Guest blog from Ajit Jaokar.   Original post is here

Overview

The many privacy related issues raised by the Web will be amplified in the world of mobility and even more so, in a world dominated by sensor networks. Current thinking seems to converge on one important conclusion: through the combined interaction of law, technology and Internet literacy, people should be in a position to control how their own personal information is made available and used for commercial (or other) purposes.

In this post, we explore the feasibility of users managing their own data. i.e. if we indeed want users to manage their own data, what are the issues involved in making this happen? We also look at an alternative i.e. allowing devices to mirror social privacy norms. Hence, I see the discussion as ‘Changing user behaviour to incorporate new device functionality’ OR ‘Changing device behaviour to mirror privacy expectations in human interactions

Privacy and management of data – A background

Today Facebook has become the lightning rod for privacy and they continue to push the issue with new products like “check ins” where facebook allows others to “tag” or check you in at a location, provided you are Facebook friends. Predictably, this has drawn fire from organizations like the ACLU – American Civil Liberties Union when they say Facebook Places: Check This Out Before You Check In. And we see new products and services that are launched to protect user privacy. For example The Fridge aims to be a service that shares content with a group i.e. if you belong to a group everyone can see it. You don’t have to ‘friend’ everyone and by the same token, no one outside the group can see it. Cataphora’s freeware “Digital Mirror” helps to gain an understanding of what we might look like to other people online.

The complexity and benefits of social networking data

Discussions about Privacy generate a lot of ‘heat but little light’. The concerns of data management are known and everyone has a view on it. Everyone wants to be protected and most people have a perception of being ‘exploited’ by companies. But social network data is complex. Noted security expert Bruce Schneier recently published a revised taxonomy of social networking data. It can be summarized as:

• Service data is the data you give to a social networking site in order to use it. Such data might include your legal name, your age, and your credit-card number.

• Disclosed data is what you post on your own pages: blog entries, photographs, messages, comments, and so on.

• Entrusted data is what you post on other people’s pages. It’s basically the same stuff as disclosed data, but the difference is that you don’t have control over the data once you post it — another user does.

• Incidental data is what other people post about you: a paragraph about you that someone else writes, a picture of you that someone else takes and posts. Again, it’s basically the same stuff as disclosed data, but the difference is that you don’t have control over it, and you didn’t create it in the first place.

• Behavioral data is data the site collects about your habits by recording what you do and who you do it with. It might include games you play, topics you write about, news articles you access (and what that says about your political leanings), and so on.

• Derived data is data about you that is derived from all the other data. For example, if 80 percent of your friends self-identify as gay, you’re likely gay yourself.

There are other ways in which data benefits society. 10 ways data is changing how we live lists the benefits as: Shopping, Relationships(dating), Business deliveries(ex courier services), Maps, Education(schools), Politics(openlylocal), Society (social and spatial relationships through location data), War (wikileaks), Advertising, Linked data and the future.

And I have also said before in the The fallacy of the Better mousetrap: Privacy advocates want to have their cake and eat it too you can’t have it both ways! i.e. publish your content/data and then ask for a share of profits! The future is likely to get more complex in a world dominated by mobility and sensor networks as I point out in The Silence of the chips

Changing User behaviour v.s. Changing device behaviour

How realistic is the idea of people maintaining their own data? i.e. changing user behaviour?

This sounds very seductive until you realize

a) That there is an extra step (inertia) to overcome in managing my data. This will be in multiple sites (facebook, MySpace etc)

b) Much of the data about me is not owned by me (ex comments about me created by other people)

c) The real concern often is metadata i.e. data insights derived by a site based on collective analysis of multiple people which is then retrospectively applied to individuals. Data is owned by individuals, metadata is owned by the site

d) In a world of Mobility and sensor networks (see silence of the chips above), the ability to individually permit or deny sensors to monitor information about people is probably unfeasible. What are the implications in that case?

The option is for us to maintain our behaviour but to have devices change according to society’s privacy norms

Danah Boyd raises an important point when she says that: Privacy Is Not Dead – The way privacy is encoded into software doesn’t match the way we handle it in real life. The reason for this disconnect is that in a computational world, privacy is often implemented through access control. Yet privacy is not simply about controlling access. It’s about understanding a social context, having a sense of how our information is passed around by others, and sharing accordingly. As social media mature, we must rethink how we encode privacy into our systems.

And Instead of forcing users to do that, why not make our social software support the way we naturally handle privacy?

Thus the question for me is: Is it realistic to expect users to take responsibility for their own data? OR should we make our social software support the way we naturally handle privacy? So, should we focus of changing behaviour of people OR changing behaviour of devices? The privacy concerns we are seeing are just the tip of the iceberg and I think this question would apply more to mobile and sensor data going forward.

I realise of course that this could be a false dichotomy but I feel that if we spent more efforts on making our devices mirror social norms of privacy, we could have a greater chance of success rather than changing the behaviour of people.

In the good old days there was the phone book.  A list of all phone numbers in your area.  You could flick through this open, public record and find out where someone lived and their phone number.  Easy, simple and in black and white delivered to your door.

Back in 2006 when Ajit Jaokar and I wrote "Mobile Web 2.0" we created an idea about "I am a tag and not a number" - which was to become a bedrock of PhoneBook 2.0 thinking.  The thinking was that phone books will die as the phone number is dead; you will become what others tag you as.  This move would allow phonebooks to move on from a disconnected phone number and become an connected action and activity delivering: book a meeting, message, call, IM, find and locate,

In the old model you trusted the company who printed the phone book to remove (in the next addition) your details if you so wanted.  However, once printed there was always a copy at the library if you wanted older versions to see if someone had just gone x-directory.

Yes there was a lot of work involved, you had to find the directory, pick it up, use your brain to determine where "F" "I" "S" "H" was in the alphabet, run your finger down the page and horror, write down the number, before you walked to a phone and dialled in the number.

But, however you look at it, this was a public record and was open. So why is there so much concern about web directories.  Yes it is easier to find and any lazy fool can do it from anywhere, but so what?

Is it that we now don't know who to turn to become x-directory (there are too many) or is it that we cannot delete what is there or is it that we are worried about someone else other than a trusted party publishing our data.

In the old printed world there was a sense of control, redress and trust, in the new on-line world we only control what we say we say about ourselves, but cannot control and have little ability to redress what others say about us, or someone providing data that we want, for whatever reason, to keep from open and public scrutiny.

Did our forefathers think, debate, wrestle about the implications of printing every phone number is an open and public book, or was it a useful utility?

Today we are concerned in some ways by the thought that CCTV can capture our actions and the issues about our privacy.  This is balanced with the comfort that so are others and those who have nothing to hide are safe.  Data (video) is kept in the promise that at some point it could be used to protect you, and conversely used to capture you, when the algorithms become sufficiently good to interrupt actions, I hope never intent.

Today, in the most part, the CCTV system cannot link the image of you to an identity of you.  When this link is established could it be used to make your personal data more secure?  If you lost your phone, image the local CCTV network acknowledging that it is not you holding your phone and locks the device up, or indeed starts to track it.

Would such data (systems linking images to identity) be of use, or are the benefits outweighed by the possible downsides?

I got excited when I read this as it was spot on for “my digital footprint”, then I down loaded the report….

Trading privacy for content, John Cass, Director of the Creative Industries Knowledge Transfer Network (CIKTN), the organisation behind the project, said: “Even when we access content for free, we leave a digital trail of metadata behind us.  By aggregating this information, organisations can generate a picture of a person’s behaviours and deliver relevant content to them.”

The biggest issue with using metadata more effectively in this way are public fears over privacy.  However, Cass believes that, in the future, people will increasingly be prepared to trade privacy for content or even financial reward.  At present some companies such as Google and Facebook collect this sort of data without the users fully understanding its value.

“The big challenge will be to make the whole process more transparent so people understand the value of the data they have, how it will be used and what they are getting in return for that data,” said Cass.

“This model already exists with store loyalty cards where we share information about our shopping habits in return for personalised offers and benefits, or cash back. The same model could be developed in the online world with companies delivering highly personalised content or offers to people.

“The traditional view is that content is free or paid for.  The recent introduction of the Times paywall shows how content creators are looking for ways to monetise what was a free commodity.  The other option is supporting the generation of content by intelligently monetising metadata to deliver relevant and personalised information to users.  Effectively people choose to trade some of their privacy for either free content or financial reward.  More than 40% of the creatives we surveyed felt this could have a groundbreaking effect in their business.

“Content companies that recognise the need to make this process transparent and give consumers the power to make meaningful choices are the ones that will be able to drive new revenue streams and delight customers,” added Cass.

Privacy as a tradable commodity was one of several key findings in the CIKTN Beacon report on The Future of Digital Content, part of a programme of 14 projects being carried out by the CI KTN to tackle the big technology related challenges faced by the UK’s creative industries.  Each Beacon Project identifies key innovation and business needs to enable organisations to turn creative ideas into business successes for the UK.

Within the UK, the Creative Industries sector contributes over 6.4% of UK Gross Value Added and is growing at faster rate than the economy as a whole. In 2007, total Creative Industries revenues amounted to some £67.5bn. The Publishing sub-sector is the largest, with Radio & TV and Advertising among the top performers.

Then I downloaded the report.  Some reports stimulate and move everything forward. Some restate where were are, what we already know and only reach what we can touch and feel, sadly this is the latter.

The full report can be downloaded from here:

http://citin.net/download/Digital-content-phase-3-report-final(3).pdf

Otherwise it can be downloaded from their web site at http://creativeindustriesktn.org/beacons/pg/groups/677/future-digital-content-experiences/

http://analytics.blogspot.com/2010/05/greater-choice-and-transparency-for.html

Users can now opt out of being tracked around the web by Google Analytics, the tool I use to track traffic and trends on my websites, just after we discovered SSL secure search. Google Analytics has launched tools that allows users to opt out of having their information (inc IP address), sent to Google.  It is a simple browser plug-in for IE 7 or 8, Google Chrome and Mozilla’s Firefox (no Opera or Safari yet)

Google will always get user information in aggregate, from all those who use the web, which provides them with a satellite view of web activity.  Google tends to know more about a user’s activities across multiple sites than any individual site knows and can use the analysis of the data to improve services aka My Digital Footprint business model.

So is this a preemptive strike before something else, or a tool providing some protection, or have Google run the numbers and predict that the opt outs will be so small (or repetitive to certain sites) that this will not effect the aggregate.

You can also check what Google thinks you are interested in and opt out of targeted advertising. Opting out of those will not stop Google’s display of small text ads on its sites or on other sites, because those ads are displayed, based on the content of the page you are looking at, not on your previous browsing behavior.  The opt-out utility does not block Google’s DoubleClick advertising cookie, which tracks you at sites around the net that use DoubleClick to show ads.  Finally it spears that opting out of Google Analytics will not prevent your IP information or search queries from being logged by the site directly or through other web analytics tools.

Close to dark side thinking I believe and it starts from the wrong point. They question again is why regulate storage of data.  All data should be thrown away. Regulate collection and maybe what can be done with analysis.  My view is that the existing framework is broken and is not suitable for adaptation.

However, I expect it will all happen and have passed by the time the regulator catches up.

Parliament would like more privacy and security in relation to the internet of things

The European Parliament welcomes the development of the internet of things (IoT) but asks the Commission to set up a clear legal framework on the security, safety, privacy and protection of personal data in relation to the IoT. It also points out concerns on other issues not directly related to the IoT, including on the legal uncertainty surrounding cloud computing.

The resolution adopted on June 15, 2010 also proposes that the Commission should carry out a detailed assessment of a number of issues linked to the use of RFID technology, including the protection against cyber attacks, guarantees on the personal data protection and the right to remove or disable tags after purchase (the so-called right to „chip silence‟).

The IoT refers to applications where physical objects become connected through complex networks and provide information about themselves and their surroundings. Examples are for instance fridges able to inform the consumer on any product past its use-by date or cars equipped with chips connected to web-enabled mobile phones to convey information in real time on traffic jams.

1. Background

The resolution follows the adoption exactly one year ago by the European Commission of an action plan, which explains how the Commission will assess and regulate the emergence of the IoT (see EU Ecom Tracker 27). The action plan identifies six main areas of actions to ensure trust and safety for all citizens in the context of the IoT: governance, privacy and protection of personal data, security, standardisation and interoperability, research and development, and awareness-raising and international cooperation.

2. The resolution

The resolution stresses that the IoT requires safe, transparent and multilateral governance as well as a clear legal framework related to data protection and security. It supports the Commission focus on safety, security, governance, privacy and protection of personal data but asks for some complementary measures, including to:

 adapt the current data protection directive to the digital environment (see EU Ecom Tracker 23);

 clarify the concept of „data owner‟ and „data controller‟ related to data automatically collected and processed;

 assess the impact of IoT applications on the current internet network infrastructure in terms of network congestion and data security;

 ensure the development of a transparent system preventing fraud and allowing device identity authentication and traceability;

 strive to establish international standards for IoT applications to facilitate interoperability as well as infrastructure openness, transparency and technology neutrality;

 coordinate the actions on IoT with the work on the Digital Agenda (see EU Ecom Tracker 1);

 give more consideration to the objective of building an inclusive IoT to which all European citizens should have access;

 raise European citizens‟ awareness of new technologies and their applications and promote digital literacy and e-skills.

On the use of RFID technology (e.g. chips and tags), Parliament asks the Commission to:

 give consumers the right to privacy by opt-in and/or by „privacy by design‟ (tag disablement at the point of sale should be automatic unless consumers agree otherwise);

 reflect on the right of citizens to choose products that are not equipped with IoT applications or to be disconnected from their networked environment.

The resolution also asks the Commission to take the following additional actions, which are not directly linked to the IoT:

 to analyse, with the help of operators, aspects related to Wi-Fi security systems;

 to assess the possibility of further lowering data roaming costs.

On cloud computing, Parliament stresses the potential “danger” related to the legal uncertainty surrounding cloud computing, but does not ask the Commission to take any specific measure.

NB. The Commission Digital Agenda foresees the development of a European strategy on cloud computing.

Finally, the Commission is asked to publish by the end of 2010 a timetable with its proposed actions to improve the safety of the internet of things and RFID applications.

There are four common interpretations of the phrase "digital footprint" and
they all share two common characteristics which are that digital footprints
are about an individual's interaction with a digital world and that the data
created from the interaction can be exploited. The differences depend on
how deep, or prepared, you want to look.

The most common definition of a digital footprint is the content you leave
about yourself in the web. This is content you create for a blog, comments
you leave, photo's you up load or your profile and content you create on a
social networking site. There is little difference between your
professional profile and your personal profile. This is used as a
definition in education circles to help children understand that what they
say provides a representation of them what is "Your Digital Footprint?" This
definition introduces the ideas of reputation.

The second definition is created by adding the interactions you have with
the web, with content you create. This is where a users activities are
captured, the types of details captured include web pages viewed, the
frequency of visits along with the intervals between them, clicks, IP
address, the time spent on each page, interactions with forms, landing pages
and downloadable content. In reality every interaction with the web can be
captured and stored. This definition introduces the ideas of attention.

The third definition is that a digital footprint is the content and captured
interactions you leave and the content that others leave about you in the
web. This is the move from you as a single person to you as part of the
social group. This is what you say about yourself and others about you.
This definition introduces the new idea of the social graph.
The forth definition extends the web to other devices and services including
mobile, TV, iPod and m2m (machine to machine)

The forth definition is the most complete and in reality this is what is
happening. It is possible that every interaction with every digital device
is captured and stored. The value from the analysis of this captured data
can be very high; indeed Google and Facebook are built on this data and the
willingness of users to provide data. User benefit in an exchange of data
for free services, and increasingly user don't have to complete forms as the
data is collected as they go about their routes and routines. "My Digital
Footprint" This extremely personal and private data is subject to strict
privacy laws which provide strong protection for the user. The analysis of
this data is where the value lies and that value can come from behavioural
analysis, profiling, targeting, prospecting, normalising, group profiling,
feature profiles, benefit trades and determination of who influences you and
who you influence. 

Finally the phase "Digital Footprint" is also used in two further context,
the first is by companies or individuals trying to show which geographies or
markets their digital services is offered "Our Digital Footprint" and by
companies taking about the size of a digital device, where footprint means
area.
June 2010

Internet players wrestling for control of your footprint

Whatever the personal reason for joining and participating in social networking, the debate has moved from being fashionable to how the key social networking players can unwittingly extend their influence and control of you.   Facebook wants to move from the confines of their own social networking cloud and be able to monitise property outside of their immediate control; hence the introduction by Facebook of opengraph and ‘Like’. The understanding of these new tools is, however, being over shadowed by the privacy setting debate which is also critical to the new Facebook model and its new utility.  The privacy setting allows Facebook to gain relationship data (digital footprint) and together with the tools change the internet from a Google ad centric world, into a relationship dependant Facebook ad centric world.

Issue 101. Control of Privacy settings

It has become evident that social networks will live or die by their privacy policy. Most users appear capable of providing their own interpretation of what privacy controls they would like.  Good tools will enable users to control the level of inclusion or exclusion of information about themselves and thereby control how much they reveal of themselves selectively, with tools that they understand and control.  However, whilst privacy is about the change of control, private is what you have elected or selected not to make public and a company should not be able to elect to change this default or set it open so you have to close it.

Private to Public is not a binary setting

However, when the private/ public issues is represented using a simplistic model such as a straight line, as above, it shows them as a binary choice, with an area of cross over, in the same way good/ evil can be represented and both of these models highlight the inadequacies of the straight line of choice, and specifically with private/public it does not provide enough context or insight to the real issues.  In philosophy, Aristotle presented the idea of a Golden Mean as the desirable middle between two extremes, one of excess and the other of deficiency. For example courage, a virtue, if taken to excess would manifest as recklessness and if deficient as cowardice.  

Applying the analogy from this philosophy to the private/ public debate removes the simple binary judgment and provides are two possible models.  Public is two extremes with private in the middle or vice-versa.  I “like” the public at either end approach as at one end public could mean broadcast TV, newspapers, open, contextual, edited and time bounded.  The other public could be internet public, closed, non-contextual, raw and timeless.  This removes the binary extremes and grey area of public vs private debate moving the debate away from privacy policy towards how we define and articulate public as two extremes.

To subtle to notice

When you consider what is private within these boundaries, it highlights some common assumptions.  Public tends to mean to the general population the broadcast TV model, where we instinctively know how little we should trust headlines but also how rapidly its value can be eroded.  However if this is the only understanding of public we hold, it is inevitable that users will miss the subtlety of the internet public model and the critical issues such as timeless (never deleted) and lack of context (provision of historical context when looking at past materials)

And the Problem is?

For social networking to remain free it needs a business model.  An attractive model is to take your digital footprint, analyse it and sell adverts based on your preferences and relationships.  However, to demand that users continually update their information is hard, therefore when they are out and about in the internet make it possible to “Like” things that automatically updates their profile (and attractiveness for advertising).  However to deliver this, users must change their privacy settings so that social networking site can exploit their data.  Therefore social networking site need to achieve several things.  First, make everything public, but users don’t understand what public means for Internet data.  Second, make it easy for users to deliver new information from outside their bounded network, but users don’t understand the implications.  Three, analyse and sell relationship data, but are users getting a fair trade?

Is there a trade fair?

Applying the understanding of the eight business model built in “My Digital Footprint” there should be a trade for opting for a more public use of your data.  In one direction towards broadcast the trade for your privacy may be for fame and fortune, in the other direction towards trading your privacy on the internet it should be for services.  

An interesting question becomes, in the trade for your Internet privacy, is there sufficient utility offered by the free application providers?  With Google you provide only public data (search key words, nothing is private) and you receive relevant search results.  With Facebook and social networking you provide relationship and private data for a free utility, but what is the utility?  Is it a tribe, is it communication, is it sharing platform, it is a representation of the physical you in a digital world, is it organisation or a new state or a new country, is it connection or is it a channel?   With such an unclear utility, why will users continue to provide more personal data?

Will Facebook survive? 

Overall I have no doubt it will survive but in what form is a more difficult judgement call as Facebook has highlighted that the value of our relationships is sufficiently high that they need them and are willing to risk their Brand to get  more of our digital footprint.  The utility question, trade for our information and implementation of its privacy setting, however, does open up the possibility for new entrants.  It is naïve to say that inertia; my grandma and friends will not change, is enough to keep the social networking market closed. It is possible to your export data, difficult but this will happen.  It is not impossible to see that a new social media company will offer 50% of its equity to users as a trade for moving and privacy.  It also possible to see that your generic login becomes the mechanism to find unique discounts for you, all these open up the market and trade they I hope will provide a more even value balance for users.

So What!

Internet business models are predicated on the user being the provider of the data and the consumer of the data, with the business focussed on sitting between the two and adding value.  There is a battle for your data and relationships and therefore one of the implications of “my digital footprint” thinking is about the alignment of Brand values and the how the company protects and uses digital footprint data.

http://www.reclaimprivacy.org/

The website provides an independent and open tool for scanning your Facebook privacy settings.

Image from http://www.hmrinsurance.ca/privacy_and_disclosure.html

"Privacy: began when people stopped believing that God could see everything and

ended when government realised there was a vacancy to fill"  Roger Needham