A Hunter alumnus asked me (on Facebook, no less):

Any thoughts on the most recent “privacy concerns” regarding facebook?

For starters, let’s put it this way: I gave the Diaspora project $25 and will soon proudly be rocking their T-shirt.

Also, you can drop the scare quotes. It should creep everyone out how easy it is to cyber-stalk anybody with a FB profile who doesn’t watch the company’s privacy moves like a hawk. People who joined early and kept everything limited to “just friends” but didn’t update their settings have now had what they thought was private information laid bare for the world to see. This is not just immoral; it borders on fraudulent, and it’s potentially dangerous.

Lokman Tsui, a dear friend and U Penn classmate, killed his FB profile, and I fully support and understand his decision. I’m thinking about doing the same, but the costs and benefits are diminished in my case; my wife will continue updating me about our family and friends, as well as telling the world when we’re out of state.

This issue isn’t going away. In his public statements on the issue, FB chief Mark Zuckerberg is incredibly cavalier and uncaring about his users’ privacy. (Listen to this interview on NPR. The opening exchange is incredibly revealing:

Melissa Block: We’ve been hearing these protests getting louder and louder. There’s a “We’re quitting Facebook” campaign on the net. Did this level of user anger catch you off guard?

Mark Zuckerberg: You know, whenever we launch products, a lot of people like the products, and a lot of people are critical, and I think that’s just something that comes with having more than 400 million people using your service. So what we try to do is we try to build the products that we think are best, and then we listen to what people are saying, how people are talking to their friends about the product, what they tell us, the emails that they send us.

What we heard loud and clear this time was that people wanted simpler controls for how to share their information. We spent the last few weeks building those. It was a pretty big effort, but we really wanted to make sure that we were responding to the feedback that we were hearing, so that’s what we rolled out.

This is an amazingly sketchy dodge of the actual question and the real issue. People were and are mad because Facebook began with a simple privacy policy, simple privacy settings, and privacy as the default. In the years since, they’ve violated the expectation of privacy that they created by publicizing info that was formerly private, by defaulting people into public settings, by making some information (including the list of your FB friends) impossible to hide, and (last and least importantly) making it increasingly difficult to change one’s privacy settings.

For Zuckerberg to describe their moving target of a privacy policy as a “new product” is beyond disingenuous–it’s callous and shows wanton disregard for his users’ wishes and the expectations that he helped create, only to violate.

By the way, I’m still on Facebook for 2 reasons. First, I’ve always tried not to post things I consider truly private. This is because I was a Ph.D. candidate before the service launched, so my friends have always included a large number of colleagues, making me think twice before I post.

Second, and more importantly from a policy perspective, is the problem of network effects; the service is much more valuable than its competitors because many more of my friends and family use Facebook–and they keep using it because their friends and family keep using it, and so on. Walking away from Facebook is basically walking away from the social networking hub.

The size of the network and the centrality it plays in so many people’s lives makes it really scary that somebody with such apparent disregard for users’ best interests is in charge.

Still from a recent Apple launch

In his iconic novel “1984”, George Orwell envisioned omnipresent “telescreens” in every home, business and on every street that could be monitored by the government.  These screens were especially powerful because the subject never knew when the screen was being monitored or if, in fact, monitoring ever occurred.  One had to live as though one were watched at all times.

As is often the case, truth seems to lie somewhere between the totalitarianism of Orwell’s “1984” and the hedonistic consumer dystopia of Huxley’s “Brave New World.” As two recent stories point out, our actual telescreens cost hundreds of dollars and have designer labels.

The useful GPS technology that allows us to navigate our way through city streets also allows government agencies to track our movements.  Not in theory, but in practice.  A recent story notes that agencies have made rampant use of cellphones to track the physical movements and identities of individuals.  As long as we are not up to any wrongdoing, who cares?  Except that the definition of “wrongdoing” is a tricky one.  One Alabama sheriff used the technology to track his daughter’s whereabouts when she stayed out too late.  Even more unsettling is the story of Michigan police who used the technology to note the identities of protesters at a labor union rally.  And these are just the abuses that had been reported thus far.

Having taken part in many marches and protests during the Bush years, I observed that police utilized cameras as weapons of intimidation, recording the faces of each and every protester for purposes that remain unknown.  Did they do this to create a record or merely the belief that such a record might exist?  Was their object to record identities, prevent illegal activity or to intimidate peaceful protesters?  In any event, it seems that these tactics have moved from digital cameras to mobile telephony.  So while tools like Twitter and text messaging have been used by protesters around the world to organize and mobilize, mobile telephony may be just as useful for officials to monitor protest and “chill” dissent.  

 Meanwhile, do you know that little camera that sits on top of your computer screen or laptop–the one that may be pointed at you right now?  How do you know that nobody can see you through it?  If that seems silly, then you should read this story from CBS News about a high school sophomore who was spied on in his home by his school using the webcam in a school issued laptop.  In this case, the danger is that this technology is not only exploitable by overeager officials, but by child predators either within the school system or who may hack into the school’s system.  That is, it might not only be Big Brother who is watching, but Big Pervert.  The FBI is investigating the incident, but it is unclear if they are looking for wrongdoing or pointers.  

 When a Philadelphia mainline school district starts taking pages from the playbook of Orwell’s Oceania, privacy advocates and consumers should take note.  With mobile computing on the rise, hundreds of millions of Americans are using objects that may be used to track their movements and to view their lives.  As cameras and GPS systems become more prominent in these devices, there is every reason to suspect that our personal devices may not be as personal as they seem.

It seems to me that her post could be best rephrased as “Is Reputation Tracking Obsolete?”  In that case, the answer would be a clear and definitive yes.

Reputation in its purest form is deep, contextualized, complex, and local.  I have a very different reputation with my colleagues in the Sierra Club than I do with other academics, and still another one with my drinking buddies.  All of those reputations are linked to different dimensions of my identity, and each is accurate in its own way.  They accrue over time, and they are exceedingly difficult to scale up from local context to general form.

Online, reputational data is put at a premium, because the purer the anonymity, the worse people are bound to act.  I haven’t seen any studies on this yet (I’ll get around to doing one someday, I suppose), but it’s pretty clear that when you require people to login before posting comments to a blog, they self-moderate a bit more, and when you add a Mojo system like they have at SlashDot and DailyKos, and “superuser” status contingent on high Mojo ratings, people behave better still.  That’s standard “Shadow of the Future” stuff, a basic finding from game theory, and replicated in a host of experimental settings.  So reputation systems incentivize good behavior while distributing the costs of punishing bad behavior.  As a basic example, consider how costly eBay would be if they had to provide top-down monitoring of all transactions.  Actually, you don’t need to bother considering it: without reputation tracking, there would be no eBay.  Period.

So is reputation obsolete?  Yes and no.  The thing we need to recognize is that when you divorce reputation assessments from their local, complex, and contextualized settings, you have to rely on rough proxies to fill in the gap.  Those proxies are not, themselves, reputation.  When an eBay buyer ranks the seller, that tells us relatively little about the seller.  When a DailyKos user contributes to a diarist’s “tip jar,” that functions as a “thumbs up.”  But real reputation isn’t the aggregate of online clapping and booing.  And as more diverse information becomes available online, the simplicity of aggregating clapping and booing seems like a coarse and outdated tool for measuring reputation.

I would suggest that the quality of reputation tracking is always going to hinge on three elements:

(1)relevance of the proxy data.  How good of an approximation does the online rating mechanism provide?

(2)Traffic levels.  I’m always entertained by low-traffic blogs that include recommended diary structures and such.  Online reputation tracking assumes huge inputs, but given the power law distributions of web traffic, we know that there are only going to be a select few webspaces that obtain that level of traffic.

(3)Gaming of the system or lack thereof.  This last one is long-term problematic.  Any high-traffic webspace is going to represent valuable online real estate.  The perverse incentives are there for actors to try to figure out the rules of the game and then innovate ways to get around them.  We haven’t seen a lot of innovations in reputations systems for years, and most of the literature seems to be focused solely on eBay.  So reputation tracking systems are probably obsolete at this point, simply because every system is going to have weaknesses and vulnerabilities, and there haven’t been many new developments (at least that I’m aware of — which is a decent indicator that if something great is out there, it sure hasn’t diffused very widely yet).

What we really need is reputation systems that take advantage of Metcalfe’s Law.  As processing speed and memory continue to double — as Information Abundance becomes still more abundant — we need to develop reputation tracking systems that use better proxies.  Donath asks whether “in a world where all action is recorded, is there still need for reputational information?”  I would respond, “Yes, all the moreso!”  If we broadly understand reputation data as a form of filtering and content management, we have little choice but to rely on reputation assessments, but we also need them to evolve along with the rest of the web.  In a world where all action is recorded, reputational information is all the more necessary so we can sort through the mess.  But likewise, as more types of data become available, we need to diversify the types of proxies we use for assessing reputation.  This will be particularly true as the mobile web comes into wider use, rendering whole new classes of data available.

The real challenge lies in figuring out how to sort and use that data, particularly keeping in mind the competing needs for reputational assessment/filtering and privacy.  The weaker the privacy norms, the stronger the reputation tracking can be.  I don’t think I particularly want my academic or Sierra Club colleagues to know my reputation among my drinking buddies, though (or vice versa, for that matter!).  The  tradeoff has steeply decreasing returns at some point, and there’s an important role for public scholars like Donath in helping to identify what that point might be.

If we get our GMail/FaceBook/Yahoo! account hijacked, what can we do when the company deletes it and all our related data? If we’re connected, that’s one thing, but what about those who are not so fortunate?

There’s also the (much more often discussed) flipside: What if I want to delete my stuff forever? Thanks to redundant backup storage, “forever” is several backups away, at the earliest.

Interesting questions, all.

(Link from Berkman)

“The bill, which expires in six years, allows the government to install
permanent wiretapping outposts in telephone and internet facilities
inside the United States without a warrant. However, if those wiretaps
are used to target Americans inside or outside of the country, the
government would have to get a court order. However, if the target is a foreigner or a foreign corporation, and they call an American or an
American calls them, no warrant is required.”

In other words, Americans are screwed, but international students and other foreigners are even more screwed.Being an international student at an American university myself sensitizes me to this problem. Consider this ability to wiretap all our phone and internet traffic without requiring a warrant in the following context:

1. the government is already tracking every move of international students and visitors.
2. the university is asking students to provide their cellphone number so that they can be contacted in cases of emergencies.
3. while the university has good privacy policies in place
4. they have to comply under the Patriot Act if the government asks them to disclose private information (including cellphone numbers)
5. the government also has the phone records from the telecom companies
6. the government doesn’t even need a warrant or court order if it decides it wants to wiretap foreigners

You do the math. International student? Check. All his/her personal and not-so-personal information? Check. Cellphone number? Check. Phone records showing who is calling who at what time for how long from where? Check. Permission to wiretap and spy at will? Check. Civil Liberties? Uhm.

On a smaller side note, it is interesting to see how the presidential candidates have voted on this. McCain voted in favor of giving telecom companies immunity. Obama voted against. Clinton decided to abstain from voting. It’s too bad I don’t get to vote in this country.

The bloggers are employees who are free to write in a casual blogging style. One made a joke about heavy drinking in New Orleans on Fat Tuesday. Responses range from sardonic or hostile to genuinely thoughtful.

Perhaps most impressive, the agency is actually listening to (and not merely damage controlling around) citizens’ comments. Well, at least they’ve done it once thus far. In one post, they celebrate the TSA critics for ironing out some inconsistencies in their enforcement of the removal of electronics.

Some local branches had decided that ALL electronics had to be removed (if you can fit a bomb in an iPod nano…), and the blog’s commenters asked about it. This week, the TSA made sure that all local agents knew that small electronics can stay in bags.

This is an interesting exercise in e-government, and as a regular traveler, I hope they keep it up.

(Link via NYT)

As we noted last month, the White House and telecoms pressed for retroactive immunity. This pressure has not worked–at least not yet–despite Bush’s threat of a veto.

According to the Colorado ACLU letter to the Boulder Valley School District Board of Education, administrators at Monarch High School detained a student on May 24th and accused him of smoking cigarettes. When a search of his backpack and pockets revealed no evidence, Vice Principal Drew Adams seized the student’s cell phone, reading and transcribing several messages.

The ACLU alleges this is a class 6 felony under Colorado law.

Adams misrepresented the seizure as a means of preventing distractions during the disciplinary meeting, the ACLU letter continues. The student’s mother asked for the phone, but Adams kept it over Memorial Day weekend.

When the phone was returned, the student’s mother discovered that somebody—presumably Adams—had attempted to send a text message to one of her son’s friends over the weekend, “falsely representing himself as a student.” The attempt failed because the mother had cancelled the service.

Beginning with the text messages from this first student’s phone, “Monarch High School authorities followed up with a cascade of additional interrogations accompanied by seizures and searches of additional students’ cell phones.”

After interviews “with many of the parents and over a dozen students who were drawn into these successive waves of interrogations and cell phone searches,” the group concluded this is part of a broad pattern of such behavior at Monarch.

Many students and parents report being lied to regarding the purpose of seizing cell phones. Further, “school administrators hindered students’ efforts to involve their parents and obstructed concerned parents’ efforts to obtain accurate and complete information about the school’s investigation of their children.” Two students allege to have been held for extended periods without a chance to contact their parents—one long past the end of the school day.

The ACLU also uncovered two earlier instances of Monarch administrators searching students’ cell phones.

In a press release, the district has claimed its legal right to engage in such activities, insisting that district counsel gave them the green light. The Denver Post reports that administrators in Douglas and Jefferson counties have also searched students’ cell phones.

Dear Rep. Sires,

I am a voter in your district, and I am writing in regards to H.R. 3773, the RESTORE Act. I urge you not to support this legislation unless it meets two key conditions.

First, the bill must not be amended to grant immunity for telecommunications providers who cooperated with the Bush administration’s illegal wiretapping program. Such a grant of immunity will cut important court cases off at the knees before we can learn the full nature of the administration’s spying. In short, you must not reward the administration for their blatant disregard for the law of the land, including the very balanced Foreign Intelligence Surveillance Act, and you must not reward common carriers for their willingness to join in the illegalities. Bush’s threat to veto the legislation without such a grant of immunity only confirms concerns that the law has been broken.

Second, do not approve the bill without all of its current protections for civil liberties. In particular, insist that the bill retain or strengthen the following provisions:

• Section 5, requiring oversight and periodic audits of surveillance activities
• Section 7, requiring the Department of Justice to conduct a timely audit of all warrantless surveillance programs since September 11, 2001
• Section 8, requiring record keeping of all surveillance of United States persons
• Section 10, reiterating FISA as the sole legal justification for the gathering of electronic surveillance

Not incidentally, the Bush administration’s willful disregard for FISA is an impeachable act if ever there was one, but sadly it is not the only one committed in the past seven years. Speaker Pelosi may consider impeachment to be off the table, but I do not, and if you and your colleagues do not stand up for the Constitution, I fear for the future of our democracy.

Sincerely,

Bill D. Herman