The Cocoon Blog
The Internet as it should be: private, secure and virus free

At Cocoon, we appreciate and support all efforts against SOPA. Thousands of Cocoon’s users rely on the Cocoon Service to contend with some of the most brutal dictatorships on Earth to exercise their freedom of speech. We encourage everyone to speak out against SOPA to protect free speech and privacy online. Below are links you can forward to friends with educational info as well as opportunities to send messages to Congress.

More info about SOPA/PIPA and how you can help stop the bills:

• Learn more about SOPA – watch this video
• Change your profile picture to protest SOPA
• Write to Congress to kill these bills

Our Fight the Good Fight featured Internet hero today is Shaun Dakin, CEO & Founder at the National Political Do Not Contact Registry (NPDNC) and the source for news on privacy and privacy conferences worldwide.

In 2009 he founded a series of un-conferences called PrivacyCamp based on the barcamp model and open space technology. Today, PrivacyCamp has evolved to become the world’s primary event for business, academia, advocates and policy folks to get together to discuss privacy-related issues.  In this capacity he runs the weekly #PrivChat, a Twitter discussion on privacy that takes place every Tuesday at 12:00 PM EST on Twitter.

In 2007, he started The National Political Do Not Contact Registry (non-profit) to fight for voter’s privacy rights and to alert the nation on political robocalls.  Under his leadership, within the space of a year, the organization advanced to over 85,000 members.

Shaun is a very busy guy in the realm of privacy. In an email exchange we asked him a few questions about his involvement with PrivacyCamp, #PrivChat and the National Political Do Not Contact Registry. 

You run a series of PrivacyCamp “unconferences or barcamps on privacy”; could you please describe what an unconference is?

 Shaun:  Sure!  An un-conference is the opposite of a traditional curated and powerpointed event where there are key note speakers, panels, powerpoint, and people sitting listening to experts. Instead, an un-conference is simply an event where the agenda is created by those that attend and the conversation is driven by all those that choose to.

Imagine showing up to an event with NO IDEA what the day’s agenda will look like?  Not easy for many people to do. But that is exactly what occurs and it is magic.

A Camp is usually a single day starting at 9 AM through 5 or 6 PM.  The format is:

1. Opening remarks and introductions (3 word introductions)
2. Call for “topics” from participants where they stand up and say what they are interested in talking about or learning.
3. The creation of the “grid” or the day long agenda
4. Session one
5. Lunch
6. Session two
7. Session three
8. Wrap Up
9. The After Party !

If you are interested in learning more about UnConferences, this is a great website: http://www.unconference.net. We are always looking for people to start one in their own city! You can also follow PrivacyCamp on Twitter.

Could you explain what Twitter #privChat is all about?

Shaun:  Sure!  Every Tuesday at Noon ET we host (with the Electronic Privacy Information Center ) a chat or conversation about privacy issues using Twitter as the channel for communication.  More details about the chats can be found at our website.

Essentially, however, a twitter chat lasts for 45 minutes and anyone in the world with access to twitter (via computer or mobile phone) can participate.   We have participants from the US, Canada, Asia, and the EU contribute every week.

The format is pretty simple:

• We start off with introductions so that people know who is participating (if they want to do so)
• We then have four (4) questions that have been suggested by the twitter privacy community during the previous week.  Each question is given approximately 10 minutes for discussion.
• We will be adding guest “speakers” soon to the format.  When that occurs, guests will be approximately 20 minutes and then the regular Q and A will move forward after the guest is done.
• That is it!

If you are interested in seeing what we discuss, please check out our website at https://epic.org/privchat/ where the latest set of questions are located as well as a history of questions and transcripts from each week. We also have a Google Calendar set up so that people can subscribe to the calendar and never forget to attend!

As CEO and founder of the National Political Do Not Contact Registry what is your stance on robo-calls?

Shaun: I firmly believe that voters deserve the right to opt out of unwanted political communications, with robocalls being the worst offender.    That is, like commercial organizations, political organizations, candidates and special interest groups should follow the wishes of most Americans who sign up for the National Do Not Call Registry.

Most Americans who register at DoNotCall.gov want all telemarketing to stop.  Most Americans are outraged when they hear that Politicians wrote the DoNotCall legislation to specifically exempt political calls.   It is yet another example of politicians thinking that they are above the rest of us.

So, to be clear, I am NOT calling for the banning of any form of political speech.   I am calling simply for voters to be given the right to opt-out of political robocalls.   If the voter raises their hand and says that they don’t want these calls (which they have done with donotcall.gov ) they should expect that their representatives honor that wish.

If you are interested in learning more please visit www.StopPoliticalCalls.org

Shaun Dakin is also Founder of Dakin & Associates and a Consultant at Webbmedia Group. Thanks to Shaun for his contributions to this blog post!

Our Fight the Good Fight featured Internet hero today is a nonprofit consumer organization based in San Diego, California: The Privacy Rights Clearinghouse (PRC). The PRC was Established in 1992 by Founder & Director, Beth Givens, with a two-part mission — consumer information and consumer advocacy.

What the PRC Offers 

The Privacy Rights Clearinghouse has many services for consumers, researchers, journalists and policymakers:

• A hotline for consumers to report privacy abuses and request information on ways to protect their privacy.
• An extensive series of fact sheets on privacy issues, available in English and some in Spanish.
• A web site (www.privacyrights.org) that provides texts of all fact sheets, transcripts of PRC speeches and testimony, FAQ and index by topic, stories of consumers’ experiences, and more.
• Assistance and interviews for journalists, providing background and comments for stories.
• A referral service for journalists and policymakers who are seeking victims of privacy abuses who have indicated a willingness to talk with the media and/or testify in legislative and regulatory agency hearings.
• A speakers service, in which PRC staff make presentations at conferences, employee training sessions, and civic and community group meetings.

The Battle

In 2011 there has been a huge upsurge of serious data breaches, if you could design the perfect solution to this problem – how would you address this?

Amber Yoo, Director of Communications for the Privacy Rights Clearinghouse:

Privacy Rights Clearinghouse has been tracking breaches since 2005 and publishes a Chronology of Data Breaches. The Chronology only includes breached records that contain information useful to identity thieves, such as Social Security numbers, financial account numbers, and driver’s license numbers. So far in 2011, we’ve tracked 382 breaches involving 23.2 million sensitive records. In truth, the number of breached records is much higher, because not all breaches are reported and sometimes it’s hard to determine the true extent of a breach.

Data breaches are detrimental because they can lead to identity theft. A 2009 Javelin study found that data breach victims are four times more likely to suffer identity theft. The recent string of sensational data breaches has caused consumers to question how securely companies hold their personal information. Companies need to either invest in stronger data security or risk jeopardizing consumer trust.

I would like to see businesses adopt “Privacy by Design” as a best practice. Privacy by Design is the principle of embedding privacy into every level of a business’ practices and procedures. One practical application is encryption. If companies encrypted customer data properly, the data would be useless if it fell into the wrong hands. Encryption can slow down user interfaces, but data breaches are becoming so pandemic that the necessary data security is worth the sacrificed consumer convenience.

According to the Identity Theft Resource Center (ITRC) August 30, 2011 report there were 279 reported breaches with 13,148,623 records exposed. Data breaches can lead to a host of cyber-criminal activity including fraud, identity theft, reputational damage and sphear-phishing campaigns.

Facial Recognition Technology

Private companies (such as face.com) are currently indexing massive quantities of online photos. With advances in facial recognition software – what would be your greatest concern in the area of personal privacy with this emerging technology?

Amber: At Privacy Rights Clearinghouse, we believe consumers deserve transparency and control. Facial recognition technology is usually employed without the knowledge or consent of the individual. Your biometric data is stored in a database and linked to your name, at the very least. As always, the concern is in the database. How exactly is the data collected, stored and shared? My greatest concern is that the deployment of facial recognition technology could have a chilling effect on political dissidents or be used by companies for price discrimination. We recently issued a Consumer Alert on facial recognition, calling it a top privacy issue of our time. 

The IAC i-CON

What do you think about Monday’s roll-out of the Advertising Option Icon from the IAB? (Off record: personally I call it the “i-CON!”)

Amber: Study after study shows that industry attempts to self-regulate are flawed at best. Advertisers have tremendous incentive to collect your data and little to no incentive to give you meaningful choice in the matter. Any attempt at self-regulation, including the Advertising Option Icon, only perpetuates this flawed model.

Advertisers claim online tracking is beneficial for consumers because it allows for more personalized ads. If it’s so beneficial, then why not explain it clearly to consumers and let them opt-in?

What’s PRC’s history?

Amber: Privacy Rights Clearinghouse was founded nearly 20 years ago by Beth Givens. We are a 501(c)(3) nonprofit with a two-part mission: consumer education and advocacy. I think what sets us apart from many other groups is our “Dear Abby” function – we invite people to contact us with privacy questions.  Listening to consumers on a daily basis allows us to better advocate on their behalf.

Your website has an incredible collection of resources that address a full spectrum of privacy issues.  “Raise awareness, empower and advocate” are strong messages that I see when I visit your website. Of the three messages that I see – what do you believe is the strongest message that you would like a site visitor to acknowledge?

Amber:  Our main goal is to put consumers in control, so “empower” would be my choice out of the three. The right to privacy is about having control over your personal information. It is the ability to limit who has this information, how it is stored, and what is done with it. Often, we don’t value privacy until it’s gone. And the tremendous advances in technology are quickly eroding what little privacy we have left. Right now, privacy is a hot topic on the Hill. I hope Americans will write to their elected representatives to demand stronger privacy protections before it’s too late.

Thanks to Amber Yoo for this weeks answers to Fight the Good Fight! You can visit the Privacy Rights Clearinghouse and  Subscribe to their mailing list for alerts on new privacy issues and tips to help you protect your personal information. They are also on Facebook and Twitter.

Our first Fight the Good Fight featured Internet hero today is StopBadware.org which began as a project to experiment with ways to combat malicious software at the  Berkman Center for Internet and Society at Harvard University. In January 2010 StopBadware.org became a stand-alone nonprofit group replete with partners (Google, Mozilla and PayPal), SoftLayer (their sponsor) and data providers ( Google, NSFOCUS and Sunbelt).

The Battle

There is an ongoing battle on the Internet today between good and evil. The kosher side of the Internet contributes to the good of the Internet as a whole, fostering and supporting the idea of a strong digital ecosystem for all. The evil side of the Internet exists in the dark recesses of an underground economy that target individuals, organizations, corporations, financial institutions, eCommerce and governments for the purpose of information theft, monetary gain or both.

StopBadware as an Internet Hero

Maxim Weinstein, President & Executive Director and Caitlin Condon, Raconteur of StopBadware graciously responded to my request for information about their nonprofit organization while in the midst of moving their office!

As you know, StopBadware focuses on cleaning up badware from the Web. Collective defense of the Web means that site owners, hosting providers, browser vendors, search engines, and the security industry all have to work together to share information and coordinate their defensive strategies. StopBadware works most closely with site owners and hosting providers, but these groups don’t exist in a vacuum. We therefore communicate regularly with the other constituencies I listed—engaging them in working groups, speaking to them at conferences, connecting them with each other, etc. This allows us to ensure that we’re advocating for solutions everyone can get behind and that flow together into what we hope over time will become a better defended ecosystem. –Max

An email from Caitlin further clarified their stance on BADWARE:

Essentially, the bottom line for us is this: badware is a shared problem, and it demands a shared solution. Every participant in the Internet ecosystem has a responsibility to help protect the Web from badware, and we believe it’s fundamentally important to recognize those who are (and aren’t) doing their parts. That’s what our We Stop Badware™ Web Host program is about. Quite simply, hosting providers occupy a key position in the architecture of the Web, and it’s their responsibility to protect both their customers and the Internet as a whole. We developed our Best Practices for Web Hosting Providers to make it easier for them to do this; the We Stop Badware™ program is an added incentive for hosting providers to take action and let people know about it. We’re constantly looking for ways to make it easier for people to do the right thing: be a part of the solution.

StopBadware has myriad resources and provides structured education for Internet users, website owners and web hosting providers. With software guidelines, badware alerts and a form to report badware here - StopBadware.org is a good thing!