Information technology plays an increasingly important role in society and in human lives. Identity Management Technologies (e.g. biometrics, profiling, surveillance), in combination with a variety of identification procedures and personalized services are ubiquitous and pervasive. This calls for careful consideration and design of collecting, mining, storing and use of personal information.

Access, rights, responsibilities, benefits, burdens and risks are apportioned on the basis of identities of individuals. These identities are formed on the basis of personal data collected and stored and manipulated in databases. This raises ethical questions, such as obvious privacy issues, but also a host of identity related moral questions concerning (the consequences of) erroneous classifications and the limits of our capacity for self-presentation and self definition.

Which conceptions of identity are used when addressing ethical issues regarding information technology? How can the concepts of ‘identity’ and ‘identification’ be understood from a philosophical perspective when discussing morally problematic developments in information technology? What are the philosophical semantics pertaining to reference and identification which may help clarify ambiguities and ethical issues? How can we arrive at a normatively sound conception of personal identity as a starting point for the study of the ethical aspects of the (information) technology that is shaping our lives? This conference aims to discuss the theme of ‘identity’ in light of new (information) technology.

The conference website includes this beautiful chart by Fred Cavazza that maps how various aspects of our identity are fragmented (commodified?) online:

This post is an attempt to collect and organize some thoughts on how the rise of so-called Web 2.0 technologies bear on privacy and surveillance studies. After presenting a few examples of unintended consequences of Web 2.0 that bear on privacy and surveillance, I will introduce the term “netaveillance,” which might provide a useful concept around which a more robust theory of surveillance about the Web 2.0 phenomena might be built.

The rhetoric surrounding the Web 2.0 movement presents certain cultural claims about media, identity, and technology. It suggests that everyone can and should use new Internet technologies to organize and share information, to interact within communities, and to express oneself. It promises to empower creativity, to democratize media production, and to celebrate the individual while also relishing the power of collaboration and social networks. Websites such as Flickr, Wikipedia, del.icio.us, MySpace, and YouTube are all part of this apparent second-generation Internet phenomenon, which has spurred a variety of new services and communities – and venture capitalist dollars.

This cartoon of a room full of people arguing at a cocktail party after someone mentioned the provocative theories of Marshall McLuhan reminds me of today’s emotional debates over the relative impact – and even the very existence – of Web 2.0. Many hail Web 2.0 as the “new wisdom of the web,” and “a new cultural force based on mass collaboration,” while others deride it as merely a marketing jingo, “amoral,” and even an extension of Marxist ideology.

This last notion, the relationship between Web 2.0 and Marxism, was suggested by Andrew Keen, one of the loudest provocateurs of the Web 2.0 ideology. Keen has received considerable criticism for making comparisons between the Web 2.0 meme and Marxism, but, between the vitriol, he does make some valid points about the utopianism and solipsism that seems to underlie much of the Web 2.0 discourse. In particular, he criticizes the fervent commitment to technological progress:

The ideology of the Web 2.0 movement was perfectly summarized at the Technology Education and Design (TED) show in Monterey, last year, when Kevin Kelly, Silicon Valley’s über-idealist and author of the Web 1.0 Internet utopia Ten Rules for The New Economy, said:“Imagine Mozart before the technology of the piano. Imagine Van Gogh before the technology of affordable oil paints. Imagine Hitchcock before the technology of film. We have a moral obligation to develop technology.”

But where Kelly sees a moral obligation to develop technology, we should actually have–if we really care about Mozart, Van Gogh and Hitchcock–a moral obligation to question the development of technology. [emphasis added]

This moral obligation to question the development of technology compels Keen to identify some of the unintended consequences of the emergence of Web 2.0 infrastructures, including the flattening of culture, the overabundance of amateur authors and producers, and narcissism run wild.

As I begin to study the Web 2.0 meme from the perspective of privacy and surveillance theory, a different set of unintended consequences emerges, including shifts in the flow of personal information that might threaten personal privacy in ways much more damaging than Keen’s concern that content is now made and distributed by mere amateurs instead of honed professionals.

For example, Web 2.0 applications often rely on rich metadata to create value in information, such as the geotagging of images uploaded to Flickr. While it might be useful and fun to have locational data automatically associated with your images, considerable privacy concerns emerge as an externality. For instance, law enforcement officials can simply search for all photos online matching the location & timing of a certain political rally in order to broaden their ability to keep records of who was present. Or, combined with the development of facial recognition technologies with shared online photos, stalkers (or other annoying folks) might soon be able to search for a certain person’s face, and discover the GPS coordinates of the coffee shop they seem to be pictured in every Tuesday morning. Someone even developed a tool, FlickerInspector, to facilitate this kind of mining of the datastreams users leave behind on Flickr.

Of course, one doesn’t need a fancy application like FlickerInspector to reap the benefits of the new datastreams facilitated by Web 2.0 applications. Inherent in Web 2.0 evangelism is an overall faith in the network to be the processing platform: users are encouraged to put as much of their lives as possible online, to divulge and share their personal lives, their professional development, their favorite websites, their music, their friendships, their appointments, and even where they’ve connected to wi-fi. If you know a person’s “handle” on one Web 2.0 site (“michaelzimmer” at del.icio.us), you probably can find them on many more (Plazes, LibraryThing).

The prevalence of sharing so many details of one’s life through various Web 2.0 and social networking sites, and the relative ease of finding users across these services, leads to a second key externality: the rise of amateur data-mining. Fueled by the power and reach of Web search engines, it seems anyone can now engage in the kind of tracking and data-mining of user’s online activities that was once possibly only by the most powerful of computer systems.

An interesting case of amateur data mining made possible through Web 2.0 involves “Don, the camera thief.” The blog BoingBoing posted a story of a woman who lost her camera while on vacation, but was contacted by the family who happened to find it. Unfortunately – and oddly – the family who found it refused to return the camera because their child liked it so much. BoingBoing thought the actions by the finders of the camera were “shameful.” A few days after posting this, BoingBoing received an e-mail from someone who claimed his name was “Don Deveny,” purportedly a Canadian lawyer, who implied that the post was illegal and that BoingBoing was liable for making it. The folks at BoingBoing doubted the legitimacy of the email (the word “lawyer” was misspelled, for example), and decided to see what he could find out about “Don.”

They first contacted many of the law societies in Canada, none of whom had any record of a “Don Deveny” licensed to practice law in Canada. (by the way, it is illegal to pretend to be a lawyer). From their e-mail exchange, they were able to isolate the writer’s real e-mail address from the message headers, and through a Google search, located other pages that contain that address. That led them to a profile page for a user of the website called “Canada Kick A**” who shared the very same e-mail address. That profile page had a different person’s name (perhaps “Don’s” real name?), and also listed a location and profession for the user (he’s not a lawyer). It didn’t take much to figure out (or at least get a better clue) as to who this e-mailer was, and his profile page on a Web 2.0-inspired discussion board made it much easier.

Readers of BoingBoing did some amateur data mining of their own: a commenter at the original camera owner’s blog seemed to share many of the same sentiments of “Don,” along with many of the same spelling errors. This commenter used a different screen name, but when asked to identify himself, also said he was a lawyer. Another reader then discovered that a user with that same screen name recently bid on memory cards at eBay that would have been used in the stolen camera. More amateur data mining ensued, and discovered another user profile at a different discussion forum with the same user name and same “favorite sites” listed in the signature file. And this page included a photo of the user: Is this “Don” our camera thief?

Another example of the ease of amateur data mining with the help of Web 2.0 services is the outing of Lonelygirl15. Lonelygirl15 was the mysterious girl leaving video confessions on YouTube, garnering a huge following of devoted fans, yet know one knew who she was or if they were really just a kid’s video diary or perhaps a large hoax or advertising campaign. After some amateur data mining, the truth came out:
A reader was surfing an article on Lonelygirl15 at a random website when he came across a comment that linked to a private MySpace page that was allegedly that of the actress who plays Lonelygirl15. Since the profile was set to “private,” very little information one could glean from the page. However, when he queried Google for that particular MySpace user name, “jeessss426,” he was able to access Google’s cache from the page a few months ago when it was still public. A lot of the details of the girl’s background quickly emerged: She was an actress from a small city in New Zealand who had moved to Burbank recently to act. The name on the profile was “Jessica Rose.” When he happened to query Google image search for “Jessica Rose New Zealand” he was instantly rewarded with two cached thumbnail photos of Lonelygirl15, a.k.a. Jessica Rose, from a New Zealand talent agency that had since removed the full size versions. A search on Yahoo for “jeessss426” also turned up various pictures from her (probably forgotten) ImageShack photo sharing account. Lonelygirl15 was revealed.

Little effort was needed to link up the various e-mails, user names, personal data flows, and photos shared across blogs, discussion forums and other Web 2.0-style sites to track down “Don the camera thief” or “LoneyGirl15”. Moving more and more of our activities to Web 2.0 makes it harder to remain anonymous, and the myth of “security through obscurity” seems to be disappearing as various crumbs of our true identity are being scattered across the Web 2.0 landscape.

A final externality of Web 2.0 relates to a new form of informational voyeurism that these platforms enable. While Web 2.0 sites have enjoyed incredible growth and heavy viral participation, only a small fraction of overall users actually use the services to upload content – the vast majority just likes to lurk and watch. According to one report, only 0.16 percent of YouTube’s total traffic is made up of users who upload videos. Similarly, only 0.2 percent of Flickr’s regular users are there to upload photos. And slick new tools emerge daily to facilitate the surveillance and voyeurism of people’s daily activities. For example, “feeds” on Facebook allow users to be notified immediately when a friend updates their profile (changing their mood, their friend list, their relationship status, etc), dodgeball helps users find friends (and unknown friends of friends) within a 10 block radius of their present location, DiggSpy allows real-time monitoring of user’s activities on the popular news ranking site Digg, and Twitter has quickly emerged as the hottest new voyeuristic service, allowing users to share text snippets of their day-to-day activities, and monitor others’ streams of the mundane details of their lives (such as “a whole gang of women with dogs just walked past my window”).

What seems to be emerging is a new form of voyeuristic surveillance of people’s everyday lives, fueled by Web 2.0. This has been referred to varyingly as “peer-to-peer surveillance” or even as a new kind of “participatory panopticon.” Yet these terms – and the theories embedded within them – seem insufficient to fully grasp the significance of the emergence of this new voyeurism of the mundane. Surveillance, of course, implies the “watching over” of subjects from above, with an explicit power relationship between the watchers and those placed under its gaze. Trying to describe surveillance as “peer-to-peer” suggests a flattening of the power relationship that is counter to its very definition. Similarly, the notion of a “participatory panopticon” is at the same time redundant and contradictory. Foucault revealed how panoptic power becomes internalized by the subjects, thus, they necessarily “participate” in their own subjugation. Yet the top-down power relationship within the panoptic structure remains. The participation by the subjects does not make them equal with the watchers. Yet the informational voyeurism associated with Web 2.0 seems to imply a balance between the users: one shares their data streams in order to improve the overall worth of the network, coupled with the presumption that they’ll be able to observe and leverage others’ streams as well.

This notion resembles that of “equiveillance,” a state of equilibrium between the top-down power of surveillance, and the resistant bottom-up watching of sousveillance. Yet, this notion implies merely a balance in access to surveillance information, and is focused more on how to reach some kind of harmonious relationship with our rising surveillance society. With the informational voyeurism of Web 2.0, however, the goal isn’t to resist or come to terms with the power yielded by traditional surveillance, but rather to participate in a widespread and open sharing of the mundane details of one’s daily life. To give one’s peers a glimpse into one’s own personal universe.

These snapshots of the minutia of people’s lives have been compared to the Japanese concept of “neta”, the tidbits of people’s lives that are shared with family and friends as a kind of social currency. The Japan Media Review (an affiliate of Annenberg’s Online Journalism Review) recently made an insightful connection between “neta” and Web 2.0 voyeurism:

In Japanese, “material” for news and stories is called “neta.” The term has strong journalistic associations, but also gets used to describe material that can become the topic of conversation among friends or family: a new store seen on the way to work; a cousin who just dropped out of high school; a funny story heard on the radio. Camera phones provide a new tool for making these everyday neta not just verbally but also visually shareable.

As the mundane is elevated to a photographic object, the everyday is now the site of potential news and visual archiving. Sending camera-phone photos to major news outlets and moblogging are one end of a broad spectrum of everyday and mass photojournalism using camera phones. What counts as newsworthy, noteworthy and photo-worthy spans a broad spectrum from personally noteworthy moments that are never shared (a scene from an escalator) to intimately newsworthy moments to be shared with a spouse or lover (a new haircut, a child riding a bike). It also includes neta to be shared among family or peers (a friend captured in an embarrassing moment, a cute pet shot) and microcontent uploaded to blogs and online journals. The transformation of journalism through camera phones is as much about these everyday exchanges as it is about the latest headline.

Building on this Japanese concept of “neta,” I propose a new kind of “veillance” has emerged with Web 2.0 infrastructures: “netaveillance”. Netaveillance can be defined as the process of openly and purposefully providing an almost continual stream of the details of one’s daily life – the mundane, the profane, and the vain – through Web-based technologies, coupled with the ability to capture similar data streams from one’s peers. Netaveillance constitutes an emerging ecosystem of personal data flows – not the exceptional information meant to be protected from state or commercial surveillance, but the free and open sharing of the minutiae of our lives.

My conceptualization of netaveillance is, to be sure, in its most nascent of stages. Much work needs to be done to contemplate how it relates to existing theories of privacy and surveillance, how power relations between and among participants might still exist, how such data flows could be captured by state or commercial interests, and so on. Theorizing and understanding netaveillance is no small task, but it might provide a new language and framework from which to understand the informational voyeurism and related unintended consequences of the Web 2.0 phenomenon.

Whether you want to bring it up at a cocktail party is up to you.

Identity and Identification in a Networked World
by Tim Schneider and Michael Zimmer

Summary of events and acknowledgments.

Friends, Friendsters, and Top 8: Writing community into being on social network sites
by danah boyd

“Are you my friend? Yes or no?” This question, while fundamentally odd, is a key component of social network sites. Participants must select who on the system they deem to be ‘Friends.’ Their choice is publicly displayed for all to see and becomes the backbone for networked participation. By examining what different participants groups do on social network sites, this paper investigates what Friendship means and how Friendship affects the culture of the sites. I will argue that Friendship helps people write community into being in social network sites. Through these imagined egocentric communities, participants are able to express who they are and locate themselves culturally. In turn, this provides individuals with a contextual frame through which they can properly socialize with other participants. Friending is deeply affected by both social processes and technological affordances. I will argue that the established Friending norms evolved out of a need to resolve the social tensions that emerged due to technological limitations. At the same time, I will argue that Friending supports pre-existing social norms yet because the architecture of social network sites is fundamentally different than the architecture of unmediated social spaces, these sites introduce an environment that is quite unlike that with which we are accustomed.

MySpace on the record: The admissibility of social website content under the federal rules of evidence
by Stacy Schesser

With the increased reliance on technology in everyday life — including business, recreation, and culture — individuals leave traces of criminal activity on their computers, and now, online. As scholars address the U.S. Fourth Amendment and digital search and seizure issues, questions as to the admissibility of such acquired evidence begin to emerge. This paper explores the issues that both prosecutors and defense counsel face in determining whether digital evidence from Internet-based sources, primarily social networks, should be admitting under the Federal Rules of Evidence. Using an analysis of recent case law involving the admissibility of electronic evidence, the paper concludes with predictions on how these precedents would apply to social network Web sites like MySpace, Craigslist, personal blogs, and eBay.

On panopticism, criminal records and sex offender registries
by Verónica B. Piñero

Having explored Foucault’s notion of panopticism, the author highlights some socio-legal implications of criminal records in current Canadian society, such as access to employment, access to insurance, and international travel. She contends that there is a need to rethink the traditional notion of criminal records as a paper file, but as digitized criminal information that flows freely across national and international borders. Finally, she explores the use of sex offender criminal registries and their availability to general public in the Canadian context.

The cost of (anti-)social networks: Identity, agency and neo-luddites
by Ryan Bigge

The media coverage and resultant discourse surrounding social networking sites such as Facebook, MySpace and Friendster contain narratives of inevitability and technological determinism that require careful explication. Borrowing a tactic from the Russian Futurists, this paper attempts to make strange (that is, to defamiliarize) social network sites and their associated discourses by drawing upon an eclectic but interrelated set of metaphors and theoretical approaches, including: the digital enclosure, network sociality, socio-technical capital and Steven Jones’s recent examination of neo-Luddites. Whenever appropriate, this paper will integrate relevant magazine and newspaper journalism about social networking sites.

In the good old days, the social value to be safeguarded was called “privacy”. Then came computers, and the ugly word “data protection” took over. The semantic move was subtile, but worked to some extent: It was about protecting the data (i.e. the computers on which they reside), not the privacy of the persons the data was about. After the rise of the Internet, it started to be called “privacy and identity management”. The idea of protecting data or persons got lost and replaced by “management”. Instead, “identity” was introduced, which also includes an idea of control: The users have to authenticate themselves. Nowadays, it is mostly called just “identity management”, and the idea of privacy has to be re-introduced as a kind of add-on, like in the “privacy-embedded laws of identity”.

So, it sounds like the discourse of identity has won over the discourse on privacy. By introducing the term “governance”, Oracle makes it clearer again that it is not just a corporate process, as “identity management” sounds like, but includes externally set values and goals.

An interesting development. It is still unclear to me how “privacy” could systematically be inserted into this on the semantic level, as it would be one of many theoretically possible goals of the governance of identity. On the other hand, “governance” here just means enforcement of data-usage policies inside the corporation. In political science, “governance” has a far wider meaning, including public laws, private-public partnerships, standards, private contracts, education, publicity and so on. The Identity Governance Framework in this perspective is just enabling the operational implementation of values set in the larger network of institutions that deal with the governance of personal information – privacy governance, that is.

Of course, reality is much more complex, and there are always competing discourses, side-branches and so on. But this big picture with little complexity should do for the moment, if we look at the private sector perspective on it. I also did not attempt a Foucauld-inspired discourse analysis, which would much more focus on the governmentality of the modern buraucracy that rose and developed together with the practices and laws of identity management from the 15th century on.

He writes more, and it is worth reading.

The next generation of intelligent and interactive web services (“Web 2.0”) will require more, not fewer, verifiable identity credentials, and much greater mutual trust to succeed.

Identity systems that are consistent with the Privacy-Embedded Laws of Identity will help consumers verify the identity of legitimate organizations before they decide to continue with an online transaction.

These Privacy-Embedded Laws offer individuals:

• easier and more direct user control over their personal information when online;
• enhanced user ability to minimize the amount of identifying data revealed online;
• enhanced user ability to minimize the linkage between different identities and actions;
• enhanced user ability to detect fraudulent messages and websites, thereby minimizing the incidence of phishing and pharming.

Corresponding Privacy-Embedded Principles

Take, for example, Law #1, Personal Control and Consent, which emphasizes that individuals should be in full local control of their own identity information, and exercise informed consent over how their identity information is collected and used by others. One privacy benefit of applying this principle is that identity credentials could be stored locally and securely on a user’s own computer rather than in a centralized online database.

Another example: Law #2, Minimal Disclosure for Limited Use: Data Minimization, speaks to building technical identity systems that minimize the amount of identity information used and disclosed in a given online transaction. In the privacy world, a cardinal rule is that the identification provided should be proportional to the sensitivity of the transaction and its purpose. Why should a credit card number ever be used to verify one’s age? Put another way, why isn’t there a credential that allows people to prove they’re over 65 without revealing all of their other identity information? If someone can prove she is a bona fide university student to gain preferential access to online resources at other educational institutions, then why is her name needed? These privacy-enhanced solutions are all possible under the Privacy-Embedded Laws of Identity.

“We call upon software developers, the privacy community and public policymakers to consider the Privacy-Embedded Laws of Identity closely, to discuss them publicly, and take them to heart,” Dr. Cavoukian declared. “In joining with us to promote privacy-enhanced identity solutions at a critical time in the development of the Internet and e-commerce, both privacy and identity/security will more likely be strongly protected.”

[via Canadian Privacy Law Blog]

The symposium is free and open to all. Registration instructions, and the preliminary program, can be found here.

Sponsored by:

New York University Coordinating Council for Media, Culture and Communication
New York University Steinhardt School , Department of Culture and Communication
New York University Information Law Institute
National Science Foundation PORTIA Grant CCR-0331640

CALL FOR PAPERS

Identity and Identification in a Networked World:
A Multidisciplinary Graduate Student Symposium

When: September 29-30, 2006
Where: New York University
Submission deadline: July 5, 2006

Increasingly, who we are is represented by key bits of information scattered throughout the data-intensive, networked world. Online and off, these core identifiers mediate our sense of self, social interactions, movements through space, and access to goods and services. There is much at stake in designing systems of identification and identity management, deciding who or what will be in control of them, and building in adequate protection for our bits of identity permeating the network.

The symposium will examine critical and controversial issues surrounding the socio-technical systems of identity, identifiability and identification. The goal is to showcase emerging scholarship of graduate students at the cutting edge of humanities, social sciences, artists, systems design & engineering, philosophy, law, and policy to work towards a clearer understanding of these complex problems, and build foundations for future collaborative work.

In addition to presenting and discussing their work, students will have the opportunity to interact with prominent scholars and professionals related to their fields of interest. The symposium will feature a keynote talk by Ian Kerr, Canada Research Chair in Ethics, Law & Technology at the University of Ottawa.

Submission Information:

We invite submissions on the function of identity, identifiability and identification in the following general areas:

• Media & communication: DRM systems, e-mail & instant messaging, discussion forums

• Online: Identity 2.0, web cookies, IP logging, firewalls, personal encryption

• Social interaction: online social networks, blogging, meetups

• Consumer culture: RFID product tags, reputational systems, commercial data aggregation

• Mobility: electronic tolls, auto black boxes, RFID passports, SecureFlight, V-ID cards

• Security: video surveillance, facial recognition, biometric identification systems, national ID cards

Please submit abstracts, position pieces, demos or full papers for a 10-15 minute presentation to michael.zimmer@nyu.edu by July 5, 2006. Include contact and brief biographical information with your submission. Notification of submission acceptance will be given by July 17, 2006. Limited travel stipends will be available for presenters. Students in need of travel funds should indicate so with their submission.

Program chairs:

- Tim Schneider, JD Student, NYU School of Law
- Michael Zimmer, PhD Candidate, Dept. of Culture & Communication, NYU

Faculty advisor:

- Helen Nissenbaum, Dept. of Culture & Communication, NYU

Sponsors:

- Coordinating Council for Culture and Communications, Journalism, and Media Studies, New York University
- Department of Culture and Communication, New York University
- Information Law Institute, New York University School of Law

(download PDF version here)