SlideShare uma empresa Scribd logo
1 de 47
What Every Product
         Manager Needs to Know
          About Online Privacy
             and Security
            Protecting Your Brand,
         Revenue, and Business Model
         Phil Burton, Principal Consultant and Trainer
                        280 Group LLC

                     © 2010-2011   280 Group LLC
Page 1                                              ©2010-2011 280 Group LLC
Why is Online Privacy Important?

 • Lack of effective privacy can affect revenues
   and damage your business model
         loss of trust and reputation    brand damage
         Decreases in site visitors   lower revenue
 • Real and growing risk of government
   regulation in US, EU
         Potentially limit revenue opportunities
         Potentially impact the business model
 • Effective privacy requires excellent security


Page 2                                             ©2010-2011 280 Group LLC
Agenda

 • Threats to Online User Privacy
         – Corporate Policy
         – Poor Operations and Programing Practices
         – Lack of User Education
 •       Issues and Consequences
 •       Increased Government Regulation?
 •       Strategic Issues and Market Requirements
 •       Takeaway Ideas


Page 3                                           ©2010-2011 280 Group LLC
Threats to Online User Privacy


                  Corporate Policy




Page 4                               ©2010-2011 280 Group LLC
Causes of Privacy Threats
   • Corporate policy
         – Business model monetizes private data
         – Complete indifference to privacy issues
   • Poor operations and programming practices
         – Badly designed, buggy software and configurations
         – Poorly secured websites allow professional criminals
           to steal user private data
            • “contribute” content with “malware”
            • forcefully plant malware

   • Lack of user education
         – Users don’t know how or why to protect private data
         – “Social Engineering” tricks users

Page 5                                               ©2010-2011 280 Group LLC
Facebook Places issue

 • Facebook announced location service
   “Places” August 18, 2010
 • Immediate criticism of default “opt-in”
         –   No single opt-out setting
         –   No ability to control which people can see check-in
         –   Can “check-in” friends without permission
         –   Available to Facebook partners and phone apps




Page 6                                                 ©2010-2011 280 Group LLC
Facebook Policy Causes Privacy
               Threats
 • “Your Privacy Isn’t So Private” – San Jose
   Mercury-News, Tech Files column, May 3,
   2010
         – Facebook is “cavalier” with privacy of its users
         – “Alarm bells went off in my head over the privacy
           issues”
         – “Astonishing how much information Facebook now
           considers ‘public’ and is sharing with its marketing
           partners”




Page 7                                                ©2010-2011 280 Group LLC
Google and Facebook “Blurring
                   the Line”
 • “A Blurring Line: Private and Public” – NY
   Times, Bits column, March 15, 2010
         – Google Buzz service “complete disaster” by
           linking email accounts to status updates on social
           networks
         – Facebook makes members information public by
           default
         – Issue is “broader muddying of the line between
           what is private and what is public online.”




Page 8                                               ©2010-2011 280 Group LLC
Corporate Indifference:
            Uploaded Photos Reveal Subject
                      Location
• “Geotags” in uploaded photos
  identify exact location
• Children, friends, houses,
  expensive cars, etc.
• Website APIs make it easy
  for criminals and stalkers to
  locate on Google Maps
   – “Cyber-casing”

• Users “compromising their privacy, if not their safety”
• Illegal under copyright law to strip out all “metadata”
• Smartphones and websites need better user controls
   Page 9                                           ©2010-2011 280 Group LLC
Tone Deaf: Eric Schmidt calls for Young
  Adult “Witness Protection Program”

  • “[Schmidt ]predicts, apparently seriously, that every
    young person one day will be entitled automatically to
    change his or her name on reaching adulthood in
    order to disown youthful hijinks stored on their
    friends' social media sites.”
  • Technical solution to
    important policy
    issue?
  • Doesn’t Google have
    any responsibility
    here?

Page 10                                          ©2010-2011 280 Group LLC
Apple’s Very Different User
                  Privacy Policy
  • Steve Jobs on user privacy:
          – “ … different view … than some of our colleagues
            in the Valley. We take privacy very seriously.”
          – “Privacy means people know what they’re signing
            up for. In plain English. … repeatedly”
          – “Let them know precisely what you’re going to do
            with their data.”
          – Wall Street Journal, Technology, Kara Swisher and Walt
            Mossberg, June 7, 2010, p. R3.



Page 11                                                     ©2010-2011 280 Group LLC
Threats to Online User Privacy


            Poor Operations and Programming
                        Practices




Page 12                                   ©2010-2011 280 Group LLC
The Not-Private Blog

  • The “niece’s blog”
          – The aunt periodically did Google search on nieces
            and nephews to keep up with their activities
          – College freshman niece wrote one blog for parents
            and relatives
          – Wrote second blog for just for friends
             • Password protected
             • Drugs, sex, wild parties, disparaging comments on family
             • Google found it with normal “spidering”



Page 13                                                     ©2010-2011 280 Group LLC
Credit Card Numbers Revealed
• Web site Blippy.com revealed credit card numbers




 Page 14                                ©2010-2011 280 Group LLC
Credit Card Numbers Revealed
• Not enough
  testing
  – http://techie-
    buzz.com/tech-
    news/credit-
    card-numbers-
    of-blippy-users-
    show-up-on-
    google.html
    (April 23, 2010)




 Page 15                           ©2010-2011 280 Group LLC
Not So Private Chats on
                 Facebook
• Insufficient
  testing or poor
  configuration
  revealed private
  chats on
  Facebook




Page 16                         ©2010-2011 280 Group LLC
Poor Operations Practices
     Reveals iPad phone and email info
  • AT&T website
    exposed phone IDs
    email addresses of
    114,000 iPad
    owners
          – dozens of CEOs,
            military officials,
            and top politicians
          – FBI investigating

          – Wall Street Journal,
            June 11, 2010
Page 17                            ©2010-2011 280 Group LLC
Poorly Protected Website Infected
           with “Drive-By” Malware
• Hackers
  successfully
  penetrate well-
  known site
     – Plant “Drive-by
       downloads” on
       poorly protected
       sites
• safeweb.norton.
  com/buzz


 Page 18                         ©2010-2011 280 Group LLC
Threats to Online User Privacy


                   User Education




Page 19                             ©2010-2011 280 Group LLC
“Forget Email... Social's the New
               Spam Vector”
• “… this shift in spammer strategy from email to
  social networking sites tracks perfectly with users'
  online behavior”
• “spammers are counting on … our collective
  naïveté.”




 Page 20                                     ©2010-2011 280 Group LLC
Issues and Consequences




Page 21                        ©2010-2011 280 Group LLC
Mark Zuckerberg Doesn’t Value Privacy


  • January 9, 2010




  • April 23, 2010




Page 22                                    ©2010-2011 280 Group LLC
Zuckerberg Admits Mistakes About Privacy


  • May 24, 2010




Page 23                                     ©2010-2011 280 Group LLC
Zuckerberg Public Letter Really
       Targets Federal Government
  • Zuckerberg letter to blogger and
    Op-Ed piece in Wash. Post, May 24, 2010 --
          http://www.washingtonpost.com/wp-
          dyn/content/article/2010/05/23/AR2010052303828.html
          – “There needs to be a simpler way to control your
            information," he wrote. "In the coming weeks, we will
            add privacy controls that are much simpler to use. We
            will also give you an easy way to turn off all third-party
            services.”
          – First response to “furor over Facebook's user privacy
            moves that left the site with a public relations problem
            and fighting to defend its reputation.”

Page 24                                                      ©2010-2011 280 Group LLC
Analysts Say Facebook May Need
            User Approvals
  • “Facebook Seeps Onto Other Web Sites,” -
    NY Times, April 19, 2010
          – Analysts say Facebook’s desire to spread its
            tentacles across the Web could run into privacy
            hurdles, as it will require the company to share
            increasing amounts of personal information about
            its users with other sites.
          – “They are going to have to secure more
            consumers’ approval for data-sharing,” said Augie
            Ray, analyst at Forrester Research.


Page 25                                              ©2010-2011 280 Group LLC
Damage to Facebook Brand
  • Why Facebook’s “private” messages are a joke,
    Jesse Stanchak on May 6, 2010,
          http://smartblogs.com/socialmedia/2010/05/06/why-facebooks-
          private-messages-are-a-joke/
  • ACLU Weighs in on Facebook’s Privacy Issues,
    Rex Gradeless, May 13, 2010,
          http://socialmedialawstudent.com/featured/aclu-weighs-in-on-
          facebooks-privacy-issues/
  • 6 Alternatives to Facebook, Itamar Kestenbaum,
    May 20, 2010,
          http://www.socialmediatoday.com/SMC/199443


              … and many, many more …
Page 26                                                       ©2010-2011 280 Group LLC
Pervasive Mistrust of Website
                   Intentions
  • Increased Privacy Concerns – “Tell-All
    Generation Keeps Some Things Offline,” –
    NY Times, May 9, 2010
          – “Mistrust of the intentions of social sites appears to
            be pervasive … telephone survey found 88
            percent of 18- to 24-year olds said there should be
            a law … to delete stored information [on social
            media websites.]
          – “Two weeks ago, Senator Charles Schumer …
            petitioned the Federal Trade Commission to
            review privacy policies of social networks.”

Page 27                                                 ©2010-2011 280 Group LLC
Brand Damage: Poor Customer
          Sat with Social Media websites
  • ForeSee Results, Annual E-Business Report for the
    American Customer Satisfaction Index (ACSI), July
    20, 2010 – http://www.foreseeresults.com/research-white-
          papers/ACSI-e-business-report-2010.shtml
  • “…interviews with approx. 70,000 customers …to
    measure satisfaction with more than 200 companies
    in 44 industries and 10 economic sectors”
  • Key finding: “Social Media: Customer satisfaction
    with social media sites is poor (70) … lowest industry
    aggregate score of any of the e-business or e-retail
    industries.”
          – Better than only airlines and subscription TV (66)

Page 28                                                          ©2010-2011 280 Group LLC
Backlash Over Un-Deletable
                       Cookies
  “Cookies' Cause Bitter Backlash” -- Wall
    Street Journal, September 19,2010,
          http://online.wsj.com/article_email/SB10001424052748704416904575502261335698370-
          lMyQjAxMTAwMDIwMDEyNDAyWj.html

  • Companies now using “Flash cookies” that can “re-
    spawn” after being deleted by user
  • Six lawsuits filed since July
  • "There are some in the industry who do not believe
    that users should be able to block tracking…," Chris
          Hoofnagle, director, Berkeley Center for Law & Technology's
          information-privacy programs
  • Two bills introduced into Congress
  • Federal Trade Commission expected to issue new
    guidelines by December.
Page 29                                                                                      ©2010-2011 280 Group LLC
Consumers Reports Takes Notice

  • June, 2010 Magazine
          – Two out of three online U.S. households use social networks
            such as Facebook and MySpace, nearly twice as many as a
            year ago.
          – But “millions … put themselves and their families at risk by
            exposing very sensitive personal information,” … national
            survey of 2,000 online households conducted in January.


  • March 23, 2011 email on “Zombie cookies”
          – Describes privacy threat from cookies “are bits of code
            placed on your computer by companies that track you
            while you're on the Internet — they come back even
            after you have carefully deleted them. And that's not
            illegal.”
          – Invites reader to sign online petition

Page 30                                                       ©2010-2011 280 Group LLC
ACLU Cites “Social Insecurity”
"We're just at the beginning (italics added for
emphasis) of seeing what the implications are for so
much information being posted on social networks,"
Nicole Ozer, the technology and civil liberties policy
director .. ACLU, N Cal.




Page 31                                            ©2010-2011 280 Group LLC
“Do Not Track” Option in FireFox
                     4 Browser
     • Released March 23
     • Builds on “Privacy
       Mode” in FireFox,
       Internet Explorer
     • Depends on website
       voluntary compliance




Page 32                              ©2010-2011 280 Group LLC
Increased Government
               Regulation?




Page 33                          ©2010-2011 280 Group LLC
Twitter Settles Federal Trade
   Commission Charges (June, 2010)
• FTC charged Twitter deceived consumers and put
  privacy at risk
• First case by FTC
  against social
  media site
• Complaint charged
  poor security allowed
  hackers to gain admin control, send phony tweets
• Twitter barred for 20 years from misleading consumers
  about security, privacy, confidentiality, also must create
  comprehensive security program, with outside auditing
Page 34                                            ©2010-2011 280 Group LLC
Google Settles with FTC Over
              Buzz (March, 2011)
•     US Federal Trade Commission
      charged Google with violations of      • Late breaking news!
      own privacy policy, with Buzz social
      social network service
       – Gmail account info used without
          user OK
•     FTC requires Google to get user OK
      before sharing info
•     20 years of audits, fines
•     “… legal order … further than
      voluntary commitment,” – deputy dir,
      FTC Bureau of Consumer Protection
       – First such action
       – “broad consequences” expected

Page 35                                                 ©2010-2011 280 Group LLC
Online Privacy Becoming
      Financial Services Industry Issue
  •       “View from Inside the Beltway”
           – The WSJ runs a series of exposés on Internet tracking and consumer
             profiling to enhance ad placement (July 2010)
           – The Department of Commerce Internet Policy Task Force issues an 80-
             page “policy framework” (December 2010)
           – A McKinsey study shows that consumers reap a net annual benefit of $130
             billion from free web-based services (paid for by advertising) (January 2011)
           – Congressman Jackie Speier introduces “do-not-track” legislation (February
             2011)
           – McCain, Kerry circulate “online privacy bill of rights” (March 2011)


           – SVB Online Seminar, Are You Tracking This? The Feds are Moving on
             Internet Privacy, March 17th, 2011




Page 36                                                                     ©2010-2011 280 Group LLC
Is This the Future?




Page 37                         ©2010-2011 280 Group LLC
A Legal Precedent for User
                Privacy Legislation
  • State privacy laws - California SB 1386
          – Effective July 1, 2003
          – Requires an agency, person or business that
            conducts business in California …to disclose any
            breach of security (to any resident).
          – Similar laws now in force in 46 states in US
  • What would be the impact if these laws were
    extended to general privacy issues?



Page 38                                              ©2010-2011 280 Group LLC
Strategic Issues and Market
                 Requirements




Page 39                           ©2010-2011 280 Group LLC
Strategic Issues for PMs
  • Is your company’s business model at risk from
    increased government regulation?
          – … in the US?
          – … in privacy-focused European Union countries?
  • How would government-mandated user privacy
    protections affect your competitive position?
          – Who benefits? Who loses? Your company? The
            competition?
  • Major user privacy incident?
  • How do you exercise leadership in your
    company?
Page 40                                            ©2010-2011 280 Group LLC
Define Market Requirements
  • Well-researched Market Requirements
    should cover both stated and unstated
    (latent) needs
          – Protect your company’s brand and revenue
          – Perhaps protect your career

  • Privacy/Security requirements not called out
    because they are “universally understood” or
    perhaps not understood



Page 41                                           ©2010-2011 280 Group LLC
Who Understands Privacy
             (Security) Issues?
  • Almost all end users (business, consumer) do
    not begin to understand privacy issues
  • Most Line of Business owners prioritize time-
    to-market, or won’t invest in effective security

  • Many software developers do not know how
    to write secure code
  • IT often deploys insecure websites and
    networks
  • Most product managers don’t know security
Page 42                                     ©2010-2011 280 Group LLC
Define Market Requirements
  • Privacy Policy
          – User privacy respected by web site owner
            company and third parties, including advertisers
          – User data protected from unauthorized access by
            individuals and companies
          – Simplify data sharing options and default to NONE

  • User Education
          – Educate about managing their data
          – Educate about privacy implications of sharing data
          – Provide effective and timely advice and warnings
            about social engineering attacks
          – Get effective help if they suspect security issue
Page 43                                              ©2010-2011 280 Group LLC
Influence Company Policies
  • Programing, Administration and Operations
          – Test all changes to prevent exposure of user data
          – Ensure that user posted content is safe
          – Detect and remove malware planted by hackers
          – Work with security vendors on emerging threats
          – Notify users proactively of security breaches, even
            if not required by law
          – Include partners in security programs

          – Maintain ongoing programs and provide sufficient
            resources, including outside help



Page 44                                               ©2010-2011 280 Group LLC
Takeaway Ideas




Page 45                    ©2010-2011 280 Group LLC
Takeaway Ideas

  • You must understand the business
    consequences of poor user privacy
          – It’s only your company’s business model and
            maybe your career
  • As the product champion, you must articulate
    the issues, document the requirements, and
    influence overall policies in your company
  • You do not have to be security expert


Page 46                                             ©2010-2011 280 Group LLC
Closure

  • Questions?

  • Contact me later
    – phil@280group.com
    – (650) 766 9970
    – http://tungle.me/philburton to set up an
      appointment



Page 47                                    ©2010-2011 280 Group LLC

Mais conteúdo relacionado

Mais procurados

20120208 ARMA Detroit Social Media Governance
20120208 ARMA Detroit Social Media Governance20120208 ARMA Detroit Social Media Governance
20120208 ARMA Detroit Social Media GovernanceJesse Wilkins
 
CSUN - Youth Driven Information Privacy Education Campaign
CSUN - Youth Driven Information Privacy Education CampaignCSUN - Youth Driven Information Privacy Education Campaign
CSUN - Youth Driven Information Privacy Education CampaignKimberly Gonzalez
 
Presentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITY
Presentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITYPresentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITY
Presentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITYgailmowal
 
Privacy flip book assignment film 260 queensu kc
Privacy flip book assignment  film 260  queensu kcPrivacy flip book assignment  film 260  queensu kc
Privacy flip book assignment film 260 queensu kcCatherine Cowperthwaite
 
Online Policy Primer: Facebook
Online Policy Primer: Facebook Online Policy Primer: Facebook
Online Policy Primer: Facebook ingridkreidler
 
Noah Lang's Presentation
Noah Lang's PresentationNoah Lang's Presentation
Noah Lang's PresentationMediabistro
 
Legal issues of social media 2016
Legal issues of social media 2016Legal issues of social media 2016
Legal issues of social media 2016Brian Huonker
 
Legal Implications Of Social Media
Legal Implications Of Social MediaLegal Implications Of Social Media
Legal Implications Of Social MediaDaliahSaper
 
Be presentation social network.61,65,70
Be presentation   social network.61,65,70Be presentation   social network.61,65,70
Be presentation social network.61,65,70domsr
 
Production Assignment
Production AssignmentProduction Assignment
Production Assignmentcrumbsy
 
Intro to Web 3.0 and the Internet of Things
Intro to Web 3.0 and the Internet of ThingsIntro to Web 3.0 and the Internet of Things
Intro to Web 3.0 and the Internet of ThingsPhilip Sheldrake
 
Ifa fbn july 2014 social media and franchising legal aspects
Ifa fbn july 2014 social media and franchising   legal aspectsIfa fbn july 2014 social media and franchising   legal aspects
Ifa fbn july 2014 social media and franchising legal aspectsduvallg
 
Social Media And Privacy October 9 2009
Social Media And Privacy October 9 2009Social Media And Privacy October 9 2009
Social Media And Privacy October 9 2009canadianlawyer
 
Social Networking or social media
Social Networking or social mediaSocial Networking or social media
Social Networking or social mediadivyabhandawat
 

Mais procurados (20)

20120208 ARMA Detroit Social Media Governance
20120208 ARMA Detroit Social Media Governance20120208 ARMA Detroit Social Media Governance
20120208 ARMA Detroit Social Media Governance
 
CSUN - Youth Driven Information Privacy Education Campaign
CSUN - Youth Driven Information Privacy Education CampaignCSUN - Youth Driven Information Privacy Education Campaign
CSUN - Youth Driven Information Privacy Education Campaign
 
Presentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITY
Presentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITYPresentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITY
Presentation 2SOCIAL MEDIA AND THE FUTURE OF PRIVACY & SECURITY
 
Privacy flip book assignment film 260 queensu kc
Privacy flip book assignment  film 260  queensu kcPrivacy flip book assignment  film 260  queensu kc
Privacy flip book assignment film 260 queensu kc
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Online Policy Primer: Facebook
Online Policy Primer: Facebook Online Policy Primer: Facebook
Online Policy Primer: Facebook
 
Noah Lang's Presentation
Noah Lang's PresentationNoah Lang's Presentation
Noah Lang's Presentation
 
D) Emerging ICT Tools
D) Emerging ICT ToolsD) Emerging ICT Tools
D) Emerging ICT Tools
 
Internet Research
Internet ResearchInternet Research
Internet Research
 
Legal issues of social media 2016
Legal issues of social media 2016Legal issues of social media 2016
Legal issues of social media 2016
 
Online Policy Primer
Online Policy PrimerOnline Policy Primer
Online Policy Primer
 
Legal Implications Of Social Media
Legal Implications Of Social MediaLegal Implications Of Social Media
Legal Implications Of Social Media
 
Be presentation social network.61,65,70
Be presentation   social network.61,65,70Be presentation   social network.61,65,70
Be presentation social network.61,65,70
 
Production Assignment
Production AssignmentProduction Assignment
Production Assignment
 
Intro to Web 3.0 and the Internet of Things
Intro to Web 3.0 and the Internet of ThingsIntro to Web 3.0 and the Internet of Things
Intro to Web 3.0 and the Internet of Things
 
Ifa fbn july 2014 social media and franchising legal aspects
Ifa fbn july 2014 social media and franchising   legal aspectsIfa fbn july 2014 social media and franchising   legal aspects
Ifa fbn july 2014 social media and franchising legal aspects
 
Social Media And Privacy October 9 2009
Social Media And Privacy October 9 2009Social Media And Privacy October 9 2009
Social Media And Privacy October 9 2009
 
Social media and intellectual property
Social media and intellectual propertySocial media and intellectual property
Social media and intellectual property
 
Etech activity
Etech activityEtech activity
Etech activity
 
Social Networking or social media
Social Networking or social mediaSocial Networking or social media
Social Networking or social media
 

Destaque

BE project list on Arm 7
BE project list on Arm 7BE project list on Arm 7
BE project list on Arm 7kwasganesh
 
Cheryl Berger_project manager
Cheryl Berger_project managerCheryl Berger_project manager
Cheryl Berger_project managerCheryl Berger
 
A2 Media Evaluation
A2 Media EvaluationA2 Media Evaluation
A2 Media EvaluationAndy Johnson
 
Forecasting patient outflow from wards having no real-time clinical data
Forecasting patient outflow from wards having no real-time clinical dataForecasting patient outflow from wards having no real-time clinical data
Forecasting patient outflow from wards having no real-time clinical dataShivapratap Gopakumar
 
азамат нуркаш + интернетмаркет
азамат нуркаш + интернетмаркетазамат нуркаш + интернетмаркет
азамат нуркаш + интернетмаркетАзамат Нуркаш
 
Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...
Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...
Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...Christian Deger
 
Open day 2017 infanzia primaria def
Open day 2017 infanzia primaria defOpen day 2017 infanzia primaria def
Open day 2017 infanzia primaria defIda Letizia
 
Building Microservices in the cloud - Software Architecture Summit 2016
Building Microservices in the cloud - Software Architecture Summit 2016Building Microservices in the cloud - Software Architecture Summit 2016
Building Microservices in the cloud - Software Architecture Summit 2016Christian Deger
 
Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...
Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...
Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...Rising Media Ltd.
 
LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.
LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.
LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.Omer Yousuf
 

Destaque (19)

Computación56
Computación56Computación56
Computación56
 
Dot BD Domain and Shared Registry Model- A Policy Proposal
Dot BD Domain and Shared Registry Model- A Policy Proposal Dot BD Domain and Shared Registry Model- A Policy Proposal
Dot BD Domain and Shared Registry Model- A Policy Proposal
 
Documento de prueba
Documento de pruebaDocumento de prueba
Documento de prueba
 
BE project list on Arm 7
BE project list on Arm 7BE project list on Arm 7
BE project list on Arm 7
 
Ruggeri_CLaD_sm
Ruggeri_CLaD_smRuggeri_CLaD_sm
Ruggeri_CLaD_sm
 
Cheryl Berger_project manager
Cheryl Berger_project managerCheryl Berger_project manager
Cheryl Berger_project manager
 
A2 Media Evaluation
A2 Media EvaluationA2 Media Evaluation
A2 Media Evaluation
 
ORBIS HDB1012 BULKPAK Spec Sheet
ORBIS HDB1012 BULKPAK Spec SheetORBIS HDB1012 BULKPAK Spec Sheet
ORBIS HDB1012 BULKPAK Spec Sheet
 
Forecasting patient outflow from wards having no real-time clinical data
Forecasting patient outflow from wards having no real-time clinical dataForecasting patient outflow from wards having no real-time clinical data
Forecasting patient outflow from wards having no real-time clinical data
 
Resumen sobre el sena
Resumen sobre el senaResumen sobre el sena
Resumen sobre el sena
 
Talat
TalatTalat
Talat
 
азамат нуркаш + интернетмаркет
азамат нуркаш + интернетмаркетазамат нуркаш + интернетмаркет
азамат нуркаш + интернетмаркет
 
Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...
Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...
Predictive Analytics for Vehicle Price Prediction - Delivered Continuously at...
 
Open day 2017 infanzia primaria def
Open day 2017 infanzia primaria defOpen day 2017 infanzia primaria def
Open day 2017 infanzia primaria def
 
Building Microservices in the cloud - Software Architecture Summit 2016
Building Microservices in the cloud - Software Architecture Summit 2016Building Microservices in the cloud - Software Architecture Summit 2016
Building Microservices in the cloud - Software Architecture Summit 2016
 
Pelatihan Peran Public Relations di Abad 21
Pelatihan Peran Public Relations di Abad 21Pelatihan Peran Public Relations di Abad 21
Pelatihan Peran Public Relations di Abad 21
 
Tecnologia educativa
Tecnologia educativaTecnologia educativa
Tecnologia educativa
 
Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...
Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...
Predictive Analytics für gemeinnützige Zwecke - und was Unternehmen daraus le...
 
LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.
LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.
LANDSCAPE AS INFRASTRUCTURE: Revitalizing The Malir River Karachi.
 

Semelhante a What every product manager needs to know about security

What every product manager needs to know about online privacy
What every product manager needs to know about online privacyWhat every product manager needs to know about online privacy
What every product manager needs to know about online privacyTrevor Fox
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Securitymmavis
 
Capstone It 101 Final
Capstone It 101 FinalCapstone It 101 Final
Capstone It 101 Finalguest745203
 
The Future of Social Networks
The Future of Social NetworksThe Future of Social Networks
The Future of Social NetworksSavaş Şakar
 
Social Computing – The Promise And The Perils Final
Social Computing – The Promise And The Perils FinalSocial Computing – The Promise And The Perils Final
Social Computing – The Promise And The Perils FinalKannan Subbiah
 
Microsoft Power Point Lib1 #1262264 V1 Social Networking
Microsoft Power Point   Lib1 #1262264 V1 Social NetworkingMicrosoft Power Point   Lib1 #1262264 V1 Social Networking
Microsoft Power Point Lib1 #1262264 V1 Social Networkingtmdomish
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewPeter Wood
 
The Future of the Web
The Future of the WebThe Future of the Web
The Future of the Webcrassi
 
Privacy & Social Media
Privacy & Social MediaPrivacy & Social Media
Privacy & Social Mediachuckbt
 
Compliance and Deliverability Workshop
Compliance and Deliverability WorkshopCompliance and Deliverability Workshop
Compliance and Deliverability WorkshopMatt Vernhout
 
Social Media for nonprofits
Social Media for nonprofitsSocial Media for nonprofits
Social Media for nonprofitsRabiya Jilani
 
Is your data secure? privacy and trust in the social web
Is your data secure?  privacy and trust in the social webIs your data secure?  privacy and trust in the social web
Is your data secure? privacy and trust in the social webPhil Cryer
 
Ethics in Social Media
Ethics in Social MediaEthics in Social Media
Ethics in Social Mediajrfields
 
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonOnline Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonPhil Cryer
 

Semelhante a What every product manager needs to know about security (20)

What every product manager needs to know about online privacy
What every product manager needs to know about online privacyWhat every product manager needs to know about online privacy
What every product manager needs to know about online privacy
 
Infocom Security
Infocom SecurityInfocom Security
Infocom Security
 
Social Networking For The Building Industry
Social Networking For The Building IndustrySocial Networking For The Building Industry
Social Networking For The Building Industry
 
Capstone It 101 Final
Capstone It 101 FinalCapstone It 101 Final
Capstone It 101 Final
 
The Future of Social Networks
The Future of Social NetworksThe Future of Social Networks
The Future of Social Networks
 
Executive Roundtable: Developing Social Networking Policies for the Legal Aid...
Executive Roundtable: Developing Social Networking Policies for the Legal Aid...Executive Roundtable: Developing Social Networking Policies for the Legal Aid...
Executive Roundtable: Developing Social Networking Policies for the Legal Aid...
 
Social Computing – The Promise And The Perils Final
Social Computing – The Promise And The Perils FinalSocial Computing – The Promise And The Perils Final
Social Computing – The Promise And The Perils Final
 
Ppt
PptPpt
Ppt
 
Microsoft Power Point Lib1 #1262264 V1 Social Networking
Microsoft Power Point   Lib1 #1262264 V1 Social NetworkingMicrosoft Power Point   Lib1 #1262264 V1 Social Networking
Microsoft Power Point Lib1 #1262264 V1 Social Networking
 
SOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITYSOCIAL NETWORK SECURITY
SOCIAL NETWORK SECURITY
 
Social Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's ViewSocial Networking - An Ethical Hacker's View
Social Networking - An Ethical Hacker's View
 
The Future of the Web
The Future of the WebThe Future of the Web
The Future of the Web
 
Privacy & Social Media
Privacy & Social MediaPrivacy & Social Media
Privacy & Social Media
 
Compliance and Deliverability Workshop
Compliance and Deliverability WorkshopCompliance and Deliverability Workshop
Compliance and Deliverability Workshop
 
Adler nurani
Adler nurani Adler nurani
Adler nurani
 
Social Media for nonprofits
Social Media for nonprofitsSocial Media for nonprofits
Social Media for nonprofits
 
Is your data secure? privacy and trust in the social web
Is your data secure?  privacy and trust in the social webIs your data secure?  privacy and trust in the social web
Is your data secure? privacy and trust in the social web
 
Ethics in Social Media
Ethics in Social MediaEthics in Social Media
Ethics in Social Media
 
Finance
FinanceFinance
Finance
 
Online Privacy in the Year of the Dragon
Online Privacy in the Year of the DragonOnline Privacy in the Year of the Dragon
Online Privacy in the Year of the Dragon
 

Mais de Silicon Valley ProductCamp

The 7 Toughest Challenges to Building Successful Products and Companies and h...
The 7 Toughest Challenges to Building Successful Products and Companies and h...The 7 Toughest Challenges to Building Successful Products and Companies and h...
The 7 Toughest Challenges to Building Successful Products and Companies and h...Silicon Valley ProductCamp
 
Driving Revenue through World Class Messaging and Positioning
Driving Revenue through World Class Messaging and PositioningDriving Revenue through World Class Messaging and Positioning
Driving Revenue through World Class Messaging and PositioningSilicon Valley ProductCamp
 
Getting Promoted and Understanding The Next Job Up
Getting Promoted and Understanding The Next Job UpGetting Promoted and Understanding The Next Job Up
Getting Promoted and Understanding The Next Job UpSilicon Valley ProductCamp
 
Gamification: Turning Customers into Advocates & Prioritizing Requirements
Gamification: Turning Customers into Advocates & Prioritizing RequirementsGamification: Turning Customers into Advocates & Prioritizing Requirements
Gamification: Turning Customers into Advocates & Prioritizing RequirementsSilicon Valley ProductCamp
 
Your Secret Weapon for Success: Delivering What Customers Value Most
Your Secret Weapon for Success: Delivering What Customers Value Most Your Secret Weapon for Success: Delivering What Customers Value Most
Your Secret Weapon for Success: Delivering What Customers Value Most Silicon Valley ProductCamp
 

Mais de Silicon Valley ProductCamp (14)

Phil burton optimizing product management
Phil burton optimizing product managementPhil burton optimizing product management
Phil burton optimizing product management
 
Phil Burton V 42 rules of pmm
Phil Burton V 42 rules of pmmPhil Burton V 42 rules of pmm
Phil Burton V 42 rules of pmm
 
Whose Throat to Choke?
Whose Throat to Choke?Whose Throat to Choke?
Whose Throat to Choke?
 
Can You Hear Me Now
Can You Hear Me NowCan You Hear Me Now
Can You Hear Me Now
 
The 7 Toughest Challenges to Building Successful Products and Companies and h...
The 7 Toughest Challenges to Building Successful Products and Companies and h...The 7 Toughest Challenges to Building Successful Products and Companies and h...
The 7 Toughest Challenges to Building Successful Products and Companies and h...
 
Lean Startup for Non-startups
Lean Startup for Non-startupsLean Startup for Non-startups
Lean Startup for Non-startups
 
Driving Revenue through World Class Messaging and Positioning
Driving Revenue through World Class Messaging and PositioningDriving Revenue through World Class Messaging and Positioning
Driving Revenue through World Class Messaging and Positioning
 
No Cost Product Training
No Cost Product TrainingNo Cost Product Training
No Cost Product Training
 
Stump the Experts
Stump the ExpertsStump the Experts
Stump the Experts
 
Seven Phases Standard Product Life Cyle
Seven Phases Standard Product Life CyleSeven Phases Standard Product Life Cyle
Seven Phases Standard Product Life Cyle
 
Crowdsourcing Product Development
Crowdsourcing Product DevelopmentCrowdsourcing Product Development
Crowdsourcing Product Development
 
Getting Promoted and Understanding The Next Job Up
Getting Promoted and Understanding The Next Job UpGetting Promoted and Understanding The Next Job Up
Getting Promoted and Understanding The Next Job Up
 
Gamification: Turning Customers into Advocates & Prioritizing Requirements
Gamification: Turning Customers into Advocates & Prioritizing RequirementsGamification: Turning Customers into Advocates & Prioritizing Requirements
Gamification: Turning Customers into Advocates & Prioritizing Requirements
 
Your Secret Weapon for Success: Delivering What Customers Value Most
Your Secret Weapon for Success: Delivering What Customers Value Most Your Secret Weapon for Success: Delivering What Customers Value Most
Your Secret Weapon for Success: Delivering What Customers Value Most
 

Último

Shopclues: Failure & Solutions in Business Model
Shopclues: Failure & Solutions in Business ModelShopclues: Failure & Solutions in Business Model
Shopclues: Failure & Solutions in Business ModelBhaviniSharma12
 
Olympus 38DL Plus Ultrasonic Thickness Gauge
Olympus 38DL Plus Ultrasonic Thickness GaugeOlympus 38DL Plus Ultrasonic Thickness Gauge
Olympus 38DL Plus Ultrasonic Thickness GaugeStephenKim86
 
We are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionWe are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionRight Direction Aero
 
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptBus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptendeworku
 
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...BilalAhmed717
 
Presented by Sabri international .......
Presented by Sabri international .......Presented by Sabri international .......
Presented by Sabri international .......SABRI INTERNATIONAL
 
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxStreamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxPaulBryant58
 
Business Models and Business Model Innovation
Business Models and Business Model InnovationBusiness Models and Business Model Innovation
Business Models and Business Model InnovationMichal Hron
 
14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdf14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdfEni
 
0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdf0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdfBloomerang
 
NVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptxNVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptxKrutik Rakade
 
Mist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in EgyptMist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in Egyptopstechsanjanasingh
 
Optimize Your CRM Customization and Beyond
Optimize Your CRM Customization and BeyondOptimize Your CRM Customization and Beyond
Optimize Your CRM Customization and BeyondBoundify
 
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAYLouis Malaybalay
 
Pitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deckPitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deckHajeJanKamps
 
Young Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya CherianYoung Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya CherianCDEEPANVITA
 
ICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the IndustryICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the IndustryDennisViau
 
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptxAirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptxAirOxi Tube
 

Último (20)

WAM Corporate Presentation Mar 12 2024_Video.pdf
WAM Corporate Presentation Mar 12 2024_Video.pdfWAM Corporate Presentation Mar 12 2024_Video.pdf
WAM Corporate Presentation Mar 12 2024_Video.pdf
 
Shopclues: Failure & Solutions in Business Model
Shopclues: Failure & Solutions in Business ModelShopclues: Failure & Solutions in Business Model
Shopclues: Failure & Solutions in Business Model
 
Olympus 38DL Plus Ultrasonic Thickness Gauge
Olympus 38DL Plus Ultrasonic Thickness GaugeOlympus 38DL Plus Ultrasonic Thickness Gauge
Olympus 38DL Plus Ultrasonic Thickness Gauge
 
We are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionWe are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right Direction
 
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptBus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
 
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
 
Presented by Sabri international .......
Presented by Sabri international .......Presented by Sabri international .......
Presented by Sabri international .......
 
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxStreamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
 
Business Models and Business Model Innovation
Business Models and Business Model InnovationBusiness Models and Business Model Innovation
Business Models and Business Model Innovation
 
14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdf14 march 2024-capital-markets-update eni.pdf
14 march 2024-capital-markets-update eni.pdf
 
0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdf0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdf
 
NVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptxNVIDIA's overall business overview Presentation.pptx
NVIDIA's overall business overview Presentation.pptx
 
Mist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in EgyptMist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in Egypt
 
Optimize Your CRM Customization and Beyond
Optimize Your CRM Customization and BeyondOptimize Your CRM Customization and Beyond
Optimize Your CRM Customization and Beyond
 
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
3BBE: THE FUTURE OF ECOMMERCE PRESENTATION - LOUIS MALAYBALAY
 
Pitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deckPitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deck
 
Young Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya CherianYoung Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya Cherian
 
ICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the IndustryICv2 Hobby Games White Paper 2024 - State of the Industry
ICv2 Hobby Games White Paper 2024 - State of the Industry
 
WAM Corporate Presentation Mar 12 2024.pdf
WAM Corporate Presentation Mar 12 2024.pdfWAM Corporate Presentation Mar 12 2024.pdf
WAM Corporate Presentation Mar 12 2024.pdf
 
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptxAirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
 

What every product manager needs to know about security

  • 1. What Every Product Manager Needs to Know About Online Privacy and Security Protecting Your Brand, Revenue, and Business Model Phil Burton, Principal Consultant and Trainer 280 Group LLC © 2010-2011 280 Group LLC Page 1 ©2010-2011 280 Group LLC
  • 2. Why is Online Privacy Important? • Lack of effective privacy can affect revenues and damage your business model loss of trust and reputation brand damage Decreases in site visitors lower revenue • Real and growing risk of government regulation in US, EU Potentially limit revenue opportunities Potentially impact the business model • Effective privacy requires excellent security Page 2 ©2010-2011 280 Group LLC
  • 3. Agenda • Threats to Online User Privacy – Corporate Policy – Poor Operations and Programing Practices – Lack of User Education • Issues and Consequences • Increased Government Regulation? • Strategic Issues and Market Requirements • Takeaway Ideas Page 3 ©2010-2011 280 Group LLC
  • 4. Threats to Online User Privacy Corporate Policy Page 4 ©2010-2011 280 Group LLC
  • 5. Causes of Privacy Threats • Corporate policy – Business model monetizes private data – Complete indifference to privacy issues • Poor operations and programming practices – Badly designed, buggy software and configurations – Poorly secured websites allow professional criminals to steal user private data • “contribute” content with “malware” • forcefully plant malware • Lack of user education – Users don’t know how or why to protect private data – “Social Engineering” tricks users Page 5 ©2010-2011 280 Group LLC
  • 6. Facebook Places issue • Facebook announced location service “Places” August 18, 2010 • Immediate criticism of default “opt-in” – No single opt-out setting – No ability to control which people can see check-in – Can “check-in” friends without permission – Available to Facebook partners and phone apps Page 6 ©2010-2011 280 Group LLC
  • 7. Facebook Policy Causes Privacy Threats • “Your Privacy Isn’t So Private” – San Jose Mercury-News, Tech Files column, May 3, 2010 – Facebook is “cavalier” with privacy of its users – “Alarm bells went off in my head over the privacy issues” – “Astonishing how much information Facebook now considers ‘public’ and is sharing with its marketing partners” Page 7 ©2010-2011 280 Group LLC
  • 8. Google and Facebook “Blurring the Line” • “A Blurring Line: Private and Public” – NY Times, Bits column, March 15, 2010 – Google Buzz service “complete disaster” by linking email accounts to status updates on social networks – Facebook makes members information public by default – Issue is “broader muddying of the line between what is private and what is public online.” Page 8 ©2010-2011 280 Group LLC
  • 9. Corporate Indifference: Uploaded Photos Reveal Subject Location • “Geotags” in uploaded photos identify exact location • Children, friends, houses, expensive cars, etc. • Website APIs make it easy for criminals and stalkers to locate on Google Maps – “Cyber-casing” • Users “compromising their privacy, if not their safety” • Illegal under copyright law to strip out all “metadata” • Smartphones and websites need better user controls Page 9 ©2010-2011 280 Group LLC
  • 10. Tone Deaf: Eric Schmidt calls for Young Adult “Witness Protection Program” • “[Schmidt ]predicts, apparently seriously, that every young person one day will be entitled automatically to change his or her name on reaching adulthood in order to disown youthful hijinks stored on their friends' social media sites.” • Technical solution to important policy issue? • Doesn’t Google have any responsibility here? Page 10 ©2010-2011 280 Group LLC
  • 11. Apple’s Very Different User Privacy Policy • Steve Jobs on user privacy: – “ … different view … than some of our colleagues in the Valley. We take privacy very seriously.” – “Privacy means people know what they’re signing up for. In plain English. … repeatedly” – “Let them know precisely what you’re going to do with their data.” – Wall Street Journal, Technology, Kara Swisher and Walt Mossberg, June 7, 2010, p. R3. Page 11 ©2010-2011 280 Group LLC
  • 12. Threats to Online User Privacy Poor Operations and Programming Practices Page 12 ©2010-2011 280 Group LLC
  • 13. The Not-Private Blog • The “niece’s blog” – The aunt periodically did Google search on nieces and nephews to keep up with their activities – College freshman niece wrote one blog for parents and relatives – Wrote second blog for just for friends • Password protected • Drugs, sex, wild parties, disparaging comments on family • Google found it with normal “spidering” Page 13 ©2010-2011 280 Group LLC
  • 14. Credit Card Numbers Revealed • Web site Blippy.com revealed credit card numbers Page 14 ©2010-2011 280 Group LLC
  • 15. Credit Card Numbers Revealed • Not enough testing – http://techie- buzz.com/tech- news/credit- card-numbers- of-blippy-users- show-up-on- google.html (April 23, 2010) Page 15 ©2010-2011 280 Group LLC
  • 16. Not So Private Chats on Facebook • Insufficient testing or poor configuration revealed private chats on Facebook Page 16 ©2010-2011 280 Group LLC
  • 17. Poor Operations Practices Reveals iPad phone and email info • AT&T website exposed phone IDs email addresses of 114,000 iPad owners – dozens of CEOs, military officials, and top politicians – FBI investigating – Wall Street Journal, June 11, 2010 Page 17 ©2010-2011 280 Group LLC
  • 18. Poorly Protected Website Infected with “Drive-By” Malware • Hackers successfully penetrate well- known site – Plant “Drive-by downloads” on poorly protected sites • safeweb.norton. com/buzz Page 18 ©2010-2011 280 Group LLC
  • 19. Threats to Online User Privacy User Education Page 19 ©2010-2011 280 Group LLC
  • 20. “Forget Email... Social's the New Spam Vector” • “… this shift in spammer strategy from email to social networking sites tracks perfectly with users' online behavior” • “spammers are counting on … our collective naïveté.” Page 20 ©2010-2011 280 Group LLC
  • 21. Issues and Consequences Page 21 ©2010-2011 280 Group LLC
  • 22. Mark Zuckerberg Doesn’t Value Privacy • January 9, 2010 • April 23, 2010 Page 22 ©2010-2011 280 Group LLC
  • 23. Zuckerberg Admits Mistakes About Privacy • May 24, 2010 Page 23 ©2010-2011 280 Group LLC
  • 24. Zuckerberg Public Letter Really Targets Federal Government • Zuckerberg letter to blogger and Op-Ed piece in Wash. Post, May 24, 2010 -- http://www.washingtonpost.com/wp- dyn/content/article/2010/05/23/AR2010052303828.html – “There needs to be a simpler way to control your information," he wrote. "In the coming weeks, we will add privacy controls that are much simpler to use. We will also give you an easy way to turn off all third-party services.” – First response to “furor over Facebook's user privacy moves that left the site with a public relations problem and fighting to defend its reputation.” Page 24 ©2010-2011 280 Group LLC
  • 25. Analysts Say Facebook May Need User Approvals • “Facebook Seeps Onto Other Web Sites,” - NY Times, April 19, 2010 – Analysts say Facebook’s desire to spread its tentacles across the Web could run into privacy hurdles, as it will require the company to share increasing amounts of personal information about its users with other sites. – “They are going to have to secure more consumers’ approval for data-sharing,” said Augie Ray, analyst at Forrester Research. Page 25 ©2010-2011 280 Group LLC
  • 26. Damage to Facebook Brand • Why Facebook’s “private” messages are a joke, Jesse Stanchak on May 6, 2010, http://smartblogs.com/socialmedia/2010/05/06/why-facebooks- private-messages-are-a-joke/ • ACLU Weighs in on Facebook’s Privacy Issues, Rex Gradeless, May 13, 2010, http://socialmedialawstudent.com/featured/aclu-weighs-in-on- facebooks-privacy-issues/ • 6 Alternatives to Facebook, Itamar Kestenbaum, May 20, 2010, http://www.socialmediatoday.com/SMC/199443 … and many, many more … Page 26 ©2010-2011 280 Group LLC
  • 27. Pervasive Mistrust of Website Intentions • Increased Privacy Concerns – “Tell-All Generation Keeps Some Things Offline,” – NY Times, May 9, 2010 – “Mistrust of the intentions of social sites appears to be pervasive … telephone survey found 88 percent of 18- to 24-year olds said there should be a law … to delete stored information [on social media websites.] – “Two weeks ago, Senator Charles Schumer … petitioned the Federal Trade Commission to review privacy policies of social networks.” Page 27 ©2010-2011 280 Group LLC
  • 28. Brand Damage: Poor Customer Sat with Social Media websites • ForeSee Results, Annual E-Business Report for the American Customer Satisfaction Index (ACSI), July 20, 2010 – http://www.foreseeresults.com/research-white- papers/ACSI-e-business-report-2010.shtml • “…interviews with approx. 70,000 customers …to measure satisfaction with more than 200 companies in 44 industries and 10 economic sectors” • Key finding: “Social Media: Customer satisfaction with social media sites is poor (70) … lowest industry aggregate score of any of the e-business or e-retail industries.” – Better than only airlines and subscription TV (66) Page 28 ©2010-2011 280 Group LLC
  • 29. Backlash Over Un-Deletable Cookies “Cookies' Cause Bitter Backlash” -- Wall Street Journal, September 19,2010, http://online.wsj.com/article_email/SB10001424052748704416904575502261335698370- lMyQjAxMTAwMDIwMDEyNDAyWj.html • Companies now using “Flash cookies” that can “re- spawn” after being deleted by user • Six lawsuits filed since July • "There are some in the industry who do not believe that users should be able to block tracking…," Chris Hoofnagle, director, Berkeley Center for Law & Technology's information-privacy programs • Two bills introduced into Congress • Federal Trade Commission expected to issue new guidelines by December. Page 29 ©2010-2011 280 Group LLC
  • 30. Consumers Reports Takes Notice • June, 2010 Magazine – Two out of three online U.S. households use social networks such as Facebook and MySpace, nearly twice as many as a year ago. – But “millions … put themselves and their families at risk by exposing very sensitive personal information,” … national survey of 2,000 online households conducted in January. • March 23, 2011 email on “Zombie cookies” – Describes privacy threat from cookies “are bits of code placed on your computer by companies that track you while you're on the Internet — they come back even after you have carefully deleted them. And that's not illegal.” – Invites reader to sign online petition Page 30 ©2010-2011 280 Group LLC
  • 31. ACLU Cites “Social Insecurity” "We're just at the beginning (italics added for emphasis) of seeing what the implications are for so much information being posted on social networks," Nicole Ozer, the technology and civil liberties policy director .. ACLU, N Cal. Page 31 ©2010-2011 280 Group LLC
  • 32. “Do Not Track” Option in FireFox 4 Browser • Released March 23 • Builds on “Privacy Mode” in FireFox, Internet Explorer • Depends on website voluntary compliance Page 32 ©2010-2011 280 Group LLC
  • 33. Increased Government Regulation? Page 33 ©2010-2011 280 Group LLC
  • 34. Twitter Settles Federal Trade Commission Charges (June, 2010) • FTC charged Twitter deceived consumers and put privacy at risk • First case by FTC against social media site • Complaint charged poor security allowed hackers to gain admin control, send phony tweets • Twitter barred for 20 years from misleading consumers about security, privacy, confidentiality, also must create comprehensive security program, with outside auditing Page 34 ©2010-2011 280 Group LLC
  • 35. Google Settles with FTC Over Buzz (March, 2011) • US Federal Trade Commission charged Google with violations of • Late breaking news! own privacy policy, with Buzz social social network service – Gmail account info used without user OK • FTC requires Google to get user OK before sharing info • 20 years of audits, fines • “… legal order … further than voluntary commitment,” – deputy dir, FTC Bureau of Consumer Protection – First such action – “broad consequences” expected Page 35 ©2010-2011 280 Group LLC
  • 36. Online Privacy Becoming Financial Services Industry Issue • “View from Inside the Beltway” – The WSJ runs a series of exposés on Internet tracking and consumer profiling to enhance ad placement (July 2010) – The Department of Commerce Internet Policy Task Force issues an 80- page “policy framework” (December 2010) – A McKinsey study shows that consumers reap a net annual benefit of $130 billion from free web-based services (paid for by advertising) (January 2011) – Congressman Jackie Speier introduces “do-not-track” legislation (February 2011) – McCain, Kerry circulate “online privacy bill of rights” (March 2011) – SVB Online Seminar, Are You Tracking This? The Feds are Moving on Internet Privacy, March 17th, 2011 Page 36 ©2010-2011 280 Group LLC
  • 37. Is This the Future? Page 37 ©2010-2011 280 Group LLC
  • 38. A Legal Precedent for User Privacy Legislation • State privacy laws - California SB 1386 – Effective July 1, 2003 – Requires an agency, person or business that conducts business in California …to disclose any breach of security (to any resident). – Similar laws now in force in 46 states in US • What would be the impact if these laws were extended to general privacy issues? Page 38 ©2010-2011 280 Group LLC
  • 39. Strategic Issues and Market Requirements Page 39 ©2010-2011 280 Group LLC
  • 40. Strategic Issues for PMs • Is your company’s business model at risk from increased government regulation? – … in the US? – … in privacy-focused European Union countries? • How would government-mandated user privacy protections affect your competitive position? – Who benefits? Who loses? Your company? The competition? • Major user privacy incident? • How do you exercise leadership in your company? Page 40 ©2010-2011 280 Group LLC
  • 41. Define Market Requirements • Well-researched Market Requirements should cover both stated and unstated (latent) needs – Protect your company’s brand and revenue – Perhaps protect your career • Privacy/Security requirements not called out because they are “universally understood” or perhaps not understood Page 41 ©2010-2011 280 Group LLC
  • 42. Who Understands Privacy (Security) Issues? • Almost all end users (business, consumer) do not begin to understand privacy issues • Most Line of Business owners prioritize time- to-market, or won’t invest in effective security • Many software developers do not know how to write secure code • IT often deploys insecure websites and networks • Most product managers don’t know security Page 42 ©2010-2011 280 Group LLC
  • 43. Define Market Requirements • Privacy Policy – User privacy respected by web site owner company and third parties, including advertisers – User data protected from unauthorized access by individuals and companies – Simplify data sharing options and default to NONE • User Education – Educate about managing their data – Educate about privacy implications of sharing data – Provide effective and timely advice and warnings about social engineering attacks – Get effective help if they suspect security issue Page 43 ©2010-2011 280 Group LLC
  • 44. Influence Company Policies • Programing, Administration and Operations – Test all changes to prevent exposure of user data – Ensure that user posted content is safe – Detect and remove malware planted by hackers – Work with security vendors on emerging threats – Notify users proactively of security breaches, even if not required by law – Include partners in security programs – Maintain ongoing programs and provide sufficient resources, including outside help Page 44 ©2010-2011 280 Group LLC
  • 45. Takeaway Ideas Page 45 ©2010-2011 280 Group LLC
  • 46. Takeaway Ideas • You must understand the business consequences of poor user privacy – It’s only your company’s business model and maybe your career • As the product champion, you must articulate the issues, document the requirements, and influence overall policies in your company • You do not have to be security expert Page 46 ©2010-2011 280 Group LLC
  • 47. Closure • Questions? • Contact me later – phil@280group.com – (650) 766 9970 – http://tungle.me/philburton to set up an appointment Page 47 ©2010-2011 280 Group LLC