Archive for the ‘privacy’ Category

Having had a few weeks to digest both my initial thoughts on Google+ and the experience of actually using it, I thought I’d step back and offer a 30,000-foot-view of where I think things are, and are going, in this space.

First: Google+ is still pretty nice, even if it doesn’t quite know what it is. That’s fine! It’s been a month in psuedo-beta, and has 10M users. What I think the larger picture is here, is this:

Email is dying. Smart people are helping kill it. Google understands this, and that gMail is at this point a continually depreciating asset (something MSFT never recognized about Hotmail). Google+ is among other things, about providing gMail users a bridge to a post-email digital social space with minimal transition costs (always the biggest barrier to entry for a new social service). The social graph is already built into gMail users’ contact lists – Google+ is just about bootstrapping a different interface onto it.

There are real privacy concerns about Google+, and the mass deletion of accounts shows that Google is still struggling with psuedonymity. But long-run, the proposition is clear for both Google and its users.

Let me backtrack and say that I don’t think email will die, exactly, but rather become a mode of communication used for some things, sometimes, but not everything all the time. Physical mail, similarly, isn’t disappearing anytime soon (well not until 3D printing really scales up), and while telephony might be wearing different hats these days (i.e., mobile and digital rather than locked-position and analog), the fundamental dynamics are the same.

What we’re seeing is a rationalization of communications mediums, with people – young people especially, who don’t have the cruft of legacy communications patterns built on top – only using what makes sense for a given use, at a given time. For quick and short communications, this means text messaging – and given the shift in mobile plans towards offering unlimited texting, this doesn’t make anyone money, because save for the NSA and NewsCorp, nobody’s scanning and indexing your text message for relevant advertising content. Likewise, the efforts of both Facebook and Google to incorporate SMS into their user interfaces just haven’t caught on – why make the easiest way of communicating less easy?

Advertisers don’t know how good they’ve got it right now – despite click-through rates of at best 0.1% on banner ads, they’ve never known more about their target audiences for less money. From here on out, as more and more communication moves from the public social web and indexable email back to a range of peer-to-peer communications (TXT, telephony, video chats), it’s only going to get more and more expensive to know what people are thinking and talking about.  Because you’re going to have to actually ask the people.

This is why it’s a shame how comparatively little institutional support there’s been – and how slow IRBs have been in addressing the pace of online user research – for research around online sociability (no sour grapes here though! SILS is kicking butt!). Apart from the great work of a relatively small cohort of pioneering researchers who’ve been gathering data when and how they can this last decade, we’ve just lost a lot of data: those questions that went unasked, data went unscraped. And when perceptions of an interface aren’t asked in the moment, it’s not just gone, it’s gone-gone – who can remember what Facebook looked like 18 months ago?

But this is also an opportunity. Going forward into a world of multi-channel communications presents a fascinating set of new questions not just about why thus-and-so interface creates certain effects, but what people want to do, and how they realize those desires in different contexts. This is changing constantly, and shows no sign of slowing down. The real opportunity is to build on what we as researchers (both academic and market-oriented) already know about online sociability by asking questions focused not on the vagaries of changing interfaces and services, but rooted in the first principles of how people use communications technology. When we can keep asking those same questions over time – building real longitudinal data that can take into account the ebb and flow of seasons and services – we will build from knowledge to understanding. And when we understand, we can become the masters of our technologies, not the other way around.


Read Full Post »

When telephones were first invented, you didn’t just call a number and get a person on the other end: usually, first you’d talk to an operator, who would then connect you to a local loop where the desired party resided.  There were special rings within each loop to distinguish who was getting the call, but if someone else on your loop or the loop you were calling wanted to listen in, you couldn’t stop them.  This was a function of cost – it was pretty expensive to get a residential telephone line before the federal government guaranteed universal access and then deregulated the phone companies.

This was, it’s pretty well agreed, a bad system notwithstanding the excellent fodder it produced for light farce.  The residential system that replaced it was pretty problematic, too, leading as it did to:

a 70 year or so period where for some reason humans decided it was socially acceptable to ring a loud bell in someone else’s life and they were expected to come running, like dogs.

So, not the best either, even though it too did produce some great songs.

The growth of electronically-mediated and time-shifted communications may have a mixed record on a lot of issues, but it’s an unambiguous good in terms of individual control over their method, mode and timing of response to communications. I think this is a good thing. Communications where the sender is unsure of the extent of the audience, or the receiver potentially forced into confrontation, are not beneficial for either the clear conveyance of meaning or social cohesion.

Which is why Facebook’s recent actions are both troubling and perplexing.  By making all connections public for all users, they are ambiguating audience and forcing potential confrontations (between managed identities, work and personal lives, etc.) for all their users.  The shift in Facebook privacy settings takes as its central premise that the advances in telephone communications of the past century were a bad idea. It is forcing all of its users into an always-on global party line, where the conversations are transcribed and sold to all interested parties.  That’s not good.

Digital technologies allow us the ability to talk to basically whomever we want (and only them) whenever we want (and only then).  That Facebook would consider these to be bad things is deeply weird, and makes a compelling case against using it as a central mode of communication.

Read Full Post »

I’ve been reading and re-reading Jim Fallows’ post from the other week and have concluded I have nothing smart to say that he doesn’t say already. But, here it is:

A reader sends in a link to this recent post by law professor Orin Kerr, on a ruling about how 4th Amendment protections against “unreasonable search and seizure” apply to email. The central question is whether the government needs to inform individual email users when their messages are seized and read — or whether it is sufficient to notify their internet service provider or mail service, like Google or Yahoo. According to the logic of the ruling, by the sheer act of sending email, a user has transferred custody of the messages to a third party. Thus notifying the third party — Google, Yahoo, et al — is enough, with the sender left in the dark.

All parties with a stake in developing cloud-based computing — Google and Microsoft, IBM and Apple, Yahoo and anyone else you can name — should push for clearer policy statements about keeping things private even in the cloud. People simply are going to store and share more information this way. That shouldn’t mean a further, big, automatic, unintended surrender of privacy, and it would be better to set up rules to that effect before there’s a big scandal or problem.

So – what he said.

Okay, maybe I do have a thought or two. Really what this problem advocates for is personal ownership of all identity information: everything either that is or is owned by you living together in a single space (also backed up in multiple redundant spaces) that, crucially, is also yourself such that you always have control over cloud computing resources. So rather than logging in to Google accounts and accessing your information, you log into your own server (virtual or otherwise) and use Google services to edit and modify the information. They get only what you show them at a given time and then it’s back in your own box. When you become your own third-party provider – and Google et al. are merely providing a limited service to manipulate or move your data – then Fourth Amendment questions are much more easily decided.


Read Full Post »

MSNBC reporter Bob Sullivan has a blog called “The Red Tape Chronicles,” which is described on its sidebar as such:

Corporate sneakiness. Government waste. Technology run amok. Outright scams. The Red Tape Chronicles is MSNBC.com’s effort to unmask these 21st Century headaches and offer real solutions that save you time and money.

Bob Sullivan covers Internet scams and consumer fraud for MSNBC.com. He is the winner of multiple journalism awards for his coverage of online crime and author of Gotcha Capitalism: How Hidden Fees Rip You Off Every Day and What You Can Do About It. and Your Evil Twin: Behind the Identity Theft Epidemic.

This is pretty interesting, and I’ll get further into an excellent post from the blog in a moment, but I want to focus for a minute on his framing of these issues. Those of us who spend much of our lives online are by now pretty well acquainted with the various outrageousnesses of absurd DRM, hostile EULAs, abusive ToSes, malware, spyware, Microsoft security holes, goatse.cx and all the other shocking and awful things the Internet has to offer. And, on balance, we have a pretty good idea how to avoid the worst of the worst – set up a secondary or tertiary e-mail for mailing lists, always make sure to un-click the boxes when agreeing to ToSes, never use Outlook, never look at the screen when a friend says, “Hey, look at this!”, etc.

But for those who aren’t digital natives, these new problems present a double whammy that’s particularly hard to process. Basically, in addition to being sinister in and of themselves, the very names and terms used in the presentation of the problem are in a crazy moonman language. “DRM”, “EULA”, “ToS” – even when you break them down from geekspeak into “digital rights management,” “end user license agreement,” and “terms of service” are obfuscatory by nature. So your average Internet consumer – and at this point, given ever-more-universal access, the low-information, non-digital-native is the average Internet consumer – is befuddled and unsettled as a first principle, before even beginning to think about the nature of the threats. I think this accounts for a lot of the media sensationalism on various Internet security and privacy issues – as is often the case with other sorts of news, it’s not even clear to me that reporters (themselves often low-information, non-digital-native Internet consumers) understand the basic nature of the problems/conflicts/challenges involved in what they’re reporting.

And so, back to Sullivan. What he’s doing here is very clever – he’s presenting the threats and annoyances of our digital culture in terms that non-digital natives can understand. When he references, “Corporate sneakiness. Government waste. Technology run amok. Outright scams.”, these are powerful pre-existing narratives in American life. We love complaining about sneaky corporations, wasteful government, stampeding technological progress, and shysters, and have loved doing so for as long as there’s been a United States. So not only does he circumvent confusing and stress-inducing technobabble, by harnessing these narratives he establishes not only how people should think about these issues but how they should feel about them. Just like that, n00bs become staunch online privacy advocates.

Having established a more comfortable frame for his audience to understand these issues, Sullivan then proceeds on a series of “How To” posts for modern living; the post on data collection is particularly instructive. He sets up a commensensical approach, mentioning circumstances we all face:

The questions are all too familiar, and all too intimate:

“Can I see your driver’s license?”

“Can I have your phone number?”

“Do you have another form of ID?”

But how do you answer? It seems that to shop is to be interviewed. Everywhere you go, you are asked invasive questions. And every time you look at the news, you see another company is losing consumers’ data.

So you would probably rather not answer those kinds of questions, but can you say “no”?
Yes, say legal experts. In fact, sometimes of those questions are against the law or violate credit card association terms and conditions.

Of course, if you refuse to provide the requested information, a company can refuse to do business with you. Sticking up for yourself is almost certain to lead to a small scene at the store, something I call “data bickering.” And since it seems like everyone asks questions like these all the time, it’s not practical advice to “just say no.” But it helps if you can say, “I know my rights.”

This mirrors directly something I’ve written about in a slightly different context and in slightly more geeky terms, but the bottom line is the same – consumers are at a power disadvantage. My preferred solution is to strengthen and make more explicit legal protections and correct the power dynamic between corporation and citizen, but as Sullivan goes on to show, citizens currently do have substantial rights in this regard, which he lays out in a simple, three-part action plan (which I urge you to read in its entirety):




Pretty easy, and fits right in with the sort of pissed-off customer that Americans might say they don’t like being, but most secretly relish playing. Especially when they’ve got the rules and the law (not to mention common sense) on their side.

Sullivan then closes with a populist call to action and inclusion:

Share your data self-defense stories
It doesn’t have to be that way. When asked for data, just say “no” – at least initially. If you’re told you will have to leave the store or medical office, then you’ll have to make a choice, and often you will decide to surrender the information. But before you do, put up a bit of a fight. The more you complain, the more uncomfortable you make a clerk or a company, the more you’ll make the folks at headquarters reconsider their need to know everything about you.

Have you made a scene when asked to divulge personal information? What has worked for you? Share your stories of privacy self-defense with other Red Tape Chronicles readers.

Great stuff, and exactly the sort of re-framing and broadening of the message and appeal that’s necessary to increase awareness of these issues and, eventually, push forward a popular mandate for the necessary reforms.

Read Full Post »