The Privacy Law Salon: Dialogue with Policymakers

Yesterday, the first Privacy Law Salon in Washington DC, took place at the National Press Club. The Privacy Law Salon: Dialogue with Policymakers, was “a unique meeting of the most experienced practitioners and corporate executives dealing with privacy law matters, and a unique opportunity to interact with the policymakers affecting the future of privacy.”

The purpose of the Salon was “to facilitate a high-level exchange of ideas and in-depth dialogue on cutting-edge and emerging issues that are vital to clients, corporations, government and the public interest.”

The Salon was held under the Chatham House Rule.

Some of the main points discussed included:

1. Do Not Track: The DNT system will be in place within a year from now.

2. EU and Global Privacy Interoperability:

• The global debate of the EU prescriptive system v. the US enforcement system will take center stage in the coming year.
• The global flow of information has been rephrased as a trade policy issue: the use of mutual recognition and enforcement arrangements, so information can flow freely.
• Many are uncomfortable with the notion of the US seeking “adequacy” status from the EU. The terms “interoperability” and “mutual recognition” are much preferred.
• The single most important action from the US towards “interoperability” with the EU would be the passing of the “Privacy Bill of Rights” proposed by The White House last February, but it is very questionable whether this bill will be passed within the next year.
• Instead, the Safe Harbor and BCR Frameworks will probably be expanded.

3. Context:

• The new “context of interaction “ standard, recommended in the FTC  report of last March, for establishing whether the consumer needs to be provided with privacy choice when personal data are collected, prompted a lot of participants to demand clarification as to exactly what that new standard meant: Is the new standard to be measured by the “Expectation of Privacy” from the consumer, or should the absence v. possibility of harm to the consumer be preferred as a measuring rod in order to determine whether the collection of personal data happened within the “context of interaction”? The latter seemed to be the more popular view.
• This lead to a request from participants for more clarity and guidance as to what exactly constitutes “privacy harm”.

4. Hot Topics: As current “hot topics” in Privacy were mentioned:

• Social Media Policies and their need for compliance with the NLRB rules.
• The need for coherence in policymaking and applications of the rules.
• The need for more technical knowledge from the regulators.
• The gaps in health data coverage by HIPAA. The example was cited of the physician who does not accept health insurance, and therefore is not covered by HIPAA.
• The “Cloud” and access to personal data by Governments.

5. FTC Enforcement Issues: Participants expressed a desire for more transparency and for more disclosure of standards used in FTC settlements. It was pointed out that, even though the right to appeal the FTC settlement decisions exists, it has never been exercised.

The lack of jurisprudence in this area was unanimously deplored.

 

How To Build Your Own Mobile App in Three Easy Steps: A Thanksgiving Primer

 

 

Which professional has not entertained the wish to stay informed and in the loop, without having to spend hours of valuable time scouring the Internet for relevant information on a daily basis?

The daily load of professional newsletters, email subscriptions, RSS feeds, real time Twitter feeds, Facebook news streams, and now Google plus feeds, has become so heavy, that many have expressed the desire to go on an information diet.

I too have suffered from information overload, and in searching for a solution, I stumbled upon a very simple answer: I developed my personal mobile, information management tool in the form of an iPhone/iPad mobile app, which I use on my iPhone.

The “AltheimLaw” app is custom made for my needs and delivers real-time news from a variety of hand-picked sources, including social media sites, video and slide presentation sites, as well as more traditional RSS feeds of news aggregator blogs.

This particular app can, of course, also be installed by anyone who shares my interest in the very specific topics of e-discovery, data protection, privacy, social media, tech and information governance. I also created an Android version for those who use that platform under the name “Monique Altheim Esq.”.

 

But if you wish to create your own, custom made app to suit your own specific needs, and if you would like to publish it to any of  the IPhone/iPad, or Android platforms, you can do so, without knowing a word of code.

 

The entire process takes just three steps:

 

1. Register as a “developer”
2. Build your app
3. Publish your app

 

 

Here’s a breakdown of the three steps for two popular mobile platforms: The iPhone/iPad, and the Android .

 

1. Register as a developer:

 

The first step is to register as a “developer”. This will grant you permission to submit your app to the relevant store.

 

Requirements for iPhone/iPad:

• Enroll at http://developer.apple.com/programs/start/standard/ as an individual developer.
• Pay a $99 fee for developing an unlimited amount of apps
• Get a developers’ certificate and create a development provisioning profile at http://developer.apple.com
• Since following all the required steps can be daunting, I recommend following Appmakr’s step by step instructional YouTube videos at http://www.youtube.com/user/AppMakr#p/u

 

Requirements for Android:

• Register at https://market.android.com/publish/signup
• Pay a $25 fee for developing an unlimited number of apps.

 

  2. Build your app:

 

Building an app is very easy, even if one doesn’t know a word of code, thanks to websites like www.appmakr.com

Just click on the “get started building your … version” on appmkr’s home page. You will see three icons, respectively for Apple, Android and Windows. Just click on the one you need.

You  may enter a keyword to start, so that Appmakr can find related icons and RSS feeds for your app, but you can disregard its suggestions and skip this step. It is better to use your own icons and RSS feeds.

The website basically gives you a template to work with, which it then translates into code.

Appmakr has a YouTube site where you can watch 13 instructional videos on how to buid an iPhone /iPad app, guiding you step by step through the creation of your app: http://www.youtube.com/user/AppMakr#p/u

You can test-publish your app to your iPhone to check out whether you like the end product, before you publish it to the App Store.

 

Once you have finished building your app, you will be able to download the file on your computer.

 

TIP 1: You will need some basic knowledge of Photoshop or other similar software to adapt your screenshots to the different size requirements for the iPhone and iPad.

The iPhone/iPad and Android have each different image size and file type requirements for the icons and screen shots. For example, the iPhone icon must be 512×512 pixels in .png format.

 

TIP 2:  Safari cannot download the appmakr files. I used Firefox instead.

 

If you wish to make the app available for devices using Android, you can transfer the app into the Android (as well as Windows) format by clicking on the appropriate icon underneath your finished iPhone app link.

 

 

  3. Publish your app

 

iPhone/iPad

 

To publish your app, go to https://itunesconnect.apple.com and click on “Manage Your Applications”. Then click on “Add New App” in the upper left hand corner and follow the instructions.

You should download the “application downloader” software (the link should be on the iTunesConnect site), install it, and then download your app in that program.

When you go back to your iTunesConnect account, you will see that the status of your app is “Waiting for Review”. In the next stage your app will be ”In Review”, until, hopefully, the status will read “Ready for Sale”, at which point your app should be searchable and ready for installation in the App Store.

The entire process takes between one or two weeks.

 

Android

 

To publish your Android version, go to https://market.android.com/publish/Home

Follow the instructions to upload your app file. It is as easy as uploading a YouTube file. Within an hour your app will be for sale and downloadable on the Android market.

 

As between the iPhone/oPad and the Android platforms, the clear winner is Android: It has a much lower registration fee and the publishing of the app is a breeze.

Either way, when you think of the many hours you will save by cutting out most of the noise online through the use your app, it is worth the registration fee and the afternoon you might spend creating it.

While there are other sites that will help you build your own app, Appmakr is the only one that offers it at no fee.

 

It is also important to update your app regularly, to keep it compatible with changes on the platform. When Apple updated its IOS to IOS5, I had to rebuild my iPhone/iPad App from scratch.

 

Since my law firm focuses on ediscovery, privacy and data protection, social media and information governance, these are the topics that are covered in my app.

If you want to keep informed on these topics, you can download the “AltheimLaw” app for iPhone/iPad here: http://itunes.apple.com/us/app/monique-altheim-esq/id454018900?ls=1&mt=8 and the “Monique Altheim Esq” app for Android here: https://market.android.com/details?id=com.appmakr.app296991

 

Once you install such an app on your mobile device, the latest real-time news that is relevant to you is always available at the click of a finger, during your commute or while waiting online at the post office or the supermarket, during a quick lunch break, before falling asleep or upon waking up in the morning.

Smart Phones, Trojan Horses and Data Protection.

During the Senate Judiciary Committee hearing on mobile privacy, held on May 10, Senator Whitehouse asked Rich (FTC) and Weinstein (DOJ) if mobile apps were like “Trojan Horses” of consumer info.

What is a Trojan Horse?

According to Wikipedia,The Trojan Horse is a tale from antiquity.

“In one version, after a fruitless 10-year siege of Troy, the Greeks constructed a huge wooden horse, and hid a select force of 30 men inside. The Greeks pretended to sail away, and the Trojans pulled the horse into their city as a victory trophy. That night the Greek force crept out of the horse and opened the gates for the rest of the Greek army, which had sailed back under cover of night. The Greek army entered and destroyed the city of Troy, decisively ending the war.”

The contemporary meaning of Trojan Horse, according to GSMA, is

“a specific form of malware [link to malware entry in ]. Like the Trojan Horse of Greek mythology, Trojan Horse programs trick a user into installing them on their phone or computer by masquerading as genuinely useful applications. Once installed however, the Trojan Horse will perform some unauthorised and malicious activity on the computer or phone. Trojan Horses are one reason why you should only install software on your phone or PC if you are confident that you can trust the source of this software. Trojan Horse programs differ from Viruses and Worms [link to appropriate entries in ] because Trojan Horse programs are unable to replicate themselves. Installing anti-virus software on your mobile phone can help to protect against this threat.”

From the context of the hearing, it would seem that Senator Whitehouse was referring to the original, albeit metaphorical meaning of “Trojan Horse”: the mostly free mobile apps are waiting in the app store to be downloaded by smartphone owners on their mobile phone; once the app is “inside” the phone, it “opens all the information gates” for the app developers, Apple, Google, advertisers, ad networks, the entire marketing ecosystem and a garden variety of hackers and stalkers.

Is this legal?

The consensus during the hearing seemed to be that it is. At least within the US.

Justin Brookman, director Consumer Privacy for the Center of Democracy and Technology, gave a comprehensive summary of relevant laws and an analysis of their application to today’s location- enabled mobile devices.

He concluded that “current law allows companies to share data however they wish so long as they don’t do something they previously promised not to, which would be a violation of the Federal Trade Commission Act.”

In other words: Except in certain sectors, like healthcare and finance, and except in a couple of states like Massachusetts and California, the personal data of smartphone (and general internet) users can legally be shared with anyone, without the data subject’s consent.

But the mobile world is global and flat, and does not distinguish between smartphone (or internet) users, depending on their geographical location: it tracks them all the same. Except that outside the U.S., many countries have strict data protection rules that make mobile (and general internet) tracking illegal, unless a list of conditions are met.

The European Data Protection Laws, and the national data protection laws of the EU member states, for example, require, among many others, notice and informed consent for tracking of all personal data, and explicit consent for tracking of sensitive data, relating to health, religious beliefs, political opinions, sexual orientation, race, and membership of organizations.

The current overhaul of the 16 year old EU Directive 95/46EC has exactly this global world in mind.

Viviane Reding, European Commissioner for Justice, Fundamental Rights and Citizenship, recently declared in the context of the EU Data Protection Law overhaul that “To enforce the EU law, national privacy watchdogs shall be endowed with powers to investigate and engage in legal proceedings against non-EU data controllers whose services target EU consumers,”… “Any company operating in the EU market or any online product that is targeted at EU consumers must comply with EU rules.”

Apple is already under investigation by data protection officials in Germany, France, Italy and Switzerland for possible breach of their national data protection laws.

Last year, Mexico joined the ranks of more than 50 countries that have enacted global data privacy laws by enacting a “Federal Law on the Protection of Personal Data Held by Private Parties” that for a large part copies the EU model.

More recently, India issued final regulations implementing parts of the Information Technology (Amendment) Act, 2008. These strict privacy rules also take after the EU data protection model and the penalties for non-compliance include imprisonment and fines.

Global companies like Apple and Google should take into account that an increasing number of their worldwide business partners’ and customers’ personal data are covered by national data protection laws, even though the personal data of their own poor fellow countrymen are not.

Privacy and Data Protection: A Super Sad True Love Story

Meet Lenny Abramov:

“ZIP code 10002, New York, New York. Income averaged over five-year-span, $289,420, yuan-pegged, within top 19 percent of U.S. income distribution. Current blood pressure 120 over 70. O-type blood. Thirty-nine years of age, lifespan estimated at eighty three (47 percent lifespan elapsed; 53 percent remaining). Ailments: high cholesterol, depression. Born: 11367 ZIP code, Flushing, New York. Father: Boris Abramov, born Moscow, HolyPetroRussia; Mother: Galya Abramov, born Minsk, Vassal State Belarus. Parental ailments: high cholesterol, depression. Aggregate wealth: $9,353,000 non-yuan-pegged, real estate, 575 Grand Street, Unit E-607, $1,150,000 yuan-pegged. Liablities: mortgage $560,330. Spending power: $1,200,000 per year, non-yuan-pegged. Consumer profile: heterosexual, nonathletic, nonautomotive, nonreligious, non-Bipartisan. Sexual preferences: low-functioning Asian/Korean and White/Irish American with Low Net Worth family background; child abuse indicator: on; low self-esteem indicator: on. Last purchases: bound, printed, nonstreaming Media artifact, 35 norther Euros; bound, printed, nonstreaming Media artifact, $126 yuan-pegged; bound, printed, non-streaming Media artifact, 37 northern euros.”

This is Lenny’s profile that the people who inhabit Gary Shteyngart‘s latest novel “Super Sad True Love Story” can freely view on their äppärät.

The novel is set in a near future New York, where everyone walks around with an äppärät around his/her neck, constantly streaming. The streets are lined with Credit Poles, that instantly register and exhibit each passerby’s credit rating from his/her äppärät and giant banners that proclaim: “America celebrates its spenders”. Huge conglomerates named ColgatePalmoliveYum!BrandViacomCredit and AlliedWasteCVSCitigroupCredit call the shots.

At work, there are huge billboards, where each employee’s  health data and mood status are displayed and adjusted daily.

People (with the notable exception of the protagonist, Lenny Abramov) don’t read books anymore, but just scan texts for info.

This world is divided into two categories: The HNWIs (high net worth individuals) and the LNWIs (low net worth individuals). Many LNWIs have lost their homes, their jobs, their health insurance and are camping out in tent cities in Central Park. They don’t even own äppäräts. Riots are about to break out.

Meanwhile, the HNWIs are busy shopping on their äppäräts on sites like AssLuxury. They communicate through a social network site called GlobalTeens. They obsessively  GlobalTrace each other’s locations. Men and women  gage each other in bars by streaming their Personality, F**kability, Male Hotness and Sustainability ratings on their äppäräts. Detailed sexual preferences are instantly revealed.

And of course, the Governement, via the “American Restauration Authority”, keeps a close eye on all its citizens via those very same äppäräts. It sends regular global messages via the äppäräts, always ending with:”By reading this message, you are denying its existence and implying consent.”

At the center of this darkly satirical novel, a genuine and moving love story unfolds between Lenny and the much younger, e-culturally hip Eunice Park.

While reading Super Sad True Love Story, I was struck by how accurately Shteyngart has depicted most of the current issues concerning loss of privacy: Government Surveillance, Profiling, Geotracking, Global tracking, Legalese Nonsensical Disclaimers, Hyper-Sexualization,  Sub-Literacy are exposed with great wit.  Financial and private health information are not protected and are publicly showcased to favor the young, the healthy, the wealthy and the polyanna-happy.

This novel  is a frightening and powerful description of what will happen to us as a society if we don’t take drastic action NOW to halt the increasing erosion of our privacy by the public and private sector alike.

I love my privacy and would not want it to end the way a super sad true love story always does.