michaelzimmer.org

I’ve returned from the 8th International Conference of Computer Ethics: Philosophical Enquiry in Corfu, Greece, where I presented an early draft of a paper based on my critique of the “Taste, Ties, and Time” Facebook data release. The paper was well-received, but I have work ahead of me to improve the manuscript prior to publication.

Overall, the conference was a success. Corfu was delightful, and the presentations sparked good conversations. Following are some highlights and reactions: Read more…

CEPE, Ethics

Next week I will be attending the 8th International Conference of Computer Ethics: Philosophical Enquiry in Corfu, Greece, where I will be presenting an early draft of a paper based on my critique of the “Taste, Ties, and Time” Facebook data release.

Recall that last fall, a group of researchers affiliated with the Berkman Center for Internet & Society at Harvard University released a dataset of Facebook profile information from an entire cohort (the class of 2009) of college students from “an anonymous, northeastern American university.” While the researchers took good faith steps to preserve the anonymity of the source of the data (and, presumably, the privacy of the subjects), I quickly narrowed it down to 7 possible universities, and then with only a little more effort, identified the source (with some confidence) as Harvard College. All this without ever even downloading or looking at the actual data.

The researchers have since pulled the data out of circulation, and plan to make it available again this month, presumably with some of the anonymity and privacy concerns addressed.

The draft paper I am presenting, “But the Data is Already Public”: On the Ethics of Research in Facebook, retells the circumstances around the T3 project and my partial re-identification of the dataset. It also describes some of the good faith efforts made by the T3 researchers to try to ensure the anonymity of the data, but exposes the limitations and errors in their procedures. Finally, it highlights the broader challenges for engaging in research on/in social networking sites that this case brings to light. These include:

• the nature of consent in online research
• identifying and respecting expectations of privacy on social network sites
• developing sufficient strategies for data anonymization prior to the public release of potentially personally-identifiable data
• measuring the relative expertise of institutional review boards when confronted with innovative research projects based on data gleaned from social media

Future versions of the paper will attempt to provide some guidelines in this regard. In the meantime, I welcome any comments on this draft. E-mail me if you would like to receive a copy.

The PDF of my CEPE presentation is here.

CEPE, Conferences, Facebook, Online Privacy, Research ethics

Last month I noted that Google’s Street View service was being challenged by German data privacy authorities, who insisted that Google must permanently remove personally-identifying images from their databases (not just blur them in the user interface). Google argued that the original images are necessary to help the system “learn” how to automatically blur better in the future, but Germany feels (and I agree) that privacy must trump. engineering in this case.

Google has conceded, and will now erase identifiable raw data depicting people, property, or cars upon request.

This is a first, and it is significant, but it is an exception only for Germany.

Rather than taking a broader value-centered approach to designing its systems, Google continues to base their decisions based (primarily) on local laws. The U.S. lacks laws guaranteeing individuals “privacy in public,” so Google launches street view with minimal (and poorly-executed) ability to protect one’s privacy. Canada, however, does have such laws, so Google decided to blur faces there (but only applies that engineering solution to Canada). Now, Germany wants the source data purged, so Google will only provide this privacy-protecting measure to that local authority.

A broader values-centered approach would (learning from the Canadian and EU legal environment) recognize that protecting one’s privacy in public might indeed be a fundamental right, and perhaps is something that must be designed into such a potentially privacy-invasive tool as Street View.

I’ve informally chatted with Google folks about these issues, and I applaud that they do have law/policy folks on every product team. But too often, when asked about something like “why didn’t you blur the faces in the U.S. version”, the answer is “the law doesn’t require it”. Such a strict legal approach to designing (or not) ethics into products is extremely shortsighted.

Do we need to start calling for Chief Ethical Officers in our corporations?

Google, Privacy in Public, Street View, Values in Design

The West Bend library controversy continues to escalate….with calls for book burning and growing national exposure (and, unfortunately, ridicule).

Here’s the (abridged) history and escalation [Updated on 6/19/09 to include ABC News coverage]:

02/15/2009: Ginny Maziarka, who blogs at WISSUP, files a formal complaint with the West Bend Community Memorial Library regarding the presence of LGBTQ-themed books in the library’s young adult section. In her words: “Children as young as 11 years old have free access to propaganda-type reading material (I hesitate to call it literature, thanks) that glamorizes and encourages homosexual activity.” Maziarka also shows frustration that the library does not appear to provide “information about EX-GAYS, people who have left that lifestyle, and/or the TRUTH behind homosexuality and its origin.”

02/26/2009: Maziarka meets with various library officials, requesting that (1) the library attain “balance” by including “faith-based and ex-”gay” books that oppose a pro-homosexual ideology” within the young adult section; and (2) removal of any book in children’s and young adult section that contains “perverse and pornographic language”. Both requests were denied.

03/03/2009: The scheduled Library Board meeting to discuss Maziarka’s complaint is postponed due to the crowd of over 300 people exceeding the fire code (the meeting was already relocated to a larger room in anticipation of the turnout).

03/20/2009: Maziarka receives a communication from library director explaining that since (in his and the city attorney’s opinion) the nature of her complaint has changed, the re-scheduled Library Board meeting to discuss the original complaint has been canceled. Maziarka is urged to submit a new, updated, complaint to re-start the process. Maziarka responds by stating the library’s “withdrawal of our complaint is in gross error” and wishes to move forward.

03/26/2009: Maziarka issues a petition for a “child-safe, family-friendly library.” The petition requests the library board take a roll call vote on the following five issues:

1. Reclassification of Youth-Targeted Pornographic Books into the adult section of the library.
2. Visual identification of explicit material with a parental advisory.
3. Restrict Library-generated Online Sexual Content.
4. Balanced Literature on Controversial Issues including homosexuality.
5. Children’s Internet Protection – require the libraries to implement technology protection to protect minors from internet porn on public computers in accordance with the Children’s Internet Protection Act.

03/26/2009: Maziarka holds a “town meeting” about the library controversy. About 150 attended, reflecting both sides of the issue; no library officials were present. The controversy gains additional media attention.

04/14/2009: UW-Milwaukee School of Information Studies issues a statement of support for the West Bend Library, hailing their “support of the principle of intellectual freedom in the face of pressure to abandon their professional and communal commitments.”

04/18/2009: Maziarka e-mails local media outlets, conservative commentators and the town of West Bend clerk, asking they help stop scheduled appointments to the Library Board until the controversy is settled.

04/22/2009: The West Bend City Council refuses to re-appoint 4 sitting library board members over their handling of the controversy, sparking statements of condemnation from the American Library Association and a collection of free speech organizations (PDF). Additional national press coverage emerges.

05/02/2009: The Milwaukee branch of the so-called “Christian Civil Liberties Union” filed a legal claim against the the city of West Bend, Mayor Kristine Deiss, the West Bend Library Board and Library Director Michael Tyree, arguing that the young adult book Baby Be-Bop is offensive, and that the book’s “words can permeate violence, and puts one’s life in possible jeopardy, adults and children alike.” The group demands $120,000, Deiss’ resignation and the book be removed and publicly burned or destroyed. Maziarka distances herself from this group, as others shoot it down as ridiculous.

05/18/2009: The West Bend City Council affirms its original refusal to re-appoint 4 sitting library board members.

06/02/2009: The Library Board (including the 4 members who were denied re-appointment, but not yet replaced)  held a public meeting to discuss the issues presented in Maziarka’s petition. After listening to both sides for over two hours, the library board unanimously concluded that its existing policies regarding these texts were sufficient. Maziarka declares the library “XXX-rated” and unsafe for children.

06/03/2009: In its report of the library board meeting, the ALA notes that members of the “Christian Civil Liberties Union” were present and distributed copies of their complaint to attendees, complete with their call to burn the library’s copy of Baby Be-Bop. This is picked up (and ridiculed) by numerous bloggers and online news agencies, most notably Talking Points Memo, Daily Kos, the Drudge Retort, the Times Online and the Guardian.

06/16/2009: Enter Gawker. The immensely popular and snarky news and gossip blog posts about the blog wars that have emerged around the library controversy. The focus is on Maziarka’s WISSUP and the anonymously-written Sleepless in West Bend, described by Gawker as “this crazy book-burning lady and her angry liberal enemy.” The comments are less friendly.

06/19/2009: ABC News publishes a somewhat lengthy story on the controversy, focusing mostly on the CCLU claim, attracting a long string of comments.

So, we went from a single complaint about GLBTQ books, to a canceled board meeting, a larger petition about “sexually explicit” books, a call for book burning, condemnation from various information professionals, ousted library board members, the upholding of library policies, and ridicule in Daily Kos and Gawker.

It is hard to imagine how this will escalate further, but it inevitably will….

Information ethics, Intellectual freedom, Libraries

Today, a six page letter was sent to Google’s CEO, Eric Schmidt, asking Google to honor the important privacy promises it has made to its customers and protect users’ communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.

The open letter is signed by 38 researchers and academics in the fields of computer science, information security and privacy law — myself included. The letter was spearheaded by Christopher Soghoian, a computer researcher, programmer and privacy activist, and it has already received some press coverage at Wired and NY Times.

From the letter’s executive summary:

This six page letter to Google’s CEO, Eric Schmidt, is signed by 38 researchers and academics in the fields of computer science, information security and privacy law. Together, they ask Google to honor the important privacy promises it has made to its customers and protect users’ communications from theft and snooping by enabling industry standard transport encryption technology (HTTPS) for Google Mail, Docs, and Calendar.

Google already uses industry-standard Hypertext Transfer Protocol Secure (HTTPS) encryption  technology to protect customers’ login information. However, encryption is not enabled by default to protect other information transmitted by users of Google Mail, Docs or Calendar. As a result, Google customers who compose email, documents, spreadsheets, presentations and calendar plans from a public connection (such as open wireless networks in coffee shops, libraries, and schools) face a very real risk of data theft and snooping, even by unsophisticated attackers. Tools to steal information are widely available on the Internet.

Google supports HTTPS encryption for the entire Gmail, Docs or Calendar session.  However, this is disabled by default, and the configuration option controlling this security mechanism is not easy to discover. Few users know the risks they face when logging into Google’s Web applications from an unsecured network, and Google’s existing efforts are little help.

Support for HTTPS is built into every Web browser and is widely used in the finance and health industries to protect consumers’ sensitive information. Google even uses HTTPS encryption, enabled by default, to protect customers using Google Voice, Health, AdSense and Adwords. Google should now extend this degree of protection to users of Gmail, Docs and Calendar.

Rather than forcing its customers to “opt-in” to adequate security, Google should make security and privacy the default.

HTTPS is commonly used by banks and e-commerce websites to protect sensitive user information in transit; it ensures that anyone “snooping” on the network cannot see your password or credit card information “in the clear”. While Google does use HTTPS when you log into your GMail or Docs account, thereby protecting your password, the remainder of your activities on those applications occur unencrypted, leaving everything you do and type susceptible to snooping. Google does allow users to turn on HTTPS for all of their activities, but the default setting is for less-secure processing, and Google does a poor job of promoting and explaining the benfits of using a secured connetion (sound familiar?).

The letter asks the following of Google:

[R]ather than forcing users to “opt-in” to adequate security, we strongly urge you to make security and privacy the default setting, and allow informed users to “opt-out” of the encryption if they feel it is an unnecessary burden.

If Google insists on not enabling these encryption-based protective measures by default, the company should at least make the consequences of this decision more prominent, so that users make a fully informed choice. Few users know the risks they face when logging into Google’s Web applications from an unsecured network, and Google’s existing efforts are little help. We suggest that, at minimum, Google do four things:

1. Place a link or checkbox on the login page for Gmail, Docs, and Calendar, that causes that session to be conducted entirely over HTTPS. This is similar to the “remember me on this computer” option already listed on various Google login pages. As an example, the text next to the option could read “protect all my data using encryption.”
2. Increase visibility of the “always use https” configuration option in Gmail. It should not be the last option on the Settings page, and users should not need to scroll down to see it.
3. Rename this option to increase clarity, and expand the accompanying description so that its importance and functionality is understandable to the average user.
4. Make the “always use https” option universal, so that it applies to all of Google’s products.  Gmail users who set this option should have their Docs and Calendar sessions equally protected.

Google has responded, acknowledging these concerns, but stating they “want to more completely understand the impact on people’s experience” before making HTTPS the default. Google seems most concerned about HTTPS’s impact on speed, asking rhetorically “Does it load fast enough? Is it responsive enough?”. These are loaded questions, since users typically don’t know what “enough” is, especially when they aren’t fully told the security risks of not using HTTPS.

We further address this issue of latency in the letter:

Once a user has loaded Google Mail or Docs in their browser, performance does not depend upon a low latency Internet connection. The user’s interactions with Google’s applications typically do not depend on an immediate response from Google’s servers. This separation of the application from the Internet connection enables Google to offer ‘offline’ versions of its most popular Web applications.

Even when low latency is important, financial firms such as Bank of America and American Express have demonstrated how to provide users with a pleasant, low-latency browsing experience, while still implementing strong encryption by default. Likewise, Adobe’s cloud-based Photoshop Express lets users interactively edit images via a Web application that is 100% encrypted by default.

Other Google applications demonstrate that security need not come at the cost of performance. Google’s Health service enables users to browse through and manage their private health information online. Google’s Voice service lets customers initiate VOIP phone calls, send text messages, and manage voicemail inboxes.  However, unlike with its Gmail, Docs, and Calendar products, Google only provides access to Health and Voice via HTTPS encrypted communications sessions, recognizing the highly sensitive health and call record information users entrust to Google.  Likewise, Google’s AdWords and AdSense products, which are the backbone of Google’s advertising business, can only be managed by customers using a secure HTTPS connection.

Google’s engineers have created a low-latency, enjoyable experience for users of Health, Voice, AdWords and AdSense – we are confident that these same skilled engineers can make any necessary tweaks to make Gmail, Docs, and Calendar work equally well in order to enable encryption by default.

I hope Google does the right thing and put the privacy and security of its customers first by making the changes described in this important letter.

Google, Privacy, Security, Values in Design

Geert Lovink, one of the premier theorists of new media and network culture, has posted a set of “Web 2.0 Theses,” puncturing the ethos and mythology the surrounds Web 2.0 and contemporary internet fetishism.

Here’s my quick summary, but I encourage you to read the full text:

0. The internet turns out to be neither the problem nor the solution for the global recession.

1. Web 2.0 applications and platforms remain ‘new’ but show a tendency to get lost inside the boring, stressful and uncertain working life of the connected billions.

2. Social networks are technologies of entertainment and diffusion. …They are designed to be exploited. Refusal of work becomes just another form of making a buck that you never see.

3. Social networking sites are as much fashion victims as everything else. They come and go. Their migration across space signals the enculturisation of software.

4. Better social networks are organized networks involving better individuals – it’s your responsibility, it’s your time. What is needed is an invention of social network software where everybody is a concept designer. Let’s kill the click and unleash a thousand million tiny tinkerers!

5. What Web 2.0 lacks is the technique of antagonistic linkage. Instead, we are confronted with the Tyranny of Positive Energy

6. …you will be required to do never-ending maintenance work to manage all your data feeds and updates. That’ll subtract a bit of time from your daily routine.

7. The Network will not be Revolutionized.

8. Web 2.0 is not for free. ‘Free as in free beer’ is not like ‘free as in freedom’. Open does not equal free. These days ‘free’ is just another word for service economies. …As users and prosumers we are limited by our capacity as data producers. Our tastes and preferences, our opinions and movements are the market price to pay.

9. Soon the Web 2.0 business model will be obsolete. It is based on the endless growth principle, pushed by the endless growth of consumerism.

10 We need to promote peer-education that shifts the default culture of auto-formation to the nihilist pleasure of hacking the system. …One strategy could be to make the one (’real’) identity more complex and, where possible, contradictory. But whatever your identify might be, it will always be harvested. If you must participate in the accumulation economy for those in control of the data mines, then the least you can do is Fake Your Persona.

I find #8 and #10 most prescient, especially in light of my emerging Laws of Social Networking…

Geert Lovink, Web 2.0