Dangerous Bits of Information: Notes from a lecture

Last week was an intense week of lecturing, which means that I have fallen behind with other work – including writing up lecture notes. One of the lectures was Dangerous bits of information and was presented at the NOKIOS conference in Trondheim Norway. Unfortunately I did not have much time in the city of Trondheim but what I saw was wonderful sunny city with plenty of places to sit and relax by the river that flows through the center. But there was not much sitting outside on this trip.

The lecture was part of the session “Ny teknologi i offentlig forvaltning – sikkerhet og personvern” (New Technology and Public Administration – security and data security). In the same session was Bjørn Erik Thon, Head of the Norwegian and Storm Jarl Landaasen, Chief Security Officer Market Divisions, Telenor Norge.

My lecture began with an introduction to the way in which many organizations fail to think about the implications of cloud technology. As an illustration I told of the process that surrounded my universities adoption of a student email system. When the university came to the realization that they were not really excellent at maintaining a student email system they decided to resolve this.

The resolution was not a decision of letting individuals chose their system. But the technical group (it was after all seen as a tech problem) was convened and decided in an either – or situation. The decision placed before the group was whether we go with Google or with Microsoft. The group chose Google out of a preference for the interface.

When I wrote a critique of this decision I was told that the decision was formally correct since all the right people (i.e. representatives) where present at the meeting. My criticism was, however, not based on the formality of the process but rather about the way in which the decision was framed and the lack of information given to the students who would be affected by the system.

My critique is based on four dangers of cloud computing (especially by public bodies) and the lack of discussion. The first issue is one of surveillance. Swedish FRA legislation, which allows the state to monitor all communication, was passed with the explicit (though rather useless) understanding that only cross border communication will be monitored. The exception is rather useless as most Internet communication crosses borders even if both sender and receiver is within the same small state. But this cross-border communication becomes even more certain when the email servers are based abroad – as those of gmail are.

The second problem is that some of the communication between student and lecturer is sensitive data. Also the lecturer in Sweden is a government official. This is a fact most of us often forget but should not. Now we have sensitive data being transferred to a third party. This is legal since the users (i.e. the students) have all clicked that they agree the licensing agreements that gmail sets. The problem is that the students have no choice (or very little & uninformed – see below) but to sign away their rights.
The third problem is that nothing is really deleted. This is because – as the important quote states – “If you are not paying for it you are not the customer but the product being sold” – the business model is to collect, analyze and market the data generated by the users.

But for me the most annoying of the problems is the lack of interest public authorities has in protecting citizens from eventual integrity abuses arising from the cloud. My university, a public authority, happily delivered 40000 new customers (and an untold future number due to technology lock-in) to Google and, adding insult to injury, thanking Google for the privilege.

Public authorities should be more concerned about their actions in the cloud. People who chose to give away their data need information about what they are doing. Maybe they even need to be limited. But when public bodies force users to give away data to third parties – then something is wrong. Or as I pointed out – smart people do dumb things.

The lecture continued by pointing out that European Privacy Law has a mental age of pre-1995 (the year of the Data Protection Directive). But do you remember the advice we gave and took about integrity and the Internet in the early days? They contained things like:

  • Never reveal your identity
  • Never reveal your address
  • Never reveal your age
  • Never reveal your gender

Post-Facebook points such as these become almost silly. Our technology has developed rapidly but our society and law is still based on the older analogue norms – the focus in law remains on protecting people from an outer gaze looking in. This becomes less important when the spreading of information is from us individuals and our friends.

The problem in this latter situation is that it extremely difficult to create laws to protect against the salami-method (i.e. where personal data is given away slice by slice instead of all at once).

At this stage I presented research carried out by Jan Nolin and myself on social media policies in local municipalities. We studied 26 policies ranging between < 1 page to 20 pages long. The policies made some interesting points but their strong analogue bias was clear throughout and there were serious omissions. They lacked clear definitions of social media, they confused social media carried out during work or free time. More importantly the policies did not address issues with cloud or topics such as copyright. (Our work is published in To Inform or to Interact, that is the question: The role of Freedom of Information & Disciplining social media: An analysis of social media policies in 26 Swedish municipalities)

Social media poses an interesting problem for regulators in that it is not a neutral infrastructure and it does not fall under the control of the state. The lecture closed with a discussion on the dangers of social media – in particular the increase in personalization, which leads to the Pariser Filter Bubble. In this scenario we see that the organizations are tailoring information to suit our needs or rather our wants. We are increasingly getting what we want rather than what we need. If we take a food analogy we want food with high fat and high sugar content – but this is not what our bodies need. The same applies to information. I may want entertainment but I probably need less of it than I want. Overdosing in fatty information will probably harm me and make me less of a balanced social animal.

Is there an answer? Probably not. The only way to control this issue is to limit individual’s autonomy. In much the same way as we have been forced to wear seat belts for our own security we may need to do the same with information. But this would probably be a political disaster for any politician attempting to suggest it.

Surveillance, Sousveillance & Autoveillance: Notes from a lecture

The theme for today’s lecture was about online privacy and was entitled Surveillance, Sousveillance & Autoveillance.

The lecture had to open up with a minor discussion on the concept of privacy and the problem of finding a definition that many can agree upon. Privacy is a strange mix of natural human need and social construct. The former is not easily identifiable and the latter varies between different cultures.

It is not enough to state that privacy may have a natural component – sure, put too many rats in a cage and they start to kill each other – you also need the technology to enable our affinity for privacy to develop.

For example in At Home: A Short History of Private Life, Bill Bryson writes that the hallway was absolutely essential for private life. Without the hallway people could not pass by other rooms to get to the room you need to go to – but they would have to pass through the other rooms. Our ideas of privacy were able to develop after the “invention” of the hallway.

In order to settle on a definition I picked one off Wikipedia …(from Latin: privatus “separated from the rest, deprived of something, esp. office, participation in the government”, from privo “to deprive”) is the ability of an individual or group to seclude themselves or information about themselves and thereby reveal themselves selectively.

And to fix the academic discussion I quoted from Warren and Brandeis The Right to Privacy, 4 Harvard Law Review 193 (1890)

The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world…solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress…

I like this quote because it also points to the effects of modern inventions on the loss of privacy.

In closing the lecture introduction I pointed out that privacy intervention consists of both data collection and data analysis – even though most of the history of privacy focused on the data collection side of the equation. In addition to this I broke down the data collection issue by pointing out that integrity consists of both information privacy (the stuff that resides in archives) and spatial privacy (for example surveillance cameras & the “right” to be groped at airports).

For the next section the lecture did a quick review of the role of technology in the privacy discussion. Without technology the ability to conduct surveillance is extremely limited. The early origins of tax records and collections like the Domesday book were fundamental for controlling society. However, real surveillance did not really begin until the development of technology such as the wonderful Kodak nr 1 in 1888. The advantages of this technology was that it provided a cheap, easy to use, portable ability to take photographs. Photographs could be snapped without the object standing still. A whole new set of problems was instantly born. One such problem was kodakers (amateur photographers, see “’Kodakers Lying in Wait’: Amateur Photography and the Right to Privacy in New York, 1885-1915”, American Quarterly, Vol 43, No 1 March 1991) who were able to suddenly able to take photographs at of unsuspecting victims.

Surveillance: A gaze from above

The tradition concerns of surveillance deal with the abuse of state (or corporate) power. The state legitimizes its own ability to collect information about its citizens. The theoretical concerns with surveillance are the abuse from the Big Brother state and foremost in this area is the work of Foucault and his development of the Panopticon (all-seeing eye prison). Foucault meant that in a surveillance society the surveilled, not knowing if anyone was looking, would internalize his own control.

Sousveillance: A gaze from below

The concept of sousveillance was originally developed within computer science and “…refers to the recording of an activity by a participant in the activity typically by way of small wearable or portable personal technologies…” Wikipedia

But in the context of privacy the idea was that our friends and peers (especially tricky concepts in Social Media) will be the ones who collect and spread information about us online.

We are dependent upon our social circle, as Granovetter states: “Weak ties provide people with access to information and resources beyond those available in their own social circle; but strong ties have greater motivation to be of assistance and are typically more easily available.” (Granovetter, M.S. (1983). “The Strength of the Weak Tie: Revisited”, Sociological Theory, Vol. 1, 201-33., pp 209).

This ability of others to “out” us in social media will become more interesting with the development of facial recognition applications. These have already begun to challenge social and legal norms (Facebook facial recognition software violates privacy laws, says Germany – The Guardian 3 August 2011).

Autoveillance: a gaze from within

The final level is Autoveillance – this is obviously not the fact that we are looking at ourselves but attempts to address the problems of our newfound joy in spreading personal information about ourselves.

Is this a form of exhibitionism that enables us to happily spread personal, and sometimes intimate, information about ourselves? Is this the modern version of narcissism?

Narcissism is a term with a wide range of meanings, depending on whether it is used to describe a central concept of psychoanalytic theory, a mental illness, a social or cultural problem, or simply a personality trait. Except in the sense of primary narcissism or healthy self-love, “narcissism” usually is used to describe some kind of problem in a person or group’s relationships with self and others. (Wikipedia)

We have always “leaked” information but most of the time we have applied different strategies of control. One such strategy is compartmentalization – which is the attempt to deliver different information to different groups. For example my mother, my wife, my co-workers, my friends and my children do not need to know the same stuff about me. But social media technology defies the strategy of compartmentalization.

At the same time as this is happening our social and legal norms have remained firm in the analog age and focus on the gaze from without.

Then the lecture moved from data collection to data analysis. Today this is enabled by the fact that all users have sold away their rights via their End-User License Agreements (EULA). The EULA is based upon the illusion of contracts as agreements between equals. However, as most people do not read the license, or if they read the license they don’t understand it, or if they understand it the license is apt to change without notice.

Today we have a mix of sur, sous & autoveillance. And again: regulation mainly focuses on surveillance. This is leading to an idea about the end of privacy. Maybe privacy is a thing of the past? Privacy has not always been important and it may once again fall into disrepute.

With the end of privacy – everyone may know everything about everyone else. We may have arrived at a type of Hive Mind. The hive mind is a concept from science fiction (for example Werewolves in Twilight, The Borg in Star Trek and the agents in The Matrix). An interesting addition to this line of thinking is the recent work by the Swedish philosopher Torbjörn Tännsjö who argues that it is information inequality that is the problem.

The problem with Tännsjö’s arguments is that he is a safe person living in a tolerant society. He seems to really believe the adage: If you have done nothing wrong, you have nothing to fear. I seriously doubt that the stalked, cyberbullied, the disenfranchised etc will be happier with information equality – I think that they would prefer the ability to hide their weaknesses and to chose when and where this information will be disclosed.

The problem is that while we had a (theoretical) form of control over Big Brother we have no such control over corporations to whom we are less than customers:

If you are not paying for it, you’re not the customer; you’re the product being sold.

The lecture closed with reminders from Eli Pariser’s The Filter Bubble that with the personalization of information we will lose our identities and end up with a diet of informational junk food (the stuff we maybe want but should not eat to much of).

Then a final word of warning from Evgeny Morozov (The Net Delusion) to remind the audience that there is nothing inherently democratic about technology – our freedom and democracy will not be created, supported or spread just because we have iPods…

Increased surveillance it obviously cheaper than social change

“Everyone watching these horrific actions will be struck by how they were organized via social media. Free flow of information can be used for good. But it can also be used for ill. And when people are using social media for violence we need to stop them. So we are working with the police, the intelligence services and industry to look at whether it would be right to stop people communicating via these Web sites and services when we know they are plotting violence, disorder and criminality.”

Prime Minister David Cameron of Britain addressing Parliament during a special debate on the UK riots.

(via BoingBoing)

Increased surveillance it obviously cheaper than social change. Riots are bad but they are a incredibly potent symbol that something is wrong in society. So far the focus has been on “bad kids”, “bad parents” and “bad social media”. It’s all about blaming the individuals and preventing the possibility of rioting – Nothing about the need to create a society were people don’t want to riot.

Death, Internet & Law PhD

This is so cool! Almost makes me want to do a second PhD… More info here.

PhD Studentship in

Law

University of Strathclyde – Faculty of Humanities and Social Sciences – School of Law -– Legal Aspects of Transmission of Digital Assets on Death

The School of Law in the University of Strathclyde invites applications for a PhD studentship which will research the area of how the law regulates the transmission of digital assets on death, including notions of access, control, propertisation, and ownership. These assets might include: Facebook profiles, photos on Flickr, tweets, virtual assets in online game worlds such as Second Life, e-money, blog texts, eBay trading accounts, etc. This is a novel area where the student will be expected to research independently into appropriate areas of private law (eg property, succession, probate, contract) as well as intellectual property law, personality law and privacy law. A back ground in technology law is not essential, nor a technology qualification, but an interest in the information society is probably essential.

Applicants from any jurisdiction (including non-UK EU jurisdictions) are welcomed but English law will most likely form one of the jurisdictions of the study. Applicants should hold a first or upper second class Honours degree or equivalent in an appropriate discipline. A Masters qualification may be helpful. The studentship is funded by the Horizon Digital Economy Research Hub (https://www.horizon.ac.uk/) who are a major interdisciplinary centre for study of the Internet and ubiquitous computing funded by the RCUK Digital Economy programme and based at Nottingham University; the successful candidate will be based within the expanding Centre for Internet Law and Policy at Strathclyde Law School, but will have opportunities to participate in Horizons activities. The student will be supervised by the Director of CILP, Professor Lilian Edwards.

Applicants should submit, by SEPTEMBER 16 2011, a full CV, two academic references, evidence of academic qualifications to date and a covering letter detailing interest in the area of research to:

Janet Riddell (Horizon Digital Economy Scholarship), Graduate School Manager, Faculty of Humanities and Social Science, Room LT205, Livingstone Tower, 26 Richmond Street, Glasgow, G1 1XH

Or by e-mail to: hass-postgrad@strath.ac.uk

Successful applicants will have their fees at home/EU rates only ((sadly)) waived for three years together with an annual maintenance award for three years of £13,590. The scholarship is for one year in the first instance and subject to satisfactory progress, will normally be renewed up to the maximum of a further 2 years.

Visit www.strath.ac.uk/postgrad for general information on postgraduate research study at the University of Strathclyde and http://www.strath.ac.uk/humanities/courses/law/courses/lawbyresearch/ for further information on research degrees in the Law School.

Informal enquiries may be addressed to: lilian.edwards@strath.ac.uk

Post-Social Media

Yesterday I was in Borås at the Social Media Day which is an annual politics and social media conference (ppt slides and movies here). This year was opened by the US ambassador to Sweden Matthew Barzun, who gave an interesting talk (ppt) (much of it in Swedish, which was impressive). He spoke about the promise of technology and the difficulty of predicting the future and the importance of values in developing and using technology.

He also told the story of the Swedish engineer Laila Ohlgren, who, in the early days of mobile phones, solved an interesting issue of data roaming: by the time you finish dialing you have lost contact with the original phone mast. She proposed the simple – but breathtakingly fundamental – change of dialing the complete number first and then hitting the dial button. Fantastic, simple, basic… and totally revolutionary thinking.

Next up was Marie Grusell who spoke on the topic of party leaders use of twitter in their communication. She made interesting points on the differences between dialog and monologue and the relatively low usage of twitter among Swedish politicians. My focus on this was cultural and I wondered why the use was so low. An interesting comparison to the low numbers (the highest was Gudrun Schyman with 183 following and 9,447 followers) is the Norwegian Prime Minister @jensstoltenberg who follws 34,768 and is followed by 48,698.

This was followed by Per Schlingmann & Hampus Brynolf who held a low-tech (i.e. no ppt) discussion on social media now and in the future. There talk was experienced based and they seemed to be in relative agreement that social media would become a natural part of the political dialogue, that nobody wins elections through social media – but they may lose them through social media, that technology has led to the need for politics to be prepared with immediate answers for everything – which creates a need for an artificial, slowing down to think before you tweet. They also pointed to the unfortunate lack of focus on the everyday social media use in politics and the overemphasis on campaigning.

This was followed by Anders Kihl who demonstrated the ways in which Borås has been working to create multiple access points to municipal information and dialogues. As a practitioner Anders is very down to earth and the work done in Borås shows that everyday social media use in politics is important and engaging.

Jan Nolin introduced the concept of Wikipolitics into the discussion which had so far been very much focused on the concept of social media as a communications channel. He argued that social media channels does not take into consideration the importance of the possibility of using social media as political movements – not only in protests but provides a potential for the harnessing of the power of crowds in everyday socio-political life.

Next up was Grethe Lindhe from Malmö who presented the ways in which the region was using technology to enable citizens to propose and bring up questions into the political arena. By creating this possibility the Malmö region believed that politics would be made more accessible to a larger section of the citizenry.

Lars Höglund took his starting point in the large SOM-survey to attempt to deepen our understanding of the participatory elements of politics and the internet. My main beef was that I got stuck on the group they call “the internet generation” which was defined as those born between 1977-1997. What annoys me about this is that this groups’ aspect is that they have not experienced a pre-web age. Why this classification annoys me is that these digital natives (a term coined by Marc Prensky) are supposed to have special insights into technology. Let me give an analogy: While I was born during the age of the automobile this does not make me competent to talk in depth about the effects of cars on society, our dependence upon fossil fuels or the rise and fall of the car industry.

Last up – before the closing panel was me. I had been asked to talk about the links between social media and the law but I used my time to present some of the interesting points from my latest research into attempts by municipalities to regulate social media through policies. Its a work in progress and yesterday I addressed the concept of the municipality lawyer being negative to social media in a talk entitled Law is simple, people are not. Slides below

One of the things we were asked in the panel was whats up next? What will we be doing with social media today and in the future. What is post-social media? All in all it was a very good meeting. Lots of interesting people and discussions. I am looking forward to the next time.

Politics and social media #msmboras

Tomorrow is the second annual MSMBorås (twitter @msmboras & #msmboras) a growing interesting conference on the relationship between politics and social media. One of the great things is that this meeting does not take place in the political center of Sweden (i.e. Stockholm) but in the town of Borås.

The meeting is a good mix between researchers and active politicians, political commentators/observers and social media aficionados.

This year is opened by Matthew Barzun who will speak on the topic Social media, politics and democracy in the US. Today Barzun is the US Ambassador to Sweden but he has worked on Obama’s first campaign and has been invited back to lead the coming presidential campaign.

This will be followed by Marie Grusell talking on twitter in political elections, Per Schlingmann & Hampus Brynolf on social media in politics now and in the future, Anders Kihl on social media in local politics.

After lunch Jan Nolin presents on Wikipolitics as a collective method of political problem solving, Grethe Lindhe on citizen dialogues, Lars Höglund on the citizens opinions of social media in politics, then I will talk about legal consequences of social media use (kind of boring title – I wish I had chosen more wisely). Then the day is closed with a discussion.

This is going to be extremely interesting.

Defamation on Twitter

It should be pretty straightforward. Telling people that someone is a thief, a drug-pushing prostitute with a history of assault and battery who lost custody of her own child. But this case involves two complicating factors.

  • The case involves celebrities. It’s Courtney Love making these claims about her designer Dawn Simorangkir.
  • She did it using Twitter

The Hollywood Reporter writes:

So on March 17, 2009, Love took to her Twitter account and began hurling a stream of shocking insults at the designer known as the “Boudoir Queen.” Love’s tweets, which instantly landed in the Twitter feeds of her 40,000 or so followers (and countless others via retweets), announced that Simorangkir was a drug-pushing prostitute with a history of assault and battery who lost custody of her own child and capitalized on Love’s fame before stealing from her. “She has received a VAST amount of money from me over 40,000 dollars and I do not make people famous and get raped TOO!” Love wrote.

That tirade, along with others the Hole frontwoman unleashed on social media platforms including MySpace and Etsy.com during the next four days, form the basis of a unique lawsuit headed to court in January: the first high-profile defamation trial over a celebrity’s comments on Twitter.

So now its off to court which will first look at the truth in Love’s claims – telling the truth is the best defence in defamation – then the court will value if Love’s statements are protected opinions and then they will see if the protections afforded to journalists may apply in the case of twitter users.

The court in the present case may firstly address whether these comments are truthful (which is the most obvious defense to a claim of defamation), are protected opinions of Ms. Love or rise to the level of defamation. Then the court may wade into the issue of whether Twitter users are bloggers with rights akin to journalists.

Apparently Love’s defence is also planning to include a medical expert to support the argument – if none of the other defences work – that she was not subjectively malicious: in other words she could not understand how her tweets would be understood by others.

Is information scarce or abundant?

The little I remember of basic economics was some pretty abstract curves that were supposed to depict supply and demand. Or at least the idea that the real cost of something was at the intersection of supply and demand. The simplistic arches of the curves always bugged me. One of the more annoying features is that attempting to map supply and demand is never as easy as it seems.

Take information. Information is important. Information is a resource. But are we in an age of information scarcity or information abundance? We are taught that information used to be scarce. Information is the basis of knowledge and knowledge is power according to Francis Bacon. We are also taught the simple story of Gutenburg who through certain technological developments revolutionized printing, created the market for cheap books and changed the world forever.

But was information scarce? There weren’t many books but did the market lack books?

Complaints about information overload, usually couched in terms of the overabundance of books, have a long history — reaching back to Ecclesiastes 12:12 (“of making books there is no end,” probably from the 4th or 3d century BC). The ancient moralist Seneca complained that “the abundance of books is distraction” in the 1st century AD, and there have been other info-booms from time to time — the building of the Library of Alexandria in the 3d century BC, or the development of newspapers starting in the 18th century. (Blair, Information Overload: the early years, Boston Globe)

One thing seems to be sure: in the post Gutenburg world the number of books and the number of readers increased. The inventions and business models did not only provide cheaper products but led to an increase in readers. The increased number of readers meant that there was a profitable market for more cheap books. And yet the overriding idea of the scarcity of books remained with us. In 1710 the basis for the first modern copyright legislation The Statute of Anne was to create monopolies to writers so the number of books on the market would increase.

Providing incentives for production is done in times of scarcity. Three hundred years later we have surely moved from scarcity to abundance and yet the only changes to copyright legislation has been to increase the incentives by adding more products the law protects and radically increasing the span of protection.

But we live in a time of information abundance. Information overload. Our impulse is to laugh at Seneca and wonder what he would make of an inbox filled with mail. So maybe its not a problem of overload? Clay Shirky presented at Web 2.0 Expo NY a talk: It’s Not Information Overload. It’s Filter Failure. Or maybe I am mixing things up? Comparing two different things? Is the market for books and information really one market?

Or to make things even more interesting: is there one market for information? I don’t care about the price of a bus ticket in Cleveland, the rise or fall of IBM stock, how to make bricks in Sweden and a million other things. To me all this information may as well be abundant since it is (now) irrelevant. Does this mean that we have a Schroedingers Cat of information? Its both scarce and abundant simultaneously? So information is both scarce and abundant? Then how do you make rules…

Its bad enough that the rules focus not on the information but on the packet that carries it. The form but not the content. In a world were content has become less relevant. However can we regulate a resource that is both scarce and abundant simultaneously?

Social Media gets boring

The Sysomos blog has a post claiming that 2011 is the year that Social Media gets boring. At the heart of the argument is the fact that eventually the flashy, shiny new image of the thing will wear off and people will want a new toy.

By that, I mean the novelty will start to wear off as social media becomes a more engrained part of how we communicate, market and sell. Rather than being shiny, new and fascinating, social media will just be.

Social Media is still growing but I agree that its novelty has peaked. It didnt kill all the blogs or destroy old media. To those who find the tool useful it will survive to those who don’t it will eventually be abandoned along with so many other projects intended to change the world.

Despite this peaking of social media many government offices and municipalities are rushing in to the great communications hope. In social media they see a way of invigorating citizen communication but there is a problem – what does my municipality have to tweet that I want to read?

Recently I got an email informing me that the municipality of Uppsala is following me on twitter. It isn’t my first municipality or government but I can’t help but feeling a bit paranoid – the whole municipality is following me? Talk about pressure – what can I say that the municipality would like to hear? On the lighter side of social media and governments I am waiting to receive an email that the secret police are now following me on twitter. It’s not paranoia – it’s technology.

There are many interesting projects dealing with the uses of social media in local government and the tools can play an important role but they require work. Opening up a channel of communication requires an organization around the tool – to read and reply to messages, to handle questions that come up and at the same time ensure that the established norms of integrity and professionalism are maintained even in this new toy. Unfortunately many organizations see social media as a free toy that will require little effort but provide great publicity. These hopeful people need to be reminded that there is no such thing as a free lunch.

The coming boredom of social media is a good thing. It will enable us to see beyond the hype and get on with the work of organization.