understanding the importance and impact of anonymity and authentication in a networked society
navigation menu top border

.:home:.     .:project:.    .:people:.     .:research:.     .:blog:.     .:resources:.     .:media:.

navigation menu bottom border
main display area top border

« April 2007 | Main | June 2007 »

Privacy and Surveillance in Web 2.0: Unintended Consequences and the Rise of “Netaveillance”

posted by:Michael Zimmer // 11:44 AM // May 28, 2007 // ID TRAIL MIX


This post is an attempt to collect and organize some thoughts on how the rise of so-called Web 2.0 technologies bear on privacy and surveillance studies. After presenting a few examples of unintended consequences of Web 2.0 that bear on privacy and surveillance, I will introduce the term “netaveillance,” which might provide a useful concept around which a more robust theory of surveillance about the Web 2.0 phenomena might be built.

The rhetoric surrounding the Web 2.0 movement presents certain cultural claims about media, identity, and technology. It suggests that everyone can and should use new Internet technologies to organize and share information, to interact within communities, and to express oneself. It promises to empower creativity, to democratize media production, and to celebrate the individual while also relishing the power of collaboration and social networks. Websites such as Flickr, Wikipedia, del.icio.us, MySpace, and YouTube are all part of this apparent second-generation Internet phenomenon, which has spurred a variety of new services and communities – and venture capitalist dollars.

This cartoon of a room full of people arguing at a cocktail party after someone mentioned the provocative theories of Marshall McLuhan reminds me of today’s emotional debates over the relative impact – and even the very existence – of Web 2.0. Many hail Web 2.0 as the “new wisdom of the web,” and “a new cultural force based on mass collaboration,” while others deride it as merely a marketing jingo, “amoral,” and even an extension of Marxist ideology.

This last notion, the relationship between Web 2.0 and Marxism, was suggested by Andrew Keen, one of the loudest provocateurs of the Web 2.0 ideology. Keen has received considerable criticism for making comparisons between the Web 2.0 meme and Marxism, but, between the vitriol, he does make some valid points about the utopianism and solipsism that seems to underlie much of the Web 2.0 discourse. In particular, he criticizes the fervent commitment to technological progress:

The ideology of the Web 2.0 movement was perfectly summarized at the Technology Education and Design (TED) show in Monterey, last year, when Kevin Kelly, Silicon Valley’s über-idealist and author of the Web 1.0 Internet utopia Ten Rules for The New Economy, said:

“Imagine Mozart before the technology of the piano. Imagine Van Gogh before the technology of affordable oil paints. Imagine Hitchcock before the technology of film. We have a moral obligation to develop technology.”

But where Kelly sees a moral obligation to develop technology, we should actually have–if we really care about Mozart, Van Gogh and Hitchcock–a moral obligation to question the development of technology. [emphasis added]

This moral obligation to question the development of technology compels Keen to identify some of the unintended consequences of the emergence of Web 2.0 infrastructures, including the flattening of culture, the overabundance of amateur authors and producers, and narcissism run wild.

As I begin to study the Web 2.0 meme from the perspective of privacy and surveillance theory, a different set of unintended consequences emerges, including shifts in the flow of personal information that might threaten personal privacy in ways much more damaging than Keen’s concern that content is now made and distributed by mere amateurs instead of honed professionals.

For example, Web 2.0 applications often rely on rich metadata to create value in information, such as the geotagging of images uploaded to Flickr. While it might be useful and fun to have locational data automatically associated with your images, considerable privacy concerns emerge as an externality. For instance, law enforcement officials can simply search for all photos online matching the location & timing of a certain political rally in order to broaden their ability to keep records of who was present. Or, combined with the development of facial recognition technologies with shared online photos, stalkers (or other annoying folks) might soon be able to search for a certain person’s face, and discover the GPS coordinates of the coffee shop they seem to be pictured in every Tuesday morning. Someone even developed a tool, FlickerInspector, to facilitate this kind of mining of the datastreams users leave behind on Flickr.

Of course, one doesn’t need a fancy application like FlickerInspector to reap the benefits of the new datastreams facilitated by Web 2.0 applications. Inherent in Web 2.0 evangelism is an overall faith in the network to be the processing platform: users are encouraged to put as much of their lives as possible online, to divulge and share their personal lives, their professional development, their favorite websites, their music, their friendships, their appointments, and even where they’ve connected to wi-fi. If you know a person’s “handle” on one Web 2.0 site (“michaelzimmer” at del.icio.us), you probably can find them on many more (Plazes, LibraryThing).

The prevalence of sharing so many details of one’s life through various Web 2.0 and social networking sites, and the relative ease of finding users across these services, leads to a second key externality: the rise of amateur data-mining. Fueled by the power and reach of Web search engines, it seems anyone can now engage in the kind of tracking and data-mining of user’s online activities that was once possibly only by the most powerful of computer systems.

An interesting case of amateur data mining made possible through Web 2.0 involves “Don, the camera thief.” The blog BoingBoing posted a story of a woman who lost her camera while on vacation, but was contacted by the family who happened to find it. Unfortunately – and oddly – the family who found it refused to return the camera because their child liked it so much. BoingBoing thought the actions by the finders of the camera were “shameful.” A few days after posting this, BoingBoing received an e-mail from someone who claimed his name was “Don Deveny,” purportedly a Canadian lawyer, who implied that the post was illegal and that BoingBoing was liable for making it. The folks at BoingBoing doubted the legitimacy of the email (the word “lawyer” was misspelled, for example), and decided to see what he could find out about “Don.”

They first contacted many of the law societies in Canada, none of whom had any record of a “Don Deveny” licensed to practice law in Canada. (by the way, it is illegal to pretend to be a lawyer). From their e-mail exchange, they were able to isolate the writer’s real e-mail address from the message headers, and through a Google search, located other pages that contain that address. That led them to a profile page for a user of the website called “Canada Kick A**” who shared the very same e-mail address. That profile page had a different person’s name (perhaps “Don’s” real name?), and also listed a location and profession for the user (he’s not a lawyer). It didn’t take much to figure out (or at least get a better clue) as to who this e-mailer was, and his profile page on a Web 2.0-inspired discussion board made it much easier.

Readers of BoingBoing did some amateur data mining of their own: a commenter at the original camera owner’s blog seemed to share many of the same sentiments of “Don,” along with many of the same spelling errors. This commenter used a different screen name, but when asked to identify himself, also said he was a lawyer. Another reader then discovered that a user with that same screen name recently bid on memory cards at eBay that would have been used in the stolen camera. More amateur data mining ensued, and discovered another user profile at a different discussion forum with the same user name and same “favorite sites” listed in the signature file. And this page included a photo of the user: Is this “Don” our camera thief?

Another example of the ease of amateur data mining with the help of Web 2.0 services is the outing of Lonelygirl15. Lonelygirl15 was the mysterious girl leaving video confessions on YouTube, garnering a huge following of devoted fans, yet know one knew who she was or if they were really just a kid’s video diary or perhaps a large hoax or advertising campaign. After some amateur data mining, the truth came out:
A reader was surfing an article on Lonelygirl15 at a random website when he came across a comment that linked to a private MySpace page that was allegedly that of the actress who plays Lonelygirl15. Since the profile was set to “private,” very little information one could glean from the page. However, when he queried Google for that particular MySpace user name, “jeessss426,” he was able to access Google’s cache from the page a few months ago when it was still public. A lot of the details of the girl’s background quickly emerged: She was an actress from a small city in New Zealand who had moved to Burbank recently to act. The name on the profile was “Jessica Rose.” When he happened to query Google image search for “Jessica Rose New Zealand” he was instantly rewarded with two cached thumbnail photos of Lonelygirl15, a.k.a. Jessica Rose, from a New Zealand talent agency that had since removed the full size versions. A search on Yahoo for “jeessss426” also turned up various pictures from her (probably forgotten) ImageShack photo sharing account. Lonelygirl15 was revealed.

Little effort was needed to link up the various e-mails, user names, personal data flows, and photos shared across blogs, discussion forums and other Web 2.0-style sites to track down “Don the camera thief” or “LoneyGirl15”. Moving more and more of our activities to Web 2.0 makes it harder to remain anonymous, and the myth of “security through obscurity” seems to be disappearing as various crumbs of our true identity are being scattered across the Web 2.0 landscape.

A final externality of Web 2.0 relates to a new form of informational voyeurism that these platforms enable. While Web 2.0 sites have enjoyed incredible growth and heavy viral participation, only a small fraction of overall users actually use the services to upload content – the vast majority just likes to lurk and watch. According to one report, only 0.16 percent of YouTube’s total traffic is made up of users who upload videos. Similarly, only 0.2 percent of Flickr’s regular users are there to upload photos. And slick new tools emerge daily to facilitate the surveillance and voyeurism of people’s daily activities. For example, “feeds” on Facebook allow users to be notified immediately when a friend updates their profile (changing their mood, their friend list, their relationship status, etc), dodgeball helps users find friends (and unknown friends of friends) within a 10 block radius of their present location, DiggSpy allows real-time monitoring of user’s activities on the popular news ranking site Digg, and Twitter has quickly emerged as the hottest new voyeuristic service, allowing users to share text snippets of their day-to-day activities, and monitor others’ streams of the mundane details of their lives (such as “a whole gang of women with dogs just walked past my window”).

What seems to be emerging is a new form of voyeuristic surveillance of people’s everyday lives, fueled by Web 2.0. This has been referred to varyingly as “peer-to-peer surveillance” or even as a new kind of “participatory panopticon.” Yet these terms – and the theories embedded within them – seem insufficient to fully grasp the significance of the emergence of this new voyeurism of the mundane. Surveillance, of course, implies the “watching over” of subjects from above, with an explicit power relationship between the watchers and those placed under its gaze. Trying to describe surveillance as “peer-to-peer” suggests a flattening of the power relationship that is counter to its very definition. Similarly, the notion of a “participatory panopticon” is at the same time redundant and contradictory. Foucault revealed how panoptic power becomes internalized by the subjects, thus, they necessarily “participate” in their own subjugation. Yet the top-down power relationship within the panoptic structure remains. The participation by the subjects does not make them equal with the watchers. Yet the informational voyeurism associated with Web 2.0 seems to imply a balance between the users: one shares their data streams in order to improve the overall worth of the network, coupled with the presumption that they’ll be able to observe and leverage others’ streams as well.

This notion resembles that of “equiveillance,” a state of equilibrium between the top-down power of surveillance, and the resistant bottom-up watching of sousveillance. Yet, this notion implies merely a balance in access to surveillance information, and is focused more on how to reach some kind of harmonious relationship with our rising surveillance society. With the informational voyeurism of Web 2.0, however, the goal isn’t to resist or come to terms with the power yielded by traditional surveillance, but rather to participate in a widespread and open sharing of the mundane details of one’s daily life. To give one’s peers a glimpse into one’s own personal universe. These snapshots of the minutia of people’s lives have been compared to the Japanese concept of “neta”, the tidbits of people’s lives that are shared with family and friends as a kind of social currency. The Japan Media Review (an affiliate of Annenberg’s Online Journalism Review) recently made an insightful connection between “neta” and Web 2.0 voyeurism:

In Japanese, "material" for news and stories is called "neta." The term has strong journalistic associations, but also gets used to describe material that can become the topic of conversation among friends or family: a new store seen on the way to work; a cousin who just dropped out of high school; a funny story heard on the radio. Camera phones provide a new tool for making these everyday neta not just verbally but also visually shareable.

As the mundane is elevated to a photographic object, the everyday is now the site of potential news and visual archiving. Sending camera-phone photos to major news outlets and moblogging are one end of a broad spectrum of everyday and mass photojournalism using camera phones. What counts as newsworthy, noteworthy and photo-worthy spans a broad spectrum from personally noteworthy moments that are never shared (a scene from an escalator) to intimately newsworthy moments to be shared with a spouse or lover (a new haircut, a child riding a bike). It also includes neta to be shared among family or peers (a friend captured in an embarrassing moment, a cute pet shot) and microcontent uploaded to blogs and online journals. The transformation of journalism through camera phones is as much about these everyday exchanges as it is about the latest headline.

Building on this Japanese concept of “neta,” I propose a new kind of “veillance” has emerged with Web 2.0 infrastructures: “netaveillance”. Netaveillance can be defined as the process of openly and purposefully providing an almost continual stream of the details of one’s daily life – the mundane, the profane, and the vain – through Web-based technologies, coupled with the ability to capture similar data streams from one’s peers. Netaveillance constitutes an emerging ecosystem of personal data flows – not the exceptional information meant to be protected from state or commercial surveillance, but the free and open sharing of the minutiae of our lives.

My conceptualization of netaveillance is, to be sure, in its most nascent of stages. Much work needs to be done to contemplate how it relates to existing theories of privacy and surveillance, how power relations between and among participants might still exist, how such data flows could be captured by state or commercial interests, and so on. Theorizing and understanding netaveillance is no small task, but it might provide a new language and framework from which to understand the informational voyeurism and related unintended consequences of the Web 2.0 phenomenon.

Whether you want to bring it up at a cocktail party is up to you.

Michael Zimmer is completing his Ph.D. in the Department of Culture and Communication at New York University, and will be a Fellow at the Information Society Project at Yale Law School. He is looking forward to developing his theory of netaveillance at the up-coming Surveillance Summer Seminar. He can be reached via his website, michaelzimmer.org.
| Comments (4) |

Reasonable Expectation of Privacy Workshop Movies

posted by:Jeremy Hessing-Lewis // 02:10 PM // May 23, 2007 // Computers, Freedom & Privacy Conference (CFP) | General | TechLife

The IDTrail Team produced two short films exploring the "reasonable expectations of privacy". They were used at the Computers, Freedom, and Privacy (CFP) 2007 conference in Montreal, Canada. The short films were produced and directed by Max Binnie, Katie Black and Jeremy Hessing-Lewis with contributions from Daniel Albahary, Ian Kerr, and Jane Bailey. They are available for download under a Creative Commons Attribution 2.5 license after the jump.

The first film, "Tessling-Just the Facts", is a brief dramatization of the facts that gave rise to R. v. Tessling [2004], a criminal case which addressed the concept of the "reasonable expectation of privacy" with respect to forward-looking infrared (FLIR) technology.

Download Tessling-Just the Facts (Save As...))
Format: .mov[Quicktime],Duration: 4min22sec, Size: 9.53MB.

The second film, "CFP-Interviews", is a documentary that provides the viewer with a taste of various public interest perspectives on how to conceive of "reasonable expectations of privacy". It features short interviews with the following experts in the field of privacy, civil rights and law, in order of appearance:

Starring (in order of appearance):
Clayton Ruby, Ruby & Edwardh
Andrew Clement, University of Toronto
Peter Jordan, Engineer (ret.)
Chris Hoofnagle, Samuelson Clinic, UC Berkeley
Eugene Oscapella, Lawyer, Foundation for Drug Policy
David Sobel, Electronic Frontier Foundation (EFF)
Pippa Lawson, Canadian Internet Policy and Public Interest Clinic (CIPPIC)
Jim Karygiannis, MP Scarborough-Agincourt
Marc Rotenberg, Electronic Privacy Information Center (EPIC)
Cindy Cohn, Electronic Frontier Foundation (EFF)
Marlene Jennings, MP Notre-Dame-de-Grâce -- Lachine
Deirdre Mulligan, Samuelson Clinic, UC Berkeley

Download Public Interest Perspectives (Save As...)
Format: .mov[Quicktime], Duration:25min52sec, Size: 54.8MB.

Creative Commons License

| Comments (0) |

“All about us” – personal identity and identification systems

posted by:Jason Pridmore // 11:59 PM // May 22, 2007 // ID TRAIL MIX


A few weeks ago I watched the 1950 movie “All About Eve.” It is a classic I am told, nominated for 14 academy awards and winner of the award for best picture. Mind you, in an age that emphasizes the role of experts, I do not claim to be a film critic, novice or otherwise, so I’ll leave it at that. I can say that I found the performances in the film to be compelling, something confirmed both by the DVD extras and a cursory web search which suggest this to be, in specific, Bettie Davis’ best performance. The film has its interesting plot twists and turns, clearly a film set against the backdrop of a bygone era, but with several themes that pervade into our lives today, namely the intricacies of social relationships, how much others know about us, and the potential for this knowledge to turn into manipulation.

In the film, the character “Eve” (whom we are to learn all about) sets out seemingly innocently to bathe in the glow of Davis’ character, the actress Margo Channing, but ultimately subverts this glow into her own personal limelight. The film begins at the end, as it were, with Eve Harrington receiving an award for an exceptional performance in a role we soon learn was taken from Channing. In the midst of this ceremony, a narrative voiceover mentions Eve directly:

Eve. Eve, the Golden Girl. The cover girl, the girl next door, the girl on the moon... Time has been good to Eve, Life goes where she goes – she's been profiled, covered, revealed, reported, what she eats and when and where, whom she knows and where she was and when and where she's going... ... Eve. You all know all about Eve... what can there be to know that you don't know?

Plenty, apparently, and the next hour and a half is a journey into the history of intricate relations between Eve, Margo and their group of friends. Despite the new found knowledge of Eve’s character in these relational histories, there is something to be said about Eve playing a part, following a scripted role. If in fact we had been able to read the accounts of her life mentioned in the voiceover, to see the profiles and her coverage in the media, we would know something about who she was and what she was like that the revelations of the remainder of the movie, however stark the contrast with mediated reports, would not have shown us. In the end, these would only augment to some extent our expectations of how Eve is to be understood.

I realise that by now I may have lost any number of you who have not seen nor care to see the film. But I use it here to suggest something about which I can claim at least some expertise – the relationship between our sense of identity and its inherent relationship to how we are identified by others. As Richard Jenkins (2000) points out, “we know who we are because, in the first place, others tell us.” Yet in our society, our understandings of self, our identity is increasingly related to how we exist under socially and technically created systems of identification that seemingly know “all about us.” To put it in the terms of the film, the way in which we are profiled, covered, revealed and reported affects our sense of who we are.

I wish I could say that my watching of classic film was inspired by a maturation of my entertainment tastes: an increasing desire to read classic literature and watch the great films of our age. I am afraid this would be less than honest. In fact, the motivation to watch this film was driven by my personal academic research. Andrew Smith and Leigh Sparks, British marketing researchers at the University of Nottingham and Stirling (respectively), entitled a 2004 article in the Journal of Marketing Management “All about Eve?” In the article they describe the purchasing habits of a woman they give the pseudonym “Eve.” Smith and Sparks were given access to two years worth of purchase data based on a particular retail store’s loyalty card program. With this data, they surmise the following things about Eve:

• She is overweight and very concerned about her appearance, especially her poor complexion
• She has long hair, usually wears contacts but wears glasses occasionally, and has numerous problems with her feet
• She has hay fever and struggles to overcome a common cold several times a year
• She has a boyfriend or partner she occasionally buys items for
• She is someone who plans holiday gifts and cards well in advance

These could be intimate details about a person’s life, and the authors readily admit to the fact that they could be wrong about any and all of these descriptions. However they (as am I) are reasonably sure that they know more than Eve herself would be comfortable with. They further recognize that without personally identifiable data or even aggregate sets of data that pertain to her (like geodemographic profiles), they know far less than what the retailer may in fact “know” about Eve.

What I want to suggest is that in a world in which, in the words of Zygmunt Bauman (1992), consumption has become the “cognitive and moral focus of life, the integrative bond of the society, and the focus of systematic management,” marketers do know much about us. In the midst of the increasingly desperate situation with Eve, Margo Channing states “so many people know me. I wish I did. I wish someone would tell me about me.” Ms. Channing can be assured that today marketers are keen to tell her exactly who she is. Based on her affinities with certain products, her past purchasing behaviours, the neighbourhood in which she lives, the relations she has with others, and far more information which is increasingly knowable, known and quantified, Channing could be situated as a consumer quite readily. We have become statistically significant sets of data (see Zwick and Dholakia 2004), something which affects both how we understand ourselves and how we are understood by consumer systems.

In many cases, we may be seen to “sort ourselves out” as Richard Burrows and Nicholas Gane’s recent article on geodemographics suggests (2006), specifically as a form of “commercial sociology” aids us in deciding the type of people we would like to live with – splitting up neighbourhoods into lifestyle clusters and reengineered class constituencies. On the other hand, loyalty programs, such as the ones Smith and Sparks discuss, are keen to use the data we have given over to “help us solve our problems.” These problems are of course indicative of who you are, your life stage, your income and career, your family, your personal appearance, your diet, etc. In return, they only ask and hope for more patronage, and of course, more data. How else would they be able to know who we are and meet our needs?

After several years of studying the means by which corporations monitor the current and potential customers and after several interviews with executives of loyalty programs, I am convinced that corporations know much about us. Ironically, though the film “All About Eve” suggests we will know all about her, it is the character Eve who in fact seems to know all about us. While we learn all about Eve’s rise to stardom, she does so by means of clever and subtle manipulation. I am reminded quite succinctly of the ways in which marketing practices remain covert and subtle. In one interview I conducted it was suggested to me that the loyalty program (read: data collection program) was meant to know all about you, not in a “big brother” like way, rather in a “best friend” sort of way – to target advertisements meant specifically for your situation, your context. This is never overt of course, both for fear of “getting it wrong” and for fear of appearing as a form of ominous surveillance, but these are clearly and specifically meant to connect with your personal life and I am convinced this has an affect on one’s self concept.

In the end, despite a concern for appearing ominous, it is consumer surveillance and it is ubiquitous. The personal knowledge surmised from the collection of consumer data may not always be right, but based on that information one may begin to experience life differently because of the way it serves to distribute certain resources and penalties (Jenkins 2000). Increasingly, our personal identity – our conception of self – is produced and reproduced in institutionalized contexts and as corporations gather and integrate more and more personal data, the potential for the expectations of this data to become lived out in the experiences of the lives to whom it correlates is high. While this may prove a particular advantage for upwardly mobile consumers, it likewise leaves a rather dismal future for those who may be seen as “collateral damage” for an economic system focused on particular types of consumers (Bauman 2007). Which is to say, knowing all about “us” applies to only a certain categories of people, like Eve, but even for her, what is known about her inevitably affects how she understands herself in the context of a society in which consumption is both a focus and a social bond…

Jason Pridmore is a Ph.D. Candidate in the Sociology Department at Queen's University.


Bauman, Zygmunt. 1992. Intimations of Postmodernity. New York: Routledge.
—. 2007. “Collateral Casualties of Consumerism.” Journal of Consumer Culture 7 (1):25-56.
Burrows, Roger, and Nicholas Gane. 2006. “Geodemographics, Software and Class.”Sociology 40 (5):793-812.
Jenkins, Richard. 2000. “Categorization: Identity, Social Process and Epistemology.” Current Sociology 48 (3):7-25.
Smith, Andrew, and Leigh Sparks. 2004. “All about Eve?” Journal of Marketing Management 20 (3-4):363-385.
Zwick, Detlev, and Nikhilesh Dholakia. 2004. "Whose Identity Is It Anyway? Consumer Representation in the Age of Database Marketing." Journal of Macromarketing 24 (1):31-43.

| Comments (0) |

Is Anything Private in the Age of Internet Social Networking?

posted by:Robynn Arnold // 01:59 PM // May 15, 2007 // ID TRAIL MIX


In recent weeks, the popular social networking website, facebook.com has found itself at the centre of much discussion. From government and employer bans on the use of the website in workplaces, to sanctions and expulsions against students and employees stemming from information posted on facebook accounts, it seems of late that the site has never been far from media attention. Ironically, this has all come at a time when I have faced increasing pressure from friends to finally get with the program and join the network, being that I am one of the few people I know not already connected. I admit that the above mentioned issues surrounding the website are not the reason I have yet to become a member – I am more simply concerned with the time that would be lost in my schedule to keeping up with this phenomena, having witnessed it firsthand with friends. However, being a virgin to the social networking game, its recent newsworthy attention does give me reason to pause before logging in and signing on, but not for the reasons most would think. In fact, it shocks me that what I see as the most concerning aspect of this new way of sharing and communicating seems to be somewhat flying under the radar, overshadowed by the predominant concerns surrounding lost productivity. The bigger picture that seems to be misplaced in the recent wave of attention is the more concerning issue of privacy, or lack thereof, surrounding information posted in such a forum.

Facebook started in 2004 by a sophomore student at Harvard University keen on bringing the idea of university paper ‘facebooks’ into the technological age. Since then the site has developed and grown tremendously. It now boasts more than 19 million registered users and is in the top ten most trafficked websites in the United States. But it is Canada that can currently lay claim to the title of the nation with the fastest growing membership to the site, estimated at representing 11% of users, up from 5% last year. Canadians, in fact surpass both the United Kingdom and the United States in rates of new membership. The site works by allowing registered users to essentially create a profile and link into numerous networks based on interests, geography, etc. Each member’s profile acts like a personalized website, and can include a list of friends, as well as showcase photos. The page also features a message board that each member can choose to make public. However, gaining access to a friend’s page that is not publicly available is as simple as placing a request that is yielded. After granting access to another user, all control over what the grantee can post is lost. It is easy to see how concerns over posting content and lost productivity of employee and student users has arisen, with members utilizing the site to post thoughts and keep up with relationships. But what of the matter of privacy in regards to information posted on member profiles?

There appear from first glance to be numerous issues surrounding anonymity and privacy with regards to social networking websites. The obvious ones that emanate with all web pages, such as data mining and information sharing with third parties are arguably possible and occurring. But the concerns that are specific to sites like facebook.com are conceivably more intrusive. For example, since a member who grants access to another user has no control over what that member posts on their message board, even personal information not divulged by the member could end up posted on their own page. Not to mention that such information is always possible as being posted on the other user’s page. Even in a private profile, this information becomes instantly accessible to all those having admission, and where the profile is public, the information automatically would be spread further. Another privacy concern surrounds ‘RSS feeds,’ which function to allow ongoing updates, capable of being posted from your Blackberry. Such minute details of daily life and location could prove dangerous in the hands of a stalker. While these are concerning enough issues, they lead to the broader question over who exactly may be interested in accessing your information. Colleges, universities and police have all utilized facebook in investigations, and recently it has been suggested that employers may be interested in looking up potential employee’s profiles as part of their hiring processes. For a site specifying itself as being available, “for your personal, noncommercial use only,” many users are naively being misled. Beyond the issue of maintaining control over and some semblance of privacy in the information posted, the notion of who should be examining posted information is important. While it is arguable that police and school intervention is a good thing, possibly solving crimes and stopping hateful or derogatory postings, should job appointments really be determined partially on the basis of what someone has posted on their facebook account?

The question to be answered then is how do we classify such social networking forums? Are they simply open public spaces where members lose any claim to their privacy and anonymity once becoming a user? Or, should such venues simply be seen as the modern version of private conversation with technology simply providing the global link, and thus off limits to those not knowingly in the circle? One thing is for sure, at the present rate of growth of over 1 million new users each week online social networking sites like facebook.com are not going away anytime soon. Simply avoiding such forums may not provide a feasible solution when trying to maintain modern relations. Perhaps then it is time to think hard about the privacy problems these forums raise and develop a strategy to handle these concerns without stunting access. I have managed to hold out joining until now, but the temptation to connect and reconnect with friends and acquaintances is increasingly tempting. With member friends already displaying my picture and information on their pages, can avoidance really be seen as a measure in maintaining my anonymity and privacy?

Robynn Arnold is an LL.M. Candidate at the Faculty of Law, University of Ottawa.
| Comments (0) |

Remember when we could forget?

posted by:Jeremy Hessing-Lewis // 12:39 PM // // Commentary &/or random thoughts | General | TechLife

CBC's "The Current" ran an excellent piece on the Internet's memory (available in podcast HERE). The broadast began with an interview with Michael Fertik of ReputationDefender.com. Fertik notes:

"We've never had to live before with our momentary mistakes in judgment for the rest of our lives, which is sort of a global tattooing machine."

The Internet's memory is then discussed by Brewster Kahle, creator of The Internet Archive, and Viktor Mayer-Schönberger, of Harvard University and author of Useful Void: The Art of Forgetting in the Age of Ubiquitous Computing. These commentators draw attention to the simultaneous social necessity of both forgetting and remembering and how these natural functions are being skewed by network computing.

On the one side, Mayer-Schönberger notes that forgetting is a natural cognitive process that has yet to be re-learned by information technologies. He gives the example of Google's storage of every search query by every user and every result that they clicked-on since the start of the service. In other words, Google never forgets. In his paper, Mayer-Schönberger writes:

For millennia, humans have had to deliberately choose what to remember. The default was to forget. In the digital age, this default of forgetting has changed into a default of remembering.
His response is to reintroduce the concept of time by introducing expiry dates associated with data. For example, Google's Gmail service should give users the ability to wipe data after a certain period.

In contrast, Kahle describes the importance of archiving the web in order to fulfill the library's role of creating a "memory institution" in order to give reference to what people have seen before. Without such a service, he suggests that we live in an Orwellian universe where we are locked in the "perpetual present."

Kahle concludes: "How do you select what should be kept and what shouldn't be kept?" For example, we as a society may want to hold corporations accountable for statements made in the previous quarter. He adds that the really scary aspect is less the published content and more of the usage data such as the Google searches.

We are left with an awkward computing architecture where information is both fleeting and permanent. Users are left trying to remember when we could forget.

| Comments (0) |

You and Your Avatar: Having Second Life Thoughts on Anonymity and Identity

posted by:Bert-Jaap Koops // 11:59 PM // May 08, 2007 // ID TRAIL MIX


My first thought was that a website called On the Identity Trail, with a research stream on Constitutional, Legal and Policy Aspects, would feature a lively debate on a right to anonymity. Yet a search on 'right to anonymity' on this website offers only one hit: a December 2003 piece announcing that lawyers in the ID Trail project will study a right to anonymity. Since then, the term as such does not recur, and the anonymity focus webpage - although covering a fascinating range of subjects - does not offer much for the reader who wants to know whether or not she has a right to anonymity.

This, of course, was only to be expected. A right to anonymity does not exist, has never existed, and will never exist. At some point, there will always be someone with a right to know your identity. In certain contexts, it is eminently possible that you remain anonymous, to your hairdresser, reader, or (sperm-donated) child, and you may even claim a certain right to this. But there is always a conflicting right to identification that may outweigh your claim to anonymity, for your hairdresser (if you leave without paying), for your reader (who feels slandered), for your child (looking for his father), and, ultimately, for the police (looking for a serial killer). If a right to anonymity were established as a generic right, it would be so relative as to become meaningless.

My second thought was that things may be different in cyberspace, that illusive but oh so attractive space where no-one knows you're a dog. Or in Second Life, where you can be a dog and where no-one knows who you really are. What is more, where you yourself may not know who you really are. Isn't Second Life - today's hyped epitome of cybercommunities and massive multi-player on-line role-playing games - a space where we can start from scratch and build a parallel universe where a right to anonymity is the most normal thing in the world? Where anonymity is available to anyone desiring some privacy, some fun, some room for weird statements that won't be held against her tomorrow?

If only life, even Second Life, were so simple. Ever since John Perry Barlow's Cyberspace Declaration of Independence and the subsequent tsunami of laws and regulations that refuted Barlow's rhetoric, centering on the one-liner "What holds off-line, also holds on-line" [1], we know that cyberspace and real space are inextricably intertwined. You and your avatar are two of a kind: they're different, but linked. You may want your avatar to be anonymous, or to have a famous avatar without anyone knowing it's really you who pushes the buttons, but how do your avatar friends, the avatar cops, the game providers, and the other players feel about that?

The evolution of virtual game spaces mirrors the evolution of the Internet: no sooner does it reach a wider audience, than it becomes commercialised, criminalised, regulated, normalised. The thrill of novelty disappears. Real life enters. In Second Life and its next-generation clones, avatars will use foul language, slander, commit vandalism, abuse children, rape dogs, offer drugs and crackz, discuss Al-Qaeda, launder money, and infringe trademarks. Politicians are shocked and will criminalise animal abuse in on-line games. Trademark holders will sue Internet and game providers to give the log-in data of infringing players. You yourself will want to know who assaulted your daughter's avatar and stole the dragon sword on which she spent half-a-year's pocket money. Registering the identity of game players will become routine practice, and at some point, there will always be someone with a right to know your identity.

This is a missed opportunity, since virtual spaces offer a unique occasion to experiment. In their second lives, people dare take risks they would never dream of taking in their first life. In particular, people can develop parts of their identity that they dare not develop in real life. How does it feel to be a boy? I never knew I had this tender streak in my character. How exciting to experiment with same-sex sex. How good it feels to tell this black guy that if he doesn't get out of the way, I'll chop up his ghettoblaster! As your avatar experiments, grows, and develops, in some way, you yourself grow and develop too.

This unique, identity-fostering potential of virtual space is at risk if anonymity is not a given in games. The risk of being recognised will prevent not a few experiments with roles and identities. Yet tragically, anonymity can not be a given in virtual space, because virtual space is never absolutely virtual. Real people live in virtual spaces, and real people can be hurt. If legal protection is taken seriously, absolute anonymity - of avatars and of players - is impossible. A virtual and strong right to anonymity is an attractive idea, but we must have second thoughts about this.

The bright side of this is that the resulting need for identity and identification in cyberspace raises a whole range of fascinating issues that beg to be researched. How do we identify the people behind the avatar, when millions of the world community are living in a single cyberworld, when multiple users share an avatar, and when the first people who can give identifying information - ISP's, game providers - are likely to be in foreign jurisdictions? Do people identify themselves with their avatar? Is someone's ipse identity (her sense of self) affected by the way her avatar is treated in virtual space, or by her being identified - by her idem identity (her sameness) - as the person behind the avatar [2]? Since most virtual games seem to decree that in case of conflicts, the law of California applies, do I want my identity to be governed by a law-maker who used to be a terminating cyborg? And while we are on the topic of cyborgs, when will avatars become semi-autonomous and remain active when you log out, thus acquiring some sort of identity of their own? When will they start talking back, asking you who you are, this guy that is playing around with them?

A right to anonymity is perhaps not such an interesting issue to research after all, not even in virtual spaces. At some point, there will always be someone with a right to know your identity. You yourself, for instance. Or your avatar.

Bert-Jaap Koops is Professor of Regulation & Technology at TILT - Tilburg Institute for Law, Technology, and Society, the Netherlands.

[1] M.H.M. Schellekens (2006), 'What Holds Off-Line, Also Holds On-Line?', in: B.J. Koops et al. (eds.), Starting Points for ICT Regulation. Deconstructing Prevalent Policy One-Liners, The Hague: TMC Asser Press, pp. 51-75.

[2] This is one of the many identity questions that will be addressed in the coming year by the EU FIDIS network.

| Comments (1) |

The Game Theory of Phishing

posted by:Jeremy Clark // 11:59 PM // May 01, 2007 // ID TRAIL MIX


By all measures, the amount of internet fraud is rising. Morgan Keegan reports the number of new phishing sites increased in its order of magnitude from 4,367 in October 2005 to 37,444 in October 2006. And phishing is not the only source of online fraud, the number of victims of identity theft is growing as well.

In response to the escalation of phishing attacks, a plethora of anti-phishing tools have been unleashed—Firefox extensions, IE toolbars, and psychedelic colour-shifting borders for your browser, as well as, perhaps more sensibly, blacklists of known phishing sites including a list maintained by web titan Google. Of course, these tools only work in so far as users take the time to install them and learn how to use them. On the latter point, news on the usability of security front is equally despairing. A user study conducted by Rachna Dhamija (Harvard), J. D. Tygar (Berkley), and Marti Hearst (Berkley), presented last year at the Conference on Human Factors in Computer Science, had participants evaluate 20 websites—7 legitimate, 13 fraudulent—and differentiate between them. The best phishing site fooled over 90% of the participants, with many users reasoning that page’s nice layout and animated graphics were a sure sign of its legitimacy. Numerous other usability studies have examined the effectiveness of various anti-phishing technologies, and its typical to hear them described as unintuitive at best and unusable at worst (not to mention an eyesore).

All of this brings us to the magnificent architecture of some of Ottawa’s oldest banks. With their tall pillars, imposing lobbies, marble floors, and brass railings, bank architecture showcases impressive work by great architects like John M. Lyle. (Okay, pardon the non sequitur. I assure you I am going somewhere with this). What is perhaps most intriguing about bank architecture is the reason for the notable buildings. Why exactly were banks so impressive and what happened? There is an easy answer: the magnificent designs were a consequence of competition (an answer easy enough to be articulated in The Canadian Encyclopedia). The problem with this answer is that it does not adequately explain why bank buildings have become less and less impressive over the past century while there is still substantial competition, nor does it explain why there was not a similar architectural arms race in hardware stores, feed mills, or other competitive industries.

A better answer comes from the work of economist Michael Spencer on asymmetric information and signaling theory (for which he shared the 2001 Nobel prize). Before the days of governmental oversight and a banking oligopoly, there existed the threat that the new bank that opened up down the street might be a fraud with crooks planning to run off with your money. By building impressive buildings, legitimate banks sent a signal of quality to customers that fraudulent banks could not afford to send. An expensive building assured potential customers that the bank was planning on long-term establishment and was committed to high standards of service.

These types of scenarios are called signaling games in game theory. A basic signaling game has two participants, a sender and a receiver. The sender knows something about herself (called her type) that is not observable to the receiver. The sender’s objective is to signify her type in a signal that differentiates her from other senders of different types, and to provoke an appropriate response from the recipient. Examples of signals include the education level of a job applicant, a full-page advertisement in the New York Times, or the striking blue-green plumage of a peacock.

The problem of phishing and fraudulent websites is also a signaling game, where legitimate websites need to find the online equivalent of an impressive building to signal their type to users. The problem is that the most obvious parallel to the offline world—an impressive website—is completely inadequate. Whether or not the bank customers of lore worked out the game theory of their situation, the signal worked because customers naturally gravitated towards banks with nice buildings. Once the signal became common, most customers did not need an education campaign in how to differentiate between legitimate and fraudulent banks to make the correct choice. In other words, their ulterior motives led them to the right decision. As the user study mention above indicates, this natural instinct is still instilled in modern internet users. When presented with an impressive website with fancy graphics and a cutting edge layout, a significant proportion of users conclude that is a signal of its legitimacy. While designing the kind of full-featured websites banks commonly use does cost a small fortune, the problem lays in the fact that all this hard work can be copied effortlessly. Phishing is thus a twofold problem: (1) we do not have a good signal, and (2) the signal that users naturally look for is not good.

It may be possible to address the second through user education if only we could solve the first. One potential signal might be website seals offered by watchdog organizations like TRUSTe and BBBOnLine. Benjamin Edelman of Harvard empirically studied websites baring these seals. He found that while a BBBOnLine seal slightly increased the probability of the site being trustworthy (but not enough to be an adequate signal), a TRUSTe seal actually decreased the probability that is was trustworthy. That is to say, a site with no seal at all is more likely to be trustworthy than one with a TRUSTe seal. Thus the seal not only fails as an adequate signal, it actually results in adverse selection. In the same paper, presented last year at the Workshop on the Economics of Information Security, Edelman also found that search engine advertisements are more than twice as likely to be untrustworthy as the accompanying search results—another display of adverse selection.

Perhaps a more promising area of third party accreditation is through website certificate authorities. The largest certificate issuers are, respectively, Verisign, GeoTrust, Comodo, GoDaddy, and Entrust. Until recently, a certificate from any of these authorities evoked the same response in browsers—a padlock being displayed—despite the fact that the verification process varies radically from authority to authority. Recently, however, Microsoft has agreed to implement a new, tiered approach to displaying certificate indicators. In new versions of Internet Explorer, the address bar will display a red toolbar if the site is a suspected phishing site, yellow if the site has a traditional certificate, and green if it has an extended validation (EV) certificate (and as always, white for no certificate). Receiving an EV certificate requires an extensive investigation process that will likely catch any fraudulent attempts at certification.

EV certificates have the potential to be an adequate signal. However this is only half of the problem, as the other half is getting users to recognize the signal and act accordingly. Time will tell if the EV process is extensive enough to demarcate legitimate companies from fraudulent ones, and if users will adapt to recognizing and understanding the implications of the signal. In the meanwhile, economic game theory still dictates that one way a company can signal its legitimacy is by spending more money than a fraudulent one could afford. In my opinion, nothing would say quality like an SSL certificate that costs a million dollars, turns the IE address bar sparkling gold, and puts a dollar sign over the lock. Anyone want to help me start MilliSign?

| Comments (0) |

main display area bottom border

.:privacy:. | .:contact:.

This is a SSHRC funded project:
Social Sciences and Humanities Research Council of Canada