Robots, robots everywhere!*

3 May, 2016   | by: and

We were among the lucky ones chosen to present at the 2016 We Robot Conference and for both of us, it was one of the best conferences we have ever attended. We Robot 2016 took place at the University of Miami and was hosted mainly by Professor Michael Froomkin. From the organization to the speakers: everything was amazing! We won’t address every topic discussed at the conference but we will give you a taste of the topics and point you to some interesting readings in this area. Interested parties should also check out the We Robot website and consider applying for next year’s edition, taking place on March 31 & April 1 at Yale University. More…

, , , , , ,

Things that caught our eye

What has David Bowie got to do with Privacy?

13 Jan, 2016   | by:

Like all of you, our team here at theiii were devasted to hear about the passing of Bowie… However, without much ado we do not want to refrain from sharing this piece on the International Association of Privacy Professionals (IAPP)’s Website written by @JedBracy.

So check out “David Bowie just proved that privacy is not dead” to get the answer to our Question and read a heartwarming piece about David Bowie.

We’ll be back soon!

, , ,


CJEU invalidates Privacy Safe Harbour in Schrems-case – Highlights

6 Oct, 2015   | by:

Today the Court of Justice of the European Union (CJEU) invalidated Decision 2000/520 of the European Commission establishing a safe harbour for transferring personal data from the EU to the US. Furthermore, it clarified and strengthened the role of national Data Protection Authorities when such a safe harbour is issued. The judgment is explained by some highlights, and the post is concluded with the Commission’s response.

, , ,


Long Live hitchBOT — How to Deal with Robots and the Ethical Issues they Trigger

3 Sep, 2015   | by: and

The abrupt death of hitchBOT on August 1, 2015 shocked its fans. hitchBOT, the friendly hitchhiker robot, had traveled across Germany, the Netherlands, Canada and some parts of the USA. In Philadelphia, however, the robot was vandalized—a scenario he had not been programmed to deal with. And so his journey ended. More…

, , , ,


A Privacy Roundtable Take on Email Tracking Technologies

8 Jul, 2015   | by:

We would like to follow up on the activities of our Privacy Roundtable, so as to keep you in the loop. As we mentioned in January, we created the “Sankt Galler Privacy Interaction Framework” (short: SG-PIF) – an interdisciplinary approach to analyze current and future privacy issues. One phenomenon that caught our eye was email tracking. More…

, ,

Things that caught our eye

The end of anonymous domain registration?

23 Jun, 2015   | by:

The Internet Corporation for Assigned Names and Numbers (ICANN) is considering a change in policy concerning the way in which you can register a domain name. ICANN issued a report in 2013 in which it estimated that some 39% of all domain names is registered by a legal person, 33% by a natural person and some 20 % were registered using a privacy or proxy service. It is these latter 20% of registrations using a privacy service, which shields the personal information of the registrant, that the policy change will impact.

What does a privacy proxy service do?

When registering a domain name, the details provided by the registrar are published online for all to see. Anyone who types in a domain name on any whois service, can find out who registered the domain name, and how you can directly contact them (via telephone or postal address). This was particularly handy in the beginnings of the internet, when it was mainly universities and government agencies that were using this WHOIS database to contact one another, however, it has become a headache for some small and medium businesses and individuals these days who do not wish to have their information be published.

To shield this personal information from the public, privacy services or proxy services (the Service Provider) were created, which show the information of the Privacy Service as opposed to the person behind it (the Customer).

What are the proposed changes?

The changes proposed suggest (see in particular Annex E ) that a Service Provider may be required to disclose the information matters of a possible trademark infringer or copyright infringer, if they provide evidence of such alleged infringements. If a request for disclosure (by the Requester) is brought to the Service Provider, they must then promptly notify the Customer of the complaint and disclosure request. The Customer will then have 15 calendar days to respond. If the Customer considers there to be legitimate reason(s) to object to disclosure, they have to give these reasons to the Service Provider who will communicate these to the Requester. Disclosure cannot be refused any longer ‘solely for a lack of any of the following: (i) a court order; (ii) a subpoena; (iii) a pending civil action; (…) nor can refusal to disclose be solely based on the fact that the request is founded on alleged intellectual property infringement in content on a website associated with the domain name.’ The practice of requiring a court order for disclosing information the Privacy Service is protecting, is thus going to be curtailed by the proposed changes.

Public Comment – Consultation on proposed changes.

Not everyone is pleased with these proposals, and a group called ‘Save Domain Privacy’ set up a website where a petition is opened. The group plans on adding the signatures to their statement, which they’ll send in on 7 July 2015. This date is not chosen out of the blue, rather that is also the closing date for ICANN’s Public Comment on the proposal.

, ,


Thou Shalt Never Forget

27 May, 2015   | by:

Disclaimer: Although the issue of memory in a digital society is a very cutting-edge topic, this report can be rather confusing for anyone who hasn’t been thinking about remembering and forgetting in the digital age for as long as I have, I apologize for that. For more insight on the ideas behind this workshop and the project run by the Research Center for Information Law (FIR-HSG) at the University of St.Gallen, Switzerland please take a look at our Wiki.

Last month, I organized and attended the concluding workshop for our (my professors’ and my) project called “Remembering and Forgetting in the Digital Age“. We invited renown scholars from all over the world who in one way or the other deal with memory in the digital age and we were very happy to host guests such Urs GasserViktor Mayer-SchönbergerMichael ArnoldWesley Shumar and many more. More…

, , , , ,

Things that caught our eye

Of prostitutes, former presidents for motorsports (FIA) and forgetting in the internet

21 May, 2015   | by:

Max Mosley is is the former president of the Fédération Internationale de l’Automobile (FIA) and has been fighting Google for a couple of years now. He has been trying to sue Google for displaying unfortunate pictures of himself at – let’s call it –  a”sex party”. According to Anya Proops, on Panopticon, the question Mosley brought to court against Google

“is an important issue for those data subjects who garner significant public attention within the online environment, as was the case with Mr Mosley. The difficulty for such individuals is that online stories or comments about them can proliferate on the internet at such a rate that they cannot practicably achieve the online amnesia they crave.”

On the other hand, public figures like Mosley will always be in the spotlight and of public interest which is why they probably should refrain from taking part in orgies or alike, just saying…

Just last year, a court in Hamburg decided that Google was no longer allowed to display these unflattering and possibly damaging (to Mosley’s reputation) photos. And last week, Mosley finally settled with Google and everyone is hoping that this is the last we hear about Mosley v Google. It is definitely not the last time we will be discussing the European “Right to be Forgotten”!



, , , , ,

Things that caught our eye

Privacy community to Dutch government: Please develop a vision on privacy (with us)

2 Apr, 2015   | by:

A broad coalition of privacy advocates has sent an open letter to the Dutch Minister of Security and Justice today, asking to suspend any activity on bills that: ‘lead to tracking of citizens without any specific and concrete suspicion against them,’ until the government has developed a ‘vision’ about privacy protection of citizens in the Dutch information society. This vision should then be the subject of a public debate facilitated by the Dutch Government, so that the Dutch people may have the fundamental discussion about privacy and technological development it never had. Preferably the debate would be held not only in Parliament, but also outside of Parliament.

The current bills of which they would like to see legislative action suspended until the public debate has taken place are:

  • The bill on Data Retention (a revised bill of the Act that was recently struck down)
  • The bill that would allow automatic numberplate recognition more extensively
  • The bill that would extend the ‘massive and unspecified internet tapping’ to be accessed by the Dutch Secret Service
  • The bill that would allow the police to hack, in the Act on Computercriminality III.
  • The proposed revision of the postal secret laid down in article 13 of the Dutch Constitution, and
  • The bills on source protection in free gathering of news.

This open letter is signed by a large group of privacy researchers, interest groups and groups such as Amnesty International (Netherlands), Bits of Freedom (the Dutch equivalent of the EFF), Dutch Association of Criminal Lawyers, Dutch Association of Journalists, Privacy First Foundation and many others. There is also a website where individuals may sign the letter.

Some of the aforementioned groups were also a party to the recent interim proceedings in which the Dutch Data Retention Act was struck down, (for more on that see our earlier post, with a translation of the ruling attached).

We will update this post with the response of the Government.

Read the open letter in Dutch here.



“YouNow” – Kids enjoy it but it could turn out to be Every Parent’s Nightmare!

20 Feb, 2015   | by:

YouNow is a website that went live in the US in 2011 and just came to Switzerland and the rest of the German-speaking world in 2014. It allows its users to broadcast themselves online via their webcam wherever they are and whenever they want. More…

, , , ,


Using NYC Taxi Data to identify Muslim taxi drivers

21 Jan, 2015   | by:

Remember that NYC Taxi data set that allowed you to see who visited a gentlemen’s clubs and which celebrity took a taxi where? Reddit user uluman now seems to have found a way to distinguish Muslim taxi drivers from the set. More…

, , , ,


Privacy Roundtable – Re-Setting the Stage for Privacy

15 Jan, 2015   | by:

I’ve been meaning to blog about the Privacy Roundtable for a while and now with the New Year and all I’m finally getting around to it. The Privacy Roundtable is – similarly to the iii – an interdisciplinary group of PhD students (there are eight of us to be precise: Lea Aeschlimann, Rehana Harasgama, Flavius Kehr, Christoph Lutz, Veselina Milanova, Severina Müller, Pepe Strathoff & Aurelia Tamò) from the University of St.Gallen who meet more or less regularly to talk about privacy issues of our day and age.


, , , ,

Things that caught our eye

This Holiday Season – A New App for your Memories

21 Dec, 2014   | by:

You may be familiar with Timehop, an app that draws from information on your social media accounts to remind you of your fondest memories from the past year (or at least what its algorithms think those memories may be). Now another app is out, called Memoir, which, in addition to this algorithmic curation, also allows you to label your memories, organize them and search for memories based on your current location.

The New York Times reporter summarizes the main concern around such apps much better than I would:

“This is perhaps the time to note that these apps remind us that we are putting a lot of information about ourselves out into the world. That information is easier for a third party to retrieve and organize than we might have imagined. Happy holidays!”

You can read the NYT review here.





The Right to Remember: On the WP29’s Opinion concerning the Right to Be Forgotten Ruling & the Balancing of the Freedom of Expression

10 Dec, 2014   | by:

Two weeks ago the Article 29 Working Party (WP29) issued Guidelines on the Implementation of Google Spain judgment.

Let’s have a look at how often the WP29 elaborates on the delicate balance between oblivion, erasure or forgetting and the individuals’ right to freedom of expression. More…

, , , ,

Things that caught our eye

Sorry you don’t have enough Facebook friends to prove you exist.

15 Nov, 2014   | by:

The Guardian reported yesterday that a ‘middle-aged mum of two’ with ‘an impeccable credit record’ who preferred to remain anonymous could not book a B&B via Airbnb because her 50 Facebook friends were not enough to establish that she existed, as she states. The lack of a very abundant online presence (nearly) prevented her from making use of the Airbnb services.

Airbnb requires a verification of the booker’s identity by (1) having a photo as well as both (2) a copy of a passport or driver’s licence and  (3) some some proof of her existence online either by linking a Google, LinkedIn or Google account. Verification of both ‘online’ and ‘offline’ identity. That is quite a lot of personal information. Whilst I understand that in the event anything goes wrong it would be good for the ‘host’ to know who he/she was dealing with, but still, why the need to give Airbnb this host of personal information? Airbnb responded to the article in the Guardian with the statement that the new Verified ID system has received “extremely positive feedback”.

The story has a happy ending; in the end the woman got to book via Airbnb.

Three days, three lost bookings, a spate of emails, and two calls to Casey and her colleague in Colorado later, my problem was resolved. I was “escalated” to one of Airbnb’s “verification specialists”, who allowed me to upload my (very grumpy) video directly to him, explaining who I was. Twenty-four hours after that I got my green light. Off I went, and had a wonderful weekend courtesy of my excellent host “Felix”.

Read the full article here.

, ,


The server’s security certificate is not valid – Continue anyway?!

14 Nov, 2014   | by:


Everyone is familiar with this scenario: you want to browse onto a particular website but instead a message pops up warning you that the security certificate of the site is no longer valid. What do you do now? Continue?

, , ,

Things that caught our eye

Why can’t just forget too?

12 Nov, 2014   | by:

In his open letter to Google John M. Simpson, Privacy Project Director of Consumer Watchdog, is asking them to implement the EU’s “Right to be Forgotten” for US users on a voluntary basis too. His main argument why should do so, is that removals of links are not automated. Google has to strike a balance between the interests involved and seems to be doing so quite successfully, as Simpson states:

“I was heartened to see – based on Google’s own numbers – that you appear able to strike this balance in Europe and it does not appear to be an undue burden on your resources.”
The numbers seem pretty promising. So far, Google has received approx. 150’000 removal requests since the CJEU’s decision in May 2014 and has removed approx. 48% of the links in question, keeping the rest online. Thus, Simpson argues in his letter that striking a balance between the respective interests has proven to be easy enough for Google so why not provide the same “service” for US users.
Interesting enough there seems to be a slow movement going on in the US towards more privacy on the Internet. Let’s see if Europe and the US can find common grounds in the near future. Here’s the letter for further reading.

, , ,


Looking Into Living Rooms: Watch Footage Of Thousands Of Internet-Connected Cameras Online

4 Nov, 2014   | by:

A nightmare from the Internet of Things has arrived just in time for Christmas: images from thousands of internet-connected cameras from all over the world are publicly available, online, and ready for anyone to easily view. In September, MailOnline reported about an unspecified website that allows ‘home hackers’ to spy on people through internet-connected cameras. About a week ago, Motherboard‘s Joseph Cox also reported on the website without explicitly mentioning the website’s URL in his article. However, by linking to a WHOIS-record of the website’s domain name, Cox gave away the website’s URL. Many Dutch media are now reporting about the website and mention the website’s URL:

From pictures of backyards to schoolyards, detention centres to daycare centers, and even living rooms, you can watch them all on After browsing the website for a while, I saw many pictures of recognizable people having a coffee or working at their office. Below are some less-intrusive examples that hopefully still illustrate the magnitude of the privacy problems at issue.


, , , ,

Things that caught our eye

U.S. Court distinguishes between fingerprint and pass code protected cellphones

31 Oct, 2014   | by:

Judge Steven C. Frucci ruled this week that it does not violate the Fifth Amendment of the U.S. Constitution to compel a criminal defendant to unlock a cellphone with a fingerprint. Whereas unlocking with a pass code requires the defendant to provide personal knowledge, a fingerprint is not considered testimonial because it is biometric information similar to a DNA sample.

The move towards fingerprint secured cellphones was with the goal of providing more security to the owner. This ruling however indicates that while the advanced technology provides more security, it may not provide more privacy.

Read more at: Police can require cellphone fingerprint, not pass code.

, ,

Things that caught our eye

A Game Designed To Teach Teens About Privacy

30 Oct, 2014   | by:

The University of New Mexico’s Computer Sciences department has developed a comic book art style game to address the issue of privacy on the internet. In their research paper, the researchers introduce the game ‘Immaculacy’:

“This interactive story takes the player on a journey, through a world in which personal information is in constant jeopardy. The player is placed in the role of an eighteen-year-old girl, Sydney Carlisle.”


“Immaculacy is an interactive story that immerses the player in a slightly dystopian world littered with privacy issues. Events unfold in the narrative based on hidden scores kept during gameplay and calculated based on specific decisions made by the player. Ultimately, we hope to create an engaging environment that helps players consider the decisions they are making in their own lives. We give the player experience with many privacy issues through their explorations of a world of hyper surveillance and connectivity.”

While the target audience for the game is very broad: “[i]n general, any smartphone owner or person who uses the Internet on a regular basis can benefit from and enjoy this game”, the rating of the game could reach up to ‘Teen’. The researchers expect that this might be possible “due to the psychological nature of the game.”

The game has been submitted to the CHI Play Student Game Design Competition held last week, for other competitors have a look at the competition’s website.

The game itself also has a website:  EXIT | Immaculacy: A Game of Privacy.


Image: Nathan Rackley

, ,