apophenia :: privacy

February 23, 2008

The Future of Reputation: Gossip, Rumor, and Privacy on the Internet

When I was last in DC, I had lunch with Daniel Solove and we were talking about book publishing. He had been thinking of making his book downloadable under Creative Commons and I was like DO IT DO IT! This is the kind of book that is sooo relevant so many different audiences who would never hear about it through traditional advertising. My thought is that if it were available online, it could whet folks appetite before buying it (cuz printing it out is painful and reading it online is not wonderful either and your Kindle doesn't support PDFs). Introducing...

The Future of Reputation: Gossip, Rumor, and Privacy on the Internet

This book examines the darker side of personal expression and communication online, looking at some of the social costs of what I'm always rambling on about as "persistence, searchability, replicability, and invisible audiences." Our reputation is one of our greatest assets. What happens when our own acts or the acts of others sully that? What role does the technology play in enabling or stopping that? How should the law modernize its approach to privacy and slander to address the networked world?

While this book is written by a professor, it's written in extremely accessible manner and should be devoured by parents, marketers, technologists, teachers, HR professionals, policy makers, and anyone else who might have a stake in the world of reputation. I also found excerpts helpful for students who are trying to make sense of the costs of their practices. Oh, and it's a fun read.

If you hate reading from the screen, just go and buy the book. The author and his publisher will thank you.

(Oh, and go Yale University Press! You're batting well in the CC/open-access publishing baseball game!)

Category: privacy

Tags: reputation book

   

Posted by zephoria at 2:15 PM | Comments (3) | TrackBack (0)

February 8, 2008

a google horror story: what happens when you are disappeared

Earlier this week, an acquaintance of mine found himself trapped in a Kafka-esque nightmare, a nightmare that should make all of us stop and think. He wants to remain anonymous so let's call him Bob. Bob was an early adopter of all things Google. His account was linked to all sorts of Google services. Gmail was the most important thing to him - he'd been using it for four years and all of his email (a.k.a. "his life") was there. Bob also managed a large community in Orkut, used Google's calendaring service, and had accounts on many of of their different properties.

Earlier this week, Bob received a notice that there was a spam problem in his Orkut community. The message was in English and it looked legitimate and so he clicked on it. He didn't realize that he'd fallen into a phisher's net until it was too late. His account was hijacked for god-knows-what-purposes until his account was blocked and deleted. He contacted Google's customer service and their response basically boiled down to "that sucks, we can't restore anything, sign up for a new account." Boom! No more email, no more calendar, no more Orkut, no more gChat history, no more Blogger, no more anything connected to his Google account.

::gasp:: My heart threatens to attack my throat at the mere idea of losing four years worth of email. ::shudder:: Or what if this blog disappeared? Like, OMG. {insert horror film music here}

Luckily, Bob is well-connected. His friends in high places forwarded his story to powerful people inside Google. Today, his account was restored. While such a restoration should provide a sigh of relief, it's also a bit disconcerting. What if Bob hadn't been so well connected? What other kinds of damage can phishers do to people who have so many of their key tools linked together under a common account?

Most tech companies blame phishing victims. Basically, the general sentiment is that if people weren't so stupid, there wouldn't be a problem. Yet, there is great research on Why Phishing Works that shows that even sophisticated users can be deceived. While education is important, it is unrealistic to expect all users to keep up with the developments of scammers' deceptive techniques. Consider the story of Clementine, a 13-year-old citizen of Gaia Online who fell victim to a phishing attack and had her account deleted without recourse. Once again, Clementine's saving grace was that she had connections, but it took a long time and she was written out of her primary social space in the meantime.

When companies host all of your data and have the ability to delete you and it at-will, all sorts of nightmarish science fiction futures are possible. This is the other side of the "identity theft" nightmare where the companies thieve and destroy individuals' identities. What are these companies' responsibilities? Who is overseeing them? What kind of regulation is necessary?

There's also a flip-side to this story. Google was able to restore his account because they kept everything on backup servers. In this case, Bob didn't want to have all of his content deleted. But what if he had deleted it himself and expected it to be deleted permanently? Who should have the right to recall his data and under what circumstances? I find it particularly haunting that there is no way to delete your Facebook account. You can only "deactivate" it, but you can reactivate it at any time and everything will come right back. What if you don't want to go down on Facebook's permanent record?

These are the issues that worry all sorts of privacy and identity types. They are the cornerstone of books like Daniel Solove's The Digital Person and Simson Garfinkel's Database Nation. Yet, as with identity theft, few people stop to think about data loss until it happens to them. But perhaps we should. How would you feel if the company hosting your email suddenly decided to disappear you? Or if Facebook/MySpace/Flickr/Xanga/etc. decided to delete your account right now? (There are plenty of examples of this one too. For example, many celebrities have found their accounts obliterated because company reps think that they're fake. And then there was Friendster...) Imagine if you had no path of recourse. Talk about disempowering!

In thinking about this, your first response should be to back up your data. (And grumble loudly about all of the places where this isn't possible.) But what's your second step? What kind of legislation is necessary to address this? What kind of data recovery (or non-recovery) policies should companies have?

Update: Check out this case of a guy being banished from Facebook for reasons that the company refuses to explain to him (in a Kafka-esque nightmare). This is particularly intriguing given that the company is trying to make Facebook a universal platform. If Facebook becomes a platform, what rights to due process do users have?

Category: privacy

Tags: identity theft google

   

Posted by zephoria at 2:32 PM | Comments (30) | TrackBack (0)

December 16, 2007

adults' views on privacy (new PEW report)

PEW has a new report out on adults and privacy: Digital Footprints. It's a solid report on the state of adults' perception of privacy wrt the internet. Of course, what amuses me is that adults are saying one thing and doing another.

Adults are more likely than teens to have public profiles on SNSs. 60% of adults are not worried about how much information is available about them online. (Of course, young adults are more likely than older adults to believe it would be "very difficult" for someone to locate or contact them.) 61% of adults do not bother to limit the amount of information that can be found about them (including many who are purportedly worried).

In other words, adults (and presumably there are parents in this group) are telling teens to be careful online and restrict what information they put up there while they themselves are doing little to protect their own data.

This reminds me of adults who tell their kids never to meet strangers online under any circumstances and then proceed to use online dating sites and, rather than meet in public places, choose to go to the stranger's private residence. Adults need to think about safety too - it's not a story of binaries. The safe and practical approach is somewhere between abstinence and uber risky behavior.

Both adults and children need to learn how to negotiate safety and privacy in a meaningful and nuanced way. Adults need to socialize young people into conscientious participation online, both wrt to privacy and safety. You cannot simply wait until teens are 18 and then flip the switch and say GO! This has dreadful and dangerous consequences.

Anyhow, I'm not doing justice to the PEW report. Read it yourself. It's quite interesting and there's great data and it's well situated.

Category: privacy

Tags: pew

   

Posted by zephoria at 7:30 PM | Comments (10) | TrackBack (0)

September 9, 2007

SNS visibility norms (a response to Scoble)

A few days ago, I lamented the tech crowd's Facebook fetish. Scoble raised the bar by responding to all of my nitpicks. Now, it's my turn again. Tehehe.

I think that Scoble summed it all up perfectly with this:

"But what I don't understand is why so much of the tech crowd who lament Walled Gardens worship Facebook." Because there isn't anything better. It's like why we are so gaga over the iPhone. The iPhone is locked up tight and doesn't let us play. But it is so superior to the alternatives that we’ll put up with all the walls.

He's totally right. And what he's really saying is that I should recognize and accept the hypocrisy within the tech crowd. They will happily say one thing loudly, but if the cool new glittery toy that they want has major failings, they'll bite - hook, line, and sinker. I'm not convinced that FB is "so superior to the alternatives," but I totally see how it plays into the values and aesthetics of the tech crowd. Maybe we should start calling FB (and other tech toys) "Precious"? And then we can run around in demented voices saying "One tool to rule them all!" ::giggle:: (OK, that's probably not funny, but it's late and I'm entertaining myself here.)

Anyhow... what I really want to address was a realization wrt visibility that I had while reading Scoble. In writing my earlier post, I was thinking primarily of teens when I was talking about visibility. Scoble points out that he really WANTS to be super visible, searchable on Google, etc. And he references the career-minded college students who will relish said visibility. This made me think about the different factors at play when it comes to visibility on social network sites.

MySpace started out as PUBLIC PUBLIC PUBLIC. They only added privacy features when they welcomed 14 and 15-year olds and for a while, you had to lie and say you were 14 to get a private profile. While the teen crowd was not using MySpace as a hyperpublic platform, artists were. They wanted to be as public as possible, to get as many fans as possible, to SEE and BE SEEN. This wasn't just the story of musicians... even semi-porn divas like Forbidden and Tila were all about being hyperpublic and there were certainly teens who thought they'd be the next American Idol or Top Model by being found on MySpace. There are folks who want to leverage the platform to be the object of everyone's gaze. As it expanded, MySpace received unbelievable pressure to add privacy options, to protect its users (both young and old). Even though a MS Friends-only profile is about as private as you can get, MySpace is constantly shat on for being dangerous because of exposure.

Facebook differentiated itself by being private, often irritatingly so. Hell, in the beginning Harvard kids couldn't interact with their friends at Yale, but that quickly changed. Teens and their parents worship Facebook for its privacy structures, often not realizing that joining the "Los Angeles" network is not exactly private. For college students and high school students, the school and location network are really meaningful and totally viable structural boundaries for sociability. Yet, the 25+ crowd doesn't really live in the same network boundaries. I'm constantly shifting between LA and SF as my city network. When I interview teens, 80%+ of their FB network is from their high school. Only 8% of my network is from Berkeley and the largest network (San Francisco) only comprises 17% of my network. Networks don't work for highly-mobile 25+ crowd because they don't live in pre-defined networks. (For once, I'm an example!)

The interesting thing is that Scoble wants to make Facebook do what MySpace does. He wants to be a micro-celeb with a bazillion friends/fans and he wants to interact with all of them. And he wants to do it on Facebook because he sees that as more his space than MySpace, even though the other is set up for that. (I can't really see the porn-Scoble or the emo-Scoble, but it sure would be funny.) He's bumping up against the fact that Facebook was designed to be closed, to be intimate, to be tight. It was what made its early adopters value it. And now, for whatever reason, Facebook has decided to move in the direction of MySpace - slowly tiptoeing to being a very public service.

It makes sense to attract those who want to be public, but how public can they go without affecting those who relish the closed-ness? For the most part, Facebook has been immune from privacy-related attacks from the Attorneys General and press. They've been toted as the "right" solution. Can people who want to be private live alongside those who want to be PUBLIC? How are boundaries going to be negotiated? It seems to me that this all comes back to context and context is really getting cloudy here. It seems to me that there might be two totally different sets of expectations emerging without an in-between solution. And I have a sneaking suspicion that the "solution" is to push people into accepting being public.

I feel the need to address folks' response that it's all about the privacy settings. Someone out there has to have public data on how frequently people change settings vs. staying with the defaults. (I've seen plenty of private reports on this, but don't know of any that I can cite.) Let's just say that defaults matter. Very few people change the defaults. They are more likely to shift their behavior (or leave a site) than change the defaults. Thus, a move to force people to "opt-out" is not only about dictating the social expectations, but also setting people up to face the costs of those defaults, even if they don't really want to. I don't really understand why Facebook decided to make public search opt-out. OK, I do get it, but I don't like it. Those who want to be PUBLIC are more likely to change settings than those who chose Facebook for its perceived privacy. Why did Facebook go from default-to-privacy-protection to default-to-exposure? I guess I know the answer to this... it's all about philosophy. Unfortunately, it's not a philosophy that most of the teens I interviewed or their parents share. But this type of exposure is far more insidious and potentially harmful than the privacy trainwreck I documented earlier.

I think that one of the reasons that the tech crowd lurves Facebook is because they both want the "transparent society." This is the philosophy that information dissemination can only be beneficial and that people should not seek to hide things. Embedded in this are unstated issues of privilege and normative views. It's OK to be transparent when you look like everyone else, but go ask the gay Christian living in an Arab state how he feels about being transparent about his social world. Fleshing out a critique of the transparent society requires a different post, but I'm starting to get the sinking feeling that we're all part of a transparent society experiment and my discomfort stems from a deep concern about who all is going to get washed up in that tsunami. The goal doesn't seem to be about helping people maintain privacy; it seems more like pushing them to accept a world where they are constantly aware of everyone around them. Hmm...

Category: privacy

Tags: facebook visibility transparency

   

Posted by zephoria at 12:37 AM | Comments (21) | TrackBack (0)

September 7, 2007

controlling your public appearance

In the last month, I've received almost a dozen panicked emails from people who had commented on my blog at one point or another and were horrified to find that their comment was at the top of Google's search for their name. In each case, I have respectfully altered the comment to an anonymous name. I prefer not to remove these comments because this leaves holes in my blog, especially when others' comments are based on those earlier comments. Unfortunately, most of these people do not understand how Google's cache works and write back in rage that it's not fixed. I politely try to inform them that Google's cache can take months to update and I cannot do anything to speed this up.

When people bitch about MySpace and Facebook being walled gardens, one of the positive things that I offer in return is, "at least those teens' profiles aren't in Google's cache." With Facebook's opt-out decision, this is no longer the case. As I mentioned yesterday, I'm a bit terrified of what this might mean long-term.

As a teenager, I was petrified of my mother finding my Usenet posts. It's not that I said much on Usenet that would've upset her (although the Bad Religion tirades are a wee bit embarrassing), but I didn't want her to see my political or topical commentaries. (Sidenote: I left the sexuality exploration discussions for IRC which ::crossing fingers:: weren't recorded.) I used various handles, most of which are not findable by anyone other than my brother (and even he can't find all of them). That's not to say that there's not a lot of embarrassing material online - I've been blogging for over ten years and I've definitely posted things that would be drudged up if I were to run for office.

The best thing about being an active blogger is that stuff gets buried by repetitive blogging. My new stuff goes to the top of the search engines, my old stuff fades away. And we have a name for anyone who goes out of their way to find that old stuff: stalker. And we don't really wanna work for, date, or befriend genuine stalkers. If it's public, but not easy to find, it's creepy that you went out of your way to find it. (I'm fascinated by the creeps... and journalists... who go through courthouses and other public records places to drudge up tax records, legal motions, housing details, etc. It's all public, but c'mon now...)

We've all heard that privacy is dead, but you can still control your public appearance and it's really critical that you start doing so. Don't whimper about how Google is destroying your reputation. Take control!

So here are some suggestions, for adults and teenagers:

• Create a public Internet identity. I strongly recommend blogging, but even a homepage will do. Have a genuine all-accessible identity online that you're cool with grandma and your boss reading. Don't make it uber drab, but do provide context for who you are, what you do, what you're passionate about, etc. Think of it as a digital body and dress it up as if it were going into a job interview. Blogging is especially good because you can keep updating your identity over time in a way that shows that you think. It's much easier to get a sense of someone through their commentary on public affairs or life around them than through a static page.
• Say NO! to Facebook's public search option. Click "privacy" - "search." Under "Who can find my public search listing outside of Facebook?" uncheck both boxes. Be proactive about this. You might not think you care now, but having your Facebook profile at the top of a search for your name might not be what you want when you're looking for a job.
• Expect unexpected audiences. Your profile on Facebook and MySpace might be "private" but when you join the Los Angeles Network or when you accept someone who knows someone, you might find that the audience viewing your profile is not who you expected. Are you prepared for this? Make sure that profile says what you want it to say, even to those you don't expect. If you want to be a porn diva and make it in Hollywood, put up that slutty photo, but if you want to be a lawyer, you might regret that photo a few years from now. Of course, I'm sure there are porn stars who later became lawyers, just like there are actors who became governors.
• Write blog comments as though you're writing your own blog. The more popular a blog, the more likely the comments from that blog are to show up high on Google's lists. If you write inflammatory shit on those blogs just to piss people off, it will come back to haunt you. (It depresses me that a huge chunk of the comments on BoingBoing's new comment system are extremely negative.) Personally, I don't think that you should be anonymous on a blog. I think that you should stand by your name, but write articulately. And blog on your own blog so that the comments are not at the top.
• Treat video and audio just like text. Right now, video and audio aren't searchable, but they will be. Don't think that you can say or do anything you want on a video and it will never come up. That Neo-Nazi video you made and put up on YouTube cuz you thought it was funny will eventually be searchable and associated with your name. Are you really ready for that to appear at the top of a Google ego search?

(If you have other suggestions, add them to the comments.)

But above all else, seriously, create a public Internet identity, maintain it, link to it, build it, love it, hug it, and call it George. I can't tell you how important this is. I used to say that a LinkedIn profile would do, but now that they're so locked down to people who don't pay, they don't provide that value any more. If you don't want to go through the hassle of registering a domain and figuring out HTML, just make a Blogspot account and make the Title your name. But keep it up-to-date so that when people want to look up who you are, they're going to see that page and go, "wow, she's really interesting."

Yesterday, I was talking about this uber smart college frosh to one of my colleagues. His name is about as generic as it gets and he shares it with a few celebs - "Sam Jackson" - so I wasn't expecting much when I threw his name into Google. Much to my pleasure, his college blog comes up as #4 on Google. Here is a newly minted college freshman who put together a blog about applying to college when he was in high school, has commented on others' blogs in an articulate and engaging manner, and is genuinely actively engaged in thinking about the world around him. He's attracted the attention of all sorts of folks and I have no doubt that people who wish to hire him (or admit him) have looked at this blog to get a sense of who he is. He makes it clear that he understands this medium and how to present himself accordingly. Hell, I intend to hire him precisely because he gets it.

Carefully crafting and cautiously managing one's public image is a critical aspect of living in a mediated public world. Every advice column I've read warns people of the dangers of living online. I think that this is idiotic. People need to embrace the world we live in and learn to work within its framework. Don't panic about being public - embrace it and handle it with elegance.

[PS: I've said a lot of this before in the Harvard Business Review.]

Category: privacy

Tags: facebook myspace identity profile search

   

Posted by zephoria at 8:34 AM | Comments (28) | TrackBack (0)

August 10, 2007

personalized viral marketing

A viral marketing campaign for Dexter (a "killer" new series) invites people to add information about their friends so that they'll be sent a personalized video that makes them look like they're next on the list of people a serial killer is targeting. The video site looks like a YouTube knock-off and there are thousands of views and hundreds of comments pre-populated for this "news" story.

This marketing campaign has already fooled a few. I received a concern message tonight from a friend whose friend received one of these and thought that some stalker had grabbed stuff from her Facebook. Turns out it's just one of her friends playing a trick on her.

Category: privacy

Tags: marketing

   

Posted by zephoria at 11:13 PM | Comments (8) | TrackBack (0)

May 30, 2007

Harvard Business Review Case Commentary: "We Googled You" (newly interactive)

In each issue, the Harvard Business Review has a section called "Case Commentary" where they propose a fictional but realistic scenario and invite different prominent folks to respond. I was given the great honor of being invited to respond to a case entitled "We Googled You."

In Diane Coutu's hypothetical scenario, Fred is trying to decide whether or not to hire Mimi after one of Fred's co-workers googles Mimi and finds newspaper clippings about Mimi protesting Chinese policies. [The case study is 2 pages - this is a very brief synopsis.] Given the scenario, we were then asked, "should Fred hire Mimi despite her online history?"

Unfortunately, Harvard Business Review does not make their issues available for free download (although they are available at the library and the case can be purchased for $6) *but* i acquired permission to publish my commentary online for your enjoyment. It's a little odd taken out of context, but i still figured some folks might enjoy my view on this matter, especially given that the press keep asking me about this exact topic. (Update: apparently HBR has the case without responses on their site for the Interactive Case Study.)

"We Googled You: Should Fred hire Mimi despite her online history?"

Update: Apparently, unbeknownst to me, HBR has decided to make this case study the First Interactive Case Study. While they don't share all of our responses with the public, they invite anyone to respond to the case with their own feelings on the matter. They want people to submit to their site so that they can publish the best-of, but personally, i'd be *stoked* to hear how all readers of this blog would respond to this case study. So, please submit something, but also add your thoughts to the comments or post your response to your blog (and comment the URL) so that we can all read your thoughts. I found this exercise mentally fun and i hope you do too! (tx Andy Blanco)

Category: privacy

   

Posted by zephoria at 4:31 PM | Comments (13) | TrackBack (0)

March 4, 2007

government demands UGC surveillance

The Bush administration has accelerated its Internet surveillance push by proposing that Web sites must keep records of who uploads photographs or videos in case police determine the content is illegal and choose to investigate. -- Declan McCullagh, CNET News.

::jaw on ground:: I really hope Declan is wrong on this report because if he's not, we're in deep shit. Can you even imagine what this would mean for civil liberties and freedom of speech? This data retention idea is on par with the China policy. ::eyes wide open::

My favorite part of the article is:

Only universities and libraries would be excluded, one participant said. "There's a PR concern with including the libraries, so we're not going to include them," the participant quoted the Justice Department as saying. "We know we're going to get a pushback, so we're not going to do that."

No shit you'd get a pushback. And yet this is the same government that wants to require that all schools and libraries block all content-sharing sites for minors. Put together, there'd be very little in the way of sharing.

Does anyone know if this is real? Links for more information?

(Tx Xeni)

Category: privacy

   

Posted by zephoria at 11:04 PM | Comments (9) | TrackBack (0)

August 14, 2006

AIM and Plaxo

I just installed AIM for the first time in a bazillion years having used nothing but Adium and Trillian for forever. And what did i find? Apparently, Plaxo has teamed up with AIM for this Universal Address Book. My first reaction was to panic - i want nothing to do with the evil spamming service that has been the bane of my existence since it started. For years, i've gone out of my way to provide fake data every time someone sends me a Plaxo invite in an attempt to ward off stalkers and folks who want to connect the dots. As i've said before, i want nothing to do with Plaxo (see [1][2]). And then i started breathing and tried to remind myself that companies change, maybe it's not so bad anymore. To catch my breath, i logged into Bloglines to surf for a few moments before continuing with the signup process. What did i find? Micki's essay on how Plaxo is holding her data hostage. Back to panic mode.

Why why why can't Plaxo go away? I don't want it to connect the dots between who i AIM and who i email and who has me in their addressbook. I don't want a universal addressbook controlled by some external organization that i don't trust that spams my friends and keeps data hostage. I don't like the lack of transparency and the massive amounts of data that they have. I do not trust them, Sam I am.

Gah. And i can't figure out how to finish installing AIM without making a Plaxo account. ::wimper::

Category: privacy

Tags: plaxo spam AIM addressbook

   

Posted by zephoria at 10:38 PM | Comments (18) | TrackBack (0)

August 10, 2006

passwords through favorites = bad idea

My credit union decided to change their password recovery system today. Now, you have to choose three questions and answer them. The problem is that they are all "What is your favorite n" where n is restaurant, band, movie, song, actor, book, drink, food, place, past-time...

Uhh... have we not learned anything? People's favorites change over time. This is not something that a customer will remember and if it is stable, it is probably all over the web on their profiles for dating and social network sites. So not only is this not a reliable way to help customers, it's about as insecure as you can get. Furthermore, the likelihood of a person writing this down is *huge* because it's not something that they know by heart (like "where were you born" or "what's your first pet's name").

Can people please stop using favorites in the password recovery process? Pretty please with a cherry on top??

Category: privacy

   

Posted by zephoria at 1:20 PM | Comments (6) | TrackBack (0)

June 9, 2006

NSA spying on digital publics

Over 40 people sent me a link to the New Scientist article: Pentagon sets its sights on social networking websites. First, thank you. Second, ::sigh:: I wish that i could say that i'm shocked, but i'm not. Still, i want to address it.

Those of you who knew my work at MIT knew that i was obsessed with the socio-structural information one could derive from email correspondences. Jeff Potter and i put together Social Network Fragments to visually convey how much information was available through just a single person's email archives. If you've ever CCed anyone, you've told everyone on that list meaningful information about your connections. Individual archives hold meaningful data about dozens of people's social networks. To show this, we put our visualization up at a gallery in New York to make a statement about the privacy implications. Of course, one person's data is nothing compared to the data that AOL, Hotmail and Yahoo! have. We couldn't find anyone who had never sent or received an email from each of those companies. I'd guess that each could generate a pretty decent model of the entire nation's social network.

Part of what makes email networks so powerful is the redundancy. It's not just the one email you received from kiddiepr0n@aol.com or the fact that you have this in your addressbook, but the fact that you have an ongoing dialogue. Repetitive CC patterns are also super informative. What emerges is pretty fascinating - you can see who operates as bridges and start to get a sense for different functioning clusters and the power of structural holes. Spam is blatantly apparent, but you can also find breakups and love affairs without even getting into content analysis.

The government asked us to engage with them to help them track terrorists; we refused. But, given where we presented this work and who was in the audience, i can't pretend as though this work didn't help them think of ways to make sense of communication pattern networks and this has often haunted me. I'm all in favor of tracking down malicious individuals, but, as we've seen with the AT&T case, the government is happy to step all over individual privacy in the process. I understand why network researchers want to work for government agencies: infinite funding, computation power and the ability to access massive data sets. Still, i could not do it, as intriguing as the work is.

While our work was fascinating, in order for the big questions to be asked, you'd need to get one of the major three email providers to turn over their data. My hope was that this would never happen, but i have to say, i never thought a telco would sleep with the NSA. The fact of the matter is that the data that the NSA has because of AT&T is far far far more powerful than what they can derive from MySpace or other social networks. Why? It is behavior data, not articulated data. I will come back to that in a moment. But think for a moment... even if you don't subscribe to AT&T, do you know who your friends subscribe to? All of their data is included which means your conversations with them are too. Thus, even if you're like me and are boycotting AT&T, you're still in the system. We all are.

So behavioral and articulated... we've talked about this before, but there's a huge difference between saying you're friends with someone and actually being friends with them. Of course, this probably doesn't matter in a McCarthy era where any thread that connects you to a Communist is good enough. Friends on MySpace are equivalent to all the other familiar strangers you interact with every day - shopkeepers, cabbies, waiters, etc. If the government is really trying to gather information, they cannot be stupid enough to think that your list of 9000 friends is meaningful, but people have been accused of patronizing the wrong stores before. Of course, the value in the bazillion friends is that it provides starting information to find network clusters. In other words, it's one thing if you're friends with Lucky, but it's another if all of your friends are also friends with Lucky. What is most interesting though is if all of your friends are friends with Lucky and you aren't... experience has shown me that you and Lucky were once good friends/lovers and are now not on the best of terms.

There is also a lot of other public data in MySpace that is meaningful and i've been using this for analysis purposes. Top 8s are quite significant... even more so when they change. Combined with the Top 8s of those people (etc.), you can start to get a really meaningful picture of cliques. Comments are meaningful (except for the "Thanks for the add" ones) but picture comments are even more meaningful and repeat comments from the same person are the most meaningful. By complementing friends lists, this material provides a layer of behavioral data on top of the articulated data.

All this aside, what bothers me the most about this is the fact that the government thinks this is OK just because it's possible to do. Some people will immediately argue that of course they should, it's public data! Whenever you leave your home, someone could track your movements, marking every time you enter and leave different buildings, marking what you're wearing and who you're speaking with in public, etc. People hire PIs to do precisely this (often when they assume our partners are cheating). No one would be cool with a government snoop sitting on every street corner marking the public paths of every citizen just because they could. Luckily, the overhead of this is so outrageous that we only do it when we are really concerned about a particular individual. Networked technologies not only make this easier, but they also make the snoop invisible. Problematically, people don't sweat the invasion so much because they can't see it.

An argument that people make is that you should have nothing to fear if you've done nothing wrong. This is sooooo irritating. First, this is only true if you are interested in upholding hegemonic cultural norms. The adorable gay couple next door are doing nothing wrong in my eyes, but their kissing is all sorts of problematic to a government that wants to ban their right to love each other. Aside from queer life, think about all of the decisions you made that aren't necessarily "normal" even if many of us live a pretty privileged life. Second, there's a difference between illegal and not exactly the best impression. I want the ability to pick my nose when i don't think anyone's looking and i don't want a camera to capture me scratching my ass on a cigarette break outside of work. That's just plain embarassing. I don't want to always smile or stand up straight or pretend like i'm in a good mood just because an image might go down on my permanent record. That's just plain exhausting. Third, everything is context dependent. I've done nothing wrong when i stumble out of 1015 drunk as hell and hail a cab, but my drunken stumble is not something that i want to expose to my advisor or, frankly, the government. These are the types of images that people turn around to accuse me of being a citizen or clearly guilty of something else.

I will never forget sitting in the courtroom when my stepfather countersued my mother and accused her of cheating on him. We were all dumbfounded - i didn't think my mother had cheated and she was pretty sure she hadn't so we were all curious what this magical evidence was going to be. Apparently, he had hired a PI and he'd snapped photo after photo of... *my* high school boyfriend. Rob always looked older, but the fact that someone thought that my mom was dating him had me laughing for days. Yet, the humor of this paled in comparison to one utterly hysterical photo. It was taken pretty late at night and there was Rob walking the dog out back of our apartment near the woods. The dog was squatting and peeing and Rob was holding on to his penis peeing about 2 feet away from the peeing dog. This picture went down on the divorce record. I often tried to imagine how his Naval officer would've felt about this image.

Just because things can be made persistent or information about people's social lives can be revealed does not mean that it should be done. What the government is doing is not simply watching people in public - they are taking this data and computationally analyzing it to get to the core of people's practices. This is an invasion of privacy and an act of intense surveillance where the government is spying on its own people. They are doing so without a warrant and justifying it by saying that it is public. Just because people act in public does not mean that it should be stored, analyzed and graphed. Of course, i doubt the law in on my side on this one - it was not written for a world in which such data would be so easily accessible and most of the law concerns the collection of data, not the analysis of it.

Category: privacy

   

Posted by zephoria at 6:20 PM | Comments (13) | TrackBack (0)

May 20, 2006

erosion of youth privacy - the local panopticon

For those who read my quote in the SF Chronicle today, i want to clarify it a bit as i think privacy and the next generation is a critical issue. I am quoted as having said:

"Teens today grow up in a state of constant surveillance where there is no privacy," said Danah Boyd, a Ph.D. candidate at UC Berkeley's School of Information, who studies youth culture and online communities. "So they can't really have an idea of it being lost. The risk of the government or a corporation coming in and looking at their MySpace site is beyond their consideration."

This is accurate, but it's missing the context that makes it meaningful and useful to people concerned with privacy. Teens are growing up in a constant state of surveillance because parents, teachers, school administrators and others who hold direct power over youth are surveilling them. Governments and corporations are beyond their consideration because the people who directly affect their lives have created a more encompassing panopticon than any external structure could ever do. The personal panopticon they live in (managed by people they know and see daily) is far more menacing, far more direct, far more traumatic. As a result, youth are pretty blase about their privacy in relation to government and corporate. Cuz realistically, in comparison to parents/teachers, what can they do?

Privacy folks should be worried about where privacy is going with the next generation, but the erosion is happening on the home front, not on the corporate/governmental level. Unless we figure out how to give youth privacy in their personal lives, they are not going to expect privacy in their public lives.

Category: privacy

Tags: youth panopticon

   

Posted by zephoria at 1:01 PM | Comments (10) | TrackBack (0)

March 22, 2006

super publics

I used the phrase "super publics" in my essay last night. I hadn't introduced it before, although you'll probably see me use it more and more as my dissertation emerges because i crafted it to help me work through a few things theoretically. I was asked about this term in various emails and i realized that i should probably do some explaining. I'd give a proper definition, but it's still a work in progress, so instead, bear with me as i take a stab at what i'm going for.

Historically, we have talked about the public, as in the public sphere (Habermas). Implicated in this singular is the idea that there is a coherent entity that one could address or visit. More recently, academics have talked about publics, recognizing that there is no coherent public, but a collection of intertwined publics. In other words, a public in London is not the same as a public in Hong Kong. "The notion of a public enables a reflexivity in the circulation of texts among strangers who become, by virtue of their reflexively circulating discourse, a social entity" (Warner). Translation: publics are made up of strangers who are connected by information and, thus, share a coherent position as receivers of that information. For example, when Mayor Bloomberg speaks of addressing the public, he means all of New York. If he uses his "local" paper (the New York Times) to address his public, the audience who is part of Bloomberg's public is arguably much larger (especially given the number of folks who see themselves to be New Yorkers). Yet, Bloomberg cannot speak of addressing the public in a global sense because he is not addressing the poor farmer in Kenya. Likewise, that Kenyan's notion of a public doesn't include New Yorkers when he speaks in his town's public square.

Public is also used as an adjective. When it references government ("public services"), it is explicitly limited in scope by the scope of the relevant government - there is no universal public service. As an adjective, it can also connote qualities of exposure typically attributed to addressing an audience of strangers. For example, a public act is one that is visible to an audience of strangers, connected by exposure to that act (a.k.a. a public).

Digital life has really screwed with the notion of public, removing traditional situationism (Goffman) that connects strangers. If the Kenyan farmer is connected to the Internet and reads English, he can be a part of Bloomberg's public via the New York Times. Yet, this does not mean that the New York Times would conceptualize him in their public, nor does it mean that his public acts would be equally visible by other constituents of the Times.

Digital architectures alter the structure of social life and information flow. Persistence, searchability, the collapse of distance and time, copyability... These are not factors that most everyday people consider when living unmediated lives. Yet, they are increasingly becoming normative in society. Throughout the 20th century, mass media forced journalists and "public" figures to come to terms with this, but digital structures force everyone to do so. People's notion of public radically changes when they have to account for the Kenyan farmer, their lurking boss, and the person who will access their speech months from now. People's idea of a public is traditionally bounded by space, time and audience - the park is a public that people understand. And, yet, this is all being disrupted.

In talking about "super publics," I want to get at the altered state of publics - what publics look like when they are infused with the features of digital architectures. What does it mean to speak across time and space to an unknown audience? What happens when you cannot predict who will witness your act because they are not visible now, even though they may be tomorrow? How do people learn to deal with a public larger and more diverse than the one they learned to make sense of as teenagers? How are teenagers affected by growing up in an environment where they can assume super publics? I want to talk about what it means to speak for all time and space, to audiences you cannot conceptualize.

A reporter recently asked me why kids today have no shame. I told her it was her fault. Media is obsessed with revealing the backstage of people in the public eye - celebrities, politicians, etc. More recently, they've created a public eye to put people into - Survivor, Real World, etc. Open digital expression systems coupled with global networks took it one step farther by saying that anyone could operate as media and expose anyone else. What's juicy is what people want to hide and thus, the media (all media) goes after this like hawks. Add the post-9/11 attitude that if you hide something, you are clearly a terrorist. Should it surprise anyone that teenagers have responded by exposing everything with pride? What better way to react to a super public where everyone is working as paparazzi? There's nothing juicy about exposing what's already exposed. Do it yourself and you have nothing to worry about. These are the kinds of things that are emerging as people face life in super publics.

I want to demarcate super publics as distinct from publics because i think that they need some theorizing. In other words, i think that we need to understand the dynamics of super publics, the architectures that enable them, and the behaviors and cultures that emerge because of them.

Category: privacy

Tags: superpublics publics definition

   

Posted by zephoria at 11:10 PM | Comments (17) | TrackBack (0)

August 12, 2005

live on NPR

Well, i spoke live on NPR for the first time today - To The Point (KCRW). The show was called "Google Googled" and it was about privacy online. I was there to talk from youths' point of view, to talk about why people put material about themselves online.

The thing is that i'm totally terrified of radio and talking outloud over the phone. And i find it so hard to follow what's going on via phone. But hopefully i didn't sound stupid. (And if i did, don't tell me please.) Anyhow, i figured i'd tell you in case you did want to listen cause it was a very interesting show. I'm under the impression that you can get a podcast version from KCRW's website (but i'm scared to actually listen to it).

In any case, i do think that the topic is important and there's a real tension. Who holds the responsibilty for what is online? What laws need to be in place? How do certain actions violate our social contract and what are the consequences of this? What does it mean that engines can aggregate public material and make it more accessible? (Are there degrees of publicness?) What are the generational issues as young people want to explore their identity and thus find the publicness super helpful while older folks engage in a sort of protectionism that can border on paranoia?

Category: privacy

Tags: privacy youth

   

Posted by zephoria at 11:50 AM | Comments (7) | TrackBack (0)

July 21, 2005

Privacy is a Privilege

Hey, all of you privacy fanatics, take a look around. Ever stop to wonder why most of you are straight, white and male? It's kinda obvious if you stop to think about it. Repeat after me: privacy is a privilege. Not a right. Look at the first four letters of those two words: "priv-". Duh. They come from the same root.

When i saw this comment on one of my posts, i wanted to scream: "Everyone has an absolute right to privacy and marketers have an absolute right to (attempt to) generate revenue with those who step out of their privacy and into the public domain."

Historically, private space came about with the onset of public space. There is no right to privacy historically or now. Private space is also not guaranteed to be a safe space. Look at issues around domestic abuse. There's a reason that the law got involved in domestic issues - a woman is not a man's property in either public or private space and society has a duty to protect her regardless.

Guess what? Just as we have a duty in society to protect people in private space, we have a duty to protect them in public space. We don't allow people to violate each other when they walk out into the street simply because they chose to step out there. Why should we let institutions do so? What gives marketers some special privilege to determine how people can be psychologically manipulated in society?

The topic at hand has to do with youth. What youth have private space? Sure, your children might have their own bedroom with a lockable door and their own computer. How common do you really think this is? Youth are traditionally a population devoid of any privacy freedoms whatsoever. They have no private space. They move into the public arena to be relieved from the ways in which their parents or school authorities can dictate their mobility and communication. This is not an invitation to manipulation by marketers.

I'm tired of engaging in arguments about privacy with anyone who has not read Habermas' Structural Transformation of the Public Sphere. Please read it and after finishing, read Warner's Publics and Counterpublics. Dammit, if privacy is important to you, read these and then let's talk. But don't tell me about the right to privacy until you understand the historical trajectory of privacy and think about how marginalized populations. It's not so utopian cut and dry; privacy is a privilege that many people in this world would die to have.

Technorati Tags: privacy

Category: privacy

   

Posted by zephoria at 5:54 PM | Comments (22) | TrackBack (1)

July 5, 2004

are MUDs and MOOs dead?

I thought MUDs and MOOs were dead... or at least only used by the same folks who have been using them since the 80s or the new folks that have to play with them for some academic enterprise. The only folks that i know who use MUDs and MOOs are academics - the folks who have been studying them. Sometimes, i wonder if they are studying each other engage in what MUDs and MOOs are supposed to be about.

Anyhow, does anyone have a good status report on MUDs and MOOs?

Category: privacy

   

Posted by zephoria at 11:32 AM | Comments (8) | TrackBack (2)

March 20, 2004

privacy and accountability in blogs

The results from Fernanda's survey were released. Thanks so much to everyone who helped her out!!

Category: privacy

   

Posted by zephoria at 4:01 PM | Comments (1) | TrackBack (2)

July 18, 2003

Surveillance and Society

New Issue Out Now!

Our new issue, 1(3), 'Foucault and Panopticism Revisited' is out now! Featuring thought-provoking and inspiring new pieces by top authors including: Stuart Elden; Hille Koskella; Michalis Lianos; Steve Mann, Jason Nolan & Barry Wellman; art, film & much more. We think it's our best issue yet.

http://www.surveillance-and-society.org/journalv1i3.htm

Category: privacy

   

Posted by zephoria at 7:20 PM | TrackBack (0)

May 9, 2003

Balancing Data Needs And Privacy

Balancing Data Needs And Privacy... Somehow, folks never come up with a balancing act that makes me feel safe and secure. Of course, it's not terrorists that i'm worried about, but the rabid intolerant, xenophobic American culture. And perhaps my government. But, perhaps they could be called terrorists. Hmmm... perhaps we need data about our government.

Category: privacy

   

Posted by zephoria at 8:42 PM

January 3, 2003

identity theft

Over the holidays, "thieves nabbed personal information of 500,000 members of military and families." Scarily enough, this data was nabbed because all medical records of the military members have been systematized and therefore are aggegatable. I wonder who will have to experience identity theft before the practice of collecting data is questioned. Often data is collected for a very different purpose than it is used. What happens when someone else believes that they have a right to this data? Or when data is sold (liquidization of a business) or when it is outright stolen? I really do hope someone tries to steal John Poindexter's identity... i think that would be a hoot.

Category: privacy

   

Posted by zephoria at 4:51 PM

December 13, 2002

Persistence of Data

I sat in on a conversation about data persistence in relation to archiving issues today. As i'm often anti-archiving (because of the problems with persistence of data for individual data management), this conversation was quite intriguing to me. In particular, to hear from librarian/archivists who believe in recording history for good purposes. It was interesting to think about recording history but not making it accessible to the public (research-only, genuinely, kinda like the records that aren't openable until everyone is dead). Ease of access (as well as the collapse of spatial & temporal contexts) are huge reasons why archiving online data is so much different than archiving elsewhere. Yet, i could totally understand why the folks i spoke with were so adament that archives occur, and with really good valid reasons. Anyhow, good new approach to an old topic in my head..

Category: privacy

   

Posted by zephoria at 6:44 PM

November 5, 2002

AOL to monitor

It figures... AOL is finally selling AIM to corporations to track their employees.

Of course, this stands in line with the notion that the Internet is Dead (or at least our utopian notion of it).

Category: privacy

   

Posted by zephoria at 3:31 PM

October 23, 2002

implantable chips

Ack! The FDA just approved implantable ID chips for humans! Can we say privacy?

Frankly, it's just a very weird world. I cannot honestly follow the logic that underlies these (and many other) government decisions. The decisions that seem to evolve in our society follow corporate and power monger's temporary needs, without contemplating the long term effects on society. And of course, as we're allowing for scary chips to be implanted into people, we're taking away the right for people to put what they want into their systems (the latest: Salvia Divinorum).

Certainly, i have a thing about the War on Drugs and how problematic it is economically, socially and culturally. Rather than letting people live & let live, we create arbitrary rules about what we determine to be drugs and what we determine to be economic powerhouses and therefore get separate classifications (tobacco, alcohol, caffeine). But even beyond the War on Drugs, what's up with our housing policies where we spend far more money to put people in shelters than to provide low income housing because we don't want to put that in the budget? Or the death penalty which costs 10x more than life in prison and doesn't provide any other useful social service?

As a youth, i was confused... As an adult, i'm truly lost.

Category: privacy

   

Posted by zephoria at 10:15 PM | Comments (3)

October 11, 2002

passport code to be shared

Microsoft to Share Passport Code

Category: privacy

   

Posted by zephoria at 1:14 AM

October 9, 2002

how privacy conscious is Amazon?

What Amazon Knows, Amazon Keeps. Amazon changed its privacy policy again to appease the state... Yet, there is still no overriding regulations on how companies can use the data that they collect. And Amazon certainly has quite a bit of potentially problematic privacy information.

Category: privacy

   

Posted by zephoria at 2:22 PM

August 6, 2002

tracking people

Japan has started officially tracking people without installing a privacy policy or discussing what would be collected. And, i'm quite happy to see that people are upset and rebelling. In my dreams, i still hope that Kate's little fantasy comes true...

Continue reading "tracking people"

Category: privacy

   

Posted by zephoria at 10:57 AM | Comments (5)

August 1, 2002

surveillance has social costs

Here's a great little piece on the social implications of TIPS and other surveillance projects based on a personal story of life in Prague...

Continue reading "surveillance has social costs"

Category: privacy

   

Posted by zephoria at 11:58 AM

July 3, 2002

burning man & privacy

An interesting lawsuit has emerged. Burning Man folks are suing a company called Voyeur Video for selling videos of naked women at Burning Man. It's not just my love of BM that makes this interesting, but what it means to be in public/private. Here's a big big festival on public land run by a private organization with explicit rules that all videos must be registered. CNN and MTV have been banned year after year. Yet, this company took lots of images and are selling them, without the permission of the subjects. Is this a public space? A private space? I can't help but think about what this might mean for general recording and selling of data...

Category: privacy

   

Posted by zephoria at 12:20 PM

June 24, 2002

minority report

Although i didn't make it to opening night, i did get to see Minority Report on opening weekend. Although i am not the biggest Tom Cruise fan and i get quite annoyed by Steven Spielberg, i was quite pleasantly surprised. The digital cinematography was fab - good lighting tricks, great filters, perfect layout, good use of fisheye and smart irregular dropping of frames. The plot was well done, although it had a bit of that A.I., let's-add-on-extra-30-minutes feel, but this was much more bearable. I was quite psyched by the perfect timing of the release of a surveillance film, particularly with it's thought-provoking take on how the public feels about it. There was a great homage to Stanley Milgram, where everyone stopped what they are doing to be accounted for - obedience to authority at its best. Given some of the corporate systems for eyescanning and finger printing, the big question is: how long until this is a reality? [The better question is, of course, will people rise up to say that this is unacceptable?]

Plus, of course, i appreciated the use of technology, mostly thanks to John Underkoffler. I have to imagine that Hiroshi was shitting his pants on Friday, watching all of his tangible research be pertified for the screen. Plus, i caught a neat little use of Ben Fry's Valence piece in an early scene. Yay for Media Lab work looking fab!

For those who are curious about the ML-related work, check out:
- electronic paper (i.e. the animated newspapers)
- laser wall (using lasers to detect hand motion mid-air)
- tangible media (sensor-based objects like the memory chips and balls, gesture work, etc.)
... there are more but this is what comes to mind... it's just so great to see the research prettified...

All and all, i was quite entertained! [as was roger ebert]

Category: privacy

   

Posted by zephoria at 11:35 AM | Comments (1)

privacy by microsoft (palladium)

Microsoft is at it again... only this time, they have support fron all the big players (Intel, AMD, Dell, Gateway, etc.). it seems as though they've got a plan to make systems full of privacy and security, which seems fab, right? but of course, i'm worried, because somehow i have a feeling that it's going to be about surveillance of behavior with complete authentication rather than simply making certain that no one gets to your machine that shouldn't. but maybe i should be a little be more optimistic - this is after all one of the first public announcements...

Continue reading "privacy by microsoft (palladium)"

Category: privacy

   

Posted by zephoria at 10:08 AM | Comments (1)

June 17, 2002

privacy workshop

i love getting academic compliments... four of us crazy grad students from 3 different institutions decided to put together a workshop proposal for CSCW 2002 and it was accepted!!! what's even better is that this is a high compliment since we are all students and normally workshops are done but "established" people... so, we're now starting the call for participants - how crazy? a bunch of folks gathered to talk about identity & privacy in order to focus on empowering users!

Category: privacy

   

Posted by zephoria at 3:38 PM

June 2, 2002

observing surveillance

if you happen to be in D.C. June 3, check out the Observing Surveillance event. regardless, the website is fascinating...

Category: privacy

   

Posted by zephoria at 1:09 PM

May 3, 2002

fellow privacy troublemakers

A few days ago, a friend of mine (David Nguyen) asked me if i wanted to help with a proposal for a workshop for CSCW 2002, alongside Carlos Jensen and Scott Lederer. The topic: privacy in digital environments, intended to empower users through awareness and control. Of course, i jumped at the opportunity and in a matter of days, we produced this workshop proposal.

Category: privacy