Sunday, September 10, 2006

More on Facebook and the Contextual Integrity of Personal Information Flows. More on Facebook and the Contextual Integrity of Personal Information Flows. There has been an interesting discussion on the Association of Internet Researchers mailing list (and across the blogosphere) regarding the addition of feeds at Facebook and the nature of the reaction by its users. Many have criticized the reaction by Facebook users for being naive, arguing that if they knowingly placed personal information on their public profile, they have no [base "]expectation of privacy,[per thou] and shouldn[base ']t (can[base ']t) complain that their privacy has been violated simply if Facebook provides a new way for others to find that information. I disagree, and that[base ']s where thinking about privacy as [base "]contextual integrity[per thou] becomes helpful, allowing us to remove the slippery issue of expectations of privacy from the debate altogether. Instead, one can simply look at the existing norms of information flow within the particular context. What has governed the flow of personal information - conceived as both the type of information that is appropriate to distribute, and to whom it is being distributed? Such norms dictate one[base ']s expectations within that context, which frame their relationships and expected interactions with other people, with the state, and so on. [base "]Privacy,[per thou] as a term/construct, doesn[base ']t need to enter into the calculus. It is about norms of flow, and the contextual values & relationships that depend on the maintenance of these norms. If the introduction of a new technology or practice into that context disrupts those norms, then a red flag must go up recognizing that this isn[base ']t just the status quo, that something has changed that might impact the values within this particular context. Consider the Facebook example: previously, users posted personal information to their profile page and invited [base "]friends[per thou] to have access to that page. Occasionally users would change their personal information, and a friend would have to happen upon their page at the right day and time to notice the change (they[base ']d also have to have a good memory of the previous [base "]state[per thou] of the page to notice if anything changed). Some level of serendipity and recall was required to notice changes to a friend[base ']s personal information. That was the norm of information flow that governed relationships within Facebook. The introduction of a news feed highlighting changes to friends[base '] profiles violates these established norms. While, the content has remained the same, but the distribution has changed: serendipity and personal memory is no longer a necessary ingredient, as the feed is automatically sent to every friend and provides precise details of each and every change to the user[base ']s profile. The norms of information flow have changed. (Fred Stutzman has a similar analysis, noting how Facebook[base ']s actions [base "]broke the cultural norms of the environment.[per thou]) If the folks at Facebook had considered such an approach, they would have recognized the disruption to contextual integrity, perhaps anticipating the widespread revolt among users. Perhaps they would have engaged in the normative debate over whether the disruption is acceptable/ethical/etc. Perhaps they would have just introduced it as a new feature that users could opt-in for (rather than making the default, as I understand it). Perhaps they would have allowed users to select which personal information they want to have in feeds, and which friends could only discover by visiting their page. It appears Facebook has listened to the backlash, and will be instituting similar kinds of controls and privacy provisions. Now if we could only get designers to recognize that protection of contextual norms and values needs to be a necessary part of the conceptualization and design of technology, not just something retrofitted after deployment[sigma] [michaelzimmer.org] 2:05:53 PM  PermaLink   / trackback []

Peer-to-peer surveillance. Peer-to-peer surveillance. I[base ']ve commented about some of the privacy & surveillance implications of adding location meta tags in photos, everyone snapping photos in public with their cellphone cameras, and the rise of amateur surveillance and data-mining. Many of these concerns are repeated in an essay on the Guardian warning of the growing dangers of peer-to-peer surveillance, defined as[sigma] the emerging idea that the constant operation of a whole range of digital devices will increasingly be used as evidence against us by parties other than the state. Many of us have already encountered it, when we find ourselves listening to others[base '] muffled conversations deposited on our answering machine by erroneously dialled mobile phones. Thus far, much of the eavesdropping has been by accident, but there are more sinister possibilities. Many of the new mobile phones come armed with the facility to record conversations, and digital voice recorders are now so small as to be inconspicuous. As applications are designed to imprint the date, time and location in which photographs, conversations and videos are made, and mobile tracking devices increasingly allow us to pinpoint the location of others, we can predict consequences for everyday life as well as the legal system. If mobile phones are currently an accessory to infidelity, for example, the new range of mobile devices may overturn that arrangement: a suspicious spouse can easily chance upon video, picture or location-based proof that you were not where you said you were, or commission evidence in support of their case. [via Pogo Was Right] [michaelzimmer.org] 2:03:12 PM  PermaLink   / trackback []

Online Mob "Justice". Online Mob "Justice". A surprising number of commenters support Jason Fortuny's publication of the names, phone numbers, and photos of men who replied to a fake, explicit posting on Craig's List, ostensibly from a woman seeking a man to dominate her sexually. The commenters say all these guys deserve having the public e-lynching because: they naively sent personal information via email a couple of them indicated they were married a couple used their work accounts to reply, and/or only losers look for sex online. These are thin justifications for a clear violation of these men's right to privacy. Here's a quick thought game. What if it the Craig[base ']s List posting was about: A 25 year-old woman looking for a sugar daddy? A depressed woman looking for a fellow depressed guy? A dom woman looking for submissive men to humiliate? A gay man looking for 'straight' guys? A 'straight' woman looking for a butch lesbian? A butch lesbian looking for a 'straight' woman? A lesbian looking for a lesbian? A closeted gay man looking for another closeted, discreet man? An overweight, not attractive straight guy looking for a date? A 21-year-old hipster looking for another hipster into? A goth woman looking for a goth guy into leather and trenchcoats? A couple looking for a third person to watch them have sex? A Christian woman looking for a Christian man? A furry looking for another furry? A Cos-Player looking for someone to dress up with them? A middle aged woman who doesn't know she has terrible taste in poetry looking for a man who will buy her flowers, take her for walks on beaches and compose saccharine poems that rhyme? Which of these do you feel superior enough to that you would want to see their private notes and photos displayed illegally on the internet? And what's your justification for choosing what kind of people are reprehensible enough to you that their private lives should be splayed on the internet for anyone, from family to friends to co-workers to acquaintances to their bosses, to see? Many have tried to justify the whole thing, because a couple of the more than hundred fifty men who replied indicated they were married. Fortuny didn't publish all the responses because he was worried about the sanctity of marriage. He posted them to get attention and to display his pathological sense of superiority. It's these guy's private lives. Sending compromising emails to another person who you genuinely believe is looking to hook up for sex is not a legal waiver of your right to keep your life private. As Fortuny shows, it may be practically so, but that lack of knowledge does not obviate these persons' legal rights. While I'm not a big fan of guys into dominating women (it's rather retrograde for my taste), the only truly pathetic individuals involved in this whole debacle are Fortuny and his supporters who get off on their own righteousness. This was not like a legal sting. None of these people are violating any law. No journalist would ever pull a stunt like this, because exposing the private lives of private persons, in absence of any justifiable public interest, is both unethical and a clear violation of the law. If Fortuny wanted to show the world that there's a lot of guys willing to, not so smartly, email pictures of their members to a woman who wants to be dominated, Fortuny could have easily obfuscated phone numbers, email addresses and identifying pictures. That wasn't his point. The point of the whole 'prank' was to shame and humiliate other people and to let Fortuny and his LiveJournal hangers-on feel intellectually and morally superior -- e.g. the victims are 'perverts' who aren't smart enough to know how use the internet anonymously. Those of you who think the guys deserved it think so because you like feeling superior to them. That makes you, not them, pathetic. And no, Fortuny, you ain't no Andy Kaufman.  [27B Stroke 6] 1:49:34 PM  PermaLink   / trackback []

Reporters' Phone Records Accessed in HP Probe. Reporters' Phone Records Accessed in HP Probe. CNET reporter confirms her family's home phone records accessed without her permission. [PC World: Latest Technology News] 1:43:12 PM  PermaLink   / trackback []

Invasion of Privacy. Invasion of Privacy. Back in 2001 Peter Piper picked a pack of Privacy Principles, but thus far no one's found themselves in much of a pickle [CSO Online Data Security Briefing] 1:40:51 PM  PermaLink   / trackback []

The Security Plan for Your Wireless LAN. The Security Plan for Your Wireless LAN. Take advantage of the latest security tools and keep your users informed if you want to achieve wire-free bliss. [CSO Online Data Security Briefing] 1:37:08 PM  PermaLink   / trackback []

The CIO-CSO Partnership. The CIO-CSO Partnership. Where do the boundaries between IT and security begin and end? Who's responsible for what? How do you decide? When it works, the relationship between CIO and CSO can be a beautiful thing [CSO Online Data Security Briefing] 1:35:05 PM  PermaLink   / trackback []

The Myths of Information Security Reporting. The Myths of Information Security Reporting. Forrester conducted 51 telephone interviews with senior information security managers and information security vendors about information security metrics [CSO Online Data Security Briefing] 1:33:03 PM  PermaLink   / trackback []

Tech companies oppose WIPO treaty on TV rights. Tech companies oppose WIPO treaty on TV rights. Signal piracy clampdown 'unnecessary' Dell, HP, AT&T, Sony and others have joined forces to oppose a plan that would give broadcasters a whole new set of intellectual property rights over television programmes. They will fight to stop the UN proposal being adopted internationally. [The Register - Internet and Law: Digital Rights/Digital Wrongs] 1:30:59 PM  PermaLink   / trackback []