Opening your doors to strangers

61oTC5hcqxL._SL1000_

In its continued push to change the face of the retail market, Amazon has introduced the Amazon Key service for Prime members. As a Prime member, get your Amazon packages securely delivered just inside your front door. Plus, grant access to the people you trust, like your family, friends, dog walker, or house cleaner – no more leaving a key under the mat. They Amazon Key In-Home Kit includes: Amazon Cloud Cam (Key Edition) indoor security camera and compatible smart lock. Below is a listing of some of the features:

  • Real-time notifications. We’ll send notifications the morning of delivery, just before, and right after. Watch your delivery happening live or view a video clip of it later.
  • Give family and friends temporary, recurring, or permanent access. Or provide one-time access for your electrician or dog walker. You’re in control—just schedule the date and time window.
  • Check in on your front door 24/7. The Amazon Key In-Home Kit includes an Amazon Cloud Cam (Key Edition) indoor security camera with 1080p Full HD, night vision, and more—plus an Amazon Key-compatible smart lock for secure access control.

The starting price is $249.99 USD, depending on location. This service is not yet available in Canada.

I have been an Amazon Prime member for a few years now, mostly because of the unlimited free cloud storage for my digital images, and for the free two-day delivery (sometimes) for items that are marked as “Prime.” The Amazon Prime video streaming service is thrown in but, to be honest, its offerings are limited in number and, more importantly, in quality.

Two-day express delivery is a lovely concept, but its value can become rather moot when you are never home to receive the packages. I can send smaller packages to my office, but since I take public transit, I am limited by what I can carry. My usual route is to have the packages delivered to my local post office. I can certainly see the attraction in having Amazon deliver my packages to my home while I’m not there, but the privacy and security considerations are high. For people like me who live in condominiums, this service likely won’t work very well if bylaws don’t allow people to install security cameras outside front doors of individual units.

I have been willing to sacrifice a degree of privacy for the convenience of online shopping for several years; I’m not sure, however, that Amazon Key is a line I am willing to cross. How will Amazon store all the data captured by the cameras? How much information would be gathered about other aspects of people’s lives via the camera, such as the faces and ages of their children, visitors, friends, family members, and so forth? There is a four-hour delivery window, which means your camera will be active for at least that long. Does the camera continue to transmit data to Amazon all day? You can check on the camera 24-hours a day, so does this mean that Amazon receives this information as well? Do I want Amazon to know my daily habits, such as when I go out, what time I return home, and so forth?  I am sure that Amazon is laying the groundwork for automated ground delivery. So many questions to ponder. I think it’s worth the five-minute walk to the post office: The exercise will do me good, as will the peace of mind.

 

 

Advertisements

Privacy and the monetization of data

In this article, David Rabb discusses the various privacy implications of the monetization of data. Rabb focuses specifically on Personally Identifiable Information (PII) that companies can obtain about people through cookies, IP addresses, GPS, and so forth. Companies have often touted the anonymity of cookies but, as Rabb points out, there are many ways to tie cookies to known individuals, a process that often includes “consent” consumers don’t know they’ve granted. Other theoretically anonymous identifiers such as device IDs and IP addresses can also often be connected to PII. And research has shown that even less specific information, such as a collection of taxi trips or a combination of birthdate [sic] and Zip code, are [sic] often enough to identify specific individuals.

I don’t think that most internet users are naive enough to think that companies don’t have their PII but, as Rabb points out, customers may broadly assume your company knows everything about them but they can still be surprised at the data presented in specific situations – especially if that data is wrong.

Information managers face the increasingly complex task of maintaining the security of PII, ensuring this information is accurate, using only the personal information needed for a specific task, and ensuring that the privacy rights of customers are respected.

The revelatory nature of telephone metadata

A study was conducted in Stanford University to examine the impact on privacy of the National Security Agency’s collection of bulk telephone metadata nationwide. The study found that telephone metadata is densely interconnected, can trivially be reidentified, enables automated location and relationship inferences, and can be used to determine highly sensitive traits.

The authors conclude that more broadly, this project emphasizes the need for scientifically rigorous surveillance regulation. Much of the law and policy that we explored in this research was informed by assumption and conventional wisdom, not quantitative analysis. To strike an appropriate balance between national security and civil liberties, future policymaking must be informed by input from the relevant sciences.

How 5 Digital Assistants Use Your Data

This article provides useful and sobering information about how the digital assistants Siri, Cortana, Amazon Alexa, Facebook M, and Goole Now use your data. The article highlights the privacy and security features of these digital assistants; for example: By using Siri, Apple adds, you agree to allow Apple and its subsidiaries and agents to transmit, collect, maintain, process, and use your voice input and user data. Amazon Alexa saves your voice recordings, but you can erase them via your personal settings. As we move increasingly in the direction of voice-activated applications such as search, and voice-to-text, we need to consider carefully the new  personal metadata footprints and trails that we generate.

Fitness tracker privacy and security

A report on fitness tracker activity has just been published by OpenEffect,  Canadian not-for-profit applied research organization focusing on digital privacy and security, and The Citizen Lab at the Munk School of Global Affairs, University of Toronto. The scope of this report is as follows:

Every Step You Fake explores what information is collected by the companies which develop and sell some of the most popular wearables in North America. Moreover, it explores whether there are differences between the information that is collected by the devices2 and what companies say they collect, and what they subsequently provide to consumers when compelled to disclose all the personal information that companies hold about residents of Canada.

The report does not contain any conclusions or specific recommendations yet, so this is obviously very preliminary at this point.  Some points raised, however, include:

  • Seven of the eight wearables tested revealed unique Bluetooth identifiers that  allowed them to be tracked by nearby Bluetooth beacons. Beacons are used more and more in stores and malls to profile shoppers and push tailored offers.
  • While the devices themselves show the wearers’ location, the accompanying apps provide more personal information, e.g., they failed to protect against interception and tampering when they were transmitting data between smartphone, wearable, and the wearable company’s own servers.

I have worn a fitness tracker for some years now, and I tend to not have my Bluetooth device active on my smartphone when I am away from home.  I sync my wearable device when I am at home.  I’m not sure how much protection this affords me.  The default setting on my Bluetooth is to not make the device visible to anyone other than me, but I’m not sure if this is sufficient.  I minimize the information I load to my tracker; I don’t include what I’ve eaten, or track my sleep, so at least I do control how much of my personal information is tracked.  Still, this report does raise a few red flags, even as preliminary as it may be.

 

Microsoft Cortana’s email features

The title of this article is telling: Microsoft’s Cortana to spy on email to keep you on track. The article discusses Cortana’s “helpful” features that can scan your email and recognize language indicating a commitment and use this information to create reminders. If, for example, you send a message to your boss stating, “I will send you the project by 4:00 p.m.,” Cortana will set an alert so you don’t forget. Now, I’m all about keeping myself organized, but isn’t this what keeping calendars is all about? When I have an event or task, I schedule it in my calendar, and a reminder is sent to me. Do I really need or,  more importantly, want, Cortana to scan my emails to send me reminders? No mention is made in the article about where this information is stored. Is Microsoft tracking any of this data? I don’t think that I’m a particularly paranoid person, but this feature does raise a few alarm bells with regard to privacy.

Rogers, Telus await landmark ruling on cellphone privacy

According to today’s Globe and Mail, an Ontario court is set to issue what could be a landmark ruling on a Charter of Rights challenge filed by two of Canada’s biggest wireless carriers over “tower dump” production orders that would have required the companies to turn over personal information of about 40,000 customers.

Since I’m a Rogers wireless customer, it’s comforting to know that these companies challenged 2014 production order from Peel Regional Police obtained production orders requiring the two companies to provide communication records related to 21 cellular towers or sites.  Rogers and Telus argued that complying with the order would have resulted in the disclosure of customer name and address information for more than 9,000 Telus subscribers and more than 30,000 Rogers subscribers.

Rogers: We want to ensure our customers’ privacy rights are protected and there are clear ground rules for what law enforcement is able to request and access… [our] policy is only to share customer information when required by law or in emergency situations. This case did not meet the test for us and we are hopeful the court agrees. As am I.