Twitter fought the subpoena’s accompanying gag order, and has earned a partial victory that allowed Twitter to make the order public. [Some surmise that the wording of the order -- asking for size of "data files" -- suggests the same order was made to other ISPs or online providers, but there is no evidence that anyone other than Twitter has objected.] Upon learning of her inclusion in the subpoena, Birgitta Jonsdottir, a member of Iceland’s parliament, sought the help of the EFF and  filed a motion challenging the government’s attempt to obtain the records, asking the court to vacate the order. The motion argued the government’s demand for the records violated First Amendment speech rights and Fourth Amendment privacy rights of the Twitter-account holders.

In March 2011, Judge Theresa Buchanan, in the Eastern District of Virginia, ruled against that motion, arguing that because the government was not seeking the content of the Twitter accounts in question (.pdf), the subjects did not have standing to challenge the government’s request for the records. She further argued that “because petitioners voluntarily conveyed their IP addresses to Twitter as a condition of use, they have no legitimate Fourth Amendment privacy interest.” The judge was unpersuaded by the petitioners initial suggestion that they did not read or understand Twitter’s Privacy Policy, and that any conveyance of IP addresses to Twitter was involuntary. In a footnote of the motion, she wrote quite plainly: “Internet users are bound by the terms of click-through agreements made online.”

Christopher Soghoian has posted a critical analysis of this portion of the judge’s ruling, noting that while the judge states in her order that “[b]efore creating a Twitter account, readers are notified that IP addresses are among the kinds of ‘Log Data’ that Twitter collects, transfers and manipulates,” that isn’t entirely true. Soghoian comments:

It would be far more accurate to say that before creating a Twitter account, users are presented a link to a privacy policy, which includes a statement six paragraphs down about IP address collection. Users are further told that by clicking on a button to create the account, that they acknowledge that they read the linked privacy policy, although Twitter does not actually take any steps to make sure that users clicked on the link or scrolled through the content on that page.

Of course, it wouldn’t really matter if Twitter forced people to click on the privacy policy, or scroll through the page, because everyone knows that consumers won’t actually read through the text.

This final point is critical: “everyone knows that consumers won’t actually read through the text.” Soghoian’s post includes numerous studies that show users rarely read terms of service or privacy policies, as well as quotes from both FTC officials and US Supreme Court Chief Justice Roberts acknowledging the fact that these policies are difficult to read and understand.

Building from his original post, Soghoian has penned an amici brief (pdf) to the court, which presents the following argument:

Amici urge the court to not dismiss petitioners’ Fourth Amendment privacy interests based on their mouse clicks. Research has shown that consumers rarely read and even more rarely understand privacy policies. In fact, the mere presence of a privacy policy is often misunderstood by consumers to mean their privacy is protected. While “clickwrap” acceptance of terms may constitute a contract under certain circumstances, this legal construct for private obligations has limited bearing on whether a user’s expectation of privacy against government intrusion is objectively reasonable and protected by the Fourth Amendment.

I’m among the signers* of this brief, and would like to thank Chris for his continued efforts on protecting privacy online.

• Dr. Kelly Caine, Principal Research Scientist in the Center for Law, Ethics and Applied Research in Health Information and the School of Informatics and Computing, Indiana University
• Danielle Keats Citron, Professor of Law, University of Maryland School of Law
• Dr. Serge Egelman
• Jerry Kang, Professor of Law, UCLA School of Law
• Dr. Aleecia M. McDonald
• Frank A. Pasquale, Schering-Plough Professor in Health Care Regulation and Enforcement, Seton Hall Law School, Visiting Fellow, Princeton University Center for Information Technology Policy
• Len Sassaman, Researcher, Katholieke Universiteit Leuven (Belgium)
• Jason M. Schultz, Assistant Clinical Professor of Law, Director, Samuelson Law, Technology & Public Policy Clinic, UC Berkeley School of Law
• Wendy Seltzer, Associate Research Scholar, Center for Information Technology Policy, Princeton University
• Christopher Soghoian, Graduate Fellow, Center for Applied Cybersecurity Research, Indiana University
• Dr. Michael Zimmer, Assistant Professor, School of Information Studies, Co-Director, Center for Information Policy Research, University of Wisconsin-Milwaukee

• Part I: Intro and Privacy Roundup: Hoffmann discusses how the LoC acquisition of the public Twitter archive “directly confronts a number of unresolved (and hotly contested) practical and conceptual issues concerning privacy today”.
• Part II: Digital Divides and the Cultural Record: Hoffmann critiques the oft-repeated rhetoric that the Twitter archive represents the collective thoughts and utterances of “ordinary people”, arguing that “rather than a true democratization of the cultural record, we are simply expanding it to include not only elite content producers with access to the traditional information gatekeepers, but new content producers literate and savvy enough to take advantage of new informational gateways.”
• Part III: Intercultural Information Ethics and Digital Classification: Hoffmann builds on Part II, recognizing that while Twitter is clearly not representative of “ordinary people,” it is, in fact, ethnically diverse. This diversity of users — and usage — will force the LoC to address broad intercultural questions when building tools for accessing the archive. In Hoffmann’s words: “different groups use Twitter for different reasons and in different ways. In turn, it is important that we ask how these differences will be represented in the Library of Congress’s Twitter archive.”
• Part IV: Internet Research Ethics: Finally, Hoffmann situates these concerns within the lens of Internet research ethics, posing important questions such as “How do we conduct meaningful research in the archive and still respect the rights and privacy of individual Twitterers who did not necessarily consent to being researched?” and “How do we make sense of this data in a way that is meaningful anywhere outside the context of Twitter itself?” and “How will we handle the issue of intercultural information ethics and representation when we conduct research on this archive?”

I encourage you to read the complete set of reflections.

I then proceeded to submit a Freedom of Information Act request to the LOC requesting a copy of the agreement, any internal policies or documents governing how the Twitter data will be archived and used, and requested answers to these questions.

It has now been almost 2 weeks and I have had not yet received a response from the Library. However, interviews with Library personnel posted at The American Prospect and Ars Technica provide us some insight into the nature of the agreement and the plans for the data.

And, just as I was starting to write this post (yesterday), I received an email from the LOC’s Matt Raymond directing me to this new blog post, which includes a scanned copy of the gift agreement (PDF) between Twitter and the LOC, and provides some additional details about the arrangement.

Piecing all these together, we can discern the following:

Archive Contents

There has been little information available about what, precisely, will be included in the dataset provided to the LOC. The agreement simply indicates “public Tweets from the Twitter service”, which leads us to believe that detailed profile and social graph information might not be included. The LOC’s recent blog post provides more specifics:

Private account information and deleted tweets will not be part of the archive. Linked information such as pictures and websites is not part of the archive, and the Library has no plans to collect the linked sites.

Thus, the LOC will apparently only be archiving the tweets, and not expanding shortened URLs, or retrieving and storing any photos or linked websites.

Personal/Profile Information

When asked specifically about whether personal information might be included in the archive, the LOC mentioned how research on anonymization might help mitigate privacy concerns in the future, suggesting that they might include it, but would look for a way to anonymize it when providing the data to researchers.  In the end, the LOC indicates that it will be up to Twitter to decide what to do about personal information.

I’m not fully comfortable with this position. The LOC should take a much stronger stance regarding the existence of personal content in the dataset. It should either require it purged before receiving it, or come up with specific steps it will take to scrub personal information from the data visible to outsiders.

Geo-Locational Data

While the LOC recognizes the research potential of having access to geo-locational data,  the Gift Agreement is silent about what specific data will be shared. I suspect that it might fall into the “personal information” category of things that Twitter hasn’t quite figured out. Yet, until this is resolved one way or another, the possible inclusion of geo-locational data poses a significant privacy threat.

Timing

The LOC has noted that there will be a 6-month lag before the latest Tweets get sent to them to be archived. They’ve stated the reason for the lag is to give people a chance to delete their tweets and “things like that” before they are sent to the archive.

The LOC also hints that it might enforce an embargo “of several years” on the data, to help force the passage of time between access to the archive and any particular events.

Processing the Archive

The Library is planning to build analytic tools to help “make order” out of the archive, perhaps clustering content based on hashtag, etc; something more than just full-text searching.

Access & Data Release

The Gift Agreement provide insights into the kind of access that will be provided:

After a period of six months from the date any portion of the materials was first posted to the Twltter service. the Library may display such materials in the collection of its public website or In any other electronic form or successor technology subject to reasonable access limitations such as the use of a robots.bit file. The Library will not provide a substantial portion of the Collection on its public website in a form that may be easily subject to bulk download.

In short, the archive “would not be released as a single public file or exposed through a search engine, but offered as a set only to approved researchers.” There is no indication of what criteria will be used to determine “approved researchers”, but presumably the LOC already has such processes in place.

Commercial Use

Twitter’s blog post about the acquisition indicates that only “non-commercial” research will be allowed, and the gift agreement confirms this, noting that potential researchers must sign a “notification mutually agreed upon by Donor and the Library prohibiting commercial use and redistribution of all or a substantial part of the Collection.”

[Interesting that the agreement might allow redistribution of a "non-substantial" part of the archive. I'm presuming this relates to selective quoting of items in the collection within one's research.]

Opt-Out & User Access

A key question centers on whether owners of Twitter accounts might be able to request materials removed from the archive, even after the 6-month day, or opt-out entirely.  (Note: I’ve pondered whether LOC-owned databases constitute government databases that fall under the Privacy Act, which would require such access)

There is little new information about whether users can access their archived tweets to make changes, but it appears that isn’t being contemplated. When asked about opt-out, the LOC punted it back to Twitter, saying: “We asked them to deal with the users; the library doesn’t want to mediate that.”

Like with the issue of private information within the archive, this stance disappoints me. As a library, the LOC should take a more proactive stance to provide individuals the ability to protect and control their information.

Summary

To summarize, I’m pleased that the LOC is providing (the required) transparency regarding this agreement, and that they’re trying to address some of the issues that have been floated about. However, I’m disappointed that they’re leaving many of the “hard” questions up to Twitter, especially the determination of what is considered “public” to include in the dataset. The LOC should take a stronger stance on issues that impact user privacy, control over their information, and access.

It seems that I now need to ask Twitter what its thinking is on various matters: precisely what data is included in the dataset, will users be able to opt-out, how will the data be sent to the LOC, etc.

More to come….

Or can they?

Consider this scenario:

1. You decide to protect your privacy/visibility and keep your tweet stream protected.
2. I send a request to follow you. You accept. I now receive your private tweet stream.
3. I retweet one of your private tweets. (Note: Twitter restricts the ability to retweet private tweets, but it can be done manually, or in most 3rd party apps.)
4. My steam is public. Your tweet is now public, embedded in my stream.
5. The Library of Congress archives my public stream, including your private tweet that I had retweeted.

So, a few reflections on this (common) scenario. First, it is ethically-questionable whether users with public streams should be retweeting private tweets without express consent.

Second, and more to the point, people’s attempts to restrict access to their tweets can be easily thwarted, and ultimately those private tweets can end up in the Library of Congress’s archives with the rest of the public tweets.

It’s time to brush off the contextual integrity lecture notes.

UPDATE:  See this article in the New York Times, where a LOC spokesperson notes:

Some online commentators raised the question of whether the library’s Twitter archive could threaten the privacy of users. Mr. Raymond said that the archive would be available only for scholarly and research purposes. Besides, he added, the vast majority of Twitter messages that would be archived are publicly published on the Web.

This is the classic “but the information is already public” argument that, while technically true, presumes a false dichotomy that information is either strictly public or private, ignoring any contextual norms that might have guided the initial release of information or how a person expects that information to flow.

This is Nissenbaum’s theory of contextual integrity, which Fred Stutzman has already invoked related to this case.

Further, it is interesting that the LOC seems to acknowledge that there are non-public tweets within the archive: “…the vast majority…are publicly published on the Web”. I will reach out to Mr. Raymond to seek clarification.

The Library of Congress tweeted today that they are acquiring the entire archive of public Twitter activity since March 2006. (The official blog post is down, but a copy is on the LOC’s Facebook page.)

Have you ever sent out a “tweet” on the popular Twitter social media service? Congratulations: Your 140 characters or less will now be housed in the Library of Congress.

That’s right. Every public tweet, ever, since Twitter’s inception in March 2006, will be archived digitally at the Library of Congress.

… We will also be putting out a press release later with even more details and quotes. Expect to see an emphasis on the scholarly and research implications of the acquisition. I’m no Ph.D., but it boggles my mind to think what we might be able to learn about ourselves and the world around us from this wealth of data. And I’m certain we’ll learn things that none of us now can possibly conceive.

This is big. Huge.

And while the LOC stresses that they’re doing this for historical and scholarly reasons, there are major implications regarding the privacy and contextual expectations of Twitter users. Now, suddenly, all their tweets are being archived by the world’s largest library. Yes, the tweets were always public and discoverable, but the searchability and accessibility will increase drastically if/when the LOC processes this archive.

Here are some immediate questions that need to be addressed:

1. Will user profile information also be archived and made accessible? And historical changes to user profile information? If so, can users update the profile information that might be archived at LOC?
2. Will lists of followers and who is followed be included? If so, how will the be updated?
3. Will geo-locational data be included?
4. Will the LOC allow automated scraping of the database (by search engine crawlers or other bots)?
5. Will the LOC allow commercial use of the archive?
6. Will the LOC process the archive in such a way to create categories of users or tweets? Essentially, are we going to see a Library of Congress Classification scheme for tweets?
7. Currently users can delete tweets from Twitter, which (presumably in a reasonable time) are deleted from Twitters logs, and no longer discoverable. Will users have the ability to remove unwanted tweets from the LOC?  (I presume not)

I look forward to seeing more information as the day progresses.

UPDATE: Twitter has now posted its own announcement, which provides some further details:

It is our pleasure to donate access to the entire archive of public Tweets to the Library of Congress for preservation and research. It’s very exciting that tweets are becoming part of history. It should be noted that there are some specifics regarding this arrangement. Only after a six-month delay can the Tweets will be used for internal library use, for non-commercial research, public display by the library itself, and preservation.

Interestingly, they’re enforcing a 6 month delay before public Tweets are made available to the Library of Congress. What remains unclear is whether the LOC are given live feed streams, and must simply embargo them for 6 months, or whether Twitter is only providing the LOC the archives after 6 months have passed. (The latter would provide users more opportunity to delete tweets that they might want taken out of public circulation — see item 7 above).

This is also a bit odd since Google apparently is providing real-time access to all Tweets without any such delay. Why a commercial entity is allowed immediate access, while the Library of Congress must wait, remains a mystery.

Finally, while Twitter notes that the archive can be used only for non-commercial research (good), it remains unclear whether the restriction for “internal library use” is meant to mean that only the library can use the archive, or whether the “public display” provision also means a searchable database will be made available.

Time to request of a copy of the agreement.

I argued, however, that we cannot be so quick to presume the expectations of potential research subjects. Yes, setting one’s Twitter stream to public does mean that anyone can search for you, follow you, and view your activity. However, there is a reasonable expectation that one’s tweet stream will be “practically obscure” within the thousands (if not millions) of tweets similarly publicly viewable. Yes, the subject has consented to making her tweets visible to those who take the time and energy to seek her out, those who have a genuine interest to connect and view her activity through this social network.

But she did not automatically consent, I argue, to having her tweet stream systematically followed, harvested, archived, and mined by researchers (no matter the positive intent of such research). That is not what is expected when making a Twitter account public, and it is my opinion that researchers should seek consent prior to capturing and using this data.

A healthy debate on this issue followed, and continued in a separate thread on Facebook, which included the following varied positions & responses (edited and condensed):

1. “…if the account holder tweets to the general public, then it’d seem like there’s no expectation of privacy so no consent would be necessary.”
2. (me) “But isn’t my expectation that even though my tweets are public, they’re often lost in a sea of hundreds of tweets among my followers, and I never anticipated someone would archive, mine, and perform research on them?”
3. “If you’re comfortable with your anonymity being guaranteed only by virtue of your public tweets being hidden in plain sight among millions of others, then you’d have to realize that some determined person could follow just yours, archive them, and analyze them. I like my privacy, but I don’t worry about walking around a city or campus even though …”
4. “…depends on how data are being presented – e.g. in aggregate vs specific “quotes” that could easily be traced.”
5. “Many IRBs would say yes [consent is needed], or at least would require you to get a waiver–publicizing the extremes to which IRBs go…”
6. “…IRB application is required. You could request that Informed consent be waived with the argument that you are only analyzing tweets broadcast publicly, and that you de-identify your data to eliminate potential risk to the individual”
7. “I would say if it is for research and you are dealing only with publicly available documents, then no, you need no consent. you can run that by the irb and get a waiver, but in the end, you are dealing with publicly available documents… not people, subjects. If you are dealing with subjects and not documents, then you will need irb clearance.”
8. “Tweets are publications. I think it’s absurd to even consider IRB review for anything dealing with things people have published”
9. “The questions are: 1) Are you conducting research that is intended to be published; 2) Does your research involved human participants; 3) For these human participants, will you gather data through intervention or interaction with the individual; and/or will you gather identifiable private information about them. (45 CFR 46.102(f))
   If these 3 conditions are met, your research must be reviewed by IRB. They will work with you and determine whether or not informed consent is required. In your case, if you are NOT interacting with the individual publishing the tweets, and the tweets are broadcast and searchable as public records (that is, you don’t need access to their account to view tweets posted to a limited audience), then it won’t fall under the definition of research with human subjects.”
10. “If i download all of Michael’s published papers, blog posts, twitter posts and each one he publishes thereafter… are they the same? or different? I’d argue the same, just for different audiences.”
11. (me) “What if tomorrow, I decide to take my Tweet stream private. And I delete my blog posts. Does my affirmative action to purge my documents from the “live” web mean that you (researcher) need to treat that previously archived material differently?”
12. “If the individual changes their intent regarding release of data, then by IRB standards what might previously have been considered publicly available information, then becomes private information, and your collection would likely require BOTH IRB review AND informed consent, b/c the user now has an expectation that their information is protected.”
13. “Once tweeted, a birdsong is gone forever. No deleting or taking back what’s been broadcast to the world. If someone seeks privacy, they should seek another method of communication. If from the beginning, there was some kind of inherent expectation that tweets were private messages, then the situation might be different. But the whole idea of tweeting is to voluntarily publish or broadcast. It’s different from, say, e-mailing or IMing.”

What we see here are numerous, intelligent researchers not in complete agreement about wither consent is necessary, about whether one’s tweets are “publications” not needing IRB review, or whether Twitter-based research is dealing with “human subjects” that does require strict scrutiny. There’s also some question about how to deal with the fact that users might make information private after an initial release, something our current forms of communication allow more than in the past.

What do you think? If readers have had experience with related research ethics issues, and how their IRB dealt with is, please email me or leave a comment.

Aside: Interestingly, Adam Fish, who I’ve friended on Facebook, saw that discussion and wanted to repost the thread on his blog. Respectful of the delicate nature of re-posting other conversations and moving them from the controlled environs of Facebook to a public blog, he contacted me to ask permission. He didn’t, apparently, contact each of the commenters to ask for their permission. I felt it necessary to get consent from everyone in that thread before authorizing its re-posting. When I asked each of them, all agreed (with some edits), and some took the position that the Facebook conversation was de facto public, even though technically only a certain set of users (friends of the participants) could in reality see the thread.

[image from TPorter2006]

In Code, Lessig argues that all of the rules, tendencies, affordances, and constraints of/in cyberspace are the result of human decisions, actions, and, ultimately, code. What we can and cannot do there is governed by the underlying code of all of the programs and protocols that make up the Internet, which can, alternatively or simultaneously, permit and restrict certain human actions:

In real space recognize how laws regulate – through constitutions, statues, and other legal codes. In cyberspace we must understand how code regulates – how the software and hardware that make cyberspace what it is regulate cyberspace as it is. (1999, p. 6)

For Lessig, “how a system is designed will affect the freedoms and control the system enables” (Lessig, 2001, p. 35); the very architecture of the Internet dictates its politics and ideology. He argues that it is the architecture of cyberspace that constitutes its culture, its community, and its freedom; and as the architecture is threatened or changed, so is the culture, community, and freedom it enables.

To see this in action, consider two recent examples: a change to the default reply settings on the Association of Internet Researchers discussion list, and a similar change implemented by the microblogging service Twitter.

:: Air-L ::

The Association of Internet Researchers hosts a quite active discussion list (air-l) on all things related to Internet studies. This past Sunday evening, the list manager sent out the following message:

Up until now on air-l, replies to messages posted to the list went, by default, to air-l. The default reply setting for air-l has been changed. As of now, replies to list posts will go privately to the message poster and not to air-l. If you would like people on the list to see your reply, you will need to manually insert the air-l address into the To: field of your reply.

Within minutes, this change was strongly criticized:

I think this is very detrimental to the community. This change fundamentally destroys the conversation construed as a group, and forces it to be between individuals, unless they consciously choose otherwise. …Air-l should be about collegiality and sharing, not about replying to individuals…. (source)

A lengthy discussion ensued, which included more detailed explanations of the motivation behind the change (centering on a concern over the inability to remove personal/confidential/harmful information that might be mistakenly sent to the entire list given the original default reply setting — a motivation that has been questioned by myself and others). Some also found the nature of the change quite surprising considering we’re an organization who studies Internet-based communication and culture; while others criticized the lack of community feedback, participation, or notice about the change.

The debate continues, but what it reveals is how the architecture of a system can impacts not only the mode of communication, but also the members’ sense of community, dialogue and sociability. As one commenter put it: “Even small technological changes can have immense social and political repercussions.”

As Lessig states, code is law, and as the reaction to the change in settings on the Air-L list reveals, many fear that this new code will regulate their experience in new — and detrimental — ways.

:: Twitter @Replies ::

At just about the same time as the Air-L debate, Twitter announced a similar change to how it would treat replies on its microblogging platform:

We’ve updated the Notices section of Settings to better reflect how folks are using Twitter regarding replies. Based on usage patterns and feedback, we’ve learned most people want to see when someone they follow replies to another person they follow—it’s a good way to stay in the loop. However, receiving one-sided fragments via replies sent to folks you don’t follow in your timeline is undesirable. Today’s update removes this undesirable and confusing option.

Translation: If I follow certain people, I can see their tweets, including those they send in reply to people I don’t follow. Twitter states their data shows this is “undesirable,” so, with this global change in place, I no longer see replies from friends to people I myself don’t follow.

Again, the reaction was swift, with the hash tag #fixreplies quickly emerging as a means of following the chatter.

And again, we are reminded of Lessig’s warning that the way a system is designed regulates our experiences within it. Consider this commenter’s reaction:

The new policy isn’t something you have to opt-in to. It’s not something you can opt-out of. It’s true for people who use 3rd party Twitter clients to read their Tweets. It’s more fundamentally closed than Facebook is; on that site I may not be able to view the profiles of strangers talking to my friends, but I can see that the conversations are happening and I can read the comments. This new Twitter policy breaks one of the fundamental rules of social activity streams: that I can discover new people by seeing who is conversing with the people I already know.

As with the Air-L issue, this is an ongoing debate with arguments from both sides (and Twitter appears to be making changes their original tweaks).

The point of both these cases is that architecture matters; especially architecture that is hidden, controlled by others, and set globally. The way a system is designed is constitutive of its culture, its community, and its freedoms; and as Lessig argues, when the architecture of a system is threatened or changed, so is the culture, community, and freedom it enables.

Popular social networking site Facebook announced, to great fanfair, a system that lets developers build new applications using Facebook user profile data, but one privacy advocate charges that the site failed to give users enough notice about how their personal data can end upon new websites without ever choosing to let that happen.

Thanks to the new system, Facebook users could find themselves having their looks publicly voted on at the Facebook extension site CampusRank.com, if anyone in their circle of friends nominates them. In fact, they could end up on that site or others and never know about it, since these sites can get data about you from anyone with the right to see your page on FaceBook.

Guilherme Roschke, a staff attorney at the Electronic Privacy Informaion Center and a Facebook user, says that FaceBook should have learned its privacy lesson from an earlier gaffe, when it unilaterally decided to push out information on users’ activities to their friends.

“Facebook hasn’t told people they are now being exposed to third party applications,” Roschke said. “They have made the general announcement, but there was no notice to me as to whether I wanted these settings. I didn’t have an oppurtunity to say no and I have to go in to the privacy page and opt out.

“Privacy is about control, and Facebook should have recognized from the last revolt that people want fine-grained control over their data,” Roschke said.Facebook is opening its community to outside companies using an set of hooks known as a Application Programming Interface, a set of protocols that let outside developers send structured requests to Facebook and automatically get information back. For instance, a Facebook user can log into a site that tracks political affiliations and that site can then send a request for user profile information about all of that person’s friends in Facebook. FaceBook hopes that opening up its data will make the site into a platform that will be widely used and keep it popular.

Its main rival, MySpace, has no API.

APIs have emerged as one of the defining features of this sexy Web 2.0 thing we’re slogging through at the moment – they allow all those nifty mashups and what not. Apparently, however, there is a need for scrutiny of the flow of personal information across API frameworks, whether users are consenting to these flows, and how they might impact existing informational norms (one of many future projects).

But – not altogether surprisingly – a glitch has been discovered:

Twitter, the popular messaging site which has gained traction among the technorati, has come in for plenty of criticism for downtime, bugs and trouble keeping up with the volume of users signing up.

But its latest problem takes things beyond the merely irritating and into the realm of dangerous – by undermining user privacy.
… a glitch in the Twitter API – which is used to let third-party applications mash up Twitter data – has left “private” users looking very exposed indeed…. Private user information is visible on Twittervision’s many user pages, which are built from the information extracted from the API.

Right now this might seem like only a minor bug. But consider this: Twittervision’s pages are indexed by the search engines, meaning that messages that users may have sent privately between friends are now not only visible on the web – they are also potentially searchable forever.

While they can fix this going forward, what of those semi-private personal data streams that have already been indexed by Google? Well, perhaps the whole world will now always have access to the fact that a whole gang of women with dogs just walked past elbowdonkey’s window.

Seriously, though, there could be personal information within these streams that users do not want — let alone realized could be — indexed by search engines. I’m working on some new ideas about Twitter and this kind of personal data sharing & related surveillance. More to come soon.

[via Pogo Was Right]

UPDATE: Dissent points us to Twitter’s response to this issue, where they basically say, “hey, not our fault.” It appears this flaw is the result of Twitter users signing up for an outside service based on Twitter’s API – but the service wasn’t paying attention to whether users had flagged their content as “protected” – thus publishing everything.

But Twitter really can’t absolve themselves of all guilt here. They should re-design their service with user privacy in mind, and give users more control over how their data is used. Instead of just blaming the third party, Twitter should be proactive and either (a) not allow content flagged as “protected” to be shared with third parties via the API at all; or (b) add a setting for users to choose whether to allow “protected” content to be shared via the API.