Privacy

The Future of Reputation

Daniel J. Solove has written what seems to be an interesting book The Future of Reputation: Gossip, rumor, and privacy on the Internet. The topic of Internet reputation is fascinating and was one of the earliest discussions. The basic premise is that our reputation is our greatest asset but as an asset it is not our own – it is in the hands of everyone else. So what happens when someone messes up that reputation?

A nice touch is that the book is available online for download and licensed under Creative Commons (BY-NC). Check out the table of contents:

Chapter 1. Introduction: When Poop Goes Primetime

Part I: Rumor and Reputation in a digital world

Chapter 2. How the Free Flow of Information Liberates and Constrains Us

Chapter 3. Gossip and the Virtues of Knowing Less

Chapter 4. Shaming and the Digital Scarlet Letter

Part II: Privacy, Free Speech, and the Law

Chapter 5. The Role of Law

Chapter 6. Free Speech, Anonymity, and Accountability

Chapter 7. Privacy in an Overexposed World

Chapter 8. Conclusion: The Future of Reputation

Posted on by mklang

Defending Security by Obscurity

Almost as soon as Google launched its “Social Graph API” the discussions began. As with other innovations in the field of social networking the Google social graph will be a potential new threat to privacy – and like everything else produced by Google it will be well-packaged and presented in a non-threatening manner.

So what is the social graph and why is it important?

Basically the social graph is a way to take existing data and to use it in new ways. By analyzing the information available the social graph will present relationships between data and people online. One of the examples used in the instructional video (found here) is this:

social graph by Google

the user Brad joins twitter and searches for friends. The social graph knows that b3 belongs to Brad (maybe his blog), from the Blog the social graph knows that Bradfitz is also Brad. Bradfitz is friends with Jane274 who is also known as Jane on twitter. Since they are friends on livejournal Brad can ask Jane to be friends on twitter.

The criticism against this model is that Jane274 may accept Bradfitz on livejournal but Jane may be trying to avoid Brad on twitter – even if they are the same people. Maybe Jane is trying to avoid Brad alltogether but has failed on livejournal? Who knows? Whatever the reason Jane may be using different names to create watertight compartments of her online life. This model of security is not particularly strong but it works reasonably well and is known as security by obscurity.

Tim O’Reilly argues that the weakness or false sense of security created by security by obscurity is dangerous and therefore social graphs should be implemented. He realises people will get hurt when the obscurity is lost but considers this to be a necessary cost of evolution

It’s a lot like the evolutionary value of pain. Search creates feedback loops that allow us to learn from and modify our behavior. A false sense of security helps bad actors more than tools that make information more visible…But even here, analogies to living things are relevant. We get sick. We develop antibodies and then we recover. Or we die.

Basically it’s evolve or die to Tim.

This is OK if you are pretty sure to be among those who survive the radical treatment. But what about those who are hurt by the treatment – what about those who die? Danah Boyd at apophenia writes:

…I’m not jumping up and down at the idea of being in the camp who dies because the healthy think that infecting society with viruses to see who survives is a good idea. I’m also not so stoked to prepare for a situation where a huge chunk of society are chronically ill because of these experiments. What really bothers me is that the geeks get to make the decisions without any perspective from those who will be marginalized in the process.

The problem is that the people who will get hurt in large scale social experiments such as these are never those who are responsible in carrying them out. The costs will be carried by those who are not techie enough to defend themselves. The experts will continue to go about their lives because they will always have the ability (time, money, knowledge) to defend themselves.

Those in the position of privilege should remember that with great strength comes great responsibility. In other words those who have the ability to create systems such as these should really think about the social implications of the tools they are creating. Not as seen from their positions of privilege but from the perspective of the users who may be hurt.

Posted on by mklang

Online Friendship

Over at The Guardian Tom Hodgkinson has written about the people who bankrolled Facebook in an article called With friends like these… and it is not a pretty picture. Hodgkinson’s original beef seems to be that he actually does not like social network sites because they tend to isolate rather than connect people and that any form of social connections they create are inherently shallow. So far I am in agreement with him.

But the main beef of the argument is that the people financing Facebook are ultraconservative greedy capitalists who are unconcerned about the privacy of the users. Sure he is right and it is a shame. But how does this differ from almost every other corporation? I would have been more shocked if an online venture had been bankrolled by altruists.

I was skeptical to Facebook, indeed as I am to all social networking sites. But I decided not to knock it without trying. Early on I aired my skepticism by asking my friends the question: If I don’t get facebook – does this mean I am too old? Is this a mid(?) life crises? The answers were predictable which is unsurprising considering I was asking the question to other Facebookers.  I muddled along. Collecting friends adding applications but still unconvinced.

I joined causes and added applications. Recruited friends to causes and compared everything from movie taste to strange dating preferences. None of which revealed who I was. As with all online behavior it is a persona or a dimension – it is not me. Anyway, so now I have 136 friends. What does this mean? Am I popular yet? I still don’t get it. Isn’t a double espresso or a beer with a live friend infinitely better than all the online notes? Hodgkinson really puts his finger on the whole thing

And does Facebook really connect people? Doesn’t it rather disconnect us, since instead of doing something enjoyable such as talking and eating and dancing and drinking with my friends, I am merely sending them little ungrammatical notes and amusing photos in cyberspace, while chained to my desk?

Rather than silly comparisons and online games I want real connections. Of course I cannot easily drink beer with friends in other countries but Facebook is no solution to this problem. I don’t have the interest or the energy to try to reform Facebook through campaigns or to attempt to leave it by deleting each contact one by one. So I will let Facebook be and let the activities continue. The whole thing will eventually just go the way of the dinosaurs when users find something new to amuse themselves with. Until then the advertisers will believe that they know something about potential customers, the researchers will believe they know something about online communities, the investors will believe that they will be rich forever and the users will believe that friendships exist online.

Posted on by mklang

Privacy International Ranking 2007

Privacy International has released its Privacy Ranking for 2007 (28/12-2007).

privacy2007.jpg

The picture is a detail of the report’s privacy map. Where black is the worst, pink/purple is bad, red is not good and so on. Privacy International writes about its own report:

The most recent report published in 2007, is probably the most comprehensive single volume report published in the human rights field. The report runs over 1,100 pages and includes 6,000 footnotes. More than 200 experts from around the world have provided materials and commentary. The participants range from eminent privacy scholars to high-level officials charged with safeguarding constitutional freedoms in their countries. Academics, human rights advocates, journalists and researchers provided reports, insight, documents and advice…The new 2007 global rankings extend the survey to 47 countries (from the original 37) and, for the first time, provide an opportunity to assess trends.

The report shows that the situation is worsening. Read the report here.

Posted on by mklang

Trust no-one

The question of trust is a difficult one. The decision to trust must be made taking into consideration both now and by calculating future probabilities into the equation. Unfortunately the users of the users of Hushmail, a longtime provider of encrypted web-based email made the wrong decision.

The main selling point of Hushmail was it’s encryption which would guarantee privacy and security to the user.  Hushmail markets it’s service by saying that “not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer.”

Unfortunately such promises are rarely true. In an article in Wired:

A September court document (.pdf) from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail.

I have no sympathy for the drug dealers but it is important to realize that relying on free services provided by companies will never ensure a reliable infratructure – when placed under stress the private company has an obligation to make a profit, not to protect non-paying users.

Posted on by mklang

Wikipedia & Defamation

The Wikipedia Foundation was being sued by three French nationals for invasion of privacy and defamation after a wikipedia page identified them as being gay activists. The French judge Emmanuel Binoche dismissed the case, stating that wikipedia was not responsible for information introduced onto its Web site and stated that web site hosts are not legally bound to monitor information stored on their websites.

In the written ruling Binoche writes: “Web site hosts cannot be liable under civil law because of information stored on them if they do not in fact know of their illicit nature”

This position is in line with the accepted approach to ISP liability. Gavin Sutter has written extensively on this topic see for example Gavin Sutter (2003) FE/HE Institutions and Liability for Third Party Provided Content.

(via Slashdot)

Posted on by mklang

You've got to be kidding?

Consumer Law and Policy Blog has a great article on the moronic “browse-wrap” agreements, a derivation of the “shrinkwrap” licensing terms that appear inside packaged software. The Browse-wrap agreements is the terms and conditions which the company believes that they are able to enforce on anyone who happens to browse over to their website.

In fact the company Inventor-link has the following terms in there browse-wrap (“Privacy and User Agreement):

Furthermore, we strictly prohibit any links and or other unauthorized references to our web site without our permission.

So even without visiting their website they claim that people cannot link to their site without their prior consent.

Consumer Law and Policy Blog writes:

Depending on the circumstances of the case, browse-wrap agreements may or may not be enforceable. Where a company has included a provision prohibiting fair use for purposes of criticism, however, it is hard to see how any court would enforce the agreement. Readers of a site have little opportunity to review and agree to such terms, and a reasonable consumer who had reviewed the terms would be unlikely to agree to them.

Attempting to control linking is not a new phenomena. Back in 2001 KPMG attempted to intimidate the owner of a website and prevent him from linking to the KPMG theme song (oh, yes!) by claiming that he had not been approved through a “Web Link Agreement”, read the story (and the cheesy song lyrics) on Wired.

The article over at Consumer Law and Policy Blog contains an interesting analysis of the situation and I recommend that everyone should read the article and take a stand to make sure that idiotic licenses (?) such as these become as worthless as the code they are written in.

Posted on by mklang

It isn't a violation if you know…

Here is another nomination for the category of dumb people. The principal of the Kastanjeskolan (Chestnut School) in Tomelilla Sweden wants to install surveillance cameras. Now while I really believe surveillance cameras in schools is a really bad idea I would not nominate the principle for this alone.

On being asked about the implications on student privacy the principal allegedly answered that it was not a violation of privacy since there would be signs informing the students that there were surveillance cameras in action.

Whoa! Your privacy is not violated if you are informed? What a dope. The principal of the school apparently does not get the difference between privacy as a basic right and the purpose of informing people about potential violations of privacy.

First we must argue the question of whether minors are really capable of grasping the privacy implications of video surveillance (many adults are not). Secondly, the children attending the school have no real choice but to attend the school – therefore informing them of cameras is not the same as providing them with the opportunity to make informed choices since they lack the real freedom to choose.

Additionally the installation of camera surveillance in schools sends a very peculiar message to the students.

Considering the lack of insight and obvious lack of thought displayed by the principal parents should seriously consider whether this is the right school for the children…

(via Infontology)

Posted on by mklang

Librarians Rock

The general image of the librarian is definitely uncool but this image has been changing for a long time. When the New York Times published its article A Hipper Crowd of Shushers last week (8 July) this was a sign of the times.

Librarians? Arenâ??t they supposed to be bespectacled women with a love of classic books and a perpetual annoyance with talkative patrons â?? the ultimate humorless shushers?

Not any more. With so much of the job involving technology and with a focus now on finding and sharing information beyond just what is available in books, a new type of librarian is emerging…

How did such a nerdy profession become cool â?? aside from the fact that a certain amount of nerdiness is now cool? Many young librarians and library professors said that the work is no longer just about books but also about organizing and connecting people with information, including music and movies.

The upcoming documentary The Hollywood Librarian (release 29 September) will also become part of the way in which the perception of librarians is changing.

Instead of being only the strict formal organizer the librarian is actually on the forefront of several important debates in the information society. The questions of access to knowledge, privacy, free speech, open access and parts of the DRM debate are being lively discussed among librarians.

Posted on by mklang

Nothing to Hide

An often used argument against privacy is “nothing to hide” – this refers to the concept that if you have nothing to hide then you should not be concerned about your privacy. In part it is built on a reversed no smoke without fire idea. The problem with this is not that people have something to hide but rather the problem is that innocence is not necessarily an defense against bad consequences.

Often the nothing to hide idea is use against those who argue for more privacy regulation i.e. stronger protection against invasion of privacy. The numerous examples of innocent people getting hurt should provide an abundance of material to ensure that such an argument is not used but again this is wrong. We tend to forget past injustice and often believe that our legal system will only act against the guilty.

Daniel Solove has written an interesting article on the other use of the nothing to hide argument. This is from the abstract:

In this short essay, written for a symposium in the San Diego Law Review, Professor Daniel Solove examines the nothing to hide argument. When asked about government surveillance and data mining, many people respond by declaring: I’ve got nothing to hide. According to the nothing to hide argument, there is no threat to privacy unless the government uncovers unlawful activity, in which case a person has no legitimate justification to claim that it remain private. The nothing to hide argument and its variants are quite prevalent, and thus are worth addressing. In this essay, Solove critiques the nothing to hide argument and exposes its faulty underpinnings.

Read ‘I’ve Got Nothing to Hide’ and Other Misunderstandings of Privacy.

Posted on by mklang