Online Social Networks and E-Commerce - MIT Computer Science ...
Share Embed Flag
Download ePaper

Online Social Networks and E-Commerce - MIT Computer Science ...

Online Social Networks and E-Commerce - MIT Computer Science ... Online Social Networks and E-Commerce - MIT Computer Science ...

groups.csail.mit.edu
from groups.csail.mit.edu More from this publisher
01.12.2012 Views

Clarence Lee and Shirley Fung Proposing Privacy Accountability Structure for Third-Party Sites Motivation In addition to the blanket privacy policy to protect the consumer’s rights from the government, we propose to a privacy accountability structure to hold third party sites accountable. During the 1990’s, phishing attempts on America Online drew much public attention to Internet security and privacy protection. It is estimated that businesses loses two billion USD each year as their clients become victims of identify theft (Kerstein, 2005). Since then, Internet security and privacy protection has gotten much better. Non-profit organizations such as TRUSTe and Better Business Bureau Online have been founded to serve as watchdogs to verify the integrity of Third-Party websites. However, we should not stop there. One of the biggest criticisms of organizations such as TRUSTe is that they do not have much power to punish violators. While it is commended for its attempts to establish trust between businesses and consumers, TRUSTe does not do enough to punish its seal holders who break their Web Privacy Seal agreements, and it does not revoke their seals quick enough. Figure 7. An exampel of the TRUSTe Web Privacy Seal. In August, 2006, America Online accidently release three months worth of search queries by more than 600,000 AOL users (AOL Heads Roll Over Data Leak, 2006). Despite the fact that usernames were not released, a New York Times article demonstrated that one could identify an individual’s name and residing city given enough search queries (Barbaro & Zeller, 2006). In response, AOL fired three employees, including its chief technology officer, and issued a public apology. Only one month later, the online social networking program SecondLife suffered a security breach, releasing vital information for 650,000 customers (LeClaire, 2006). SecondLife is a highly successful Massive Multiplayer Online Role Playing Game (MMORPG). It allows users to start a “second life” in a massive virtual world, complete with land ownership, jobs, and a fully working economy. Users can purchase goods using the LindenDollar, the currency within the virtual world, and exchange services just as one would in real life. From the incident, vital information such as unencrypted user name, addresses, encrypted passwords, and encrypted billing information were compromised. However, despite such a blunder, the only thing that SecondLife did was inform its users of the breach and recommend users to reset user password immediately. SecondLife currently boasts more than 10 million users world-wide, and Page 30

Clarence Lee and Shirley Fung an estimate of over one million USD was spent within the SecondLife economy over the past twenty four hours (Second Life Economics Statistics Page, 2007). Given the massive amount of information aggregated at each of these sites, it raises two important questions: 1) whether all this data should be centralized in one service, and 2) whether the current privacy protection standards are sufficient to safeguard the interest of consumers. The first question poses interesting legislative possibilities to prevent the monopolization of information. However, on the downside, this would inhibit innovation on the business side and convenience on the end-user side. For the scope of this paper, this issue will not be discussed, since an accountability structure applies whether an information monopoly exists or not. The second question points the user to seek what is currently available to protect the user privacy. As mentioned before, currently the best systems for privacy protection available are non-profit watchdog organizations such as TRUSTe to look out for the best interest of consumers. However, the biggest problem with this system is the lack of accountability. It is easy to see that in a brick-and-motor analogy, sensitive user personal information such as billing information and medical history would be guarded with the utmost care. Storage facilities would employ guards, install safes, and use other security measure to prevent theft of such valuable information. In addition, standards and law are in place to hold organizations accountable to safeguard this information. Considering that online information can be copied with more ease than tangible physical documents, and digital storage makes it possible to aggregate information ten to hundreds of orders of magnitude than a physical storage house, shouldn’t we have a better accountability measure to ensure the protection of digital information? Hence, for this proposal, we will first compare the privacy philosophy of the United States versus that of the European Union and the advantages of the European Union Directive on Data Protection. Then, we will propose similar guidelines based on the privacy regulation with the financial industry brought on by the Gramm-Leach-Bliley Act. The U.S. Approach on Privacy Protection The United States currently takes a sectored approach to data protection and privacy legislation. Instead of using an over-arching governmental structure like the EU Directive, it relies on a combination of legislation, regulation, and self-regulation to protect user data. In 1997 report titled “A Framework for Global Electronic Commerce, former President Bill Clinton and former Vice President Al Gore stated that the private sector should lead the efforts in self-regulation in order to protect the consumer from problems brought by the advancement of Internet technology (Clinton & Gore, 1997). As a result, United States does not have a comparable privacy law such as the EU Directive, and privacy law in the United States are adopted on an as-need basis. Page 31

Clarence Lee <strong>and</strong> Shirley Fung<br />

an estimate of over one million USD was spent within the SecondLife economy over the past twenty four<br />

hours (Second Life Economics Statistics Page, 2007).<br />

Given the massive amount of information aggregated at each of these sites, it raises two important<br />

questions: 1) whether all this data should be centralized in one service, <strong>and</strong> 2) whether the current privacy<br />

protection st<strong>and</strong>ards are sufficient to safeguard the interest of consumers.<br />

The first question poses interesting legislative possibilities to prevent the monopolization of information.<br />

However, on the downside, this would inhibit innovation on the business side <strong>and</strong> convenience on the<br />

end-user side. For the scope of this paper, this issue will not be discussed, since an accountability<br />

structure applies whether an information monopoly exists or not.<br />

The second question points the user to seek what is currently available to protect the user privacy. As<br />

mentioned before, currently the best systems for privacy protection available are non-profit watchdog<br />

organizations such as TRUSTe to look out for the best interest of consumers. However, the biggest<br />

problem with this system is the lack of accountability. It is easy to see that in a brick-<strong>and</strong>-motor analogy,<br />

sensitive user personal information such as billing information <strong>and</strong> medical history would be guarded<br />

with the utmost care. Storage facilities would employ guards, install safes, <strong>and</strong> use other security measure<br />

to prevent theft of such valuable information. In addition, st<strong>and</strong>ards <strong>and</strong> law are in place to hold<br />

organizations accountable to safeguard this information. Considering that online information can be<br />

copied with more ease than tangible physical documents, <strong>and</strong> digital storage makes it possible to<br />

aggregate information ten to hundreds of orders of magnitude than a physical storage house, shouldn’t we<br />

have a better accountability measure to ensure the protection of digital information?<br />

Hence, for this proposal, we will first compare the privacy philosophy of the United States versus that of<br />

the European Union <strong>and</strong> the advantages of the European Union Directive on Data Protection. Then, we<br />

will propose similar guidelines based on the privacy regulation with the financial industry brought on by<br />

the Gramm-Leach-Bliley Act.<br />

The U.S. Approach on Privacy Protection<br />

The United States currently takes a sectored approach to data protection <strong>and</strong> privacy legislation. Instead<br />

of using an over-arching governmental structure like the EU Directive, it relies on a combination of<br />

legislation, regulation, <strong>and</strong> self-regulation to protect user data. In 1997 report titled “A Framework for<br />

Global Electronic <strong>Commerce</strong>, former President Bill Clinton <strong>and</strong> former Vice President Al Gore stated that<br />

the private sector should lead the efforts in self-regulation in order to protect the consumer from<br />

problems brought by the advancement of Internet technology (Clinton & Gore, 1997). As a result, United<br />

States does not have a comparable privacy law such as the EU Directive, <strong>and</strong> privacy law in the United<br />

States are adopted on an as-need basis.<br />

Page 31

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!