Professor Hartzog is a Professor of Law and Computer Science at Northeastern University, where he teaches privacy and data protection law, policy, and ethics. He holds a joint appointment with the School of Law and the College of Computer and Information Science. His recent work focuses on the complex problems that arise when personal information is collected by powerful new technologies, stored, and disclosed online.
Professor Hartzog’s work has been published in numerous scholarly publications such as the Yale Law Journal, Columbia Law Review, California Law Review, and Michigan Law Review and popular national publications such as The Guardian, Wired, BBC, CNN, Bloomberg, New Scientist, Slate, The Atlantic, and The Nation. His book, Privacy’s Blueprint: The Battle to Control the Design of New Technologies, is under contract with Harvard University Press. He has testified twice before Congress on data protection issues.
Professor Hartzog has served as a Visiting Professor at Notre Dame Law School and the University of Maine School of Law. He previously worked as an attorney in private practice and as a trademark attorney for the United States Patent and Trademark Office. He also served as a clerk for the Electronic Privacy Information Center. He holds a PhD in mass communication from the University of North Carolina at Chapel Hill, an LLM in intellectual property from the George Washington University Law School, and a JD from Samford University.
According to NPR, 300 plus teenagers broke into former NFL player Brian Holloway’s vacation home, causing massive damage and showcasing their exploits on social media. In response, Holloway created a website,helpmesave300.com, that collects the alleged culprits’ social media posts. He claims this repository has enabled teens to be identified, and that the growing list of names is “being turned over to the sheriffs (sic) department to assist them to verify and identify the facts.”
Online stalking, harassment, and invasions of privacy can be incredibly destructive. Yet very little empirical data exisits regarding these incidents. This paucity of data hinders educational, support, research and policy efforts. Without My Consent, a non-profit organization seeking to combat online invasions of privacy, is conducting research to better understand the experiences of online harassment. If you are 18 or older and have experienced harassment on the Internet, please consider taking their survey.
The New Republic recently published a piece by Jeffrey Rosen titled “The Delete Squad: Google, Twitter, Facebook, and the New Global Battle Over the Future of Free Speech.” In it, Rosen provides an interesting account of how the content policies of many major websites were developed and how influential those policies are for online expression.
Editor's note: This piece originally appeared on TechTank.
Facebook’s recent settlement with the Federal Trade Commission (FTC) has reignited debate over whether the agency is up to the task of protecting privacy. Many people, including some skeptics of the FTC’s ability to rein in Silicon Valley, lauded the settlement, or at least parts of it.
We are constantly exposed in public. Yet most of our actions will fade into obscurity. Do you, for example, remember the faces of strangers who stood in line with you the last time you bought medicine at a drugstore? Probably not. Thanks to limited memory and norms against staring, they probably don’t remember yours either.
Since the dawn of the Internet, American regulators and companies have pursued two goals to protect our privacy: that people should be in control of their data and that companies should be transparent about what they do with our data. We can see these goals detailed in the privacy policies and terms of service that we “agree” to as well as companies’ increasingly complicated systems of privacy dashboards, permissions and sharing controls.
""They created a platform where sharing was mindlessly easy and interacting with each other required almost no forethought at all," said Woodrow Hartzog, a law and computer science professor at Northeastern University. "As a result, there was massive sharing, including gushing of personal information that put lots of people at risk.""
To make sense of this world, and to try to sift through the new emerging definitions of privacy, I turned to Woodrow Hartzog. In recent years, Hartzog has emerged as an important thinker on matters of design, privacy, and power relationships between users and tech companies. A professor of law and computer science at Northeastern University, Hartzog has written for the mainstream press about these issues, sometimes in collaboration with his colleague Daniel Solove.
"“Facial recognition is probably the most menacing, dangerous surveillance technology ever invented,” Woodrow Hartzog, a professor of law and computer science at Northeastern University, told me in an email. “We should all be extremely skeptical of having it deployed in any wearable technology, particularly in contexts [where] the surveilled are so vulnerable, such as in many contexts involving law enforcement.”"
"Perhaps, or perhaps not, said Woodrow Hartzog, who teaches law and computer science at Northeastern University. "The idea that this is simply neutral technology that can be used for good or evil and Amazon shouldn't be responsible, I think is purely wrong," he said.
"It's not unreasonable to say if you build a product that is capable of harm than you should be responsible for the design choices you make for enabling the harm," he said, "and when you release it out into the world, you're doing so in a safe and sustainable way.""
"But Albert Gidari, consulting director of privacy at the Stanford Center for Internet and Society, said it's not unusual to see a tech company without a CPO.
"While there have been some very public mistakes, like many tech companies, [Uber] seems to have learned, albeit the hard way, to invest in a serious privacy and security infrastructure," Gidari said. "It is important for the CPO to be in the "C" suite, and Uber has made a serious hire with Ruby Zefo and Simon Hania.""
Solutions to many pressing economic and societal challenges lie in better understanding data. New tools for analyzing disparate information sets, called Big Data, have revolutionized our ability to find signals amongst the noise. Big Data techniques hold promise for breakthroughs ranging from better health care, a cleaner environment, safer cities, and more effective marketing. Yet, privacy advocates are concerned that the same advances will upend the power relationships between government, business and individuals, and lead to prosecutorial abuse, racial or other profiling, discrimination, redlining, overcriminalization, and other restricted freedoms.
‘Read Me’ Or Just Tap ‘I Agree’
There’s a huge group of people at work behind our screens. They’re called behaviour architects, persuasive designers or user-experience specialists and the power they have is massive.
That urge to keep swiping through your twitter feed? That’s design. The way we all click ‘I Agree’ to the terms and conditions? That’s design. Swiping right or left on Tinder? Well, that’s design too.
We live in an online world of someone else’s making and most of us never even give it a second thought. And actually, that’s design as well.
Speaking before the audience at the recent IAPP Data Protection Congress in Brussels, keynoter Woody Hartzog made a challenging assertion: "Control is the wrong goal for privacy by design, perhaps the wrong goal for data protection in general." But isn't control a central tenet of good privacy? It sure is. But it shouldn't be, the author of "Privacy’s Blueprint: The Battle to Control the Design of New Technologies" argued. While everyone emphasizes "control" of personal data as core to privacy, too much zeal for control dilutes efforts to design information tech correctly.
Design is one of the most important but overlooked factors that determines people’s privacy. Social media apps, surveillance technologies, and the Internet of Things are all built in ways that make it hard to guard personal information. And the law says this is okay because it is up to users to protect themselves ― even when the odds are deliberately stacked against them.
Our modern privacy frameworks, with their emphasis on gaining informed consent from consumers in order to use their data, are broken models. That's according to Woodrow Hartzog, a law professor at Northeastern University in Boston. In this episode of The Privacy Advisor Podcast, Hartzog discusses the ways that, given such models, technologies are designed at the engineering level to undermine user privacy.
Recently 50 million Facebook users had their personal information extracted and used for political and commercial purposes. In the wake of this scandal, we’ve all become much more aware of how our use of social media clashes with our desire for privacy. Are technical fixes and awareness enough, or is it time for Facebook and other online services to be regulated? Our guest Woodrow Hartzog is a professor of law and computer science at Northeastern University and discusses the battle and future of our personal information.