Tuesday, September 27, 2011

Could the Recent Changes to Facebook Actually Improve Privacy?

Most Internet users miss the fact that everything you share through Facebook, Twitter, YouTube or any social media is tracked. There is a Firefox plug-in called Collusion that underscores this tracking by creating a visualization of connections between sites: http://threatpost.com/en_us/blogs/collusion-firefox-add-paints-picture-web-tracking-070811 Bruce Schneier has articulated an entire taxonomy to describe all of the different ways we are tracked when we use social media: http://www.schneier.com/blog/archives/2010/08/a_taxonomy_of_s_1.html 

In addition to this ignorance, people are bad at delayed gratification and they are particularly bad at protecting their privacy. This is especially true when taking steps to protect privacy requires effort and conflicts with some immediate social rewards (for a great discussion of why, see Acquisti: http://dl.acm.org/citation.cfm?id=988777 - who talks about models of self-control and immediate gratification and the implications for privacy. May require a subscription or fee)

The latest changes to Facebook will make tracking behavior visible to the subscriber. The timeline feature shows you everything you have done on Facebook over time and open graph will allow you to share everything you do with your friends in real time, without taking an action (such as clicking like or updating your status) in order to share this information. The information shared using these two features is already being recorded, tracked, sold, and used for advertising and surveillance. The fact that it will now be available to the Facebook subscriber, and will require both the subscriber and her group of friends to interact with these data in real-time, requires a higher level of awareness for the average Facebook subscriber..

Leaving aside the really important question of whether this information should be recorded, who should have access and control over it, and whether Facebook users should be compensated for their effort in adding to the bottom line of social media corporations, I imagine that asking subscribers to contend with the fact that they are creating a substantial body of very personal information as they use Facebook will result in a few people becoming more aware of the digital footprint they are creating.  This increased awareness should make it more difficult for the subscriber to ignore the fact that he or she is creating an extensive data trail as they use Facebook

The timeline feature, in it's current iteration, gives the subscriber an opportunity to edit the information that will be published and some control over who will have access to this information. When a subscriber activates this feature, a launch date for the timeline is set, adding a sense of urgency to the fact that the subscriber is required to act in order to protect her privacy.

The open graph feature is more problematic. Flicking a switch that will subsequently share your actions with all of your friends in real time, without requiring any more thought or effort from you, can seem evil from a privacy perspective. The up-side is the subscriber is required to take action to turn this feature on. This isn't the case with any other online surveillance. Cookies enable your actions to be tracked in a way that is invisible to most users.

In addition, data shared using Open Graph will announce your participation in surveillance to your friends. This allows, at least in theory, a communal approach to privacy protection. One would hope that your community will point out that your disclosure behavior is inappropriate, either by sending you a direct note or by removing you as a friend.

The voluntary sharing of information through Facebook isn't the biggest threat to privacy we face. The fact that Facebook subscribers have increased visibility into the data that is already being collected about them by third parties is a good thing. Whether that information should be collected at all, and how that information is controlled is the question we should focus on.

Friday, September 23, 2011

Overview of recent Facebook changes and their implications for Privacy

This week Facebook is unveiling some dramatic changes to their social networking service. Any time a social networking service makes major changes, I like to turn to an article by danah boyd of Microsoft research and the Berkman Center. Danah has a great article discussing Facebook's last change to add the news feed option - identifying exposure and invasion as two problems this change created:
The article is worth a read for some context on the current set of changes.

The new timeline feature will allow subscribers to see all of their activities - wall postings, status updates, photos, photos you have been tagged in, where you have lived, where you have worked, other demographic information you have chosen to share, and the applications they have used since Facebook started. Facebook has a slick presentation of what this will look like can be found here:

Here is a tutorial on activating this feature early:

One privacy implication of the timeline feature is a new ability to see who has "unfriended" you over time. Check out this article for a more detailed description:

Facebook sets a publish date once you have activated your timeline, which allows you to edit the material that will show up  publicly.

There is a new status box that allows you to add "life events" - jobs, education, buying a house, having a kid, getting married etc. There is a great overview of these options here:

The privacy implications of these changes are significant. A subscriber could have shared this information with Facebook, or any third party organization, easily before. The business model of Facebook makes it more profitable if subscribers share more data. The more Facebook knows about you, the more valuable their advertising spots become.

Open Graph
open graph is a visual display of all connections available in a social network - not just with people but with media; music, videos, photos etc. The changes to open graph that have been announced will allow for "life streaming" - any time a subscriber (after granting permission) watches a movie through hulu or Netflix, or listens to music through spotify - and the list of apps will continue to grow - the app will have permission to post an update to their wall. The idea is to "make it easier to share".

The privacy implications with open graph are also huge, and much more sinister. The idea that you can "set it and forget it" - turn on life streaming and go about living your life while Facebook records every choice and every transaction you make, and makes these choices public, could actually increase privacy. These activities were already being recorded, most users were just not aware of the fact that they were voluntarily participating in a massive surveillance infrastructure. Making these data public may act as a reminder that everything you do online is actually recorded and sold to the highest bidder.

Friday, September 16, 2011

Protecting Kids Privacy, The Worst Use of Social Media for Marketing, Predictive Policing and Cyber Bullying

This past week we saw one change and a proposed change that would improve the protection of kids privacy. The first is a proposed rule change to the Children's Online Privacy Protection Act, or COPPA. The rule change has been proposed by the FTC, and will require operators of web and mobile platforms that deal with kids under the age of 13 to allow more methods of parental consent, and provide proof that children's personal information is being protected.

Children under 12 will also receive increased privacy protection under the TSA's new rules that will allow for fewer pat downs of kids in this age group. These kids may be required to go through a body scanner repeatedly, but this is better than the pat-down horrors we hear: http://blogs.findlaw.com/law_and_life/2011/09/fewer-tsa-pat-downs-shoe-removal-for-kids.html?DCMP=NWL-pro_top

Facebook has a new ugly story to relate about cyber-bullying and how we fail to handle this trend well as a society. "Facebook fight mom" Daphne Melin faces charges of child endangerment. This is the lady that brought her daughter to engage in a fight with some girls that were bullying her daughter, then jumped into the fray herself:

On related social networking news, any social networking use by teens is related to significant increase in likelihood of using illegal drugs:

And social networking has no effect on the gpa of college kids:

Toyota is being sued for what might be the worst marketing campaign in history. They hired Saatchi & Saatchi, a marketing firm, to create what they hoped would be a viral social media campaign. The campaign idea was to allow someone's friend to trick them into thinking a stranger has access to their personal information. This stranger would then stalk the individual. Who thought this was a good idea?

I was doing some background research on predictive policing. The LAPD has received a multi-million dollar grant to study predictive policing, which is using previous crime data to predict when and where a crime is likely to happen in the future:

Apparently Philadelphia, NY and Santa Cruz all have similar programs.

In San Francisco, the FBI and Alameda police raided the home of a network reporter, mistaking it for the house across the street. They realized their mistake, got a new warrant, went across the street and arrested the drug dealer, who must not have been paying attention when his neighbors house was raided.

No matter how much technology we throw at the problem, we will still need the right address, and we can still count on criminals being stupid. At least we should hope so.

Friday, September 9, 2011

Body Scanner privacy increases, GPS data creates double jeopardy

The ACLU sues to find out how often law enforcement uses GPS data for crime investigation without first obtaining a warrant. The Justice Department blocks the request to disclose these data because, if disclosed, these data reveal personal information about cell-phone subscribers gps locations, the very information the ACLU is trying to protect.

The D.C. Circuit Court of Appeals remanded to the lower court, requiring them to release information of only those cases where the data resulted in a conviction: http://www.readwriteweb.com/enterprise/2011/09/dueling-privacy-concerns-court.php

A woman going through airport security accuses the TSA agent of raping her. A "forceful inspection" that, apparently, is not something she could sue over. So she writes about it in her blog, naming the TSA agent in an attempt at accountability. Read more here:

Increased Privacy body scanners are being deployed throughout the U.S. and at Heathrow. A technology solution to a privacy problem:

Great collection of contemporary research on privacy, if you are trying to keep up with what's new in the world of privacy research, start here:

See if you can follow this - a student in Ohio has his laptop stolen. Another student buys it at a bus stop for $40. The second student sells it to a teacher at his school. A company grabs webcam images, remotely, off of the camera, catching the teacher with her boyfriend in compromising position. She sues the recovery company for violating her privacy, since they turned the images over to the police:


In an AP poll:  54 percent — say that if they had to choose between preserving their rights and freedoms and protecting people from terrorists, they'd come down on the side of civil liberties. 


Sunday, September 4, 2011

Transparency, Surveillance and the Implications of Privacy

This week we saw some interesting juxtapositions. The Chinese Communist Party published an opinion piece discussing the threat the party faces from social networking sites. Not from ordinary citizens speaking their mind, but from organized groups out to undermine the government: http://www.reuters.com/article/2011/09/02/us-china-internet-idUSTRE78110S20110902

This dovetails nicely with the article about the organized group Anonymous hacking Texas law enforcement and posting records from both business and personal email, including social security numbers, of current and former Texas Law Enforcement employees: http://articles.boston.com/2011-09-02/news/30106754_1_law-enforcement-anonymous-and-lulz-security-accounts
The hack was intended to undermine the actions Texas has taken to arrest members of the group.

A think tank published recommendations on how to spy on your employees without making them upset. The surprising bit: tell them you are going to spy on them, and make sure you respond in a reasoned fashion, taking context into consideration if you decide to act on posts made to social networking sites:

Privacy was given a slight boost at Dallas Fort Worth Airport with less invasive full body scans: http://www.khou.com/news/texas-news/129170918.html

and by a German online magazine that now requires users to click twice if they want to "like" an article: http://www.khou.com/news/texas-news/129170918.html
This is really an incredible action if you think about it. A news organization makes it more difficult for readers to promote their articles in order to protect reader privacy. FB can track your actions if you have the like button enabled by default, this was Heisse's attempt to limit surveillance.

Lastly, dissident Chinese artist Ai Weiwei offers a compelling picture of life in Beijing. The description of discrete signs of support, such as a quick thumbs up or tap on the shoulder, are clues to what life might be like without privacy, as well as some other basic rights: