To close out the week, I’ve finally updated my quick guide for adjusting your Facebook privacy settings. Much has changed with the kinds of controls Facebook provides users, as well as what they let you control at all  (making the 2008 and 2009 versions highly outdated).

My new quick guide is not exhaustive — and Facebook’s help pages are actually quite helpful — but hopefully this can provide a starting point for controlling your privacy online. I especially recommend this for new and younger Facebook users. Details below, and a PDF handout is here.

Ways To Adjust Privacy Settings In Facebook

Have you been wondering how to be social on Facebook while still keeping your privacy under control? When you join a site like Facebook you take the chance of letting your private information run wild. By adjusting your privacy settings you’ll have more control over who sees what.

Dividing up your Friends

Is your mom really on the same level of friendship as your roommate? Is your boss on the same level as your drinking buddies? What to block certain content from an ex-boyfriend? Facebook allows you to organize your friends into different groups, which can later be used to determine who sees what.

To do this, go to https://www.facebook.com/bookmarks/lists. There’s a button at the top that says “+ Create List.” Clicking it allows you to create a list of your choosing, then add any of your friends to it. You might make lists like “high school friends” or “family” or “co-workers” or “only the best friends”.

Once you’ve split up all your friends into different lists—what’s next?

Control Who Sees What you Post

Facebook allows you to control who can see what you post using a special “audience selector” drop down menu. With each status update, photo upload, or information shared, you can click on the small “drop down” arrow to select the specific audience: public, friends, only me, custom, or one of the friends lists you’ve previously created.

Control your Default Privacy

You can also set a default privacy level of all the things you share. To get to your privacy settings, click the account menu (small blue down arrow) at the top right of any Facebook page, and choose Privacy Settings. Here you can select the default setting for you posts: public, friends, or custom.

Choose “custom” in order to select particular friends lists as your default visibility settings. You can also exclude individual people from seeing status updates or photos.

From this same privacy settings page, you can control if people can find you on Facebook, whether people can tag you in photos, your advertising and app privacy, and even whether people can view past posts.

How You Connect

These settings determine how people can find or connect with you on Facebook, including who can search for you via email or phone number, who can send you friend requests, or who can send you Facebook messages. The most open setting is “Everyone”, and the most private is “Friends” only.

Timeline and Tagging

These are important settings to control who can tag you in posts and photos, and who can see those tags:

• Who can post on your timeline?  This setting controls who is able to post on your own Wall and Timeline. The options are either “Friends” or “No one”.
• Who can see what others post on your timeline? When someone else posts on your Wall, you can control whether all friends can see that content, or only certain lists.
• Review posts friends tag you in before they appear on your timeline.  When a friend “tags” you in one of their own status updates, it will automatically appear in your own timeline, allowing your friends to view the item. You can change this setting so you must approve the tag before it will appear on your own wall.
• Who can see posts you’ve been tagged in on your timeline?  This setting controls the visibility of any tags you’ve approved (or that are automatically approved).
• Review tags friends add to your own posts on Facebook.  Sometimes a friend can add a tag to one of your own posts. These can be allowed automatically, or you can control and approve them with this setting.
• Who sees tag suggestions when photos that look like you are uploaded?  Facebook has advanced facial recognition software, so if it thinks it sees your face in a photo uploaded by someone else, it might suggest tagging that photo with your name. You can turn this feature off, or make it available to your friends.

Apps, Games, and Websites

On Facebook, your name, profile picture, gender, networks, username and user id (account number) are always publicly available, including to apps. Also, by default, apps have access to your friends list and any information you choose to make public.

You can edit these settings to control what additional information is shared with apps, games, and websites. You can also turn on “Instant Personalization” which links your Facebook account to external website (like Pandora) to view relevant friend activity off of Facebook.

Public Search

From the same “Apps, Games, and Websites” settings page, you can control whether your Facebook profile is visible on search engines like Google. Turn this setting off if you don’t want your profile page listed in search engine results.

 For more detailed help and descriptions, please spend time on Facebook’s own help pages.

New survey confirms librarians’ commitment to protecting privacy rights

For Immediate Release
Tue, 05/01/2012 – 15:55

Contact: Jennifer Petersen
Office for Intellectual Freedom (OIF)

CHICAGO – In conjunction with Choose Privacy Week, the American Library Association’s (ALA) Office for Intellectual Freedom (OIF) released preliminary findings from a new survey measuring librarians’ views on privacy rights and protecting library users’ privacy.

The survey, which builds on an earlier 2008 survey assessing librarians’ attitudes about privacy, provides important data that will help ALA evaluate the state of privacy in the United States and libraries’ role in protecting library users’ privacy. The data will help guide ongoing planning for Choose Privacy Week and similar initiatives aimed at engaging librarians in public education and advocacy to advance privacy rights.

Some of the highlights from the 2012 survey include:

• Librarians remain concerned about privacy and individuals’ desire to control access and use of personal information. Ninety-five percent agree or strongly agree that individuals should be able to control who sees their personal information, and more than 95 percent of respondents feel government agencies and businesses shouldn’t share personal information with third parties without authorization and should only be used for a specific purpose.
• Librarians affirmed their commitment to the profession’s long-standing ethic of protecting library users’ privacy. Nearly 100 percent of respondents agreed that “Libraries should never share personal information, circulation records or Internet use records with third parties unless it has been authorized by the individual or by a court of law,” and 76 percent feel libraries are doing all they can to prevent unauthorized access to individual’s personal information and circulation records.  Overall, nearly 80 percent feel libraries should play a role in educating the general public about privacy issues.
• When compared to the 2008 survey, the results showed that the responses given by the 2012 respondents generally mirrored those of the 2008 respondents, with data showing a slight decline in the level of concern over privacy. For example, in both surveys, the vast majority (95 percent in 2008, 90 percent in 2012) of respondents expressed concern that “companies are collecting too much personal information about me and other individuals.”  However those who “strongly” agreed dropped from 70 percent in 2008 to only 54 percent in 2012.

The 2012 survey also revealed some limitations in libraries’ handling of privacy issues.  While nearly 80 percent of the responding librarians said libraries should play a role in educating the general public about privacy, only 13 percent said their library had hosted a privacy information session, lecture, seminar or other event addressing privacy and surveillance. Similarly, while 100 percent agree that libraries should not release library records without a court order, only 51 percent indicate that their libraries offer training on handling requests for user records and only 57 percent indicate that their libraries effectively communicate the library’s privacy policies to their patrons.

The 2012 study is funded by a generous grant from the Open Society Foundations and is managed by Dr. Michael Zimmer, an assistant professor at the University of Wisconsin-Milwaukee’s School of Information Studies, and co-director of its Center for Information Policy Research.

The survey is part of ALA’s Choose Privacy Week and “Privacy for All” initiative, which conducted with the generous support of the Open Society Foundations.  Its website, www.privacyrevolution.org, provides access to privacy-related news, information and programming resources.

The American Library Association’s (ALA) Office for Intellectual Freedom established Choose Privacy Week in 2010 to help libraries work with their communities in navigating these complicated but vital issues.  It is a national public awareness campaign that aims to educate the public about their privacy rights and to deepen public awareness about the serious issue of government surveillance. The theme for Choose Privacy Week 2012 is “Freedom from Surveillance.”

For more information on Choose Privacy Week, visit www.privacyrevolution.org or contact Jennifer Petersen, ALA PR coordinator at (312) 280-5043, jpetersen@ala.org.

The Blackberry Project (formerly known as the Friendship Project) is an ongoing longitudinal study examining teen behavior and sociability, which first recruited its subjects in 2003 (starting with 281 third and fourth graders from 13 Dallas public schools) and relied on yearly laboratory and home observation and surveys for data collection. Then, in 2009, the subjects (now entering 8th grade) were provided with BlackBerry devices with unlimited text and data plans paid for by the investigators. The devices were configured so that the content of all text messages, e-mail messages, and instant messages was saved to a secure server to be mined by the researchers — over 500,000 messages a month are being archived. Preliminary analyses have been published in Developmental Psychology.

The result? Hill puts it best in her headline and opening thoughts:

A Texas University’s Mind-Boggling Database Of Teens’ Daily Text Messages, Emails, and IMs Over Four Years

For the past four years, the University of Texas-Dallas developmental psychology professor has essentially wire-tapped 175 Texas teens,  capturing every text message, email, photo, and IM sent on Blackberries that she provided to them, creating a rich database that now contains millions of funny, explicit, sexual, and inane messages for academic study. Half a million new messages pour into the database every month. This summer, she’s adding Facebook content to the mix as well. The teens sacrificed their privacy for science… and a free smartphone, data plan and unlimited text messaging.

Dr. Underwood’s study has been approved by UT-Dallas’s Institutional Review Board, and she’s also received a Certificate of Confidentiality from the NIH, which are only granted after considerable scrutiny. Each participant is given a unique identification number so that all information that is collected is, according to the project website, “de-personalized”. The research data is stored securely with the help of Ceryx and Global Relay, data security providers who typically work together to store and archive electronic communication data for financial institutions. The archive is password protected and can only be accessed by a small group of selected researchers.

In short, this large-scale and long-term project has undergone considerable review, and appears to be taking privacy and security quite seriously. That said, there remain certain ethical concerns about the research worth discussing.

(Note: my discussion is based on what I can glean from available reports and documents about the study; I’m trying to gather additional information through various channels.)

Consent

Since the Blackberry Project (and its predecessor) focus on studying the activity of minors, gaining informed consent is of particular importance. Participants and parents were required to sign detailed consent forms annual that clearly stated that all electronic communication were be recorded and monitored. (While the consent forms for the earlier Friendship Project are available online, I haven’t been able to locate the consent documents for the Blackberry Project. I’ll request them from Dr. Underwood.) It appears this consent process was repeated annually, which is particularly important as subjects grow and develop, and the content of their text and email messages might change over time (for example, 10th graders might start texting about dangerous or legal activity, which might not have been contemplated when original consent was provided years earlier).

Parental consent for minor subjects is standard procedure. However, I wonder how well a parent actually understands the extent to which adolescents make use of mobile texting, and whether a parent really is equipped to represent (and waive) the privacy interests of their adolescent kids if they fail to recognize both the scale and types of information contained within those text messages. Is parental consent really sufficient when we’re dealing with teenager’s use of social media and personal technology? This is something I’ll need to think about more….

Further, any consent granted only involves the participants themselves and their outgoing messages. But those sending messages to the participants have not consented to having their messages stored and subjected to analysis. Underwood recognizes this problem, but argues it away:

Pioneering researchers studying online communication have argued that electronic communication can be observed without permission in some contexts because the information need not be uniquely identifiable, unless individuals have chosen to make their online user name their actual name (see Subrahmanyam et al., 2006; Whitlock, Powers, & Eckenrode, 2006). In our study, although we did have access to participants’ phone contacts and could see how they labeled individuals there, these were rarely uniquely identifiable, because most adolescents chose to label contacts with first names only or with nicknames.

However, I find this argument a bit thin. Just because some “pioneering researchers” claim it is acceptable to study online messages observed without permission “in some contexts” doesn’t make it necessarily ethical here. Hopefully the IRB pressed hard on this issue.

Undue Influence

Consent is only valid if it doesn’t involve coercion or undue influence. While paying research subjects is commonplace and generally acceptable, the fact that subjects in the Blackberry Project received a free smartphone with fully paid data and texting plans (and a generous 300 minute voice plan) might quality as undue influence. The Office of Human Research Protections defines undue influence when researchers offer an “excessive or inappropriate reward or other overture in order to obtain compliance.” OHRP also notes that “The level of remuneration should not be so high as to cause a prospective subject to accept risks that he or she would not accept in the absence of the remuneration.”

This is where the free Blackberries and service plans might be problematic. Since 11% of the participating families had incomes under $25,000, and 29% under $50,000, the allure of a free, “highly attractive” smartphone, complete with a free and unlimited data plan, might have persuaded some lower-income families to participate who otherwise might have considered the project too risky. If you’re on a tight budget, and your kids keep pestering you for a smartphone, the Blackberry Project might have been a lifesaver, regardless of the risks.

Determining undue influence is a grey area, and, again, I hope that UT-Dallas’s IRB considered this matter with vigor.

Privacy and Anonymity

Underwood has taken great lengths to protect subject privacy, including the use of secure, off-campus data storage platforms and replacing account names with ID numbers within the archive. Yet, considerable privacy concerns remain. There are plenty of cases where simply replacing names with ID numbers fails to provide sufficient anonymity, and the content of the messages themselves might reveal various personal details of the participants and their friends. The researchers indicate they use the participants address books to help “replace phone numbers with whatever the participants used to label their contacts” when compiling transcripts. While some of these labels might be un-identifiable, others might effectively “out” particular people within the dataset.

The Forbes article also notes:

Underwood has gotten calls from investigators around the country who would love access to her database, but she says she doesn’t want to hand over the data unless she can de-identify it or anonymize it. I’m imagining many a privacy scholar shaking his or her head in dismay given how difficult true anonymization is.

Indeed. I’m curious to know what steps toward deidentification or anonymization Underwood intends before sharing the data.

The Forbes piece presses Underwood further about the issue of privacy:

When I asked Underwood if any of the kids (or their parents) had ever expressed concern about the privacy of their communications, and the discomfort they might feel about every single thing they send being archived indefinitely for study, she said it had been a “non-issue.”

“We haven’t really directly asked about it. We don’t do anything to draw attention to our monitoring,” says Underwood. She prefers that teenagers act naturally. Asking them too strongly about how they feel about their privacy might negatively affect the “observing them in the wild” aspect of her study.

This troubles me. Here, a researcher collecting millions of personal messages sent between teens admits to not wanting to directly address privacy with the subjects because it might negatively affect the study. If you bring up the privacy concern, Underwood seems to say, it will just cause them to self-censor. Of course, if her hypothesis is true, that validates the privacy concern itself — the participants might actually care about their privacy, once reminded about it. (Note to researchers: if you find yourself wanting to minimize disclosure of privacy concerns, then you have significant privacy concerns that need to be addressed.)

In sum, the Blackberry Project appears to have been managed properly through the IRB rules and regulations. These open issues speak more to the nature of this kind of research generally, versus about this project specifically. I’m very curious as to how the researchers and the IRB discussed and deliberated these issues, and will provide any updates if I’m able to gain access to more details.

The event is free and open to the public:

• Tuesday, May 8, 2012
• 6:00-8:000pm
• UW-Milwaukee Union Theater (2200 E. Kenwood Blvd, 2nd floor)

Following the film, a panel of privacy advocates will discuss its implications, including:

• Emilio De Torre, Youth and Program Director, ACLU of Wisconsin
• Stacy Harbaugh, Communications Director, ACLU of Wisconsin
• Angela Maycock, Assistant Director, Office for Intellectual Freedom, American Library Association
• Michael Zimmer, Assistant Professor and Co-Director, Center for Information Policy Research, School of Information Studies, UW-Milwaukee

During the week of March 5, we’re going to hold an online symposium on Julie Cohen’s important and engrossing book Configuring the Networked Self: Law, Code, and the Play of Everyday Practice (Yale University Press).  As Rebecca Tushnet noted at a celebration of Julie’s book held at Georgetown Law School (see here for her post on the event), Cohen “challenges us to imagine better: understand culture’s power and make policies that both acknowledge and attempt to work with that power.”  Some of what appealed to Dan Solove is the book’s exploration of privacy and creativity together, with all of their nuances. As Dan explained, “copyright and privacy both concern control over information; tension because scholars who argue for limits on copyright are often arguing for more protection for privacy—less control/more control over information.  Is there a coherent way to argue for less copyright/more privacy?  Cohen’s work establishes the normative foundations for that.”  One of my favorite contributions is the book’s illumination of networked architecture’s impact on human flourishing and her development of the Capabilities Approach to address pressing challenges to the practice of everyday life.

Concurring Opinions is thrilled to welcome an all-star group of scholars to lead the discussion, including the author Julie Cohen:

• Anita L. Allen
• Ann Bartow
• Kristin Eschenfelder
• Edward Felten
• Ian Kerr
• Jaron Lanier
• Paul Ohm
• Hector Postigo
• Ted Striphas
• Valerie Steeves
• Michael Zimmer

In the meanwhile, get your copy of the book and mark your calendars!

Zimmer, M. (2012). The ethical (re)design of the Google Books project. In iConference ’12 Proceedings of the 2012 iConference, 363-369. DOI: 10.1145/2132176.2132223

Today, the Google Books project is at a relative standstill — lawsuits against the project remain outstanding as the courts rejected a proposed settlement agreement. The failure of the original vision for the Google Books project to become fully realized presents us with a unique opportunity to ensure that whatever final form Google Books will take in the future, it is designed to support the values respected within the domain of information ethics. This paper will proposed an ethical re-design of the Google Books project, focusing on three core ethical values of primary interest to librarian and information professionals: privacy, intellectual freedom, and public access to information. Advocating for these values in the next iteration of the mass digitization service can help ensure that the informational norms of the library are embraced and upheld.

The Reputation Society: How Online Opinions Are Reshaping the Offline World
Edited by Hassan Masum and Mark Tovey
Foreword by Craig Newmark

In making decisions, we often seek advice. Online, we check Amazon recommendations, eBay vendors’ histories, TripAdvisor ratings, and even our elected representatives’ voting records. These online reputation systems serve as filters for information overload. In this book, experts discuss the benefits and risks of such online tools.

The contributors offer expert perspectives that range from philanthropy and open access to science and law, addressing reputation systems in theory and practice. Properly designed reputation systems, they argue, have the potential to create a “reputation society,” reshaping society for the better by promoting accountability through the mediated judgments of billions of people. Effective design can also steer systems away from the pitfalls of online opinion sharing by motivating truth-telling, protecting personal privacy, and discouraging digital vigilantism.

About the Editors

Hassan Masum is a policy and technology strategist and Affiliate Researcher at the Waterloo Institute for Complexity and Innovation at the University of Waterloo.

Mark Tovey is an Affiliate Researcher at the Waterloo Institute for Complexity and Innovation at the University of Waterloo. He is the editor of Collective Intelligence: Creating a Prosperous World at Peace.

This book was inspired by the “Symposium on Reputation Economies in Cyberspace” I helped organize at the Yale Information Society Project in 2007, and I’m excited to see the results of that event finally get published.

I’m also happy to note that I co-authored one the chapters in the volume with Anthony Hoffmann, a PhD student at UW-Milwaukee School of Information Studies. Our contribution is titled, “Privacy, Context, and Oversharing: Reputational Challenges in a Web 2.0 World“:

When personal information is shared online, it may spread farther and faster than expected or inappropriately push intimate details to near-strangers. Zimmer and Hoffmann address the twin risks of information spreading beyond its intended context and the oversharing of personal information.

You can purchase the book at Amazon, etc. Enjoy!

(Update at end of post)

I’m troubled by Wisconsin’s plan to create a database of all signers of the recall petitions. I know the political parties have access to the petitions in order to challenge signatures, but I’m unsure (and I’ll need to find out) if all signatures are generally a part of the public record.

Did you sign? Did you think that fact might be publicly discoverable?

You might or might not be concerned with that disclosure, but placing these names into a database changes things. A database makes it much easier to search for particular names and addresses, easier to identify and harass, easier to discriminate, etc. It also makes systemic error or bias much more possible, and potentially more harmful.

So, to start the process of addressing these concerns, I’ve submitted an open records request to the state Government Accountability Board. Here’s the meat of the request:

Specifically, I am interesting in obtaining answers and related information to the following questions:

1) What software platform will be used for creation and maintenance of this database.

2) What software platform will be purchased (as reported in the media) to aid with character recognition of the handwriting on the petitions.

3) Exactly which information fields from the petitions will be included in the database?

4) Who has access to this database, and what security/authentication measures will be used to ensure only authorized access?

5) How long will this database remain? Is there a planned destruction date? Conversely, are there plans to archive it?

6) Will the database itself be subject to open records requests?

I’ll provide updates if I receive any response or answers.

:: UPDATE (1/23/2012) -  While I haven’t received any response to my inquiry to the GAB, this Milwaukee Journal Sentinel article notes that the handwriting recognition software being used is docAlpha from Artsyl Technologies. The story notes how error-prone these technologies can be (5-10% error rate per character!), and confirms that the state database of petition signers will indeed be publicly accessible.

For a moderate amount of time, I had been a “friend” with someone on Facebook, and we appeared to have full visibility of each others activities. Then, recently, I noticed that this person no longer appeared in my feeds or list of friends. I searched for this person on Facebook to no avail (zero results), and attempted to load this person’s Facebook profile using the custom URL, but was met with the standard error “The page you requested was not found”. This prompted me to assume that this person either (a) deactivated her/his page and left Facebook, or (b) un-friended me and tweaked the privacy settings to be essentially invisible to non friends. This didn’t bother me much, and I didn’t really think of it again.

Today, however, I noticed an update in my Ticker noting this person made a comment on some other Facebook user’s (not a friend of mine) page.  This particular action also was reported in my main News Feed. I found it quite odd that suddenly I was seeing updates from this ex-friend. I proceeded to search my friends list, and s/he wasn’t there. I searched for this person’s name, and still received no results. I tried to load this peron’s URL, and got the same error message.

However, when I clicked the user name (this person’s real name) in the status update, I was taken to her/his Facebook profile page, only it now was a different URL with a different username.** But it was my former Facebook friend: same photo, same basic info, etc. I searched the friend list, and I wasn’t there (as expected).  As far as I can tell, this person reactivated or recreated a new Facebook account, and simply decided not to friend me (fine). Yet, I’m not seeing activity from this person — this non Facebook friend — in my News Feed.

Has anyone else experienced this? Or have a possible explanation?  My only guess is that perhaps the user is using the same email address for the new account, and some code within Facebook recognizes that I used to be friends with someone using that email, therefore it is making activity visible to me. This is troublesome, of course, since people unfriend for various reasons, all with the presumption that Facebook activity will no longer be made visible to former friends.

UPDATE: I’ve now realized that this former Facebook friend and I do share one friend in common. So it is possible that her/his privacy settings allow visibility of actions to “Friends of friends”. I will investigate further….

** I should point out that the new custom username for this former Facebook friend is not, as far as I know, this person’s name. Nor does it appear to be any other version of her/his name. To compare, it would be as if I created a new Facebook account with the custom URL of /george.kerplanski. This new username — perhaps created to help obfuscate this user’s new account — appears to violate Facebook’s guidelines, which states “Your username should be as close as possible to your true name”.  I might be wrong about this, of course…

ALA conducting new survey about librarians and privacy

For Immediate Release
Tue, 12/13/2011 – 15:50

Contact: Barbara Jones
Office for Intellectual Freedom (OIF)

CHICAGO – The American Library Association’s (ALA) Office for Intellectual Freedom (OIF) is inviting librarians and library workers across the country to participate in a survey that will measure librarians’ attitudes about privacy rights and protecting library users’ privacy.

The survey is available online, and takes only 15 minutes to complete. All responses are anonymous and confidential:

http://tinyurl.com/ALAprivacysurvey

The survey, which builds on an earlier 2008 survey assessing librarians’ attitudes about privacy both within and outside of the library, will provide important data that will help ALA assess the state of privacy in the United States and help guide OIF’s planning for “Privacy for All,” ALA’s ongoing campaign to engage librarians in public education and advocacy to advance privacy rights.  The survey will be available until March 1, 2012.

The study is funded by a generous grant from the Open Society Institute and is managed by Dr. Michael Zimmer, an assistant professor at the University of Wisconsin-Milwaukee’s School of Information Studies and co-director of its Center for Information Policy Research.

Barbara Jones, director of the Office for Intellectual Freedom, encouraged all librarians and library workers to take the survey.  “After three successful years working on Choose Privacy Week and related educational programs, it is essential that we test our assumptions for the remaining years of the grant,” she said.  “We want ‘Privacy for All’ to create models for programming and services that librarians can use for various constituencies and community groups.  We can’t do that without your opinions.”

The “Privacy for All” initiative features Choose Privacy Week, an annual event that encourages libraries and librarians to engage library users in a conversation about privacy; and a website, privacyrevolution.org, that provides access to privacy-related news, information and programming resources.  In 2011 – 2012, “Privacy for All” and Choose Privacy Week will be focused on the topic of government surveillance, with an emphasis on immigrant and refugee communities’ use of libraries and youth attitudes about privacy.

Visit www.privacyrevolution.org to learn more about Choose Privacy Week and the resources available to help libraries engage their users in a conversation on privacy.