[Air-L] drm a grave threat to privacy (report from cippic)

[Jeremy Hunsinger]

some of you may find this useful
http://www.cippic.ca/uploads/CIPPIC_Report_DRM_and_Privacy.pdf


Our assessment of the compliance of these DRM applications with  
PIPEDA led to a number of general findings:
• Fundamental privacy-based criticisms of DRM are well-founded: we  
observed tracking of usage habits, surfing habits, and technical data.
• Privacy invasive behaviour emerged in surprising places. For  
example, we observed e-book software profiling individuals. We  
unexpectedly encountered DoubleClick - an online marketing firm - in  
a library digital audio book.
• Many organizations take the position that IP addresses do not  
constitute "personal information" under PIPEDA and therefore can be  
collected, used and disclosed at will. This interpretation is  
contrary to Privacy Commissioner findings. IP addresses are collected  
by a variety of DRM tools, including tracking technologies such as  
cookies and pixel tags (also known as web bugs, clear gifs, and web  
beacons).
• Companies using DRM to deliver content often do not adequately  
document in their privacy policies the DRM-related collection, use  
and disclosure of personal information. This is particularly so where  
the DRM originates with a third party supplier.
• Companies using DRM often fail to comply with basic requirements of  
PIPEDA.

jeremy hunsinger
Information Ethics Fellow, Center for Information Policy Research,  
School of Information Studies, University of Wisconsin-Milwaukee  
(www.cipr.uwm.edu)

() ascii ribbon campaign - against html mail
/\ - against microsoft attachments

http://www.aoir.org The Association of Internet Researchers
http://www.stswiki.org/ stswiki
http://cfp.learning-inquiry.info/  LI-the journal
http://transdisciplinarystudies.tmttlt.com/  Transdisciplinary  
Studies:the book series