The End!

In the previous blogs I tried to focus on the privacy issues in the internet, with focus on most controversial ones.

The stories of cyber crime are becoming more and more regular and sometimes shocking everyday. 

We ourselves are sometimes the victims, hopefully the issues are not so devastating but still we are experiencing how disgusting it is to be invaded in privacy.

I'm sure we have learned so much through this blog assignment. We have come across stories and realities that we had never even thought about. but these are the realities that we should be aware of. Both as individual internet users or data subjects, or as members of organizations (data users) who deal with other peoples' personal data.

We as managers should always be aware of ethical issues, and we shall never forget, even our organization may be a victim of unauthorized and illegal data disclosure.

It's on us to start the change, with knowledge, profession and ethics.

Good Luck and always hope for better days to come!

SHIVA

PDPA 2010, oppositions and limitations…

 From opposition point of view, despite agreements in principle for the need of such law, there are some few concerns raised, mainly:

• On the applicability of the law, it is argued it should extend the application to the biggest data pool in the country, i.e. the Government (The law in section 3 excludes Federal & State Governments. from its application).
• Argument that the Commissioner should be answerable to Parliament instead of Minister.
• That the law provides too wide exemptions. One MP cited that this is not in line with the international standard as found in the EU Directive.
• That time frame should be prescribed on certain obligations such as the retention period.

The ruling proponents’ side maintains that the Government should be excluded from the application due to certain necessities. But obviously this policy has been opted by the Government, or perhaps there are other laws or rules in place that would control the misuse of personal data at the Government agencies.

The argument that PDP Commissioner should be answerable to Parliament is refuted on the basis that such manner would be a distortion from the established doctrine of separation of powers that is adopted by the Malaysian constitution.

The debates have left some questions on the efficiency of the Act implementation in future.

Well, with all these controversies, the law is still considered a real gift for the people who have suffered enough for the abuse of their own personal data.

We hope some day a same Act will be passed in Iran, protecting the users from the damage other than the financial one! 

the overall review of PDPA

Personal Data Protection Act, 2009 (“PDPA”) has been passed by the Dewan Negara on 4 May 2010. The authorities are now aiming to create awareness to the public as to the concept of data protection compliance and data security. PDPA applies to local and foreign companies operating in Malaysia that process any personal data in their commercial transactions relating to supply or exchange of goods or services.

PDPA gives individuals in Malaysia the right to know what personal data is held about them and sets out rules to make sure that this personal data is handled properly by the organizations holding the data.

Personal data are information about a living individual and is identified through a name in combination with your home address, office address, and telephone number. Description of a person without a name is also personal data if it can be used to identify a person such as designation, email address, age or address.

Organizations, companies or individuals are required register under the PDPA as data users if they collect and hold personal information about individuals in respect of commercial transactions whether contractual or not in any matters relating to the supply or exchange of goods or services, agency, investments, financing, banking and insurance.

For all the MBA students (mainly those who want to work in a country like Malaysia where the privacy of data subjects is protected by a similar legislation) it is necessary to discover the concepts of data protection compliance and how it will help them to guide their organizations toward compliance readiness.

PDPA applies to local and foreign companies operating in Malaysia that processes any personal data in their commercial transactions relating to supply or exchange of goods or services such as insurance companies, cooperatives, Private Colleges and Universities, banks and financial institutions, accountants, engineers, surveyors, lawyers, private hospitals and clinics and any businesses and companies that store personal data.

The rights of data subjects under the PDPA are provided in Part two, division 4, and sections 30-44. In short, those rights can be enlisted as follows:

• Right to access
• Right to correct data
• Right to withdraw consent for data processing
• Right on sensitive data
• Right to prevent distress/damage
• Right to prevent direct marketing

There are still some prominent issues that can confront individuals such as issues of workplace monitoring, junk mail/spam, data theft, and pictures taken at public places that should be taken into consideration.

In order to achieve better implementation of PDPA2010, organizations should see and manage it using the perspective of individuals, not merely that of the organization; because in organizations, their people (employers, employees, business partners) are all data subjects too.

A case of privacy leakage, could it be met by the PDPA?!

We discussed about the issue of “cyber stalking” in the class. There are many things that cyber criminals do to achieve your personal data, stalk you and following that they will commit many other crimes. Mostly they will bully you to pay them, and in return they won’t release your personal data.

This stalking will also be possible through cell phone communications monitoring.

What would you do when you realized an unknown has in his/her possession records of your SMS exchanges and the actual recordings of your telephone conversations and sent them to your own desktop? Shocked, fear, terrorized, humiliated (somehow), and so on, you name it. But yes, it’s a nightmare!

This case happened in Malaysia!

A lady who experienced this had brought a lawsuit against one of the major telecommunication providers for allegedly revealing the content of her private communication to a third party.

This particular lawsuit is the first that could trigger the provisions of Personal Data Protection Act 2010. Since the law has not been seriously enforced yet and this case proceeding has not started yet, hopefully we can hear more updates in near future about how the case was resolved and how the PDPA was enforced.

Meanwhile, the telecommunications company involved had issued a statement that they would carry out an investigation relating to the said allegation.

For the time being it’s not bad if we take a look at the privacy policies of these servers to check if they had done modifications based on the PDPA2010. If not, will the plaintiff be able to prove his claim and accuse this company of PDPA infringement?! 

Which data are not protected by PDPA?

Although the PDPA 2010 is one of the most important internet and ICT legislations passed in Malaysia, the provisions of this statute prove that there are limitations in the data coverage scope of this act. The following graph illustrates the limitations and the further comments come as follows:

The personal data contained in the following fields will not be protected under the PDPA2010:

• electoral rolls,
• taxpayers database under the Inland Revenue system,
• criminal records belonging to justice system,
•  traffic offences record under the road and traffic regulation,
• and many more personal data within the Federal and States Governments.

Also, personal data stored and kept in these and many other foreign online providers who do not have local centers of data processing are not protected under the Act:

•   Google,
•  Yahoo!,
•  Facebook,
• Twitter,
• Blackberry Message system

Other unprotected sources of data users are:

The personal data retained by charity, social, political and non commercial institutions

Your (often-outdated) personal data retained by variety of credit reporting agencies in Malaysia (such as you-know-who);

Your personal data kept by thousands or millions of your friends or family members who kept them in their mobile, computers, archive, both paper and paperless medium.

As you can see, although we consider the PDPA to be a breakthrough move toward data protection, still there are so many threats imposed to our personal data, to be exposed, change or sold.

There is still a long way to go… and there will never be 100 percent protection ever. It all on us!

What does PDPA 2010 offer?!

Under the PDPA,
 Businesses which process their individual customer’s personal data will need to reevaluate their current data.
 Privacy policies, processes and consent should be reconfirmed

Consumers will also have a new set of rights,

·         Being informed about their personal data

·         Determine the right to access, correct and control their data

·         Control the processing of their personal data by other parties

By implementation and enforcement of this act, safety, security protection, integrity and reliability of the network and services will be guaranteed.  The Malaysian Communications and Multimedia Commission (MCMC) is the agency at the forefront to fight against crimes committed in the communication network.

In order to better understand the PDPA 2010 we should take the following steps:

• Overview of PDPA 2010
• Key terms to be aware e.g. Personal Data, Sensitive Personal Data, Data User, Data Subject, Processing
• 8 Principles of Data Protection
• Registration of Data Users
• Rights of Data Subject e.g. right to access, right to correct personal data
• Offences and consequences
• Transitional provisions
• Steps to be taken now to be in compliant with the Act

Necessity of Data Protection

It is necessary for the government and the organizations which are engaged in the fight against the crimes to stay ahead of the criminals. This fact, gains more importance in regards to the cybercrimes. Cybercrimes have recently taken the shape of economic crimes due to the crimes made dealing with the economic transactions.  What makes such crimes possible to be committed within an organization (the data user), is the situations which give this people opportunity to commit the crime, pressure to do so and the lack of integrity in the organizational culture.

There are many people and organizations that use internet and ICT in a positive way, but still there are many who use this technology to advance their malicious intents and make unlawful commercial use of other people’s information without their consent.

What makes personal data protection inevitable is that everyday businesses and financial transactions are becoming more and more internet and ICT dependant. This will lead to the internet-based related crimes of identity theft, privacy disclosure and money laundering.

Malaysia becoming one of the fastest growing economies in the region with an increasing e-transaction trend welcomed by the public, the need for a legislation to protect costumers was being felt more than ever. The Malaysian government proved its commitment to protect the people’s rights and passed the Personal Data Protection Act 2010 to regulate the processing of personal data in the context of commercial transactions by data users and safeguard the interests of data subjects. 

Attributes of PDPA2010 (Malaysia)

With regards to the far-reaching effects of information technology, the fear of the abuse of information has led to greater calls for data protection in this information-driven society. Now its time for authorities to provide an insight on what data protection is and what it regulates. There is still so much to learn about the recently enacted Personal Data Protection Act 2010 (Malaysia) and its application, enforcement and implications for Malaysian customers. Every person who runs online transactions has rights; on the other hand organizations or data users have legal obligations with regard to protecting enterprise data and explore a practical approach to cultivating best practices in relation to data protection to meet the demands of the society, customers and industry.

Key Benefits of the Data Protection Act 2010 are to:
• Understand the potential impact of the newly enacted Personal Data Protection Act 2010 (Malaysia)
• Understand more about data breaches, the scale of the problem and its implications
• Learn about the recent developments in data protection law in Malaysia and overseas
• Become aware of  legal obligations as a user or employer in respect of data
• Learn practical steps to ensure best practices in relation to data protection
• Obtain an appreciation of data protection implications on commercial activities

Stay Tuned! 

So far I tried to discuss the issues and real cases that happened in the cyber space regarding the privacy issues, with the focus on the social networks. With these last two notes, I tried the wrap up the discussion by reviewing the general issues and concerns.  I will stop the discussion of privacy issues in the social networks for the time being.

In the next blogs we will focus on the Malaysia’s Personal Data Protection Act 2010.

 Thanks for keeping up…

Information as Goods

The Warn Test foundation convicts the social networks of trading people’s private information.

The foundation claims that in many cases the usernames and passwords are easily manipulated, which mean it is possible to reach a persons’ website and personal account with few technical steps.

Social networks are so enthusiastic in gathering more and more information from their users. These networks give free services and rely heavily on advertisings to gain financial profits.

The more information they “sell”, the more customer and profit they have.

The networks with higher number of users charge more for advertisings and increase their revenues.

Warn Test says that the networks which are less famous, act more responsibly in gathering and protecting private information. Their activities are not so wide-spread and as a result they have less commercial customers.

Warn Test foundation warns the social network users that they are the only ones who can really protect their privacy, because once you give it to the web, you can never claim it back.

And in so many cases even if you understand that they had used your private information, you can never sue them for breaching the contract based on the click-wrap issue! 

Warn Test Reports

The Warn Test research foundation in Germany convicts the social networks of being unreliable in keeping the privacy of their users.

The legal and technical specialists at Warn Test said in a report that all of the 10 social networks under investigation proved many major defects in protecting the private information of their users. This information includes the photos or personal notes. According to the Warn Test foundation giving this information to companies and commercial brokers is violation of EU rules and regulations.

According to law, internet companies which receive and save private information should be diligent in keeping them from third parties. The users’ private information should not be considered as the companies assets.

Warn Test claims that Facebook alone has violated the EU law in 15 cases. Facebook with more than 500million users is the least trusted website in protecting the privacy of its users. Other networks like LinkedIn and MySpace also show important defects. The Facebook users at the point of sign up usually give the website permission to use the information globally in their network or account.

Recently a Facebook manager who wanted to remain anonymous claimed that the information removed by the users, only disappears from their sight and remains in the main safe box of the network.

According to Warn Test this is a clear violation of users’ rights and wills, because the network neglects their right to have control over their private information.

Warn Test reports that even the people who are not direct users of social networks are in danger, since the network will gather information about them through their friends and relatives.

This makes the legal control over privacy even harder, since everything is done without you being aware of it!

Have you noticed the new Facebook update?! “Facebook places”

Recently Facebook has added a new update feature to its setting which has worried the privacy supporters and the security specialists.

The Facebook team has activated a new feature on its website called “facebook places” which enables the users on the move to declare their location wherever they are with the use of their notebook or their phone.

Privacy supporters claim that this feature creates many security problems. An example could be that when a user declares he is in a place other than his hometown, he has practically given the chance to the robbers to empty his house!

Although the Facebook managers claim that they had designed this system with so much attention and accuracy, the specialists say the accuracy is not to the point that prevents the probable abuses.

It is recommended to put this option “disabled”.

It is especially so important for politically active Iranians. The authorities may be able to track you down even if you are using Facebook under an unreal name. Double check and remind it to your friend as well.

A simple privacy issue turned into a birthday disaster!

Many specialists claim that Facebook privacy settings are so complex and misleading. With all this criticism, Facebook team still claims that the settings are straightforward and designed to best serve the peoples’ need for privacy and socializing at the same time.

A contrary example to these claims happened recently when a 14year old girl of Hertfordshire in  England was planning on inviting her friends to her birthday using Facebook, but she forgot to uncheck  the little box next to the “anyone can view and RSVP” before clicking the “create event” button.

What happened?! She got more replies that she could ever expect! With the news spreading all around the internet and creating worries for her and her family and friends, Facebook took down her event page. It was late since many of the Facebook users had already created their own fan pages trying to put her party in the history! Many random users had decided to attend her party and were asking for directions… Imagine that!!!

Instead of being happy of an exceptional party in the history, the girl and the family-being so worried- canceled the party and even called the police to step up their patrols in case of a swarm of Facebook pranksters show up.

The Telegraph say in its reports dedicated to “Facebook party crashers” that the same thing had also happened before with more than 50 gatecrashers at a birthday party in Liverpool and also another case with 100 revelers.

Earlier this year, a small birthday party in Austrailia also got 60,000 RSVPs on Twitter.

Anyway, the moral of the story?! Again and again… check the privacy settings of your social networking accounts before it puts you in a trouble like this. Next time you try to create an event; don’t forget to customize the privacy settings before posting. And remember that if your friend list includes hundreds of guys you have hardly even met, don’t be surprised if you see a few extra faces at your party next time!

And finally, a note to Facebook: Shouldn't event invites be set to "private" by default?

No privacy, even at your back yard!

Fox news says: the River Head city municipality uses the Google Earth service to detect the houses with unauthorized swimming pools at their back yard!

The fox news website says in its report that people will no longer have privacy even at their back yards, since the authorities may be watching them using Google earth. J

This report says many of the city authorities use this program to monitor peoples’ houses and this is criticized strongly by the privacy supporters.

The city municipality has claimed that this is done to protect people from unsafe constructions and this is done by respecting the laws and regulations and using the internet which is the fastest, easiest and cheapest way.

Google Earth has also mentioned this and other similar stories in its weblog to inform the people about this issue, telling people that this can not be sued as a violation of privacy.

Another story of using Google Earth to enter peoples’ back yard privacy is the story of a man running a pool service company who used Google Earth to find houses with swimming pools to focus his advertising on them.

These internet services which often come to help of the users, some times can be offensive since they violate their privacy.

Protect your privacy against mobile fraud!

Many communication specialists warn that the mobile phones are the center of online swindlers' attention more than ever. in the previous post I discussed this issue in detail. 

Mark Ward from BBC news says in his report that the applications or programs which mobile phone users install on their devices can be a trap for stealing their private information. He also introduces some symptoms that every mobile phone owner needs to know to distinguish the threat of privacy and information theft. Some of them are:

The most obvious symptom could be that the battery of your phone is emptied so soon, for example you suddenly notice that your battery has become empty overnight. The reason is the phone has been busy sending the information via the theft applications overnight.

Another symptom is the unknown and strange phone numbers in your end-month outgoing calls list.   

By the way, the more the use of these devices extends, the more becomes the number of useful or at the same time theft programs which seriously threaten the privacy of their users.

Do not neglect privacy issues on your mobile phone!

In the 1980s when the mobile phones first came to the market, no one really expected them to be as popular as now. But today, they not only reached all corners of the world but also are used by people for shopping, transferring money, checking the bank account and many more. The personal and banking information of their users is the temptation for the swindlers. What these swindlers have noticed is that the phones are directly related to the life and money of people. Researches show that recently the phone robbery is done planned and organized carefully. The programs installed on the phone are useful to the owners and enable them to arrange and do many jobs easily. Yet, many of these programs are written by the swindlers who steal the owner’s important information beyond the attractive appearance of the program.

Internet fraud is so easy, and stealing people’s information from the phone is similar to what is done online.

The scary thing is that the format of the program is similar to any other simple program, but it can easily get to your addresses or the information in your messages.

So far the number of these dangerous programs is not so much but most probably they will increase. There are some symptoms for the phone owners to detect these programs on their phone. Later I will discuss them with you to keep you alert of the dangers to your privacy on your phone.

Google is protecting the privacy of its Gmail users

At the beginning of the year 2010, Google released the news about the vast attacks to its Gmail users, most of them were the Chinese human rights activists.

This raised many controversies about the Gmail privacy issues. The threats to these websites are so serious that they claim these attackers are so professional and high-level; they are certainly supported by a government service.

In USA, these attacks are considered to be an “alarm” which caused Google to defend the governmental supervision on its website. Since then the internet Hulk, Google has decided to sign a contract with the Intelligence Service of America to let them investigate the espionage attacks of a Chinese group.

The aim of this is to help Google better defend its users and their information from being attacked.

The main issue to discuss here is that Google has permitted this intelligence agency-which is the most powerful electronic investigation organization in the world- to use any important and sensitive information under one condition: no violation of Google policies of protecting privacy and online communications. Google has not given the permission to this organization to monitor the users’ searches or their email accounts.

The main goal of this project which most probably is impossible is not to find the people behind these attacks; but to find solutions to modify the Google defending system or what is professionally called the “information Security”.

Google claims: attacking the websites and networks and extracting the personal information of people, companies and private and government institutes leads to legal, security, economical and political losses and neglecting the modification of the system will result in regret.

about Quitfacebook.com

As I have promised before, in this blog I am going to discuss this website and the reasons related to privacy issues, behind the creation and the public support for it. You might be shocked when you first open it as u see the terms “creep”, “stalk”, “lurk”, “propagate” and “infect” instead of common facebook terms. Terms are being used to show the effect of private information being exposed to public.

This website is originally made to object against the facebook privacy settings and requires its users to quit facebook in objection to their personal information being exposed or abused.

A page has been created inside the facebook itself, asking the 500million people who can not help leaving facebook to try not to check their account only for one day!

The creator of this web site claims that he and his followers are not consent with the interaction of facebook with its users and believes it to be unethical.

Only one day after the creation of quitfacebook.com, it had more than 23,000 fans worldwide. This figure may be big enough to attract the attention of the facebook team or warn them. But this website was not successful in creating a great wave of quitting among the facebook users, as much as its creators expected.

Communications Specialists continually warn people that none of the social networking websites will guarantee you that when you quit that site; your account information will be secured.

The controversy has been so high that resulted in the anger of the members of the Parliament of US. Pressures are causing facebook to withdraw but still not enough to reduce the real threat to the privacy issues.

student committed suicide after his sex-video was released on the web!

I was browsing the web, searching for stuff regarding the privacy issues on the internet when I suddenly came across the news of an American student committing suicide after his homo-sex video was released on the web. (Source: www.BBC.co.uk)

This student had been seen jumping off the George Washington Bridge in the state of New Jersey on 22^nd September.

Tyler Clementi, was a 18-year-old student and violinist who had been filmed by two of his friends, while he was having sex with his same-sex partner.

His roommate and another friend of him are being convicted of filming him and then sharing it on the net. If the court pleads them guilty they will be sentenced to maximum 5years imprisonment.

The roommate tweeted on his tweeter page that his roommate (Tyler) has asked him to leave the room for him until midnight. He went to the room next-door and turned on the camera, filming Tyler with another guy!

Although this post and the film have been removed, the pictures are still available on Google.

This is again another issue about cybercrime relating to privacy! This time not the information on the web is being reached illegally or misused. But the person’s most intimate time has been captured and regardless of his privacy it has been shared on the web, visible to millions of people! Disgusting!

Facebook applications are threats to your privacy!

Recently facebook team has claimed that it will enable its users to control more on the information they disclose to third parties on this website, including the applications and games.

Currently, there are 950,000 application producers on facebook from 180 countries around the world.

These new facebook regulations require the application producers to inform the users about what personal information will they use and seek the users’ consent and permission. It has been revealed that until now, the application producers on facebook had had unlimited access to the personal information of their users. These modifications will enable the users to have more control over this issue.

Also, Facebook has been required by critics to encourage its users to choose their privacy levels carefully. The new instructions will also inform people about the difference between terminating and deactivating an account. These issues had been the sources of controversies for a long time.

There are many countries that are running researches about the use of facebook in their nations, in order to urge facebook to protect the privacy of their people. Such a research was started in Canada last year following the lawsuit against facebook by an institute in Ottawa University.

After this case, Canadian authorities did negotiations with the facebook people which resulted in the modifications applied to facebook for the 12 million Canadian users. If the same restrictions be applied to the similar websites, we may see much fewer cases of privacy violations on internet.

facebook privacy controversies, AGAIN!

Following the news of facebook users reaching 500 million, it is now said that the personal details about 100 million facebook users have been collected and published by an intelligence agent.

This guy has used a code to collect the profile information of these users who have chosen the improper customizations for their information. This has resulted in their information being disclosed to public.

The publisher claims that his reason for publishing this information is to attract public attention to “privacy issues” more than before. At the same time, facebook claims that the publication of this information is not a disclosure of personal information, since the users themselves had made them available to public.

The internet file of this information is widely distributed in the internet. The list of these files has been downloaded and shared by more than 1000 people in www.thepiratebay.org, which is one of the biggest file sharing websites.

Every time a criticism like this is attacking facebook, it claims that they are the users themselves who put their information accessible to others. But there are still many experts accusing facebook of trying to make people be more open on their privacy options, which they think is not acceptable.

It seems that the facebook team is intentionally ignoring the negative aspect of their privacy policies. Many experts believe that the privacy policies of facebook difficult and sophisticated and not straight-forward. Facebook claims people are the ultimate owners of the information and they can decide what to share with whom!

The privacy issue with the facebook is that many users have not yet understood the privacy policies of facebook which has resulted in cases like this.

Although it has been claimed that the problems have been solved with the new privacy settings, but some information (e.g. profile picture, gender) are disclosed anyway, unless you remove them!

While I was reading these news about privacy policy of facebook, I thought why not quit?!

Check this website out : www.quitfacebook.com

In the next notes, I’m going to talk more about it. Meanwhile, you take that into consideration! ;)

starting with the privacy issue!

By posting this first note, I’m officially starting my blog in which I’m going to focus on the privacy issues on the internet. J

The privacy concept, being simple in name, is one of the most important issues, which has gained the most attention from internet users, servers, website designers and etc. There has been many cases of controversial law suits and cases in the recent years.

In the first notes, I am going to focus on the privacy issues which have to be considered when we are using social networking web sites, in which we put many of our personal information and we may share our most sincere feelings or experiences.

There are many articles, advertisements and clips which try to educate people on learning and caring about the privacy policies of each web site, but still there are many people who are not yet aware of what is best and most important for them to do, in order to protect their own information, and intellectual properties.

As a marketing student, I know that the information which people put on a website like facebook is widely used by marketers for the purpose of targeting their customers. Many of the users personal information is being sold to many marketing firms. The information may be delivered anonymously, but yet it is the right if the user to decide whether he/she wants the data to be transferred for the marketing purposes or not.

Many of us, unintentionally had given this right to facebook when we first created an account, by agreeing the terms of use. The terms which can never be reconsidered and even when we terminate our account, the information is still kept there. Namely it is said that the reason is to enable the user to retrieve the account in case of reactivating, but the truth is that the data is kept in the facebook’s database which can be used and retrieved anytime by data mining.

These are the most primary issues and points. In the following notes, I will try to discuss each and any noticeable point in detail.

 For the time being, I just recommend you watch this link.

http://www.albumoftheday.com/facebook/

This is quite scary, you can never deny. And it shows how important the information, on a website like facebook can be. We should take into consideration that while we look at facebook as a lovely site for reuniting with friends or having so much fun browsing various pages or playing funny games, it is our information being used and monitored by many other firms and organizations for business, security or intelligence services; things that may not ever have crossed our minds!!!