The Reputation Society: How Online Opinions Are Reshaping the Offline World
Edited by Hassan Masum and Mark Tovey
Foreword by Craig Newmark

In making decisions, we often seek advice. Online, we check Amazon recommendations, eBay vendors’ histories, TripAdvisor ratings, and even our elected representatives’ voting records. These online reputation systems serve as filters for information overload. In this book, experts discuss the benefits and risks of such online tools.

The contributors offer expert perspectives that range from philanthropy and open access to science and law, addressing reputation systems in theory and practice. Properly designed reputation systems, they argue, have the potential to create a “reputation society,” reshaping society for the better by promoting accountability through the mediated judgments of billions of people. Effective design can also steer systems away from the pitfalls of online opinion sharing by motivating truth-telling, protecting personal privacy, and discouraging digital vigilantism.

About the Editors

Hassan Masum is a policy and technology strategist and Affiliate Researcher at the Waterloo Institute for Complexity and Innovation at the University of Waterloo.

Mark Tovey is an Affiliate Researcher at the Waterloo Institute for Complexity and Innovation at the University of Waterloo. He is the editor of Collective Intelligence: Creating a Prosperous World at Peace.

This book was inspired by the “Symposium on Reputation Economies in Cyberspace” I helped organize at the Yale Information Society Project in 2007, and I’m excited to see the results of that event finally get published.

I’m also happy to note that I co-authored one the chapters in the volume with Anthony Hoffmann, a PhD student at UW-Milwaukee School of Information Studies. Our contribution is titled, “Privacy, Context, and Oversharing: Reputational Challenges in a Web 2.0 World“:

When personal information is shared online, it may spread farther and faster than expected or inappropriately push intimate details to near-strangers. Zimmer and Hoffmann address the twin risks of information spreading beyond its intended context and the oversharing of personal information.

You can purchase the book at Amazon, etc. Enjoy!

(Update at end of post)

I’m troubled by Wisconsin’s plan to create a database of all signers of the recall petitions. I know the political parties have access to the petitions in order to challenge signatures, but I’m unsure (and I’ll need to find out) if all signatures are generally a part of the public record.

Did you sign? Did you think that fact might be publicly discoverable?

You might or might not be concerned with that disclosure, but placing these names into a database changes things. A database makes it much easier to search for particular names and addresses, easier to identify and harass, easier to discriminate, etc. It also makes systemic error or bias much more possible, and potentially more harmful.

So, to start the process of addressing these concerns, I’ve submitted an open records request to the state Government Accountability Board. Here’s the meat of the request:

Specifically, I am interesting in obtaining answers and related information to the following questions:

1) What software platform will be used for creation and maintenance of this database.

2) What software platform will be purchased (as reported in the media) to aid with character recognition of the handwriting on the petitions.

3) Exactly which information fields from the petitions will be included in the database?

4) Who has access to this database, and what security/authentication measures will be used to ensure only authorized access?

5) How long will this database remain? Is there a planned destruction date? Conversely, are there plans to archive it?

6) Will the database itself be subject to open records requests?

I’ll provide updates if I receive any response or answers.

:: UPDATE (1/23/2012) -  While I haven’t received any response to my inquiry to the GAB, this Milwaukee Journal Sentinel article notes that the handwriting recognition software being used is docAlpha from Artsyl Technologies. The story notes how error-prone these technologies can be (5-10% error rate per character!), and confirms that the state database of petition signers will indeed be publicly accessible.

For a moderate amount of time, I had been a “friend” with someone on Facebook, and we appeared to have full visibility of each others activities. Then, recently, I noticed that this person no longer appeared in my feeds or list of friends. I searched for this person on Facebook to no avail (zero results), and attempted to load this person’s Facebook profile using the custom URL, but was met with the standard error “The page you requested was not found”. This prompted me to assume that this person either (a) deactivated her/his page and left Facebook, or (b) un-friended me and tweaked the privacy settings to be essentially invisible to non friends. This didn’t bother me much, and I didn’t really think of it again.

Today, however, I noticed an update in my Ticker noting this person made a comment on some other Facebook user’s (not a friend of mine) page.  This particular action also was reported in my main News Feed. I found it quite odd that suddenly I was seeing updates from this ex-friend. I proceeded to search my friends list, and s/he wasn’t there. I searched for this person’s name, and still received no results. I tried to load this peron’s URL, and got the same error message.

However, when I clicked the user name (this person’s real name) in the status update, I was taken to her/his Facebook profile page, only it now was a different URL with a different username.** But it was my former Facebook friend: same photo, same basic info, etc. I searched the friend list, and I wasn’t there (as expected).  As far as I can tell, this person reactivated or recreated a new Facebook account, and simply decided not to friend me (fine). Yet, I’m not seeing activity from this person — this non Facebook friend — in my News Feed.

Has anyone else experienced this? Or have a possible explanation?  My only guess is that perhaps the user is using the same email address for the new account, and some code within Facebook recognizes that I used to be friends with someone using that email, therefore it is making activity visible to me. This is troublesome, of course, since people unfriend for various reasons, all with the presumption that Facebook activity will no longer be made visible to former friends.

UPDATE: I’ve now realized that this former Facebook friend and I do share one friend in common. So it is possible that her/his privacy settings allow visibility of actions to “Friends of friends”. I will investigate further….

** I should point out that the new custom username for this former Facebook friend is not, as far as I know, this person’s name. Nor does it appear to be any other version of her/his name. To compare, it would be as if I created a new Facebook account with the custom URL of /george.kerplanski. This new username — perhaps created to help obfuscate this user’s new account — appears to violate Facebook’s guidelines, which states “Your username should be as close as possible to your true name”.  I might be wrong about this, of course…

ALA conducting new survey about librarians and privacy

For Immediate Release
Tue, 12/13/2011 – 15:50

Contact: Barbara Jones
Office for Intellectual Freedom (OIF)

CHICAGO – The American Library Association’s (ALA) Office for Intellectual Freedom (OIF) is inviting librarians and library workers across the country to participate in a survey that will measure librarians’ attitudes about privacy rights and protecting library users’ privacy.

The survey is available online, and takes only 15 minutes to complete. All responses are anonymous and confidential:

http://tinyurl.com/ALAprivacysurvey

The survey, which builds on an earlier 2008 survey assessing librarians’ attitudes about privacy both within and outside of the library, will provide important data that will help ALA assess the state of privacy in the United States and help guide OIF’s planning for “Privacy for All,” ALA’s ongoing campaign to engage librarians in public education and advocacy to advance privacy rights.  The survey will be available until March 1, 2012.

The study is funded by a generous grant from the Open Society Institute and is managed by Dr. Michael Zimmer, an assistant professor at the University of Wisconsin-Milwaukee’s School of Information Studies and co-director of its Center for Information Policy Research.

Barbara Jones, director of the Office for Intellectual Freedom, encouraged all librarians and library workers to take the survey.  “After three successful years working on Choose Privacy Week and related educational programs, it is essential that we test our assumptions for the remaining years of the grant,” she said.  “We want ‘Privacy for All’ to create models for programming and services that librarians can use for various constituencies and community groups.  We can’t do that without your opinions.”

The “Privacy for All” initiative features Choose Privacy Week, an annual event that encourages libraries and librarians to engage library users in a conversation about privacy; and a website, privacyrevolution.org, that provides access to privacy-related news, information and programming resources.  In 2011 – 2012, “Privacy for All” and Choose Privacy Week will be focused on the topic of government surveillance, with an emphasis on immigrant and refugee communities’ use of libraries and youth attitudes about privacy.

Visit www.privacyrevolution.org to learn more about Choose Privacy Week and the resources available to help libraries engage their users in a conversation on privacy.

It is a well-written article, quite balanced, and features myself, the T3 principle researcher Jason Kaufman, and fellow Internet research experts Alex Halavais, Fred Stutzman, and Elizabeth Buchanan (I am friends with the latter three, for disclosure). The Chronicle also tracked down a Harvard student presumably within the dataset.

For those looking, my initial blog posts (from 2008) regarding the T3 dataset are here and here, and my full treatment of the dataset release was published here:

• Zimmer, M. (2010). “‘But the data is already public’: on the ethics of research in Facebook,” Ethics & Information Technology, 12(4), 313-325

I don’t want to rehash the entire article or episode, but would like to provide a few annotations:

The article does a nice job pointing out the dual challenges of “Researchers [who] must navigate the shifting privacy standards of social networks and their users”, as well as the “the committees set up to protect research subjects—institutional review boards, or IRB’s—[who] lack experience with Web-based research.”

These are critical revelations that we cannot take lightly. There is much work to be done to ensure researchers of all disciplines and levels recognize and respond to the complexities of engaging in this kind of research online, and that IRBs are sufficiently trained to recognize issues related to Internet research ethics.

To these ends, the Association of Internet Researchers (AoIR) has published an ethics guide (now undergoing revisions) as “as at least a starting point for their inquiries and reflection”, and we’ve held various workshops on the subject. Elizabeth Buchanan and Charles Ess have spearheaded important research on the IRBs’ awareness of Internet-related concerns, and have launched the Internet Research Ethics Digital Library, Resource Center and Commons website as a valuable resource.

And, specific to the article’s mention that I have “pointed to the Harvard case in urging the federal government to do more to educate IRB’s about Web research”, I was privileged to present before the Secretary’s Advisory Committee on Human Research Protections (SACHRP), part of the Office for Human Research Protections in the United States Department of Health and Human Services (HHS). Joined by Elizabeth Buchanan, Montana Miller, and John Palfrey (of Harvard’s Berkman Center, by the way), we discussed emerging ethical issues with Internet-based research and urged the committee to take steps to ensure IRBs and researchers were suitably trained to recognize and address these important ethical issues.

In the context of this entire debate (and some of the original comments left on my blog posts), this passage from the article is quite telling:

But Mr. Kaufman talks openly about another controversial piece of his data gathering: Students were not informed of it. He discussed this with the institutional review board. Alerting students risked “frightening people unnecessarily,” he says.

“We all agreed that it was not necessary, either legally or ethically,” Mr. Kaufman says.

Frankly, I’m troubled by this statement. I will leave it to legal experts to determine if the research violated the consent requirements of the Federal Regulations for the Protection of Human Subjects (45 CFR 46), but from an ethical standpoint, I argue the researchers did have an obligation to respect the intentions of those students who might have restricted their Facebook profiles to only be visible to members of the Harvard community. The researcher’s own codebook acknowledged that the assistants used to access the profile data might have had preferential access to a profile, and that “a given student’s information should not be considered objectively ‘public’ or ‘private’”. This realization should have triggered an ethical concern over whether each students truly intended to have their profile data publicly visible and accessible for downloading.

This is the crux of the issue, and my earlier attempts to learn if and how this apparent waiver of the consent requirement was deliberated by Harvard’s IRB were unsuccessful. Perhaps now we can gain a bit more understanding of why it was deemed that consent wasn’t necessary (and I hope it was a more nuanced decision than simply avoiding “frightening people unnecessarily”).

I agree with the article’s conclusion that the “biggest victim” in this episode is academic scholarship.

The uniqueness of this dataset is of obvious value for sociologists and Internet researchers, and it wasn’t my goal to shut down this research project. It is unfortunate the researchers haven’t been able to find a suitable means of re-releasing the data, but just like the AOL search data release forced us to rethink methods of anonymization before again releasing large datasets of transaction logs, I’m hopeful that this episode can prompt meaningful consideration and debate of our understandings of privacy, anonymity/identifiability, consent, and harm when it comes to Internet-based research.

Finally, I wanted to provide a brief response to the implicit accusation made in the article that I’m a part of some kind of “academic paparazzi”.

I’m not even sure what this means. Perhaps someone thinks I spend my time trolling through other people’s research hoping to find a place where they slip up so I can have a “gotcha” moment? Hardly. I had never written on research ethics until I came across this particular case. I saw a passing mention of the data release on another scholar’s blog, and the ensuing discussion there about how the presumed anonymity of the dataset should be questioned due to its unique data variables. So I started to explore, and my discoveries followed. I’m not out to get anyone, but rather have taken quite a number of proactive steps to help researchers (both the T3 team and more broadly) address these complexities.

The complexities of research ethics and methodology in today’s Internet-based environment is complex, and I’m just starting to scratch the surface. But I don’t take this lightly; I’m a scholar, not a paparazzo.

As I conclude in my full article:

The purpose of this critical analysis of the T3 project is not to place blame or single out these researchers for condemnation, but to use it as a case study to help expose the emerging challenges of engaging in research within online social network settings. …The T3 research project might very well be ushering in ‘‘a new way of doing social science’’, but it is our responsibility scholars to ensure our research methods and processes remain rooted in long- standing ethical practices. Concerns over consent, privacy and anonymity do not disappear simply because subjects participate in online social networks; rather, they become even more important.

I hope that’s the takeaway from all this.

I had spoken with a high level Mozilla rep (will remain nameless since I didn’t receive confirmation that I could publish the conversation in full) after the release of version 4 about this important design flaw, and the person told me they were up against hard deadlines to get the feature included in version 4, and didn’t have time to tweak the preferences GUI. The representative agreed this was “less than ideal” and promised that the entire privacy panel would be “revamped” in future releases.

Today, Mozilla has released version 5 of its popular browser, and they have kept their promise. In this new version, the option to turn on “Do Not Track” is rightfully located at the very top of the “Privacy” tab in the preferences panel:

(Another notable enhancement is that the Do Not Track feature now works across platforms.)

I’m glad to see that Mozilla is paying attention and (finally) recognizing that these design decisions matter.

• Angela Maycock, assistant director, ALA Office for Intellectual Freedom
• Deborah Caldwell-Stone, deputy director, ALA Office for Intellectual Freedom
• Michael Zimmer, PhD, assistant professor, School of Information Studies at the University of Wisconsin-Milwaukee and co-director of the Center for Information Policy Research
• Ginger McCall, assistant director, Electronic Privacy Information Center’s (EPIC) Open Government Project

The webinar was recorded, and is available here.

My particular slides can be viewed below, and here are some of the resources I mentioned in my presentation:

• Pew Internet & American Life Project – Teen studies
• Youth, Privacy and Reputation (Literature Review)
• How Different are Young Adults from Older Adults When it Comes to Information Privacy Attitudes and Policies?
• Publications & presentations by danah boyd (Microsoft Research)

Twitter fought the subpoena’s accompanying gag order, and has earned a partial victory that allowed Twitter to make the order public. [Some surmise that the wording of the order -- asking for size of "data files" -- suggests the same order was made to other ISPs or online providers, but there is no evidence that anyone other than Twitter has objected.] Upon learning of her inclusion in the subpoena, Birgitta Jonsdottir, a member of Iceland’s parliament, sought the help of the EFF and  filed a motion challenging the government’s attempt to obtain the records, asking the court to vacate the order. The motion argued the government’s demand for the records violated First Amendment speech rights and Fourth Amendment privacy rights of the Twitter-account holders.

In March 2011, Judge Theresa Buchanan, in the Eastern District of Virginia, ruled against that motion, arguing that because the government was not seeking the content of the Twitter accounts in question (.pdf), the subjects did not have standing to challenge the government’s request for the records. She further argued that “because petitioners voluntarily conveyed their IP addresses to Twitter as a condition of use, they have no legitimate Fourth Amendment privacy interest.” The judge was unpersuaded by the petitioners initial suggestion that they did not read or understand Twitter’s Privacy Policy, and that any conveyance of IP addresses to Twitter was involuntary. In a footnote of the motion, she wrote quite plainly: “Internet users are bound by the terms of click-through agreements made online.”

Christopher Soghoian has posted a critical analysis of this portion of the judge’s ruling, noting that while the judge states in her order that “[b]efore creating a Twitter account, readers are notified that IP addresses are among the kinds of ‘Log Data’ that Twitter collects, transfers and manipulates,” that isn’t entirely true. Soghoian comments:

It would be far more accurate to say that before creating a Twitter account, users are presented a link to a privacy policy, which includes a statement six paragraphs down about IP address collection. Users are further told that by clicking on a button to create the account, that they acknowledge that they read the linked privacy policy, although Twitter does not actually take any steps to make sure that users clicked on the link or scrolled through the content on that page.

Of course, it wouldn’t really matter if Twitter forced people to click on the privacy policy, or scroll through the page, because everyone knows that consumers won’t actually read through the text.

This final point is critical: “everyone knows that consumers won’t actually read through the text.” Soghoian’s post includes numerous studies that show users rarely read terms of service or privacy policies, as well as quotes from both FTC officials and US Supreme Court Chief Justice Roberts acknowledging the fact that these policies are difficult to read and understand.

Building from his original post, Soghoian has penned an amici brief (pdf) to the court, which presents the following argument:

Amici urge the court to not dismiss petitioners’ Fourth Amendment privacy interests based on their mouse clicks. Research has shown that consumers rarely read and even more rarely understand privacy policies. In fact, the mere presence of a privacy policy is often misunderstood by consumers to mean their privacy is protected. While “clickwrap” acceptance of terms may constitute a contract under certain circumstances, this legal construct for private obligations has limited bearing on whether a user’s expectation of privacy against government intrusion is objectively reasonable and protected by the Fourth Amendment.

I’m among the signers* of this brief, and would like to thank Chris for his continued efforts on protecting privacy online.

• Dr. Kelly Caine, Principal Research Scientist in the Center for Law, Ethics and Applied Research in Health Information and the School of Informatics and Computing, Indiana University
• Danielle Keats Citron, Professor of Law, University of Maryland School of Law
• Dr. Serge Egelman
• Jerry Kang, Professor of Law, UCLA School of Law
• Dr. Aleecia M. McDonald
• Frank A. Pasquale, Schering-Plough Professor in Health Care Regulation and Enforcement, Seton Hall Law School, Visiting Fellow, Princeton University Center for Information Technology Policy
• Len Sassaman, Researcher, Katholieke Universiteit Leuven (Belgium)
• Jason M. Schultz, Assistant Clinical Professor of Law, Director, Samuelson Law, Technology & Public Policy Clinic, UC Berkeley School of Law
• Wendy Seltzer, Associate Research Scholar, Center for Information Technology Policy, Princeton University
• Christopher Soghoian, Graduate Fellow, Center for Applied Cybersecurity Research, Indiana University
• Dr. Michael Zimmer, Assistant Professor, School of Information Studies, Co-Director, Center for Information Policy Research, University of Wisconsin-Milwaukee

This is an important step towards giving Web users more control over how their digital steps are being monitored and recorded. The Future of Privacy Forum has been tracking the history of this feature for some time, and we had a conference call with Mozilla, Microsoft, and Google a few weeks ago to learn about their various (and varying) methods for allowing users to prevent tracking.

Here’s how Firefox’s Do Not Track feature works:

For more background, please see Chris Soghoian’s detailed history of the inception of the opt-out header concept, as well as the DoNotTrack.Us website for full details on the broader project supporting these initiatives.

Note, however, a critical limitation (currently) to the Do Not Track method: it requires third-party advertisers to recognize and properly react to the DNT header sent to them from your browser, and there’s no requirement that they must. As Firefox notes: “Honoring this setting is voluntary — individual websites are not required to respect it.” While implementing the header should be easy for advertisers, no advertising network or other tracking service has yet announced plans to honor the Do Not Track header. The FTC might require something similar, and we can hope that public pressure might lead ad networks to voluntarily adopt Do Not Track, but for now, this is merely the expression of a user’s privacy preference that falls on deaf ears.

Despite this limitation, it still is very important and meaningful that Firefox has implemented Do Not Track for its millions of users.

The problem is, unfortunately, they made it very hard to turn Do Not Track on.

Today I installed Firefox 4 and went to the preferences panel to see for myself how Do Not Track has been implemented. Logically, I went to the Privacy tab first:

Here, all I see is a default setting of “Remember history”, noting that “Firefox will remember your browsing, download, form and search history, and keep cookies from Web sites you visit.” This default is discomforting. Looking at the menu of options, I see I can select “Use custom settings for history”:

Here, at least, I control whether Firefox stores my browsing history, or accepts third party cookies, etc. But, Do Not Track is nowhere to be found on the Privacy settings control panel.

Next, I try the Security tab, since Do Not Track is pitched as a security feature by Mozilla. Again, no settings for Do Not Track are provided:

Finally, I click on the ubiquitous “Advanced” settings tab. Bingo! Look closely, and you’ll see a setting for “Tell web sites I do not want to be tracked” among the list of browsing settings. And, of course, the default setting is to not have Do Not Track activated:

This design choice is very troublesome. Do Not Track is a major development in potentially providing Web users more privacy, security and control over their online activities. Mozilla brags about “leading the Web towards a universal standard Do Not Track feature,” and its own (draft) Privacy & Data Operating Principles talks about providing “real choices,” “sensible settings,” and “user control.” Yet, the setting to turn on Do Not Track is buried in the Advanced preferences tab, and listed alongside such mundane options for smooth scrolling and spell check.

Mozilla, you can do better than this.

TrackMeNot represents a form of technological resistance in the fight against the increasing loss of control individuals posses over their online personal information flows, and I was excited to play a very small role in its development while at NYU. Now, five years later, NYU has a thriving Privacy Research Group, filled with “students, professors, and industry professionals who are passionate about exploring, protecting, and understanding privacy in the digital age.”

Recently, two members of the NYU Privacy Research Group, Jaime Madell and Ian Spiro, have launched another privacy-enhancing technology, this time targeted at empowering Facebook users. Their creation is PostPref, a Facebook application that helps users protect the privacy of their photos.

PostPref is an attempt to remedy the lack of context on online social networks, the architectures of which tend to weaken norms of information flow by forcing the “binary” (private vs. non-private) categorization of shared information. Simply put, PostPref is a photo watermarking tool that allows users to quickly and intuitively label their photos so that others know whether they should feel free to redistribute the photos.

The concept is pretty simple: Once you authorize the PostPref app on Facebook, you have the ability to add a red, yellow, or green light, and accompanying message, to each of your photos: A “green” mark means “feel free to re-post freely.” A “yellow” mark means “please ask me first before sharing.” And a “red” mark means “do not share this photo at all!” Below is an image of myself tagged with a yellow watermark, indicating that my permission should be requested before reposting the photo.

Of course, there’s no technical restriction on what others actually can do with these photos. Anyone who has access to your photos on Facebook could download a “red light” photo and use it as they wish. (They might want to crop out the watermark to avoid making their breach of your privacy wishes obvious).

But PostPref is a good step towards putting power back into the hands of users. Facebook consistently misunderstands the nature of privacy online, and tools like PostPref help reorient services like Facebook to better respect the complex nature of privacy online.