access to Servers of Firms Including Google, Apple and Facebook – Companies Deny Any Knowledge of Program in Operation Since 2007 – Obama Orders US to Draw Up Overseas Target List for Cyber-Attacks". The Guardian. Retrieved June 15, 2013.
  25. "Snowden Interview Transcript". NDR. ?. Retrieved 27 January 2014.
  26. Ball, James (25 October 2013). "Leaked memos reveal GCHQ efforts to keep mass surveillance secret". The Guardian. Retrieved 25 October 2013.
  27. Narayan Lakshman (2013-12-05). "NSA tracking millions of cellphones globally". The Hindu. Archived from the original on 2014-03-23. Retrieved 2014-03-23.
  28. Hand, David, Heikki Mannila, and Padhraic Smyth. Principles of data mining. London: MIT Press.
  29. Frand, Jason. "Data Mining: What is Data Mining?." . http://www.anderson.ucla.edu/faculty/jason.frand/teacher/technologies/palace/datamining.htm (accessed July 29, 2014). Companies with a strong customer focus – such as retail, financial, communication, and marketing organizations have benefited most from the applications of data trends.
  30. Garrison, g., Kim, S., & Wakefeild, R. L. (2012). Success Factors for Deploying Cloud Computing. Communications Of The ACM, 55(9), 62-68. doi:10.1145/2330667.2330685
  31. Dialogic Corporation . "Introduction to Cloud Computing ." . http://www.dialogic.com/~/media/products/docs/whitepapers/12023-cloud-computing-wp.pdf (accessed July 28, 2014).
  32. wikipeida . 7 24, 2014. http://en.wikipedia.org/wiki/Hacker_%28computer_security%29.
  33. Norton. "Norton annual report 2013." 2013.
  34. Puzic, Sonja. CTVNews.ca. 10 2, 2013. http://canadaam.ctvnews.ca/cybercrime-cost-canadians-3b-in-past-year-2013-norton-report-1.1479940.
  35. Jody Westby, “Boards are still Clueless about Cybersecurity,” Forbes Magazine, May 16 2012, http://www.forbes.com/sites/jodywestby/2012/05/16/boards-are-still-clueless-about-cybersecurity/
  36. Mark Hatton, “3 Reasons Corporations Lag on Cybersecurity”, Boston Globe (blog), October 1 2012, http://www.boston.com/business/blogs/global-business-hub/2012/10/3_reasons_major.html
  37. Jody Westby, “Boards are still Clueless about Cybersecurity,” Forbes Magazine, May 16 2012, http://www.forbes.com/sites/jodywestby/2012/05/16/boards-are-still-clueless-about-cybersecurity/
  38. Jody Westby, “Boards are still Clueless about Cybersecurity,” Forbes Magazine, May 16 2012, http://www.forbes.com/sites/jodywestby/2012/05/16/boards-are-still-clueless-about-cybersecurity/
  39. “Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes”, Gartner, May 1 2013, http://www.gartner.com/newsroom/id/2466615
  40. “Key Challenges in BYOD”, Gartner, http://www.gartner.com/technology/topics/byod.jsp
  41. “Key Challenges in BYOD”, Gartner, http://www.gartner.com/technology/topics/byod.jsp
  42. “Key Challenges in BYOD”, Gartner, http://www.gartner.com/technology/topics/byod.jsp
  43. “Key Challenges in BYOD”, Gartner, http://www.gartner.com/technology/topics/byod.jsp
  44. “Key Challenges in BYOD”, Gartner, http://www.gartner.com/technology/topics/byod.jsp
  45. “Key Challenges in BYOD”, Gartner, http://www.gartner.com/technology/topics/byod.jsp
  46. Kirk, Jermy. PCWorld. 5 27, 2014. http://www.pcworld.com/article/2198060/new-security-problems-keep-ebay-on-edge.html.
  47. wikipeida . 6 26, 2014. http://en.wikipedia.org/wiki/Denial-of-service_attack.
  48. Kaput, Michael Batton. Chron. http://smallbusiness.chron.com/can-happen-company-result-cybercrime-26811.html.
  49. http://en.wikipedia.org/wiki/Hacker_%28computer_security%29.
  50. Kirk, Jermy. PCWorld. 5 27, 2014. http://www.pcworld.com/article/2198060/new-security-problems-keep-ebay-on-edge.html.
  51. Russia Today. "Facebook mind control experiments linked to DoD research on civil unrest." - RT USA. http://rt.com/usa/169848-pentagon-facebook-study-minerva/ (accessed August 4, 2014).
  52. Gibbs, Samuel. "Facebook apologises for psychological experiments on users." The Guardian. http://www.theguardian.com/technology/2014/jul/02/facebook-apologises-psychological-experiments-on-users (accessed August 4, 2014).
  53. Plous, Scott . "Social Psychology Network." Tips on Informed Consent. http://www.socialpsychology.org/consent.htm (accessed August 4, 2014).
  54. Caplan, Arthur, and Charles Seife. "Opinion: Facebook Experiment Used Silicon Valley Trickery - NBC News." NBC News. http://www.nbcnews.com/health/mental-health/opinion-facebook-experiment-used-silicon-valley-trickery-n144386 (accessed August 4, 2014).
  55. "Minerva Initiative." Minerva Initiative. http://minerva.dtic.mil/ (accessed August 4, 2014).
  56. Watson, Paul Joseph. "Cover Up Surrounding Pentagon Funding of Facebook’s Psychological Experiment?." Infowars. http://www.infowars.com/cover-up-surrounding-pentagon-funding-of-facebooks-psychological-experiment/ (accessed August 4, 2014).
  57. Watson, Paul Joseph. "Cover Up Surrounding Pentagon Funding of Facebook's Psychological Experiment?." Global Research. http://www.globalresearch.ca/cover-up-surrounding-pentagon-funding-of-facebooks-psychological-experiment/5389664 (accessed August 4, 2014).
  58. Glancy, Robert. "Will you read this article about terms and conditions? You really should do." theguardian.com. http://www.theguardian.com/commentisfree/2014/apr/24/terms-and-conditions-online-small-print-information (accessed August 4, 2014).
  59. Waldman, Katy. "Facebook’s Unethical Experiment Manipulated Users’ Emotions." Slate Magazine. http://www.slate.com/articles/health_and_science/science/2014/06/facebook_unethical_experiment_it_made_news_feeds_happier_or_sadder_to_manipulate.html (accessed July 31, 2014).
  60. McWhinnie , Laura. "Content ownership on Facebook: Three rules for brands - mUmBRELLA." mUmBRELLA. http://mumbrella.com.au/content-ownership-on-facebook-three-rules-for-brands-148348 (accessed August 3, 2014)
Personal tools