Privacy Working Group

This week CBC News reported a Canadian woman, as a result of photographs posted to her Facebook profile, lost her long-term sick leave benefits. Natalie Blanchard, diagnosed as clinically depressed by her doctor, had been on leave for a year and a half.  According to the article:

When Blanchard called Manulife, the company said that “I’m available to work, because of Facebook,” she told CBC News this week.

She said her insurance agent described several pictures Blanchard posted on the popular social networking site, including ones showing her having a good time at a Chippendales bar show, at her birthday party and on a sun holiday — evidence that she is no longer depressed, Manulife said.

Blanchard said she notified Manulife that she was taking a trip, and she’s shocked the company would investigate her in such a manner and interpret her photos that way.

What is particularly interesting about this case is Blanchard’s Facebook profile had been locked to unapproved Facebook users and it is unclear how her insurer was able to access the photographs.  However, her insurer, Manulife, did confirm it uses Facebook.

ZDNet recently posted an article on SunGuard Availability Services Chief Technology Officer’s predictions for cloud computing in 2010.  His vision for the rapidly growing world of cloud computing included:

• Cloud computing will become a mainstream, widely used technology.
• With increased demand, cloud computing providers’ success will being to differentiate between those that provide reliable, solid products and those that simply rest on buzz words and hype to market their offerings.
• Enterprise-grade, cloud-based backup, replication and recovery tools will begin to appear as part of cloud computing service provider offerings.

These predictions seem to have already gained momentum with companies, like Microsoft, who are clearly taking steps to assert their cloud computing presence.  This week, the Associated Press reported Microsoft will be releasing Azure – a tool used for building software which runs over the internet – out of test mode this coming January and will eventually charge for its use.

One important consideration that is already contentious among experts in the cloud computing field, and central to this blog, is privacy.  With cloud computing clearly on the rise, the public will need to begin considering the privacy implications that may accompany a business farming out the management of data and software to an external organization.

Don’t tell my boss but on a lazy Friday afternoon I may take one of those quizzes on Facebook to test my M*A*S*H knowledge or what my birth sign means (P.S. I am a Libra and according to Facebook very creative).  It seems as if some of those quizzes aren’t random, they are generated by the user’s data or a friend’s data.  I knew this and even though I am a supporter of privacy chose to play along anyway because ultimately it was my choice.

It seems as if Canada wasn’t as forgiving.  According to dmwmedia.com:

Facebook has agreed to implement new privacy safeguards that limit the personal information that quiz authors have access to, in response to complaints from the Canadian Privacy Commissioner and a chapter of the American Civil Liberties Union (ACLU).

The Canadian Privacy Commissioner and ACLU say that Facebook does not vet application developers for trustworthiness, and allows them to access an alarming amount of a user’s — and that user’s friends’ — personal information without express permission.

The good news is that Facebook responded to the complaint without further government involvement.  One could assume that Facebook wanted to move past the controversy as quickly as possible because the private sector understands that is important to keep your customers happy.

This incident and Facebook’s reaction is another reminder why misguided government intervention in privacy policy in the private sector is not needed.

Ok, time to get back to Facebook and take  a quiz on 90′s Pop Bands.

No, that isn’t the name of a new grunge rock band.  It refers to the City of Los Angeles trying to decide whether or not to use Google Apps as a replacement for the Novell Group Wise e-mail and Microsoft Office Applications.

There are huge taxapayer and privacy concerns with such a move.  In a press release and letter to members of the Information Technology and General Services Committee, we expressed our concerns:

On behalf of the 193,000 members and supporters of Citizens Against Government Waste in the state of California I would like to express our concerns with this proposed contract.  As the nation’s premier taxpayer watchdog, we applaud your desire to evaluate technology use and the potential to save taxpayer money.  However, there are cost and privacy issues associated with Google Apps that could negatively impact taxpayers and put critical information at risk.

Even though some news reports have claimed that there will be cost savings from the switch, a July 10, 2009 report from the Office of the City Administrative Officer to the Information Technology Agency (ITA) contradicts those assertions.  According to the ITA report, “In the City’s experience with other systems replacement projects, contractors that supported implementation of the new system have often remained involved with the project for a longer period of time than originally anticipated. … That no such costs are anticipated here is inconsistent with this experience. … GroupWise licensing savings totalling $269,700 will only be achieved if the City can fully implement Google’s system by December 31, 2009. … For this date to be met, ITA must submit a notice to proceed to CSC no later than August 1, 2009.”

In addition to cost, privacy should also be a key component in the decision- making process.  In a July 16, 2009 letter to Los Angeles Mayor Antonio Villaraigosa, the World Policy Forum (WPF) concluded that, “…the City should conduct a formal independent risk assessment of the privacy, security, and confidentiality issues the contract raises….  A risk assessment focused on this issue will assist the City in clarifying the problems before harm occurs.”

The savings estimates for Los Angeles are based on fully implementing Google Apps by December 31, 2009.  That means all employees must be utilizing the new system by that date.

In addition, a July 17, 2009 Los Angeles Times article said that “City Administrative Officer Ray Ciranna, the city’s top financial advisor, said the LAPD has raised questions about Google’s ability to shield sensitive arrest information.

We urge you to conduct more research on cost, security and risk, starting with learning more about the D.C. experience and why so few are using Google Apps.

It’s fun to have shiny new toys but when it comes to taxapyers paying for those new toys, there needs to be a serious discussion about cost and in the case of software or computing, privacy.

Governments at all levels have a duty to ensure that privacy is guaranteed.