Category Archives: privacy

critical perspectives on web 2.0

First Monday has a new special issue out devoted to unpacking the politics, economics and ethics of Web 2.0. Looks like lots of interesting stuff. From the preface by Michael Zimmer:

Web 2.0 represents a blurring of the boundaries between Web users and producers, consumption and participation, authority and amateurism, play and work, data and the network, reality and virtuality. The rhetoric surrounding Web 2.0 infrastructures presents certain cultural claims about media, identity, and technology. It suggests that everyone can and should use new Internet technologies to organize and share information, to interact within communities, and to express oneself. It promises to empower creativity, to democratize media production, and to celebrate the individual while also relishing the power of collaboration and social networks.
But Web 2.0 also embodies a set of unintended consequences, including the increased flow of personal information across networks, the diffusion of one’s identity across fractured spaces, the emergence of powerful tools for peer surveillance, the exploitation of free labor for commercial gain, and the fear of increased corporatization of online social and collaborative spaces and outputs.
In Technopoly, Neil Postman warned that we tend to be “surrounded by the wondrous effects of machines and are encouraged to ignore the ideas embedded in them. Which means we become blind to the ideological meaning of our technologies” [1]. As the power and ubiquity of Web 2.0 rises, it becomes increasingly difficult for users to recognize its externalities, and easier to take the design of such tools simply “at interface value” [2]. Heeding Postman and Turkle’s warnings, this collection of articles will work to remove the blinders of the unintended consequences of Web 2.0’s blurring of boundaries and critically explore the social, political, and ethical dimensions of Web 2.0.

“naked in the ‘nonopticon'”

If you haven’t already, check out Siva Vaidhyanathan‘s excellent Chronicle of Higher Ed piece on privacy and surveillance: a review of several new books treating various aspects of the topic, but a great all-around thought piece. A taste:

Certainly the Stasi in East Germany exploited the controlling power generated from public knowledge of constant surveillance and the potential for brutal punishment for thought crimes. But that is not our environment in the United States. Basically, the Panopticon must be visible and ubiquitous, or it cannot influence behavior as Bentham and Foucault assumed it would.
…what we have at work in America today is the opposite of a Panopticon: what has been called a “Nonopticon” (for lack of a better word). The Nonopticon describes a state of being watched without knowing it, or at least the extent of it. The most pervasive surveillance does not reveal itself or remains completely clandestine (barring leaks to The New York Times). We don’t know all the ways we are being recorded or profiled. We are not supposed to understand that we are the product of marketers as much as we are the market. And we are not supposed to consider the extent to which the state tracks our behavior and considers us all suspects in crimes yet to be imagined, let alone committed.
In fact, companies like ChoicePoint, Facebook, Google, and Amazon.com want us to relax and be ourselves. They have an interest in exploiting niches that our consumer choices generate. They are devoted to tracking our eccentricities because they understand that the ways we set ourselves apart from the mass are the things about which we are most passionate. Our passions, predilections, fancies, and fetishes are what we are likely to spend our surplus cash on.

And so these concerns extend to the realm of online reading. With networked texts, a book (or whatever other document form) may be reading you while you’re reading it. This creates a major ethical quandary for libraries of course, who, to take advantage of social networking, collaborative filtering and other powerful affordances of digital technologies must radically revise their traditional stance on privacy: i.e. retain as little user data as possible.

jp google

In these first few generations of personal computing, we’ve operated with the “money in the mattress” model of data storage. Information assets are managed personally and locally – ?on your machine, disks or external drives. If the computer crashes, the drive breaks, it’s as though the mattress has burned. You’re pretty much up the creek. Today, though, we’re transitioning to a more abstracted system of remote data banking, and Google and its competitors are the new banks. Undoubtedly, there are great advantages to this (your stuff is more secure in multiply backed-up, networked data centers; you don’t need to be on your machine to access mail and personal media) but the cumulative impact on privacy ought to be considered.
The Economist takes up some of these questions today, examining Google’s emerging cloud of data services as the banking system of the information age:

Google is often compared to Microsoft…but its evolution is actually closer to that of the banking industry. Just as financial institutions grew to become repositories of people’s money, and thus guardians of private information about their finances, Google is now turning into a custodian of a far wider and more intimate range of information about individuals. Yes, this applies also to rivals such as Yahoo! and Microsoft. But Google, through the sheer speed with which it accumulates the treasure of information, will be the one to test the limits of what society can tolerate.

Google is swiftly becoming a new kind of monopoly: pervasively, subtly, intimately attached to your personal data flows. You – ?your data profile, your memory, your clickstreams – ?are the asset now. The banking analogy is a useful one for pondering the coming storm over privacy.
Also: expect excellent coverage and analysis of these and other Google-related issues very soon on Siva Vaidhyanathan’s new book blog, The Googlization of Everything, which is set to launch here in early September.

the ethics of web applications

Eddie Tejeda, a talented web developer based here in Brooklyn who has been working with us of late, has a thought-provoking post on the need for a new software licensing paradigm for web-based applications:

When open source licenses were developed, we thought of software as something that processed local and isolated data, or sometimes data in a limited network. The ability to access or process that data depended on the ability to have the software installed on your machine.

Now more and more software is moving from local machines to the web, and with it an ever-increasing stockpile of our personal data and intellectual property (think webmail, free blog hosting like Blogger, MySpace and other social networking sites, and media-sharing sites like Flickr or YouTube). The question becomes: if software is no longer a tool that you install but rather a place to which you upload yourself, how is your self going to be protected? What should be the rules of this game?

good discussion(s) of kevin kelly article

In the New York Times own book discussion forum, one rirutsky opines eloquently on the problems with Kelly’s punch-drunk corporate optimism:

…what I find particularly problematic is the way that Kelly’s “analysis”–as well as most of the discussion of it–omits any serious mention of what is actually at stake in the utopian scheme of a universal library (which Borges, by the way, does not promote, but debunks). It has little to do with enabling creativity, but rather, with enabling greater corporate profits. Kelly is actually most close to the mark when [he] characterizes the conflict over digital books as a conflict between two business models. Of course, one gets the impression from some of Kelly’s writings that for him business and creativity are more or less the same thing….
….A more serious consideration of these issues would move away from the “old” binary antagonisms that Kelly outlines (surely, these are a relic of a pre-digital age) and think seriously about how society at large is changed by digital technologies and techniques. Who has the right to copy or to make use of data and who does not? In a world of such vast informational clutter, doesn’t power accrue to those who can afford to advertise? It is worth remembering, too, that searching is not, after all, a value-free operation. Who ultimately will control the searching and indexing of digital information? Should the government–or private corporations–be allowed to data mine the searches that people make? In short, who benefits and who loses from these technological changes? Where, precisely, is power consolidated?
Kelly does not even begin to deal with these sorts of serious social issues.

And from a typically immense Slashdot thread (from highlights conveniently collected by Branko Collin at Teleread) — this comes back to the “book is reading you” question:

Will all these books and articles require we login to view them first? I think having every book, article, movie, song, etc available for use anytime is a great idea and important for society but I don’t want to have to login and leave a paper trail of everything I’m looking at.

And we have our own little thread going here.

privacy matters 2: delicious privacy

delicious.gif Social bookmarking site del.icio.us announced last month that it will give people the option to make bookmarks private — for “those antisocial types who doesn’t like to share their toys.” This a sensible layer to add to the service. If del.icio.us really is to take over the function of local browser-based bookmarks, there should definitely be a “don’t share” option. A next, less antisocial, step would be to add a layer of semi-private sharing within defined groups — family, friends, or something resembling Flickr Groups.
Of course, considering that del.icio.us is now owned by Yahoo, the question of layers gets trickier. There probably isn’t a “don’t share” option for them.
(privacy matters 1)

privacy matters

In a recent post, Susan Crawford magisterially weaves together a number of seemingly disparate strands into a disturbing picture of the future of privacy, first looking at the still under-appreciated vulnerability of social networking sites. Recently ratcheted-up scrutiny on MySpace and other similar episodes suggest to Crawford that some sort of privacy backlash is imminent — a backlash, however, that may come too late.
The “too late” part concerns the all too likely event of a revised Telecommunications bill that will give internet service providers unprecedented control over what data flows through their pipes, and at what speed:

…all of the privacy-related energy directed at the application layer (at social networks and portals and search engines) may be missing the point. The real story in this country about privacy will be at a lower layer – at the transport layer of the internet. The pipes. The people who run the pipes, and particularly the last mile of those pipes, are anxious to know as much as possible about their users. And many other incumbents want this information too, like law enforcement and content owners. They’re all interested in being able to look at packets as they go by their routers, something that doesn’t traditionally happen on the traditional internet.
…and looking at them makes it possible for much more information to be available. Cisco, in particular, has a strategy it calls the “self-defending network,” which boils down to tracking much more information about who’s doing what. All of this plays on our desires for security – everyone wants a much more secure network, right?

Imagine an internet without spam. Sounds great, but at what price? Manhattan is a lot safer these days (for white people at least) but we know how Giuliani pulled that one off. By talking softly and carrying a big broom; the Disneyfication of Times Square etc. In some ways, Times Square is the perfect analogy for what America’s net could become if deregulated.
times square.jpg
And we don’t need to wait for Congress for the deregulation to begin. Verizon was recently granted exemption from rules governing business broadband service (price controls and mandated network-sharing with competitors) when a deadline passed for the FCC to vote on a 2004 petition from Verizon to entirely deregulate its operations. It’s hard to imagine how such a petition must have read:

“Dear FCC, please deregulate everything. Thanks. –Verizon”

And harder still to imagine that such a request could be even partially granted simply because the FCC was slow to come to a decision. These people must be laughing very hard in a room very high up in a building somewhere. Probably Times Square.
Last month, when a federal judge ordered Google to surrender a sizable chunk of (anonymous) search data to the Department of Justice, the public outcry was predictable. People don’t like it when the government starts snooping, treading on their civil liberties, hence the ongoing kerfuffle over wiretapping. What fewer question is whether Google should have all this information in the first place. Crawford picks up on this:

…three things are working together here, a toxic combination of a view of the presidency as being beyond the law, a view by citizens that the internet is somehow “safe,” and collaborating intermediaries who possess enormous amounts of data.
The recent Google subpoena case fits here as well. Again, the government was seeking a lot of data to help it prove a case, and trying to argue that Google was essential to its argument. Google justly was applauded for resisting the subpoena, but the case is something of a double-edged sword. It made people realize just how much Google has on hand. It isn’t really a privacy case, because all that was sought were search terms and URLS stored by Google — no personally-identifiable information. But still this case sounds an alarm bell in the night.

New tools may be in the works that help us better manage our online identities, and we should demand that networking sites, banks, retailers and all the others that handle our vital stats be more up front about their procedures and give us ample opportunity to opt out of certain parts of the data-mining scheme. But the question of pipes seems to trump much of this. How to keep track of the layers…
Another layer coming soon to an internet near you: network data storage. Online services that do the job of our hard drives, storing and backing up thousands of gigabytes of material that we can then access from anywhere. When this becomes cheap and widespread, it might be more than our identities that’s getting snooped.
Amazon’s new S3 service charges 15 cents per gigabyte per month, and 20 cents per data transfer. To the frequently asked question “how secure is my data?” they reply:

Amazon S3 uses proven cryptographic methods to authenticate users. It is your choice to keep your data private, or to make it publicly accessible by third parties. If you would like extra security, there is no restriction on encrypting your data before storing it in S3.

Yes, it’s our choice. But what if those third parties come armed with a court order?

open source DRM?

A couple of weeks ago, Sun Microsystems released specifications and source code for DReaM, an open-source, “royalty-free digital rights management standard” designed to operate on any certified device, licensing rights to the user rather than to any particular piece of hardware. DReaM (Digital Rights Management — everywhere availble) is the centerpiece of Sun’s Open Media Commons initiative, announced late last summer as an alternative to Microsoft, Apple and other content protection systems. Yesterday, it was the subject of Eliot Van Buskirk’s column in Wired:

Sun is talking about a sea change on the scale of the switch from the barter system to paper money. Like money, this standardized DRM system would have to be acknowledged universally, and its rules would have to be easily converted to other systems (the way U.S. dollars are officially used only in America but can be easily converted into other currency). Consumers would no longer have to negotiate separate deals with each provider in order to access the same catalog (more or less). Instead, you — the person, not your device — would have the right to listen to songs, and those rights would follow you around, as long as you’re using an approved device.

The OMC promises to “promote both intellectual property protection and user privacy,” and certainly DReaM, with its focus on interoperability, does seem less draconian than today’s prevailing systems. Even Larry Lessig has endorsed it, pointing with satisfaction to a “fair use” mechanism that is built into the architecture, ensuring that certain uses like quotation, parody, or copying for the classroom are not circumvented. Van Buskirk points out, however, that the fair use protection is optional and left to the discretion of the publisher (not a promising sign). Interestingly, the debate over DReaM has caused a rift among copyright progressives. Van Buskirk points to an August statement from the Electronic Frontier Foundation criticizing DReaM for not going far enough to safeguard fair use, and for falsely donning the mantle of openness:

Using “commons” in the name is unfortunate, because it suggests an online community committed to sharing creative works. DRM systems are about restricting access and use of creative works.

True. As terms like “commons” and “open source” seep into the popular discourse, we should be increasingly on guard against their co-option. Yet I applaud Sun for trying to tackle the interoperability problem, shifting control from the manufacturers to an independent standards body. But shouldn’t mandatory fair use provisions be a baseline standard for any progressive rights scheme? DReaM certainly looks like less of a nightmare than plain old DRM but does it go far enough?

the book is reading you, part 3

News broke quietly a little over a week ago that Google will begin selling full digital book editions from participating publishers. This will not, Google makes clear, extend to books from its Library Project — still a bone of contention between Google and the industry groups that have brought suit against it for scanning in-copyright works (75% of which — it boggles the mind — are out of print).
glasses on book.jpg Let’s be clear: when they say book, they mean it in a pretty impoverished sense. Google’s ebooks will not be full digital editions, at least not in the way we would want: with attention paid to design and the reading experience in general. All you’ll get is the right to access the full scanned edition online.
Much like Amazon’s projected Upgrade program, you’re not so much buying a book as a searchable digital companion to the print version. The book will not be downloadable, printable or shareable in any way, save for inviting a friend to sit beside you and read it on your screen. Fine, so it will be useful to have fully searchable texts, but what value is there other than this? And what might this suggest about the future of publishing as envisioned by companies like Google and Amazon, not to mention the future of our right to read?
About a month ago, Cory Doctorow wrote a long essay on Boing Boing exhorting publishers to wake up to the golden opportunities of Book Search. Not only should they not be contesting Google’s fair use claim, he argued, but they should be sending fruit baskets to express their gratitude. Allowing books to dwell in greater numbers on the internet saves them from falling off the digital train of progress and from losing relevance in people’s lives. Doctorow isn’t talking about a bookstore (he wrote this before the ebook announcement), or a full-fledged digital library, but simply a searchable index — something that will make books at least partially functional within the social sphere of the net.
This idea of the social life of books is crucial. To Doctorow it’s quite plain that books — as entertainment, as a diversion, as a place to stick your head for a while — are losing ground in a major way not only to electronic media like movies, TV and video games (that’s been happening for a while), but to new social rituals developing on the net and on portable networked devices.
Though print will always offer inimitable pleasures, the social life of media is moving to the network. That’s why we here at if:book care so much about issues, tangential as they may seem to the future of the book, like network neutrality, copyright and privacy. These issues are of great concern because they make up the environment for the future of reading and writing. We believe that a free, neutral network, a progressive intellectual property system, and robust safeguards for privacy are essential conditions for an enlightened digital age.
We also believe in understanding the essence of the new medium we are in the process of inventing, and about understanding the essential nature of books. The networked book is not a block on a shelf — it is a piece of social software. A web of revisions, interactions, annotations and references. “A piece of intellectual territory.” It can’t be measured in copies. Yet publishers want electronic books to behave like physical objects because physical objects can be controlled. Sales can be recorded, money counted. That’s why the electronic book market hasn’t materialized. Partly because people aren’t quite ready to begin reading books on screens, but also because publishers have been so half-hearted about publishing electronically.
They can’t even begin to imagine how books might be enhanced and expanded in a digital environment, so terrified are they of their entire industry being flushed down the internet drain — with hackers and pirates cannibalizing the literary system. To them, electronic publishing is grit your teeth and wait for the pain. A book is a PDF, some DRM and a prayer. Which is why they’ve reacted so heavy-handedly to Google’s book project. If they lose even a sliver of control, so they are convinced, all hell could break loose.
But wait! Google and Amazon are here to save the day. They understand the internet (naturally — they helped invent it). They understand the social dimension of online spaces. They know how to harness network effects and how to read the embedded desires of readers in the terms and titles for which they search. So they understand the social life of books on the network, right? And surely they will come up with a vision for electronic publishing that is both profitable for the creators and every bit as rich as the print culture that preceded it. Surely the future of the book lies with them?
chicken_b_003.jpg Sadly, judging by their initial moves into electronic books, we should hope it does not. Understanding the social aspect of the internet also enables you to cunningly restrict it, more cunningly than any print publishers could figure out how to do.
Yes, they’ll give you the option of buying a book that lives its life on line, but like a chicken in a poultry plant, packed in a dark crate stuffed with feed tubes, it’s not much of a life. Or better, let’s evaluate it in the terms of a social space — say, a seminar room or book discussion group. In a Google/Amazon ebook you will not be allowed to:
– discuss
– quote
– share
– make notes
– make reference
– build upon
This is the book as antisocial software. Reading is done in solitary confinement, closely monitored by the network overseers. Google and Amazon’s ebooks are essentially, as David Rothman puts it on Teleread, “in a glass case in a museum.” Get too close to the art and motion sensors trigger the alarm.
So ultimately we can’t rely on the big technology companies to make the right decisions for our future. Google’s “fair use” claim for building its books database may be bold and progressive, but its idea of ebooks clearly is not. Even looking solely at the searchable database component of the project, let’s not forget that Google’s ranking system (as Siva Vaidhyanathan has repeatedly reminded us) is non-transparent. In other words, when we do a search on Google Books, we don’t know why the results come up in the order that they do. It’s non-transparent librarianship. Information mystery rather than information science. What secret algorithmic processes are reordering our knowledge and, over time, reordering our minds? And are they immune to commercial interests? And shouldn’t this be of concern to the libraries who have so blithely outsourced the task of digitization? I repeat: Google will make the right choices only when it is in its interest to do so. Its recent actions in China should leave no doubt.
Perhaps someday soon they’ll ease up a bit and let you download a copy, but that would only be because the hardware we are using at that point will be fitted with a “trusted computing” module, which which will monitor what media you use on your machine and how you use it. At that point, copyright will quite literally be the system. Enforcement will be unnecessary since every potential transgression will be preempted through hardwired code. Surveillance will be complete. Control total. Your rights surrendered simply by logging on.

an identity of bits and pieces

As privacy fears around search engines and the Justice Department continue to rise, the issue of personal privacy is being thrust, once again, into the public spotlight. The conversation generally goes like this: “All the search engines are collecting information about us. There isn’t enough protection for our personal information. Companies must do more.” Suggestions of what ‘more’ is are numerous, while solutions are few and far between. Social engineering solutions that do exist fail to include effective ways of securing online activities. Technical services that allow you to completely protect your identity are geek oriented and lacking the polish of Google or Yahoo!.
Why is this privacy thing an issue, anyway? People feel strongly about their privacy and protecting their identities, but are lazy when it comes time to protect themselves. Should this be taken for a disinterested acknowledgement that we don’t care about our personal data? Short answer: no. If we look at what’s happening on the other side of things—the data that people put out there willingly, on sites like MySpace, and blogs, and flickr, I think the answer is obvious. Personal data is constantly being added to the virtual space because it represents who we are. melysa with a y
Identity production is a large part of online culture, and has been from the very first days of the Well. Our personal information is important to us, but the apathy arises from the fact that we have no substantitive rights when it comes to controlling it [1].
There are a few outlets where we can wrangle our information into a presentation of ourselves, but usually our data accumulates in drifts, in the dusty corners of databases. When search engines crawl through those databases the information unintentionally coalesces into representations of us. In the real world the ability to keep distance between social spheres is fundamental to the ability to controlling your identity; there is no distance in cyberspace. Your info is no longer dispersed among the different spheres of shopping sites, email, blogs, comments, or bulletin boards, reviews. Search engines collapse that distance completely and your distributed identity becomes an aggregate one; one we might not recognize if it came up to us on the street.
There are two ways to react: 1) with alarm: attempt to keep things wrapped in layers of protection, possibly remove it entirely, and call for greater control and protection of our personal information. Or 2) with grace: acknowledge our multiple identities, and create a meta-identity, while still making a call for better control of our personal data. The first reaction is about identity control and privacy and relies on technical solutions or non-participation. Products like sxip and schemes like openID allow you to confirm that you are who you say you, and groups like EPIC, and federal legislation (HIPAA, FERPA, definitely not the PATRIOT Act) help protect your information. But eventually this route is not productive—it doesn’t embrace the reality of living with and within a networked environment. The second reaction is about “identity production” [2], and that’s where sites like MySpace and blogs reign. There’s also a new service, ClaimID, that will help you create a meta-identity with a slick, web 2.0 workflow (full disclosure: the founder is a former colleague).
link to ClaimIDClaimID is interesting in several respects. It let’s you actively manage your identity by aggregating information about yourself through searches, then tagging each item with several levels of aboutness. So you could say that your website is about you, and by you, whereas an article that mentions your name in conjunction with a project is not about you, or by you. Still, it’s part of your online persona. An interview: about you, not by you. A short history of New York: by you, not about you. ClaimID allows you to have these different permutations of relationship that help define the substance within and the ownership of each item. Everything can be tagged with keywords to link items. What you end up with is a web of yourself, annotated and organized so that people can get to know you in the way you want to be known.
This helps combat the unintentional aggregation of information that happens within search engines. But we also need to be aware that intentional aggregation does not mean it is trustworthy information, just as unintentional does not always mean “true to life”. We have a sense that when people manage their identities that they are repositioning the real in favor of a something more appropriate for the audience. We therefore put greater stock in what we find that seems unintentional—yet this information is not logically more reliable. We have to be critical of both the presented, vetted information and the aggregated, unintentional information. We still need privacy rights, and tools to help protect our identities from theft, spoofing, or intrusion, but in the meantime we have the opportunity to actively negotiate the bits and pieces of our identities on the network.