Social Network Platforms: Privacy and Security Issues November 16, 2007 Jefferson F. Scher [email_address]
A Whirlwind Tour <ul><li>General concepts </li></ul><ul><ul><li>Online privacy </li></ul></ul><ul><ul><li>Information secu...
Online Privacy: An Oxymoron? <ul><li>Privacy for end users </li></ul><ul><ul><li>Who’s watching you? </li></ul></ul><ul><u...
Protecting the Privacy of Others <ul><li>Privacy for businesses </li></ul><ul><ul><li>What do you collect? </li></ul></ul>...
Numerous and Conflicting Laws <ul><li>Legal requirements vary widely </li></ul><ul><ul><li>Federal laws and regulations </...
The Privacy-Security Nexus <ul><li>Privacy and security intertwined </li></ul><ul><ul><li>Policy defines privacy practices...
Flinging off the Kimono <ul><li>Access to a rich description </li></ul><ul><ul><li>Profile information </li></ul></ul><ul>...
Swimming in Data <ul><li>Legal advantages </li></ul><ul><ul><li>Accessing P + A + F info:  Platform responsible for permis...
My User’s Friend is My What? <ul><li>Mining the social graph </li></ul><ul><ul><li>Complex web of permissions + uncertain ...
Attention to Detail <ul><li>Privacy risk management </li></ul><ul><ul><li>Abide by your privacy rules </li></ul></ul><ul><...
Carr & Ferrell at Your Service <ul><li>In Silicon Valley for 15 years </li></ul><ul><li>Full-service firm approaching  50 ...
Upcoming SlideShare
Loading in …5
×

Privacy And Security in the Open World

1,034 views

Published on

Safeguarding your privacy, identity, and security

Published in: Business, Technology
  • Be the first to comment

  • Be the first to like this

Privacy And Security in the Open World

  1. 1. Social Network Platforms: Privacy and Security Issues November 16, 2007 Jefferson F. Scher [email_address]
  2. 2. A Whirlwind Tour <ul><li>General concepts </li></ul><ul><ul><li>Online privacy </li></ul></ul><ul><ul><li>Information security </li></ul></ul><ul><li>From web silos to social networks </li></ul><ul><ul><li>Legal advantages </li></ul></ul><ul><ul><li>Challenges and risks </li></ul></ul><ul><li>Moving forward </li></ul>
  3. 3. Online Privacy: An Oxymoron? <ul><li>Privacy for end users </li></ul><ul><ul><li>Who’s watching you? </li></ul></ul><ul><ul><li>Why? </li></ul></ul><ul><ul><li>What can I do? (Or, is it true that I have to “get over it”?) </li></ul></ul><ul><ul><ul><li>Safe computing practices </li></ul></ul></ul><ul><ul><ul><li>Understanding privacy practices </li></ul></ul></ul><ul><ul><ul><ul><li>Privacy policy </li></ul></ul></ul></ul><ul><ul><ul><ul><li>Licenses and Terms of use </li></ul></ul></ul></ul>
  4. 4. Protecting the Privacy of Others <ul><li>Privacy for businesses </li></ul><ul><ul><li>What do you collect? </li></ul></ul><ul><ul><li>Consider the implications </li></ul></ul><ul><ul><ul><li>Multiple layers of legal requirements </li></ul></ul></ul><ul><ul><ul><li>You might misplace it (lost laptop) </li></ul></ul></ul><ul><ul><ul><li>You might sell to bad guys (ChoicePoint) </li></ul></ul></ul><ul><ul><ul><li>Bad guys might find it (TJX) </li></ul></ul></ul><ul><ul><li>Rule: collect only what you need, guard it as you would your own </li></ul></ul>
  5. 5. Numerous and Conflicting Laws <ul><li>Legal requirements vary widely </li></ul><ul><ul><li>Federal laws and regulations </li></ul></ul><ul><ul><li>State laws and regulations </li></ul></ul><ul><ul><li>Traditional “common law” rights </li></ul></ul><ul><ul><li>European Union + others </li></ul></ul><ul><li>Contracts remain very important </li></ul><ul><ul><li>Set user expectations </li></ul></ul><ul><ul><li>May be overridden by public policy </li></ul></ul>
  6. 6. The Privacy-Security Nexus <ul><li>Privacy and security intertwined </li></ul><ul><ul><li>Policy defines privacy practices </li></ul></ul><ul><ul><li>Security critical to ensure compliance </li></ul></ul><ul><li>Security = C-I-A </li></ul><ul><ul><li>Confidentiality </li></ul></ul><ul><ul><li>Integrity </li></ul></ul><ul><ul><li>Availability </li></ul></ul><ul><li>Legal and industry standards </li></ul>
  7. 7. Flinging off the Kimono <ul><li>Access to a rich description </li></ul><ul><ul><li>Profile information </li></ul></ul><ul><ul><li>On-site activities </li></ul></ul><ul><ul><li>Friends’ information </li></ul></ul><ul><li>Explosion of personal information </li></ul><ul><ul><li>Widgets for every preference </li></ul></ul><ul><ul><li>Off-site activities visible </li></ul></ul><ul><ul><li>We haven’t seen anything yet </li></ul></ul>
  8. 8. Swimming in Data <ul><li>Legal advantages </li></ul><ul><ul><li>Accessing P + A + F info: Platform responsible for permissions </li></ul></ul><ul><ul><li>Communications to users: Platform is inherently “opt-in” </li></ul></ul><ul><li>Piggybacking on platform counsel? </li></ul><ul><ul><li>Probably carefully planned </li></ul></ul><ul><ul><li>Potentially a partial legal defense (following the platform’s rules) </li></ul></ul>
  9. 9. My User’s Friend is My What? <ul><li>Mining the social graph </li></ul><ul><ul><li>Complex web of permissions + uncertain user expectations </li></ul></ul><ul><ul><li>Obligation of accuracy and currency? </li></ul></ul><ul><ul><li>Permission to cache relationships? </li></ul></ul><ul><li>Platform protection unlikely </li></ul><ul><ul><li>How responsible for external issues? </li></ul></ul><ul><ul><li>Disclaimers and other terms of use </li></ul></ul>
  10. 10. Attention to Detail <ul><li>Privacy risk management </li></ul><ul><ul><li>Abide by your privacy rules </li></ul></ul><ul><ul><li>Secure your database </li></ul></ul><ul><ul><li>Secure your application </li></ul></ul><ul><li>Business risk management </li></ul><ul><ul><li>Consider capacity/budget for growth </li></ul></ul><ul><ul><li>Consider IP liability and protection </li></ul></ul><ul><ul><li>Consider specialty insurance </li></ul></ul>
  11. 11. Carr & Ferrell at Your Service <ul><li>In Silicon Valley for 15 years </li></ul><ul><li>Full-service firm approaching 50 attorneys </li></ul><ul><li>Depth of technical, business and legal expertise </li></ul><ul><li>Serve a broad spectrum of VC and technology clients — from start-ups to large corporations </li></ul><ul><li>Strong transactional and IP capabilities </li></ul><ul><li>Practice Areas </li></ul><ul><ul><li>Corporate Finance </li></ul></ul><ul><ul><li>Venture Capital/Emerging Company Representation </li></ul></ul><ul><ul><li>Mergers & Acquisitions </li></ul></ul><ul><ul><li>Technology Transactions </li></ul></ul><ul><ul><li>IP Litigation </li></ul></ul><ul><ul><li>Patents & Trademarks </li></ul></ul><ul><ul><li>Strategic Intellectual Property </li></ul></ul><ul><ul><li>Internet </li></ul></ul>

×