meta data for this page

Personal homeworks

Search and select three (3) documents (web pages, articles, videos, …) of the topic of your course (Data & Privacy in Critical thinking and Sustainability in Green IT course) and explain why those documents are relevant for the course. UK is preparing new law that updates the rules of monitoring of the communications between citizens. New law forces communication firms to hold a year's worth of communication data. This data can then be accessed by the law enforcement officers when necessary. The bill also covers interception and reading of communications, “interference” with computers and collection of massive amounts of internet or phone data. There has been some false rumors that state that this bill would make encryption of communications illegal. This isn't true. However the bill states that communication firms must be able to decrypt the communications in their systems if for example police needs that information. Article about the effects of Paris terrorist attack on privacy vs. security debate. Writer disagrees about common opinion that we should weaken our privacy (especially encryption methods) to get better protection against terrorist. Writer points out that terrorists aren't currently relaying on electronic communications even if it would be possible to use unbreakable encryption methods. He also argues that weakening of encryption methods doesn't only weaken our privacy but it also weakens our security since many daily service like money transfers and accessing our health records require encryption. Article about fitness trackers and how the data they collect can be accessed basically by one through the web. Even if there are laws that regulate the privacy of our medical data these laws apply only to medical institutes. Currently there are no laws that regulate the use of data collected by fitness tracking companies.

Find two digital services, study what kind of data they collect, if that data is sold to anyone, if it can be linked with any other data etc. Deadline by final presentation.

I selected two VPN-providers as my services. Private Internet Access which is a paid service and Hotspot Shield which offers both free and paid services. I had personal experience on Private Internet Access which I had used for a year in the past. I thought vpn-services would be interesting domain because their main feature is the protection of privacy. So for that reason it would be interesting to see if the companies could live up to that promise. As a source I used the companies privacy policy documentation because I couldn't find any reliable 3rd party sources. I don't think this is a problem because privacy policies are legally binding documents, so they should be accurate.

Private Internet Access's privacy policy states that they collect e-mail and payment data when the user registers for the service and furthermore they collect Google Analytics data, Apache Webserver logs, submissions on the “Contact Us” page and received e-mails from everyone who visits their page or contacts them. Additionally if the user chooses to use some additional feature of the service, one cookie will be saved to user's browser. According to the privacy policy data is used mainly to deliver the service and no unnecessary data is collected. However the use of Google analytics means that some additional data is collected and this data is probably accessible for Google.

Hotspot Shield's policy isn't as straightforward. It states that following data may be collected or user may choose to share it with the company: personal information (probably name, address etc.), e-mail, ip-address, device ID, location and phone number. Cookie or cookies may also be saved. This information is then used to improve the service and to optimize the advertisements displayed in service. In the last case the data is possibly shared with 3rd parties.

In this case it seems that the paid service preservers the users privacy much better. In Hotspot Shield's case it is somewhat disturbing that service that promises to improve the user's privacy is actually collecting relatively huge amount of data and using it aggressively. It is also interesting that the PIA's privacy policy is written in much clearer and more straightforward manner and thus it is easier to understand. This probably increases the customers' trust towards the company.

Create 4 exam questions representing the course contents. Explain why the question is good.

  • After reading the books how would you describe this topic to a normal person (not a technology professional, but uses technology on his/hers work and on free time)? What should he/she know and why? (Max length 1 page).

This gives free hands for the student to tell what he has learned during the course in the context of privacy/security. But at the same time he has to be able to pick up only the most important topics and present them in a non-technical way.

  • How have your thoughts on courses topic changed after taking this course or have they changed at all? And most importantly what has caused this (lack of) change?

Student has to compare the states of before and after the course for differences and also justify his findings.

  • How big of a problem the surveillance and lack of privacy really is? Do you think it's a really huge global issue or is it just something the technologically minded people tend to exaggerate? Please justify your views.

Student has to form a coherent answer based on the course material but at the same time there is a lot of room for self reflection.

  • In the “Data and Goliath” the data is said to be the “pollution of the information age”. What do you think this means? Do you agree with this statement? Why/Why not?

More traditional exam question where student has to summarize a concept from the book. Both he is still required to do some reflection too.

These questions are a bit nontraditional in a way because they measure the knowledge on courses topic (privacy) only a little. They are more focused on self reflection and on critical thinking and argumentation. I feel that's good because they are in a way the main topics of this course. However I think that the answers to these kinds of questions would be a bit hard to evaluate. So the exam would need to be evaluated more like a literature exam rather than engineering exam.

Reflection on Thinking Fast and Slow book


Presentation presentation1.pdf