Privacy, security, surveillance: getting it right is important

Whilst visiting Bavaria for the Munich Security Conference, Rachel Whetstone, Senior Vice President Communications and Public Policy at Google, gave a speech at the Bavarian Parliament about Google’s views on surveillance, security and privacy. The following is the full text of her speech.

Thank you for inviting me here today. It’s a great honor to be with you this afternoon: in a state with such a long history of invention–Siemens, Audi, BMW, Adidas; and in a city that has been such a wonderful partner to Google.

Just down the road, we signed our first major books digitization project with the Bavarian State Library. The village of Oberstaufen was our first Street View launch in Germany. Minister-President Seehofer was the first German politician to do a live interview on YouTube. Even the model locomotive in your Stone Hall represents a shared love of technology and excitement about the future.

Happily, it’s a future with more investment in Munich. Our new engineering center here will be home to several hundred employees–in addition to the three hundred who already live here. It happens to be located, appropriately enough, next to the Hacker Bridge–though, we don’t plan to hire any additional security.

Now I must admit to being a little bit nervous. US tech companies are front and center of the European political debate today: not always for the right reasons. And frankly some of the criticism is fair. As an industry we have sometimes been a little too high on our own success.

With that as my starting point, I wanted to talk about three important issues facing us all today:

  • First, government surveillance and the role technology companies have in the fight against crime and terrorism;
  • Second, the growing need to keep people’s information safe and secure online; and
  • And third, privacy in the digital age.

Government surveillance

One of the most basic duties of any government is to protect its citizens. It’s always been true that technology can be used for good, and bad. Since humankind discovered fire, there’s been arson. And today, the technologies we all use to find information or chat with loved ones, are also being co-opted by the criminal minority for their own purposes.

It’s why companies like Google have a responsibility to work with law enforcement. And we do–regularly providing account details, as well as the contents of private communications, like email, to the authorities as they investigate crime and terrorism.

For example, in the first six months of 2010, Google received almost 15,000 government requests for user data. By 2014, that number had risen to just under 35,000. We look carefully at every request and provide information in the majority of these cases–over 65 percent.

Why, you may ask, didn’t we comply in every case? Well, we have a duty to our users, as well. When people sign-up for an email account, they trust Google to keep that information private. So we need to be certain law enforcement requests are legitimate–not targeted at political activists or incredibly broad in their scope. In these cases we always push back. And we never let governments just help themselves to our users’ data. No government–including the US government–has backdoor access to Google or surveillance equipment on our networks.

This is why encryption is also important–because it requires governments to go through the proper legal channels. There’s simply no other way for them to get encrypted data, save hacking into our systems or by targeting individual users–issues I’ll touch on later. In fact, Gmail was the first email service to be encrypted by default, and we now encrypt Google Search, Maps, and Drive (our cloud-based storage service).

In the last few months, a number of governments have voiced their concern about the time it takes to process requests for user data when investigating crime, encryption and the storage of data, as well as the use of the Internet by terrorists. These concerns are entirely understandable, especially after last month’s horrific attacks in Paris and the barbaric murders of hostages by ISIS. So let me address each one in turn, starting with the time taken to process requests for user data.

When it’s a threat to life situation, Google is able to provide information to the authorities within hours–this is incredibly important given the increased terrorist threat many governments face today. But in most other situations, law enforcement requests–especially for private communications, such as Gmail–must be made through diplomatic channels, typically Mutual Legal Assistance Treaties, or MLATs for short. For example, if the US Government wants user information from a company based in Germany–say GMX or Xing–it works through the German government. It’s the same when the German government wants information from a US company, like Google. This creates checks and balances, preventing potential abuse.

That said, the MLAT process is too slow, too complicated and in need of reform. It’s why we’ve pressed to increase funding for the US Department of Justice so they can hire more people to process more requests, more quickly. And there’s good news here. For the first time, they’ve dedicated 90 staff and $20 million to process MLAT requests, and President Obama’s latest budget proposal asks for more.

When it comes to reform, it would save time if we moved beyond paper, fax machines and diplomatic pouches to web forms that are quick and easy to process. Europe is leading the way here. We now need the US to follow suit.

However, even with reform, some intergovernmental oversight will always be necessary. If government X wants information on its own citizens, that’s one thing. But when it’s asking for information about country Y’s citizens, surely that country should have a say in the decision as well. This process will always take some time.

Next: government concerns about encryption and the storage of data. Encryption helps prevent hackers from getting access to sensitive information like bank details–keeping the web safe and secure for everyone. It’s the same with the deletion of data. Snapchat, for example, automatically deletes photos and videos. It’s the ultimate right to be forgotten for the millions of young people using the service everyday. Given most people use the Internet for the reasons it was intended, we shouldn’t weaken security and privacy protections for the majority to deal with the minority who don’t.

Finally, terrorism. All of us have been horrified by ISIS and their use of the media to spread propaganda. At YouTube, the world’s most popular video sharing platform, we’re acutely aware of our responsibilities.

  • Last year alone we removed 14 million videos because they broke YouTube’s policies prohibiting gratuitous violence, incitement to violence and hate speech.
  • We automatically terminate the accounts of any terror group, and hand over the account information to the authorities.
  • We allow law enforcement, for example the UK Home Office, to flag videos containing terrorist content, which we review and remove as a priority. We hope to work with law enforcement in other countries on similar efforts.
  • And, we work with dozens of non-governmental organizations on counter speech–helping provide an alternative viewpoint to vulnerable young people.

Of course there is always more to be done and we welcome your ideas.

Over the last three years, first with Edward Snowden and now ISIS, we’ve seen the political debate about government access to information swing from one end of the spectrum to the other. Indeed, the race to encrypt was driven in large part by Snowden’s revelations, which uncovered some pretty outrageous behavior on the part of the US Government. The emergence of ISIS is now leading some governments to question encryption entirely, as well as to call for increased data retention. The solution, we believe, lies in a principled yet practical approach: one that restricts indiscriminate surveillance and supports valid law enforcement efforts while also protecting people’s privacy.

Privacy and security of personal information

Which brings me to my next subject: keeping people’s information safe and secure. In many ways, privacy and security are two sides of the same coin–if your data is not secure it’s not private, as last year’s celebrity hacks showed. While the target that time was Hollywood, it could just as easily have been you or me. So it’s not surprising that a recent Gallup poll showed people are more concerned with theft online than having their house broken into.

In the last four years, we’ve been able to cut in half the number of Google accounts that are hijacked. For example, we block suspicious attempts to log into accounts–perhaps because they come from an unusual device or location. If you’ve ever traveled abroad and got an email questioning a recent login, that’s Google working to keep you safe. And we also offer two-factor authentication so people are no longer rely only on their passwords for protection. Instead people confirm their identity not just with a password but also a code generated by their phone. If you’re at this conference and you’re not using two-factor authentication, you really should be–please talk to Wieland afterwards!

Now, we’re under a lot of scrutiny in Europe because of our size. But it is precisely our size that enables us to invest a lot in security, which helps our users as well as the wider web. For example, our Safe Browsing technology identifies sites that steal passwords or contain malware. If you’re using Chrome, we show very visible warnings–20 million per week–when you try to visit a malicious webpage. And because we make this data publicly available, Apple’s Safari and Mozilla’s Firefox browsers can use it as well. This helps protect over one billion people all around the world. We can also help move things forward in other ways: for instance, we now rank encrypted websites slightly higher in our search results, encouraging everyone to encrypt their services. And any company can take advantage of Google’s security expertise by using our corporate versions of Gmail and Drive. The fact that we employ 500 security and privacy experts means they don’t have to.

Corporate attacks are on the increase–and they highlight the interconnected nature of the web. The Sony hack, for example, not only exposed their own employees, but also the business plans of a high-profile tech CEO. In fact, the hack affected more than just egos–it hit the studio’s bottom line, too, when cinemas decided not to show The Interview. (Luckily, we were able to stand up for creative expression while helping Sony recoup some of that lost revenue by releasing the movie on YouTube and Google Play.)

These kinds of complexities are why security should be a team effort–companies working together, and governments working with companies. In 2010, Google disclosed that we had been subject to a significant cyberattack from China. At the time we were surprised that so few of the other companies targeted were willing to talk publicly. They were understandably afraid that doing so would frighten customers, provoke lawsuits, or worry investors. This is still the case for many companies today.

When individual companies keep attacks under wraps, it can make it harder for other companies to improve our defenses. It’s why we should all be to share best practices and the threats we see. We also believe that governments could be more forthcoming about the cybersecurity intelligence they have, so everyone can better protect themselves. This information often seeps out slowly, not least because it tends to get over-classified. We’re all stronger when security is a shared responsibility.

Privacy and trust

Finally, let me turn to privacy. I want to start by making clear Google hasn’t always got this right. It’s not just about the errors we have made–with products like Buzz or the mistaken collection of WiFi data–but about our attitude too. These have been lessons learned the hard way. But as our swift implementation of the Right to be Forgotten has shown, they are indeed lessons we have learned.

Now privacy means different things for different people, in different situations. For example, I may share photos only with my loved ones–others may feel comfortable posting them on the web. I may be happy for my friends to keep my shared photos forever–others may want them to disappear soon after. In the end, privacy is closely tied to our sense of personal identity: it’s not “one size fits all”. That’s why people want to be in control of the information they share and have real choices about the services they use. And that’s what we focus on at Google.

Keeping a record of what people search for can improve the quality of their results over time. But if you want to search without your queries being stored, turn off Search History. It’s really easy. Cookies help Google remember people’s preferences, like the language they use, for example. But if you want to browse the web and have your cookies disappear, use Chrome’s Incognito mode. If Google has someone’s location, we can give directions without them having to type in their start point each time. That’s useful for people like me with fat fingers on a mobile phone. But you can always turn that off too.

In addition, you can see all the information stored by Google and access all your privacy settings from one place, your Dashboard–which by the way was developed right here in Munich by our German engineers. People are using these tools and understand the choices they make. Ten million people check out their Account History settings each week–and make over 2.5 million changes. These are split evenly between people turning settings off and turning them on.

We also take pride in letting people leave Google easily. Data portability matters. So we’ve built a Takeout tool that enables you remove data stored by Google and put it elsewhere. We want people using our services because they love them, not because we hold their data hostage.

Now some of you are doubtless thinking: wait a minute–Google still collects all that information to serve me ads. Well actually no. Most of the data we collect is used to provide and improve our services. For example we store hundreds of billions of emails because hundreds of millions of people globally want unlimited storage. Gmail has become their digital filing cabinet. In fact, our Google search ads–the core of our business–actually require very little personal information. If you type flowers into Google search–the chances are you want … well … flowers! It doesn’t take a rocket scientist or a ton of data to work that one out.

Of course it is true that most of our services today are supported by advertising. But we view that as a positive because ads enable us to offer our products for free to everyone. Without ads, the poorest would not have access to the same search results, the same maps, the same translation tools, the same email service as the richest people on earth. And it’s important to remember that even though we are in the advertising business, Google does not sell your information–nor do we share it without your permission except in very limited circumstances, like government requests for data.

Now some people argue that Google’s collection of data is no different than government surveillance. “Google has the data so why shouldn’t we” is an argument used by many intelligence services in the press. But we believe there is a significant difference. Government surveillance uses data that was collected for an entirely separate purpose; it’s conducted in secret; its targets are unaware their data is being collected, and they are unable to stop or control it. Google, by contrast, collects data to provide and improve our products. And we give our users the ability to control or stop the collection of their data, or leave entirely.

The potential of science and technology

I was reading about the history of this building. I was amazed to see how long the project took: King Maximilian first started construction in 1857. It wasn’t completed until 1874, 17 years later. They actually had to change the style of architecture, mid-build, to keep up with the times.

In those 17 years, though, we saw the invention of the gasoline engine, the sewing machine, dynamite, and the typewriter. Darwin wrote the Origin of Species, and Mendeleev created the periodic table. That’s a pretty good 17 years. Technology was moving fast–probably faster than people wanted it to.

Similarly, just 17 years ago, you couldn’t instantly share photos of your children with friends… or talk to anyone, wherever they are in the world. The idea of not having a landline telephone seemed absurd.

The point is, just as in the 1850s, technology is moving fast. It’s changing the way we live. It’s raising new questions all the time. And, just as in the past, it’ll take many of us coming together to come up with the right answers. We look forward to working with all of you on that. Because this building was constructed from a profound optimism about the potential for science and technology to improve lives. That optimism is in your history. It’s in your DNA. And it’s an optimism that Google shares with you.


Posted by Al Verney, Corporate Communications Continua a leggere

It’s time to extend the US Privacy Act to EU citizens

Cross-posted from the Google Europe Blog 

Last summer’s Snowden revelations not only highlighted the urgent need for surveillance reform but also severely damaged relations between the US and Europe.

Google and many other technology companies have urged the US to take the lead and introduce reforms that ensure government surveillance activity is clearly restricted by law, proportionate to the risks, transparent and subject to independent oversight. Sadly, we’ve seen little serious reform to date.

However, the US Government can signal a new attitude when representatives of the European Commission visit Washington DC tomorrow. Right now, European citizens do not have the right to challenge misuse of their data by the US government in US courts — even though American citizens already enjoy this right in most European countries. It’s why Google supports legislation to extend the US Privacy Act to EU citizens. The Obama Administration has already pledged its support for this change and we look forward to to working with Congress to try and make this happen.

We understand that governments have a duty to protect their citizens. The emergence of ISIS and other new threats have reminded us all of the dangers we face. But the balance in the US and many other countries has tipped too far in favour of the state and away from the rights of the individual — rights that are enshrined in the Universal Declaration of Human Rights.

As President Obama recently instructed his Intelligence agencies: “All persons should be treated with dignity and respect, regardless of their nationality or wherever they might reside, and that all persons have legitimate privacy interests in the handling of their personal information.”

Posted by David Drummond Chief Legal Officer, Google

Continua a leggere

Keeping Your Tax Identity Safe

Posted by Rob Mahini, Policy Counsel

Once upon a time, Tax Day meant pens and pencils, paper forms, and long waits at the post office. Now, the Internet makes tax day much simpler — online software and e-Filing now allows everyone a much smoother Tax Day experience. Unfortunately, the Internet also makes something else easier: tax identity theft that allows scammers to do things like file for fraudulent tax refunds or apply for jobs.

As the FTC noted earlier this month, “identity theft has been the top consumer complaint to the FTC for 13 consecutive years, and tax identity theft has been an increasing share of the Commission’s identity theft complaints.” In fact, tax ID theft accounted for more than 43 percent of the FTC’s ID theft complaints, “making it the largest category of identity theft complaints by a substantial margin.”

With this in mind, the FTC hosted events around the country last week as part of its Tax Identity Theft Awareness Week, to educate consumers about the risks of tax identity theft and how to avoid becoming a victim. The IRS also released a video this month to educate taxpayers on what to do if they are victimized by tax ID theft.

At Google’s Good To Know site, consumers can learn about the many ways that they can protect all of their data, including their SSN, tax forms, and other information that tax identity thieves are after. For example:

  • Don’t reply if you see a suspicious email, instant message or webpage asking for your personal or financial information. Identity thieves try to use these phishing techniques to steal your information such as your social security number or other tax info. 
  • If you see a message from someone you know that doesn’t seem like them, their account might have been compromised by a cyber criminal who is trying to con you into providing your SSN or other sensitive information. 
  • Don’t send your password via email, and don’t share your password with others — thieves that gain access to your accounts can then steal your tax identity. Legitimate sites won’t ask you to send them your passwords via email, so don’t respond if you get requests for your passwords to online sites.

The ease and convenience of the Internet has helped simplify tax filing. And following these tips will help keep your tax information safe in the process.

Continua a leggere

Don’t get locked out: set up recovery options for your Google Account

Posted by Diana Smetters, Software Engineer

This summer we’re posting regularly with privacy and security tips. Knowing how to stay safe and secure online is important, which is why we created our Good to Know site with advice and tips for safe and savvy Internet use. -Ed.

Strong passwords help protect your accounts and information on the web. But forgetting your password is like losing your keys—you can end up locked out of your own home. It gets worse if your password gets compromised or stolen. Sometimes the thief will change your password so you can’t get back into your own account—kind of like someone stealing your keys and then changing the lock.

If you’ve lost your Google password, you need a way to get back into your Google Account—and back to all of your stuff in Gmail, Maps, Google+ and YouTube. To help you, Google needs to be able to tell that you’re the rightful account owner even if you don’t have the right password. There are a few easy steps you can take right now to make it easy for you—and no one else—to get into your Google Account if you forget or don’t know the password.

1. Add a recovery email address. By registering an alternate email address with your Google Account settings, you’re giving Google another way to reach you. If you forget your password, Google can send a link to that recovery email address so you can reset your password. Google can also use that email address to let you know if we detect something suspicious happening with your account.

Setting up your recovery options can help you get back in
if you get locked out of your Google Account

2. Add a phone number to your Google Account. Your mobile phone is the best way to regain access to your account if you forget your password. It’s like the “fast lane” for account recovery: we text a code to the phone number you’ve registered with us, and you’re back in business in no time. Your phone is more secure and reliable than other means of recovering your account. Methods like “secret” questions (asking your mother’s maiden name or city where you were born) may have answers that are easy to remember, but they are also possible for bad guys to uncover. And we’ve consistently seen that people who register a recovery phone are faster and more successful at getting their accounts back than those recovering their accounts via email.

You can also get a text message if Google detects that something suspicious is going on with your account. Giving a recovery phone number to Google won’t result in you being signed up for marketing lists or getting more calls from telemarketers.

3. Keep your recovery options up to date. It’s a good idea to check your recovery options every so often. For example, if you change your phone number after setting up your recovery options, take just a minute to update your recovery settings to match. We’ll remind you of your current settings every so often to make it easier for you to keep them up to date.

That’s it! You can either update your recovery options next time you’re prompted, or you can take two minutes to do it right now on our Account recovery options page. For more advice on how to protect yourself and your family online, visit our Good to Know site, or check out some of the other posts in our series on staying safe and secure.

Continua a leggere

A few easy tools the whole family will love

Posted by Matthias Helier, Staff Software Engineer

This summer we’re posting regularly with privacy and security tips. Knowing how to stay safe and secure online is important, which is why we created our Good to Know site with advice and tips for safe and savvy Internet use. -Ed.

Summer is here, and with kids out of school it is a great time for families to explore the web together—from learning what makes fireflies glow to playing online games together. But while there is a lot of entertaining, educational content online, there are also materials I’d rather not see when I’m surfing the web with my family. Google has built a number of tools that parents can use to help keep content they would rather not see from popping up on the family computer. It takes less than five minutes to turn them on, so follow the steps below to help make your search results more family-friendly this summer.

1. Turn on SafeSearch in Google Search
Turning on SafeSearch is an easy way to help you hide images, search results and videos intended just for adults. It’s especially helpful if you’re concerned about the content that might pop up on your family computer, and it’s easy to turn on. Just visit the Google Search Settings page, go to the “SafeSearch filters” section, and check the box to filter mature content from Google Search result pages. These preferences will apply for any searches done using that browser on your computer. If you have multiple browsers on your family computer, you might want to turn SafeSearch on for each one.

You can turn SafeSearch on or off from the Search Settings page

2. Save and lock your preferences
Once you’ve set your preferences, make sure to click the Save button at the bottom of the page. And if you’re signed in to your Google Account, you can also lock the SafeSearch filter so others can’t change your preferences—just click “Lock SafeSearch.” Now the setting is protected with your Google Account password. While no filter is 100 percent perfect, with SafeSearch on you can feel more confident browsing the web with your family.

3. Turn on YouTube Safety Mode
YouTube Safety Mode helps you and your family avoid videos that might be OK with our Community Guidelines, but you might not want popping up on your family computer. Turning on Safety Mode in YouTube takes just one step. Scroll down to the bottom of any YouTube page and click on the button that says “Safety” at the bottom of the page—now you can choose your preferences for Safety Mode.

Click the button that says “Safety” at the bottom of any YouTube page, and then choose your preferences

4. Lock your Safety Mode preferences
Just like with Safe Search, you can also log in with your Google Account and lock YouTube Safety Mode on each one of your computer’s browsers. It will filter videos with mature content, so they won’t show up in video search results, related videos, playlists, shows or films. YouTube Safety Mode will also help hide objectionable comments.

5. Turn on SafeSearch on mobile
SafeSearch is available on your phone or other mobile device, as well as the web. You can turn on SafeSearch for Google on your mobile device by opening your phone’s browser and visiting Scroll to the SafeSearch Filters section to select what level of filtering you would like to enable. Be sure to tap “Save Preferences” after you’ve made your selection.

To enable SafeSearch on YouTube’s mobile app, first open your settings, then press “Search.” From there, select “SafeSearch Filtering” and select moderate or strict filtering.

Helping your family have a positive and safe experience with Google is important to you, and it’s important to us, too. That’s why we’ve partnered with parents and experts on free and easy to use tools and resources to help your family stay safe and secure when browsing online. If you’re interested in even more of our tools and tips, please see our Good to Know site, and stay tuned for more security tips throughout the summer.

(Cross-posted from the Official Google Blog)

Continua a leggere

International Broadband Pricing Study: Updated Dataset

Derek Slater is a Policy Manager at Google.

Last year, we hired a respected consultancy, Communications Chambers, to produce an international dataset of retail broadband Internet connectivity prices. The dataset can be used to make international comparisons and evaluate the efficacy of particular public policies—e.g., direct regulation and oversight of Internet peering and termination charges—on consumer prices.

We received a lot of positive feedback and suggestions—thank you!—and have now made available an updated dataset.

  • A Fusion Table containing the price observations for 1,523 fixed broadband plans can be found here.
  • A Fusion Table containing 2,167 mobile broadband prices can be found here.
  • Explanatory notes here, and ancillary data is here.

Continua a leggere

Protecting Seniors from Identity Theft

Posted by Jenny Backus, Public Policy Team

Every day in this country, someone’s mother, grandfather, or older neighbor is a victim of identity theft. Whether the identity thieves attack through a confusing telemarketing scam, a misleading piece of mail, or over the Internet, seniors and their families are increasingly at risk of long-term financial and emotional damage that can take years to undo.

In order to address this issue, the Federal Trade Commission and a coalition of public and private partners like the National Consumer League’s are working together to protect seniors from identity theft. Google will also be recognizing Older Americans Month this May by offering tips for seniors to help them stay safe and secure online.

The FTC’s report of 2012 consumer complaint data recently showed that complaints about identity theft from older Americans are increasing at a faster rate than for any other age group. In fact, identity theft complaints from those over 70 increased by almost 70% since 2010, while complaints from 60 to 70 year olds increased by 53% in the same period.  

Google’s Good to Know site is designed to help educate consumers of all ages about online threats and tools they can use to protect themselves, including information on how to protect themselves from identity theft.

Here are five tips from our security experts:

  • Don’t reply if you see a suspicious email, instant message or webpage asking for your personal or financial information. Identity thieves can steal your information and then use it to withdraw money from your bank account.
  • Never enter your password if you’ve arrived at a site by following a link in an email or chat that you don’t trust.
  • If you see a message from someone you know that doesn’t seem like them, their account might have been compromised by a cyber criminal who is trying to get money or information from you. Think before responding!
  • Don’t send your password via email, and don’t share your password with others. Legitimate sites won’t ask you to send them your passwords via email, so don’t respond if you get requests for your passwords to online sites.
  • Report any suspicious emails and scams. Many email providers, including Gmail, provide an easy way for you to report fishy emails and scams, and it can help our teams stop similar mail from being sent to you and others.

Seniors around the country can also learn more by attending or viewing by webcast the FTC’s workshop today on protecting seniors from identity theft. With speakers from some of the most trusted consumer groups, local, state and government leaders, and lead experts on fraud prevention, the FTC workshop will focus on forms of ID theft that are particularly significant for seniors, from the risks that seniors face in nursing homes to the identity theft concerns that arise when they file their taxes or seek government assistance, which is increasingly happening online.

Stopping bad actors who target seniors and preventing the rise of identity theft is a shared mission for all of us. Google is committed to making the Internet safer, and protecting our users of all ages.

Continua a leggere

Calling for entries to the EU Hackathon

The European Union Hackathon is back. For the third straight year, Google is supporting two days of serious fun in September for programmers to code an application that shines a light on an important policy issue. This year’s theme is privacy – and contestants are being asked to work on products that visualize government government access to citizens’ private communications online.

Entries are now being accepted via this online application unti June 15, 2013 at noon CET. Complete information about the event is available on this website. Help us spread the word to attract talented applicants, or apply yourself!

The hackathon will take place on September 24th-25th, with programming sessions held in the Google Brussels office. MEP Petru Luhan is hosting the event’s awards ceremony on WednesdaySeptember 25th from 16.15 to 18.00 at the European Parliament. European Commission Vice-President Viviane Reding is scheduled to join the ceremonies.

In addition to Google’s support, a broad network of civil society groups are working on the event. They include Access Now, the Center for Democracy & Technology, Digitale Gesellschaft, the European Digital Rights initiative, the Electronic Frontier Foundation , Google, the Net Users’ Rights Protection Association, the Open Knowledge Foundation, quintessenz, Transparency International, and

EUHackathon participants will build data visualizations using data sets from network analysis, corporate transparency reports and Freedom of Information Act requests. Greater transparency and awareness are critical to ensuring government surveillance is only used when necessary and proportionate.

Selected applicants will have their travel and accommodation costs covered and the winner or winning team will be awarded EUR5,000, courtesy of our sponsors. Not to forget, there will also be free food and WiFi.

We look forward to seeing you in September.

Posted by Marco Pancini, Senior Policy Manager, Brussels
Continua a leggere

Plan your digital afterlife with Inactive Account Manager

Posted by Andreas Tuerk, Product Manager

Not many of us like thinking about death — especially our own. But making plans for what happens after you’re gone is really important for the people you leave behind. So today, we’re launching a new feature that makes it easy to tell Google what you want done with your digital assets when you die or can no longer use your account.

The feature is called Inactive Account Manager — not a great name, we know — and you’ll find it on your Google Account settings page. You can tell us what to do with your Gmail messages and data from several other Google services if your account becomes inactive for any reason.

For example, you can choose to have your data deleted — after three, six, nine or 12 months of inactivity. Or you can select trusted contacts to receive data from some or all of the following services: +1s; Blogger; Contacts and Circles; Drive; Gmail; Google+ Profiles, Pages and Streams; Picasa Web Albums; Google Voice and YouTube. Before our systems take any action, we’ll first warn you by sending a text message to your cellphone and email to the secondary address you’ve provided.

We hope that this new feature will enable you to plan your digital afterlife — in a way that protects your privacy and security — and make life easier for your loved ones after you’re gone.


Continua a leggere

The Legal Landscape of Involuntary Porn

Erica Johnstone is a co-founder of the privacy nonprofit, Without My Consent, and a partner with Ridder, Costa & Johnstone LLP.

Imagine there are naked photos of you online that appear on the first page of search results when someone searches for your name. The images are linked to your true name, place of business, and home address. Worse still, every hate-filled troll has piled on to harass and stalk you. The comments leave you terrified for your and your family’s personal safety. Is the perpetrator’s conduct legal? Generally speaking, no. “Involuntary porn”, also called “revenge porn,” is the creation, publication, or dissemination of a person’s private intimate image without that person’s consent and for no legitimate public concern. It is legally actionable in almost every situation. Is there a path to justice? It’s complicated.

Your first question might be: how do the images get online? The most common scenarios are nightmare exes, hackers, and peeping Toms.

And then you might wonder, how many people are actually victims of involuntary porn? We need better data and more of it data to provide a satisfactory answer. Concrete examples like those cited above are sometimes criticized for being “one-off” events. But the truth is that everyone who engages in online activities knows the harassment, stalking, and trolling happen with alarming frequency, and abuse often involves the publication or threat of publication of private intimate images.

According to a recent McAfee study, “Love, Relationships, and Technology: When Private Data Gets Stuck in the Middle of a Breakup,” 10% of ex-partners have threatened to expose risqué photos of their exes online, and those threats were carried out almost 60 percent of the time. 36% of Americans plan to send sexy or romantic photos to their partners via email, text and social media on Valentine’s Day. But those people are not the only victims of involuntary porn. Hackers and peeping Toms have a way of finding photos and posting online as well. For instance on January 29, 2013, the FBI arrested one man whom investigators estimate is responsible for terrorizing more than 350 women.

What is being done about the problem?

  • There is a lawsuit pending against the revenge porn site seeking actual and punitive damages and injunctive relief for invasion of privacy, negligence, wrongful appropriation of names of likenesses, intentional infliction of emotional distress and civil conspiracy, on the basis that section 230 of the Communications Decency Act does not immunize websites that are themselves responsible, in whole or in part, for the creation or development of unlawful content.
  • There is anticipated copyright litigation against the revenge porn site, on the basis that even if the website is immunized against some claims by Section 230, the website may be vulnerable to intellectual property–related claims such as those arising under copyright law.
  • University of Miami Law Professor Mary Anne Franks is working on a proposed law to criminalize the misconduct at the federal level (which would not be immunized by section 230). She outlines her proposal here.
  • Without My Consent (a non-profit I co-founded) is working to publish and keep updated an informational website,, that includes legal and practical information for victims of involuntary porn and the attorneys who advocate on their behalf. WMC is currently undertaking a 50-State survey to compile a comprehensive overview of the possible civil claims that a victim of such conduct might explore, and the potential criminal consequences of the unlawful conduct, in each jurisdiction.

Here are some simple concrete steps everyone can take to stop involuntary porn.

  • Speak out about the fact that privacy is worth protecting.
  • Enact a criminal invasion of privacy statute in every state that doesn’t already have one. New Jersey has a noteworthy Invasion of Privacy statute, N.J.S.A. 2C:14-9y int, which prohibits both recording and disclosing a private image of another person without consent. If your state does not already have a criminal invasion of privacy law on the books, you may petition your state lawmakers to pass a law modeled after N.J.S.A. 2C:14-9 in your state.
  • If the prosecution of technology-related crimes is an issue that matters to you, contact your state’s Attorney General and let him/her know that the residents of your state believe privacy matters. Begin a dialogue in your state. There is already a model in place, developed by the state of California. In 2011, the California DOJ created an eCrime Unit that: (1) trains police and prosecutors in light of new technologies; and (2) prosecutes criminal online invasions of privacy, among other crimes.
  • Sign up for Without My Consent’s Weekly Roundup, featuring articles, posts, interviews and more for those interested in the news most relevant to our advocacy.
  • You may support Without My Consent and its education efforts such as the 50-State Project and the Weekly Roundup by making a donation today.

Continua a leggere