Data protection on the Internet

from Wikipedia, the free encyclopedia

Data protection on the Internet refers to the application of data protection to data transmitted over the Internet . It involves applying control over the type and amount of information that is shared about a person on the Internet and who has access to that information. Data protection on the Internet is a sub-category of computer data protection.

Forms of data protection

Safe surfing explained simply

As a rule, people have the right to self-determined anonymity on the Internet . Internet users can, for example, achieve adequate protection of their data by determining which data they want to publish in a controlled manner. The resolution of the IP address, non-personally identifiable profiles, and similar information can possibly be an acceptable compromise so as not to lose the convenience that might be lost in other cases when users use remedies to strictly prevent such data recording. In this case, anonymity may be used to establish data protection - that is, to use the Internet without giving third parties the opportunity to link personal data with Internet activities of the Internet user. In order for an Internet user to keep his information private, he must be careful about what he is submitting and looking up online. Filling out forms or purchasing goods may be recorded, and because this information is not treated as private, businesses can now send Internet users spam and advertisements about similar products.

The judgment in Plaintiff Sanders was based essentially on another California judgment a year ago. In the Shulman v. Group W Productions of 1998, the judges concluded that two people injured in a car accident could sue a data breach because a cameraman filmed the emergency service being performed in the rescue helicopter. According to the court, while the accident victims cannot expect data protection in the accident situation, they should have a reasonable assumption in the rescue helicopter that data protection must be observed there, even if they can expect their conversations in the helicopter to be overheard.

Because of these cases, it is more difficult to determine in which cases investigative journalism would violate an understandable expectation of data protection. As a result, more than ever, journalists working for liable organizations are rethinking their approach to investigative journalism. In any event, in California, judges are reluctant to drop such cases before trial in order to allow them to be judged by the jury. And because media judges are unsure whether privacy violations can be justified by a “legitimate” interest in gathering news, they tend to be reluctant to point out and discourage intelligence services from engaging in certain investigations. This leads to a chilling effect in the media.

US state laws relating to privacy

Nevada and Minnesota require ISPs not to disclose information about their customers. However, this only applies in the event that the customer has not agreed to pass this information on. By resolution of the National Conference of State Legislator , the following states have introduced certain privacy rights for their citizens:

Minnesota Statutes Sections 325M.01 to .09 - Prohibit Internet service providers from posting personal information such as customer address, electronic connection identifier or telephone number, websites visited, or any information that the customer stores on his computer. It also regulates certain circumstances in which information must be disclosed, such as: B. in the case of a request by the “grand jury” or a state or a “federal law enforcement officer” authorized by law, as well as in the event of a court activity or a court judgment.

Nevada Revised Statutes Section 205,498 - In addition, California and Utah laws, even though not specifically relating to online business, require all companies, except financial firms, to disclose - in writing or by email - to their customers what types of information the company shares with third parties for advertising purposes or sells to them for money. Under California law, companies can publish a privacy policy that gives customers the option to prohibit the distribution of their information for free.

There are also certain laws for employees and businesses, as well as data protection guidelines for websites.

California, Connecticut, Nebraska, and Pennsylvania all have specific privacy policies related to websites:

California (Calif. Bus. & Prof. Code Sections 22575-22578) California's online privacy law requires an operator, defined as a person who collects personal information from California citizens through websites or internet services for commercial purposes, to have their privacy policy visible to place their website or internet service. The proposal would require, among other things, the types of information that the company collects about customers of the company or visitors to the website, as well as that which it receives from third parties (companies) or with which companies it shares this information.

Connecticut (Conn. Gen Stat. § 42-471) Connecticut requires that every person who stores Social Security Numbers (SSN) for business purposes creates a data protection statement. This provision must be publicly available on a website and the provision must 1. protect the confidentiality of the SSN, 2. prohibit illegal publication of the SSN and 3. restrict access to the SSN.

Nebraska (Nebraska Stat. § 87-302 (14)) Nebraska knowingly prohibits false or misleading statements in its privacy policy, distributed or published on the Internet or elsewhere, that refer to personal information of citizens.

Pennsylvania (18 Pa. CSA § 4107 (a) (10)) Pennsylvania treats false or misleading statements in data protection regulations, which are published on websites or are to be distributed in any other way, in the deceptive or fraudulent business practices statute .

There are also at least 16 countries that require government websites to create a data protection statement and publish it on their website. These states are Arizona, Arkansas, California, Colorado, Delaware, Iowa, Illinois, Maine, Maryland, Michigan, Minnesota, Montana, New York, South Carolina, Texas, Utah, and Virginia.

Threats to data protection on the Internet

In today's world, millions of people are at risk of data breaches. Companies are not only asked to see which pages are visited by a web user, but also to steal this information and to send advertising based on the pages visited. This is possible because many people have Facebook accounts and enter bank and credit card details on various websites.

People who are concerned about privacy on the Internet often list some privacy threats - events that may occur from Internet use. The methods for this range from compiling user statistics to malicious activities such as spreading spyware or using exploits .

Data protection measures are taken on various social networks. For example on Facebook there are data protection settings for registered users. The settings offered on Facebook include the possibility of preventing certain people from viewing the profile of the Facebook user, the possibility of defining certain "friends" and the possibility of restricting access to images and videos. Privacy settings are also used in other social networks, such as B. E-harmony or MySpace offered. It is up to the user to decide which personal information should be disseminated over the Internet.

At the end of 2007, Facebook started the Beacon program, in which activities on other websites on Facebook could be seen in the profile. Many people were enraged by this data breach, and that is how the Lane v. Facebook, Inc.

Images on the Internet

'No photos' sticker on Wikimania

Nowadays, many people have digital cameras , mostly on their smartphones , and publish their photos online. However, the people depicted may not want to be seen in these photos on the Internet.

Some organizations are trying to respond to this privacy concern. For example, it was decided at Wikimania 2005 that photographers generally have the right to show people in their pictures. But some people wore a 'no photos' sticker to show that they did not want to be shown.

The Harvard Law Review published a short article In The Face of Danger: Facial Recognition and Privacy Law , which mainly explains why data protection law in its current form does not help those who are tagged in photos without consent. Anyone can be tagged on a photo without consent or shown in a way that hurts them personally, and by the time Facebook would take the photos down, many people would already have the opportunity to view the picture or send it to others . In addition, traditional tort law does not protect people who have been photographed in public because this is not considered a data breach. The extensive Facebook data protection provision also includes these problems and others. For example, the provision states that they reserve the right to share information about their users or their photos with companies, lawyers, courts, government agencies and others if they deem it absolutely necessary. The provision also informs users that profile pictures are primarily used to help friends connect. However, like other images, these can be used by other people to breach data protection by finding information that can be used to track and locate a user. An ABC news article stated that two groups of scientists found that Hollywood celebrities can easily give information about where they are through their pictures uploaded on the Internet. It has been found that pictures taken by an iPhone automatically save the geographic coordinates in the metadata of the picture unless this function is explicitly turned off.

search engines

Search engines have the ability to track a user's searches. The search can be used to infer personal information. Search engines claim the need to store such information in order to be more convenient for the user and to warn of security dangers and fraud.

A search engine collects all information from its users and assigns each one a unique number, an "ID". It is often saved which pages have been accessed by whom. AOL, for example, has a database with 21 million users, each with their own ID. AOLSearch is structured in such a way that the search queries of all customers can be recorded and assigned to them. Although the true identity of the user is not known, a comprehensive personality profile can only be created on the basis of entered and collected data. A data collection can contain a lot of information about a user without knowing their name. For a commercial exploitation of data, a customer z. B. the information "IP address xxxxx is interested in French red wines".

On March 1, 2012, Google replaced its more than 60 different data protection provisions for the various Google products with a single version; this should be more compact and understandable.

Data recording

Many programs and operating systems are set up to keep records of usage. Under certain circumstances, this can include the times when the computer is used or which websites are visited. If someone else has sufficient access to the computer, regardless of whether they legitimately have it, the user's privacy may be at risk. However, this can be prevented by deactivating recordings (log files) or deleting them regularly.

Data protection in social networks

Before the explosion of social networks in the first decade after 2000, there were early forms of these social techniques such as online multiplayer games, blogs, newsgroups, mailing lists, and online matchmaking agencies. These formed the backbone for modern services, and they already had data protection problems. In 1996, a young woman from New York City had her first meeting with an Internet acquaintance and later sued a court against the sexual harassment that allegedly occurred after the two returned to their apartment. But this is only an early example of many other cases related to Internet privacy.

Social networks became very popular between 2006 and 2011. With the creation of Facebook and the continued popularity of MySpace , many people gave their personal information to the Internet. These log all types of interactions that take place on them in order to be able to use them later. Many users do not realize that they can change their privacy settings and that if they do not change them, their data will be publicly available. On Facebook, the data protection settings can be accessed via a drop-down menu under the “Account” button in the upper right corner. There users can set who can view their profile and what information should be displayed on it for these people.

In most cases, profiles are either openly visible to "all my networks and friends" or to "all my friends". In addition, information such as birthday, religious views and relationship status can be hidden from other users in the data protection settings. If a user is under 13 years of age, they are not allowed to create a Facebook or MySpace account. But this is not really guaranteed.

Another problem with social networks is the privacy policy. This statement states that the company acquires the rights to all content that the user uploads. This includes pictures, films and messages, which are all stored in the company's database, even if the user has their account deleted. In addition, the new Web 2.0, which enables the user to participate in the development of information, allows Facebook and other social networks to present specially tailored advertisements to the user on the WWW. Age, gender and even ethnicity are also evaluated, which is a growing problem for Internet data protection.

Social networks have redefined the task of internet data protection. Since users willingly put personal information online publicly, the task of Internet privacy has become a little blurry. Services like Facebook, MySpace and Twitter have become popular because they broadcast status messages and private information such as whereabouts. Users can pin their whereabouts in a variety of locations such as shops and restaurants. You can also create your own “places” to give a place a name. This form of location tracking is automatic and must be issued manually. Various settings have to be changed in order to ensure data protection. According to epic.org, Facebook users should 1. switch off “Friends can determine my whereabouts”, 2. adjust “Places where I stay”, 3. switch off “People who are here at the moment” and 4. switch off “Places that I have visited ”switch off.

The Federal Trade Commission has received complaints criticizing Facebook's use of these locations for advertising purposes. Other points of criticism with regard to data protection on Facebook are aimed, for example, at the publication of private messages and user data, the collection and storage of data from non-members, personalized advertising or the transmission and use of WhatsApp user data .

Internet access provider

Internet users are connected to the Internet through an Internet Service Provider (ISP). Any information transmitted from and to this user is transmitted through this ISP. Therefore, the internet access provider has the theoretical ability to monitor internet traffic. But they usually do not do this for legal, moral, business or technical reasons.

In contrast, BT plans to use Deep Packet Inspection , which is offered by Phorm , to monitor the content of the Internet offers visited by customers in order to collect information for the advertising industry.

Other potential Internet privacy threats

  • Malware (German: "malicious programs") is a suitcase word that describes "bad software", i.e. it damages an individual PC, server or network, be it through a virus, a Trojan (actually: Trojan horse) or through espionage mechanisms (" spyware ").
  • Spyware is a program that collects and shares information from a computer user without their consent.
  • A tracking pixel is a small, transparent image that is integrated into a website or email. It enables you to check who is accessing which pages or emails and when.
  • Phishing is a crime in which an attempt is made to obtain confidential information such as passwords, credit card or bank account information from a computer user.
  • Pharming is a hacker's attempt to redirect traffic from one website to another fake website. This is made possible by manipulating the victim's hosts file or by exploiting a security hole in a DNS server.
  • Social engineering
  • Bad proxy servers (dangers of using anonymous proxy servers or other "anonymity" services)

controversy

Some people in the internet security and privacy arena believe that privacy doesn't exist. This setting is also called post-privacy ; "Privacy is dead - get over it" ('Privacy is dead - finally take it that way'). Steve Rambam, a private investigator who specializes in Internet privacy cases, says more should be encouraged to be aware of this. The author David Pogue points out that for the younger generation, the distribution of personal information in the world is precisely the purpose of online services. On the other hand, the security expert Bruce Schneier says: "Privacy protects us from abuses by those in power, even if we're doing nothing wrong at the time of surveillance ." (Data protection protects us from abuse by those in power even if we do nothing wrong while being monitored . ')

literature

Broadcast reports

Web links

Individual evidence

  1. ^ Pam Greenberg: State Laws Related to Internet Privacy . Ncsl.org. October 19, 2009. Retrieved September 13, 2010.
  2. Privacy policy for websites . National Conference of State Legislators, Oct. 19, 2009.
  3. ^ Matt Schafer: Privacy, Privacy, Where for Art Thou Privacy? . Lippmannwouldroll.com. August 2, 2010. Retrieved on March 6, 2018: "As consumers have became wise to the use of cookies, however, the industry has began using both normal cookies and local shared objects (aka flash cookies) in the event that users would delete the normal cookies. "
  4. In the Face of Danger: Facial Recognition and the Limits of Privacy Law . 2007. Retrieved from Harvard, Harvard Law Review: harvardlawreview.org ( Memento of the original from August 2, 2010 in the Internet Archive ) Info: The archive link was automatically inserted and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.harvardlawreview.org
  5. a b c d Facebook’s Privacy Policy. (2010). on Facebook.com
  6. MK Heussner: Celebrities' Photos, Videos May Reveal Location . 2010. Retrieved from ABC: abcnews.go.com
  7. ^ Online Privacy: Using the Internet Safely. December 2010
  8. (August 2006) CNET news. Retrieved from news.cnet.com
  9. google.de
  10. Tracy Mitrano: A Wider World: Youth, Privacy, and Social Networking Technologies . 2006, November, December. Retrieved from educause.edu ( memento of the original from April 29, 2011 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.educause.edu
  11. C. Dwyer, S. Hiltz, K. Passerini: Trust and Privacy Concern within Social Networking Sites: A Comparison of Facebook and MySpace . Americas Conference on Information Systems. 2007. Retrieved from google.com
  12. HR Lipford, A. Besmer, J. Watson: Understanding Privacy Settings in Facebook with at Audience View . Department of Software and Information Systems University of North Carolina at Charlotte, 2009. Retrieved from usenix.org /
  13. “You agree that by posting any material or information anywhere on the ICQ Services and Information you surrender your copyright and any other proprietary right in the posted material or information. You further agree that ICQ LLC. is entitled to use at its own discretion any of the posted material or information in any manner it deems fit, including, but not limited to, publishing the material or distributing it. " ICQ Terms of Service
  14. Wil. Harris, June 2006. Retrieved from bit-tech.net ( memento of the original from September 23, 2012 in the Internet Archive ) Info: The archive link was inserted automatically and has not yet been checked. Please check the original and archive link according to the instructions and then remove this notice. @1@ 2Template: Webachiv / IABot / www.bit-tech.net
  15. a b EPIC - In re Facebook. (n. d.). EPIC - Electronic Privacy Information Center. Retrieved January 25, 2011.
  16. a b technet.microsoft.com
  17. Steve Rambam: Privacy Is Dead - Get Over It . In: The Next HOPE 2006 . August 1, 2006. Retrieved April 21, 2015.
  18. David Pogue: Don't Worry about Who's watching . In: Scientific American . 304, No. 1, January 2011, p. 32.
  19. Bruce Schneier: The Value of Privacy . schneier.com
  20. Bruce Schneier: The Eternal Value of Privacy . Wired.com