From: Ken Masters <[log in to unmask]>
Date: Thu, 13 Feb 2014 07:50:51 +0100

Hi All

I think Joe is correct.  And I think part of the reason is that, in
huge organisations, so much responsibility has been handed over to IT
staff, that very little of what they do is known to senior management
(apart from the IT staff who serve in senior management, of course).

This is a very real problem, because senior management tends to
classify everything to do with computers as "IT stuff," and fails to
see that what their IT staff does reflects directly on the
institution, especially when institutional ethics are involved.   In
this case, the IT staff will know that they are collecting data, but
it is likely that the senior management don't know about it.  (For
example, how many librarians on this list have ever asked their IT
staff about what information they are gathering on their users, how,
where and for how long the data are stored, and discussed the ethics
of that?).

To answer your question regarding instances of tracking by
organisations: I don't know of any, but the study of such tracking by
medical organisations that I mentioned in my previous mail can be
found at http://ispub.com/IJMI/6/2/14386

I attempted to follow up on that study by surveying the medical
organisations, trying to get their opinion on how much they knew about
the data gathering, and how this fitted in with medical ethics (given
that there was almost no informed consent on the data gathering).  I
received a 1% responses rate, so, obviously, could not publish
anything.  Apart from normal low response rates to surveys, I would
think that the non-response rate probably had to do with
organisations' closing ranks, or, because it would have been seen as
"IT stuff," would have been forwarded to the IT dept, and they
certainly would not have responded.

Regards

Ken

------

Dr. Ken Masters
Asst. Professor: Medical Informatics
Medical Education Unit
College of Medicine & Health Sciences
Sultan Qaboos University
Sultanate of Oman
E-i-C: The Internet Journal of Medical Education
____/\\/********\\/\\____



On 12 February 2014 16:57, LIBLICENSE <[log in to unmask]> wrote:
> From: Joseph Esposito <[log in to unmask]>
> Date: Wed, 12 Feb 2014 08:49:37 -0500
>
> Ken,
>
> No quarrel with anything you have here, but you are looking at this
> from the point of view of the end-user, which is only part of the
> equation.  What has caught my attention is that some organizations
> (and I am thinking in particular of universities and university
> presses) may be collecting data without knowing it or at least without
> their staff knowing all the implications.  That's how I interpret Eric
> Hellman's earlier comment.  I am still investigating this and would
> certainly like to know if anyone can cite instances of tracking and
> data collection by such organizations.
>
> Joe Esposito
>
>
> On Tue, Feb 11, 2014 at 6:52 PM, LIBLICENSE <[log in to unmask]> wrote:
>>
>> From: Ken Masters <[log in to unmask]>
>> Date: Tue, 11 Feb 2014 08:59:43 +0100
>>
>> Hi All
>>
>> Eric is quite right.  There are, though, several problems:
>>
>> 1.  Not everyone knows that Google Analytics is running (how many
>> people on this list knew it?).
>> 2.  Not everyone knows how to disable it. (how many people on this
>> list knew it?).
>> 3.  Experience of social media has taught us that privacy policies are
>> not cast in stone, and can change at any moment.  (Google and Facebook
>> are prime examples of this.)
>> 4.  The data collected are not 100% safe.  (No-one can guarantee that).
>> 5.  While many information-gatherers anonymise data, there is no set
>> procedure or protocol for doing so, and the process of de-anonymising
>> data is advanced.  There there are several studies showing how
>> successful this process is (and it requires nothing illegal, no
>> hacking, etc).
>> 6.  Google Analytics is only one.  There are hundreds.
>>
>> Unfortunately, the bottom line is simple.  If you're doing any of these:
>> - using a standard browser (e.g. Firefox, IE, Chrome), without any blockers
>> - using a standard email account (e.g. gmail, yahoo, or your
>> university or company account)
>> - using your standard email address to access ANY public discussion
>> group (including this one), social networking site, blog or newspaper
>> comment page, etc.
>> - not using a secure virtual private network (VPN)
>> - not frequently and regularly running anti-virus and anti-spyware
>> software (ignore your institutional safeguards - install your own),
>>
>> Then you can safely assume that your activities are being tracked and
>> archived, either by the service providers (and then passed on to third
>> parties) or by third parties directly.
>>
>> George Orwell was an optimist.  Be careful what you type next :-)
>>
>>
>> Regards
>>
>> Ken