CSI2911

Assignment 2

30 marks, 15% of final grade

Due in class: March 2, 2009

 

Late policy: 10% off per day (-3 marks).

Assignments more than 4 days late will not be accepted and will receive a mark of 0.

 

You must hand in a hard-copy directly to the TA or Professor.

Send an electronic copy as well, if you are late and not able to hand the assignment in during class.

Leanne Seaward, 5th floor site Mailbox: 125, lspra072@uottawa.ca

Liam Peyton: SITE 5-074, lpeyton@site.uottawa.ca

 

A)     Writing  - 10 marks, 2 marks for each of the following:

·         Spelling

·         Grammar

·         Clarity of writing

·         Efficiency of writing

·         Elegance / Effectiveness of writing

 

B)      Content – 20 marks

All answers must be in full sentence, essay form, with a clear structure, and sound reasoning from facts and principles.

 

Tim O’Reilly published in 2004 (http://oreilly.com/pub/wlg/4707 ) the following critique addressing the concerns related to potential loss of privacy by the users of Gmail (this is an excerpt):

There are already hundreds of millions of users of hosted mail services at AOL, Hotmail, MSN, and Yahoo! These services routinely scan all mail for viruses and spam. Despite the claims of critics, I don't see that the kind of automated text scanning that Google would need to do to insert context-sensitive ads is all that different from the kind of automated text scanning that is used to detect spam ... Google doesn't have humans reading this mail; it has programs reading them. Yes, Google could instruct a program to mine the stored email for confidential information. But so could Yahoo! or AOL or MSN today. ...

…  Every time you send an email message, it is typically routed through a number of computers to get to its destination. … Anyone equipped with a packet sniffer at any of those sites can snoop any mail that they want. In fact, the NSA recently proved the effectiveness of this approach by tracking down terrorists by looking at their mail traffic.

… There are persons right now, who know everything you've ever bought.  Just recently, I was shopping in Bath, England, and made a large purchase in an antiquarian bookshop. Fifteen minutes later, I … tried to make another purchase, and had my card rejected. Meanwhile, back in California, my wife was receiving a call, wondering if the card had been stolen. "Why would someone halfway around the world be spending so much on books?" they wanted to know. That's real time monitoring! Privacy advocates (and as a former board member of the EFF I count myself among them) argue that privacy is a slippery slope. But we're already a long way down that slope … I certainly don't see why Google is being singled out. There are so many bigger issues to worry about, from RFID tagging to surveillance cameras on London street corners, that programmed scanning of email for targeted ad insertion doesn't seem like too big a deal to me, especially when it's disclosed up front to participants in the service.

 

1.       2 marks

Find and read the Google privacy policy specific to Gmail. Find and quote the exact clause, or clauses, in this policy that allows Google to read the contents of Gmail messages to place focused advertising related to the contents of an email message.   Also find and quote the exact clause, or clauses that indicate Google can share that information with third parties.

 

2.       2 marks

What options do email users have if they do not want their email scanned?  Propose a policy (non-technical solution) that would give more flexibility in this area to users.  Give an explanation as to why you think Google has chosen not to do this.   Identify a technical solution that users could use to make automatic scanning of message contents by servers impossible (the “real” contents remain protected).

 

3.       2 marks

Find and read the “umbrella” Google policy that applies to (almost) all its products, services and websites. There are several circumstances under which Google could share personal information with entities that may have different privacy polices: DoubleClick, Affiliates, US Government, Foreign Governments, Merger/Acquisition Partner.  Find two such circumstances and quote the exact clause or clauses in the Google policy that allow for this.  In each case, clearly explain one reason, or give one example of why this would cause you concern.

 

4.       4 marks

In the eyes of some critics (see the links below), Google has consistently taken a “minimalist” approach to declaring what it does with personal data, only updating its privacy policy as needed to be compliant with the law.  Explain from Google’s point of view why this is good corporate policy.  Give at least two reasons with support or examples.  Explain from Google’s point of view why this might be a bad corporate policy.  Give at least two reasons with support or examples.

http://www.google-watch.org/krane.html

http://bits.blogs.nytimes.com/2008/05/27/google-fights-for-the-right-to-hide-its-privacy-policy/

http://www.searchenginejournal.com/google-privacy-policy-updated/8368/

 

5.       10 marks

In your opinion, does Google adequately address PIPEDA’s 10 principles  (see http://www.axi.ca/resdocs/privacy_guide.pdf )?  Explain for each principle, why you think Google is or is not adequately addressing the principle.  Clearly explain your reasoning with evidence from Google’s privacy policy, Google’s web site, or from a source that you can reference properly.