Archive for July 8th, 2018

Venmo is Conditioning Your Expectation of Privacy by James Beck

Add to your ever-growing list of apps and services to pay attention to: Venmo.

Venmo is an interesting service. It’s core ability is to quickly and conveniently facilitate transactions between you and your contacts list. Need to pay your friends back for a night at the bar that got a little out of control? Split a check at a restaurant, but don’t want to deal with the awkward pain of asking the server to deal with awkward fractions to get the amounts correct? Or maybe you have more illicit purposes and you’d rather just not deal with cash.

Who carries cash anymore? Just Venmo me

Regardless of your usage, Venmo is a wildly convenient means of moving money around. Users are fairly easy to find and setting up your account with your bank account information or a credit card is fairly straightforward as well.

So what’s the catch?

Well, there doesn’t seem to be one – for now.

For a long time there has been somewhat of an urban myth of sorts that Venmo is making money by micro-investing the cash that sits in their service while you wait for it to be transferred to your bank account (Users must specifically request that Venmo transfer their balance to their account so significant sums of money can be stuck in Venmo-limbo for long durations). However, for a long time Venmo wasn’t generating a lot of income for itself beyond the usual and expected credit card transaction fee.

The catch is that Venmo is following a model that has been paved out for it by many services before it. Attract a ludicrous volume of users, generate information, and figure out later how exactly to capitalize on those users and their information.

Venmo has now begun to partner with businesses to allow users to pay for real goods and services directly through the application rather than just serving as a means to pay your friends back for that late night burrito at that cash only place that you always forget is cash only. Venmo plans to charge a transaction fee to these businesses in exchange for the convenience of their service – the thought being that users have become so accustomed to the convenience of Venmo between their peers that they will begin to expect that same payment convenience from businesses. This also feels fairly reasonable.

However, Venmo has another facet to it’s service that is worth stopping to consider.

In a way that feels oddly tacked on Venmo also serves as a social media site of sorts. Transactions by default show up in a “news feed” style interface along with all of your contacts’ transactions. The amounts are hidden, but the participants and the user-entered descriptions of these transactions are visible. What you’re left with is a running history of who is paying who and for what.

Venmo’s Social Media Feed

It’s a strange and mostly benign feature. Transactions can be set to private if so chosen and even if you don’t choose to keep things private you still have the autonomy to choose the description of your transaction and keep it fairly innocuous.

What we should be concerned with though is how the addition of this social media dimension to a service that is just supposed to serve as a tool for monetary transactions is conditioning users for the future of Venmo. By incorporating a social media feed as the default behavior of the application, Venmo is slowly normalizing sharing our transactions publicly. This is not something that has traditionally been seen as “normal”.

Our credit card purchases have historically been seen as very private. However, now that we’ve normalized sharing payments between individuals will there be any protest when we start sharing our transactions with businesses by default? Will there be protest when Venmo starts using our past transactions to serve ads to us and our contacts? Or will we shrug our shoulders because the new de-facto business model is to attract users to a free or wildly inexpensive tool of convenience and then eventually introduce targeted advertisements based on our behavior with that service?

I fear it’s the latter and you should too – we’ve normalized sharing so many details of our lives and in doing so have gradually eroded our expectations of privacy. The way you move your money around is about to become the next pool of big data to analyze and the only fanfare to mark the occasion will be an update to a privacy policy that we’ll all forget we agreed to.

Drones: Privacy up in the air by Elly Rath

Drones or unmanned aerial vehicles (UAVs) are flying devices which are capable of collecting a vast array of information on a daily basis if configured and equipped correctly. The basic function of most drones is for aerial videography and to capture images. Images are not the only data drones can gather. Equipped with an appropriate sensor, a drone can capture light, speed, sound, chemical composition and a myriad of information. Drones are now a ubiquitous and unlike earlier days not limited to military or police surveillance. They can be easily purchased online or at a local superstore just like we purchase any toy.

There are no laws controlling the data collection or restricting its usage. Any individual or private company with a properly equipped drone can collect and process huge amounts of potentially private information in a short time.

The privacy concerns surrounding drones are a concern for both the government and civilians. On Nov 29, 2017 the NY Times published that DJI is fighting a claim by one United States government office that its commercial drones and software may be sending sensitive information about American infrastructure back to China. DJI is the market leader on drones. In this blog I mostly focus on the perspective of civilian privacy.

Drones are affordable and the learning curve to operate it is mild. Even a novice can master it in a few days. While currently there are laws to protect citizens against people stalking or spying on them in their homes, there are no such federal laws that would protect individuals from being spied on specifically by a drone. A drone can fly overhead unnoticed, peer directly into someone’s house or record activities on a private property from the sky. Drone privacy data regulations first surfaced in 2012 when the Federal Aviation Administration (FAA) was tasked with integrating drones and UAVs into US airspace. The FAA, however, failed to consider privacy aspects. Electronic Privacy Information Center (EPIC), a privacy and civil liberties nonprofit, along with 100 organizations, experts, member of the public has filed multiple petitions against FAA since 2014. One of the petitions is still pending.

It is normal for citizens to expect certain amount of privacy on their own property. In recent years, there have been multiple incidents of citizens suspecting that they were being “watched” by someone operating a drone above their property. Sometimes it could be simply a land survey company but it is still unsolicited. In one instance a man called William Merideth in Hillview, Kentucky shot down a drone hovering over his sixteen year old daughter who was sunbathing in the garden. He was arrested for wanton endangerment and criminal mischief. A Kentucky judge dismissed all charges against William stating the drone was an invasion of his privacy.

With the multitude of images the drones can capture now we have companies that develop high-tech software that do the data analysis in one click of a button. Hence companies who had difficulty making sense of the data now have algorithms to help them. Hence the risks to privacy simply increase with further technological advancements.

The first law regarding personal airspace above one’s property was passed in 1946, when the Supreme Court ruled in the case United States v. Causby that a person’s property extended to 83 feet up in the air. The federal government prohibits the unauthorized use drones above national parks, military bases, above airports, and federal buildings. Civilian drones should fly at or below 500 feet and the maximum speed limit is 100 miles per hour. But that’s all we have as far as federal law. Drone laws are now mostly covered in State laws and vary from state to state. FAA has issued a fact-sheet for state and local law makers to help in creating non-federal drone laws. Many of the state laws pertaining to drones relate to interfering with emergency measures, filming someone without their permission, accident sites or crime scenes. Penalties range from fines to jail time, but again, it can be very difficult to enforce such laws.

The lack of clear and standardized drone privacy laws is glaring compared to the over 1 million FAA registered drones excluding light weight recreational drones. In 2017, Senator Edward Markey introduced a drone privacy bill which aims to create privacy protections and data reduction requirements about information a drone collects, disclosure provisions for when data collection is happening and warrant requirements for law enforcement.

On one hand drone advocacy group Small UAV Coalition, which represents companies like Google’s parent, Alphabet, and Amazon wants lax laws, while on the other, citizens want well defined boundaries. Hopefully, a mutual middle ground will be found in the near future, offering increased innovation for businesses while retaining citizens’ rights.