Category: Privacy

Privacy content from Leo Nelson

Unroll.me

Unroll.me – is an interesting service that helps automate unsubscribing from mailing lists, but what caught my eye is their approach to describing data practices with a service that is clearly beneficial but comes at the cost of providing access to an individual’s or organization’s most sensitive data. Unroll.me’s How we use data page specifically addresses the following topics that every organization should strive to transparently share:

How we keep your data safe

What kind of data we collect

How we use your data

Who we share information with

Our commitment to transparency

Privacy Definition

An excellent definition of privacy in the context of autonomy and security:

  • Autonomy Privacy is an individual’s ability to conduct activities without concern of or actual observation (i.e., surveillance).
  • Information Security is the protection of information resources from unauthorized access, which could compromise their confidentiality, integrity, and availability.  This includes, but is not limited to networks, hardware, software and information (some of which is confidential).
  • Information Privacy is the intersection of autonomy privacy and information security — it is the appropriate protection, use, and dissemination of information about individuals

Source: Autonomy Privacy, Information Privacy and Information Security

Using DNA for Access Control

You’ve probably heard of the genetic testing site, 23andMe. The site allows users to send in a swab covered in their saliva for genetic decoding. When that code is translated, it’s viewable online as a pie chart of ancestry. 23andMe even offers an API that allows you to share your genetic information with the REST of the world. Genetic information is some powerful stuff: It can countermand information that’s been passed down through a family, provide a clue to lost relatives, and even offer unexpected insights into one’s origins. But did you ever think that genetic information could be used as an access control? Stumbling around GitHub, I came across this bit of code: Genetic Access Control. Now, budding young racist coders can check out your 23andMe page before they allow you into their website! Seriously, this code uses the 23andMe API to pull genetic info, then runs access control on the user based on the results. Just why you decide not to let someone into your site is up to you, but it can be based on any aspect of the 23andMe API. This is literally the code to automate racism. The author offers up a number of possible uses, many of which sound fairly legitimate, however. Imagine a women’s support group online that restricts access to women only. What if JDate didn’t just take your word for it that you were Jewish, and actually checked your DNA to make sure?

Source: Using DNA for Access Control