Privacy issues in meeting apps

Privacy 3225688274_a05fdd9079_o

I’ve written before about the lack of information about who has access to attendee information, and I’m concerned about the ramifications of the growing trend for meeting apps to offer login via one of the established social media networks, typically Twitter, FaceBook, and LinkedIn.

Perhaps you should be too. Social check-in is touted as a plus for event attendees, allowing them to:

  • discover friends, contacts, followers, and followees who are also attending the meeting;
  • provide in-app social network functionality; e.g. the ability to tweet from inside the app; and
  • be notified (in some apps) when social network contacts are in the vicinity.

These features are, indeed, potential pluses for an attendee. But there are downsides too, which are rarely mentioned.

When you authorize an app to access your personal social network information, you are allowing the company that created the app access to that information. At a minimum, this includes read access to your social media contacts in that app, which may (e.g. Twitter) or may not (e.g. FaceBook, LinkedIn) be public. If the app also requests write access, it can, in principle, do things like sending tweets from your account.

There’s potential for abuse here. An app developer can copy all the information that you expose to them and keep it forever, even if you de-authorize the app from access to the network later. Some questions that come to mind:

  • What will be done with the information I make available to your app?
  • Who will have access to it? For example, unless you pay LinkedIn big bucks you do not have access to every member’s information. But an app can (and in one case I’ve seen, does) expose every attendee’s LinkedIn profile to all other attendees.
  • For how long will that access be made available?
  • Will the app developer eventually destroy the information retrieved during the event?
  • What are the consequences if the app’s security is breached? Can the attacker take over the compromised social media accounts?

Clear answers to these questions are rarely given before you’ve (perhaps reluctantly) given the app permission to access your social media account(s).

In addition, some apps don’t give you a choice; you can only use them if you provide the app login via one of your social media networks. And if you want to share other social media IDs with attendees, e.g. your Twitter ID, you can’t just add the ID into a data field for your information but have to give the app access to your entire Twitter account.

I understand there are more stringent data protection standards in Europe, but the state of affairs I’ve described above is common in many of the U.S. apps I’ve seen.

I think it behooves app developers to provide clearer answers to these questions, and allow us to opt out from providing forced access to our social media accounts when we use a meeting app.

What do you think?

Photo attribution: Flickr user michellzappa

Breaking: Government concerned about privacy concerns of “eyes”

 

blindfold 5457661504_48f3b6f8f0_bDateline Washington, DC. May 17, 2013: Congressional representatives today raised concerns about citizens’ ability to see what is going on by using their “eyes”, two organs buried inside most people’s heads.

“Forget Google Glass,” said Rep Joe Barton, “what if the average US Citizen obtains the ability to ‘see’ what is going on in their immediate vicinity? All hell could break loose. The privacy implications of this ‘vision thing’ are staggering and must immediately be addressed by a high-level governmental commission with the authority to put a stop to it.”

Rep Joe Barton then proceeded to tie a bright red bandana around his “eyes” which he said would stay in place “until the emergency is over.”

Photo attribution: Flickr user briananthonyadams

Why The Revolution Will Not Be Televised

The Revolution will not be televised finalA number of people have asked whether EventCamp East Coast (EC²) will be livestreamed. The answer is a qualified “no”, and since this is a different choice from those made at the original EventCamp in New York City and EventCamp Twin Cities I thought I’d explain why.

We’re concentrating on the face-to-face experience of the local audience at EC² for three reasons. Two of these factors are straightforward, while the third requires clarification.

The first reason is philosophical. The conference organizers—Traci Browne, Lindsey Rosenthal, and I—want to create an effective, uncomplicated event. Serving a remote audience well, as was done at the recent EventCamp Twin Cities, adds a significant level of complexity, not only to the organizer’s workload but also to the demands on presenters and the local audience to integrate the two audiences successfully.

The second reason is a matter of logistics. We three organizers enjoy busy professional lives, and possess a limited amount of time to make EC² the best conference we can. Creating an excellent remote audience experience (we wouldn’t be satisfied with anything less) would significantly shift our focus from other important components of EC².

The final reason is event design related and, perhaps, the most fundamental. The Conferences That Work design that we are using adds a default requirement of confidentiality to what happens during the conference. Let me explain what this means and why we’re doing this.

The thought of providing confidentiality at a conference may seem strange or counterproductive, especially these days where event sessions are routinely streamed and videoed for anyone who wants to watch. But in fact, there’s always been a need at some meetings for a commitment to confidentiality.

The classic example for a need for confidentiality is diplomatic meetings, where, to make best progress, participants need to be sure that what is said isn’t broadcast to the world. In this case, the reason for off-the-record conversation is to benefit relationships between the institutions that the diplomats represent.

But there’s another reason why confidentiality can be useful when people meet face to face; the personal benefit of the participants.

Perhaps the most well known example of events that provide this kind of environment are the 30 years of Renaissance Weekends, where participants “CEOs, venture capitalists, business & social entrepreneurs, Nobel Laureates & Pulitzer Prize-winners, astronauts & Olympians, acclaimed change-makers of Silicon Valley, Hollywood, Wall Street & Main Street, Republicans, Democrats & Independents” agree to the following policy:

All participants are expected to respect Renaissance Weekends®’ tradition of the candid and welcome exchange of diverse opinions, safeguards for privacy, confidentiality, and non-commerciality, and family ethos. Comments, behavior, or public references which could compromise the character of Renaissance Weekends® are unacceptable.

In my experience, all peer groups can benefit from this kind of environment. For example: more than once I’ve been told by different doctors I know that they regularly meet with a small group of their peers to confidentially discuss professional issues. In each case, the doctor I was talking with said, in effect, “There are some things that I can only talk about with other doctors.” The Conferences That Work format extends this kind of possibility to any peer group, and I believe that providing this opportunity can be important to any group of people with a common interest.

At every Conferences That Work event I’ve run, there are some sessions where the attendees decide not to share the proceedings publicly—in a few cases not even with other participants at the event. A common example is a frank discussion of the pros and cons of commercial tools and services available to attendees. And it’s not uncommon for a session or two to delve into work- or industry-related issues where attendees are looking for support and advice from their peers. Although these sessions are in a minority, it’s impossible to reliably predict in advance whether a specific session will turn out to require confidentiality.

All sessions at Conferences That Work have a recorder assigned to them, who makes notes or otherwise records the session. Because of the default requirement of confidentiality, unanimous agreement of the session’s attendees at the end of the session is needed for the recording to be made public.

In conclusion, it’s likely that the recordings of most of the sessions at EventCamp East Coast will be made available publicly, but they won’t be streamed live. So if you’re interested in fully experiencing EC², please join us on site in Philadelphia! I hope this article has explained why we’ve made these event design choices, and I welcome your comments and questions.

“Dear Valued AT&T Customer”

weasel - coniferconifer - 4612194466_500ace216e_b

Just received this email from “AT&T Chief Privacy Officer” <IPAD.06132010.001563@econfirmation.att-mail.com>. It’s a good example of a weasel apology.

Dear Valued AT&T Customer,

Recently there was an issue that affected some of our customers with AT&T 3G service for iPad resulting in the release of their customer email addresses. I am writing to let you know that no other information was exposed and the matter has been resolved.  We apologize for the incident and any inconvenience it may have caused. Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.

Here’s some additional detail:

On June 7 we learned that unauthorized computer “hackers” maliciously exploited a function designed to make your iPad log-in process faster by pre-populating an AT&T authentication page with the email address you used to register your iPad for 3G service.  The self-described hackers wrote software code to randomly generate numbers that mimicked serial numbers of the AT&T SIM card for iPad – called the integrated circuit card identification (ICC-ID) – and repeatedly queried an AT&T web address.   When a number generated by the hackers matched an actual ICC-ID, the authentication page log-in screen was returned to the hackers with the email address associated with the ICC-ID already populated on the log-in screen.

The hackers deliberately went to great efforts with a random program to extract possible ICC-IDs and capture customer email addresses.  They then put together a list of these emails and distributed it for their own publicity.

As soon as we became aware of this situation, we took swift action to prevent any further unauthorized exposure of customer email addresses.  Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.

I want to assure you that the email address and ICC-ID were the only information that was accessible. Your password, account information, the contents of your email, and any other personal information were never at risk.  The hackers never had access to AT&T communications or data networks, or your iPad.  AT&T 3G service for other mobile devices was not affected.

While the attack was limited to email address and ICC-ID data, we encourage you to be alert to scams that could attempt to use this information to obtain other data or send you unwanted email. You can learn more about phishing by visiting the AT&T website.

AT&T takes your privacy seriously and does not tolerate unauthorized access to its customers’ information or company websites.   We will cooperate with law enforcement in any investigation of unauthorized system access and to prosecute violators to the fullest extent of the law.

AT&T acted quickly to protect your information – and we promise to keep working around the clock to keep your information safe.  Thank you very much for your understanding, and for being an AT&T customer.

Sincerely,

Dorothys_signature

Dorothy Attwood
Senior Vice President, Public Policy and Chief Privacy Officer for AT&T

Please do not reply to this email. This address is automated, unattended and cannot help with questions or requests.

© 2010 AT&T Intellectual Property. All rights reserved. AT&T and the AT&T logo are trademarks of AT&T Intellectual Property.

Four comments:

  • Has AT&T has invented mind-reading software that can determine peoples’ intent? The email asserts that the people who obtained the email addresses and ICC-ID  “maliciously exploited” AT&T’s failure to secure private information, “deliberately went to great efforts”, and “distributed it for their own publicity”. Smearing people by assigning them ulterior motives for which you have no evidence is an old propaganda trick. It helps to deflect attention from your own culpability.
  • Speaking of culpability, AT&T apologizes “for the incident and any inconvenience it may have caused ” but not for their negligence in setting up a system that allowed public access to private information in the first place. Come on now, AT&T, you can do better than that. How about: “AT&T apologizes for the lapse in our security that allowed this information to be obtained”? That’s what a proper apology looks like.
  • AT&T provides no explanation as to the consequences of publicizing my ICC-ID. I don’t care about exposing my email address, since it’s already strewn all over the internet (though I can imagine that some people are not pleased that their email address was exposed). But I have no idea what the ramifications are of exposing my ICC-ID to all and sundry. What should I look out for? Telling me to “be alert to scams that could attempt to use this information to obtain other data” is useless pap.
  • We should judge people and organizations by what they do, not what they say. When what is said is at odds with what is done, trust is broken. I don’t expect perfection, but the fact that AT&T avoids admitting that they screwed up makes me skeptical that “AT&T takes your privacy seriously.” Or that I can “Rest assured, you can continue to use your AT&T 3G service on your iPad with confidence.” Well, AT&T, I’m not assured.

Frankly, receiving this email reduced my trust and opinion of AT&T. It would have been better for them if they had never sent it.

#fail.

The Stranger on the Airplane

airline passenger - davitydave - 3362787991_48b494a46e_oLong ago, when I was a British college student, I would set off to explore Europe each summer. There were no budget flights in those days, so I traveled by train. Some of my trips lasted days, but I loved the journey because of the people I met. I still remember the G.I. returning from Vietnam who’s now a Denver judge, the Belgium cabinet minister who tried for several hours to convert us to communism, and the cute Irish postgraduate student who…well never mind.

Now I live in the U.S. where trains are a rarity, at least in my part of the world, so I fly when it doesn’t make sense to drive. And I still enjoy striking up conversations with the stranger(s) sitting next to me. I’m not pushy—some people don’t want to talk, and that’s fine—but, more often than not, we end up exploring each other’s lives for a few hours. Over the last few years I remember, among others, the French airline executive who kissed me on both cheeks when we parted, the nun who visited prisoners and showed me years of correspondence, the fascinating sales director of a major internet hosting company, the lay ministry provider of counseling support for military families, and the British basketball agent who also owned a debt collection agency.

Some of these people shared intimate things about their lives during our time together; things I doubt they shared with most of the people they worked with every day. They did this because we were never going to meet again. For a few hours, they were with the Stranger on the Airplane. And, of course, they were my Strangers on the Airplane, and sometimes I told them intimate things as well.

I’ve seen a similar thing happen at Conferences That Work. The intimacy is not as deep initially, because, I think, attendees are aware that they may meet another time if the conference is held again. On the other hand, if they do meet a sharer again, attendees have an opportunity to go deeper. I find it strange, yet enjoyable, to meet people once a year and expand my connection on each occasion in unforeseen ways.

In my experience, the majority of people (on airplanes and at conferences, at least) enjoy talking quite freely with strangers who they trust. Because the ground rules support a confidential, safe environment this potential of intimacy is present at Conferences That Work. I like that. How about you?

Image attribution: flickr user davitydave – creative commons share alike 2.0 generic