Tech Policy Summit blog

I admit that I've become addicted to the status updates in Twitter and Facebook. Even when I'm not revealing what I'm up to, I enjoy knowing what others are doing. It's an easy way to keep tabs on friends and associates I wouldn't otherwise interact with on a daily, or moment to moment, basis.

Increasingly, though, it's not just about what others are doing. But about where they are.

The social sharing revolution is giving rise to a growing number of location-aware services like Loopt and Dopplr that enable users to reveal their whereabouts to others via mobile and Web-based interfaces. Just yesterday, Yahoo formally launched an open platform called Fire Eagle that allows users to enter their location data and manage its use by third-party developers.

Of course, location-based technologies are not new -- and neither are the privacy and security concerns they raise. What does seem to be changing is the pervasiveness of these services and, at least among early adopters like techies and teens, the willingness to trade their privacy for the convenience (or novelty) of knowing more about the people and neighborhoods around them.

As for me, I'll be sharing my location on a need to know basis.

TechCrunch broke the news this morning that Facebook is adopting a set of "Key Principles Of Social Networking Safety" as part of an agreement with attorneys general from 49 states and the District of Columbia that will require the social networking site to take steps to better protect kids (Texas is the only state not signed on). You may remember that MySpace made a similar announcement last January.

The policy was announced by Connecticut attorney general Richard Blumenthal as part of the ongoing efforts of a coalition called the Multi-State Attorney General Executive Committee. Mr. Blumenthal gave the following statement in a press release:

"We are raising the safety bar, first for MySpace and now Facebook, and soon for other sites as we fight for an industry gold standard. Facebook and MySpace are showing how to aim higher and keep kids safer. Our ultimate goal is age and identity verification technology -- safeguards against child molesters and inappropriate material. Checking ages and identities is vital to better shielding underage users from predators and pornography."

It's that last point about using age verification technology that concerned Internet safety expert Adam Thierer when the MySpace agreement was made earlier this year. As he wrote in this January post on the Progress and Freedom Foundation blog, "even assuming we could find a way to make it [age verficiation] work, there are many other considerations that must be taken into account, such as the burden it might impose on freedom of speech or individual privacy."

More details on Facebook's agreement are available at TechCrunch.

Kara Swisher of AllThingsD.com hosted two roundtables at last week's Tech Policy Summit in Hollywood. The first one featured AOL's chief privacy officer Jules Polonestky, Center for Democracy and Technology president and CEO Leslie Harris and Joanne McNabb of California's Office of Privacy Protection talking about the challenges of personalization and privacy.

She also led a discussion with JibJab Media CEO Gregg Spiridellis, Cult of the Amateur author Andrew Keen and USC professor Jonathan Taplin about how new media is changing content distribution. Following both sessions, Kara videotaped brief interviews with several of the speakers -- we've posted both of her videos in the Media Vault (podcasts of her on stage sessions will be available next week).

The Center for Democracy and Technology (CDT) made a series of announcements today that signal its growing interest in the privacy challenges associated with electronic health data.

To start, CDT has annexed an organization called The Health Privacy Project and has named a new director, Deven McGraw, who will oversee the program within CDT. Under McGraw's direction, the project's charter will be to analyze pending e-health legislation and to develop proposals for addressing privacy concerns.

CDT will also partner with the Markle Foundation's Connecting for Health Collaborative to develop tools that promote sharing of e-health data in a secure and private manner. The two have already teamed up on a policy brief that calls for use of "core privacy principles" like transparency, limiting data to the specified purpose and allowing individuals control over their own information.

News.com's Declan McCullagh has written a follow-up to his February report on which U.S. states will and will not be complying with the Department of Homeland Security's REAL ID Act as a May deadline approaches.

At this point, all but five states -- Delaware, Maine, Montana, New Hampshire and South Carolina -- will either comply or receive extensions from DHS that will allow citizens to keep using their existing driver's licenses through the end of 2009.

According to McCullagh, those numbers belie the fact that approximately one third of states have "no clear intention of ever complying." He points to Oklahoma as one example of a state that passed legislation prohibiting the issuance of REAL ID-compliant licenses but that has nonetheless requested the DHS extension.

You can read more at News.com.

The fight to make the Internet a safer place for kids and teens made headlines this week.

First, the European Union announced on Wednesday that it plans to spend over $83 million on Internet safety programs between 2009 and 2013, extending a program it began several years ago. The money will be spent on a variety of research and educational projects designed to keep kids in the EU safe from cyber bullying and illegal content.

Stateside, the Harvard Berkman Center for Internet & Society launched its Internet Safety Technical Task Force, which includes experts from Google, Microsoft, Facebook, Bebo, MySpace, Center for Democracy & Technology, Progress & Freedom Foundation and other organizations.

Together, they will evaulate technology-based solutions to the online safety challenge, including age-verification and authentication tools. For more info, check out this post by PFF's Adam Thierer. CDT's Leslie Harris also wrote an ABC News editorial about the privacy implications of online age verification. Both will be among the speakers at next month's Tech Policy Summit.

Citing data from Gartner that about 3.5 million computer users were tricked by phishing scams between 2006 and 2007, resulting in a financial loss of over $3 billion, Senators Bill Nelson (D-FL), Olympia Snowe (R-WA) and Ted Stevens (R-Alaska) introduced a bill earlier this week called the Anti-Phishing Consumer Protection Act of 2008 (APCPA).

APCPA is designed to crack down on online fraud and identity theft by creating "multiple enforcement mechanisms" and instituting strong civil and criminal penalties. Not everyone is convinced that the bill is a step in the right direction though.

According to The Iconoclast writer Declan McCullagh, who will be among the speakers at next month's Tech Policy Summit, there are plenty of anti-phishing laws already on the books and APCPA "appears to serve no useful purpose."

Declan writes: "If their bill merely duplicated existing criminal laws, it would be more redundant than worrisome. Except that one section is actively harmful to the privacy of Americans who own domain names and want to protect their privacy."

He's referring to provisions that would make it illegal for an individual to use false or misleading information when registering a domain name in a WHOIS database if that domain is used for commercial purposes, as well as a rule that would require domain name registrars who use proxy services to keep registrant.data private to make that info public if they receive notice that the domain name was used for phishing purposes.

You can read the full text of the bill here.

According to Reuters, China has asked Web site owners to voluntarily pledge to censor their content as part of its ongoing effort to regulate online video and audio. Eight Chinese media organizations including the Xinhua news agency and The People's Daily have already signed on to the pact to remove pornography and violent material from their sites.

Which begs the following question: If the Chinese goverment asks you to sign a "voluntary pact," is it really voluntary?

While you contemplate that koan, here is an excerpt from the announcement by China's State Administration of Radio, Film and Television:

The signatories should actively disseminate healthy, beneficial audio-visual programs meeting socialist moral norms...Decadent, backward thoughts and culture must be boycotted by all.

Also, if you haven't already seen it, check out this in-depth article by Atlantic correspondent (and Tech Policy Summit advisor) James Fallows about how the Chinese government controls Internet activity within its borders. Fallows has been reporting from China for over a year now and offers an interesting perspective on the topic.

The news broke this morning that Google is launching a pilot project with a group of volunteers at the Cleveland Medical Center to test its Google Health service, which will allow patients to access their personal health records (PHRs) and related medical information online. It's been in development for well over a year and the announcement of the six-to-eight week pilot is an important milestone, though the service still isn't ready for prime time.

The Associated Press reports that Google's interest in managing PHRs is seen by the company as "a logical extension" because Internet users already turn to Google to research information about their health. According to this Media Vault video by Google, 65% of people have used the Internet to answer a health-related question and 66% of consumers looking for medical information online start by going to a search engine like Google.

But are those consumers ready to make the leap from searching for health info online to sharing their own medical histories?

Privacy advocates have raised concerns about protecting such sensitive data; the World Privacy Forum published a policy analysis and a consumer advisory yesterday warning the public to think twice before authorizing PHRs. Though not directly related to the Google Health project, the organization's reports point out the many privacy and security questions that will need to be answered by Google, Microsoft and others as they move further into the digital health business.

It's been less than a month since the U.S. Department of Homeland Security (DHS) issued its final rule on the REAL ID Act, and several states are still trying to decide how to respond to the revised regulations governing how they issue driver's licenses.

With the clock ticking on a May 10th deadline and over a dozen states still in limbo, there seem to be more questions than answers. Which is why we wanted to point to a handy FAQ by the News.com team. It's their final installment in a four-part series on "REAL ID vs. the States." It looks at how each state has reacted, so far, to the requirements and describes what's in store for residents of non-compliant states. Five states in particular have remained firmly opposed to REAL ID: Maine, South Carolina, Montana, Oklahoma and New Hampshire.

If you haven't been following the brouhaha closely and want to get up to speed quickly, check it out.