Susan Crawford blog :: Seeing privacy

This Month

Month Archive

June 2006
May 2006
April 2006
March 2006
February 2006

Year Archive

2007
2006
2005
2004
2003

Search Google

Previous:	Forward-thinking remedies
Next:	Why did Disney Change its Mind about Network Neutrality?

Seeing privacy

by Susan on Thu 06 Apr 2006 11:22 PM EDT | Permanent Link

Two years ago, you'll remember, someone did a survey showing that about three-quarters of the office workers who walked by were willing to give up their passwords in exchange for a chocolate bar. Other surveys show that passwords will be given up for cheap pens or for nothing at all -- just because someone asked.

In a world in which users will sell their passwords for a candy bar, or a cheap pen, or just because someone asks, why are we worried about privacy? Heck, kids don’t seem to care about privacy at all, and they’re a key demographic, so let’s do everything we can – let’s get deep into the online narrative of people’s lives; let’s find ways to get them the most useful content, personalized ads, and psychically appropriate materials we can...

We care about privacy because we live in a weirdly split world. Yes, people will sell passwords for a candy bar, and yes they’ll sign up to have supermarkets track everything they do – willingly. But there are tipping points when people suddenly get extremely nervous and upset about tracking behaviors they weren’t aware of – and then they go wild.

These aren’t (really) legal concerns. There isn’t a broad online (or offline) privacy law regime in the US. In fact, it’s very difficult to tell what is meant by privacy. It’s sometimes as if kids are standing yelling at someone else: “you invaded my privacy!” One thing is clear – things computers are good at, like collecting and aggregating and slicing and disseminating data – are often viewed as informational privacy issues. And particular kinds of data (about health and money and kids) being processed by computers is of particular concern.

So companies care because people and legislators and attorneys general care about privacy, in a somewhat faddish way. Companies also care because it’s the right thing to do -- so they use fair information practices and make their best guesses at how things will work.

I believe that within the next year or so there will be a tremendous privacy-related backlash related to search/advertising and social network applications. It will come from some unexpected direction, despite the best efforts of online search companies' inside and outside advisors to keep it from happening. It will come because people don’t realize how public the internet is. Every once in a while, people wake up and realize what search engines/advertisers know about them, and it worries them enormously. And they write letters and organize boycotts, and all of this activity can be enormously harmful -- as Sony found in connection with the root kit episode [pdf; fine Ed Felten and Alex Halderman paper].

I also believe that all of the privacy-related energy directed at the application layer (at social networks and portals and search engines) may be missing the point. The real story in this country about privacy will be at a lower layer – at the transport layer of the internet. The pipes. The people who run the pipes, and particularly the last mile of those pipes, are anxious to know as much as possible about their users. And many other incumbents want this information too, like law enforcement and content owners. They’re all interested in being able to look at packets as they go by their routers, something that doesn’t traditionally happen on the traditional internet.

The network owners will point out that there are lots of good reasons for this – in a sense, it’s like turning the internet into a mobile phone network. Everything on a mobile phone network is tracked and known to some central authority. We don’t (really) have spam or viruses on mobile phone networks, and that’s because packets can be authenticated. Someone is in charge.

The connection between broadband providers and law enforcement is very tight, and so the connection between the information gathered by these providers and law enforcement access to this information will also be very tight. Maybe that’s fine. We swing back and forth – right after 9/11 we were only mad about commercial uses of data, and the government could do no wrong. Now the pendulum is going in the other direction – we are beginning to be upset about what the government knows about us.

But let’s start with social networks.

MySpace, Xanga, Flickr, Facebook. Hugely popular, full of people, MySpace second only to Yahoo! in page views, and has more people visiting than NYTimes.

These sites are easily publicly searchable and viewable, although you have to register for MySpace and Xanga to look around, and have a college email address for Facebook.

Oddly, people using these spaces may feel that they’re just having a conversation with their friends, not thinking about large-scale, perhaps automated searches/hunts about them carried out. This is like being on a live TV interview, and seeing only the guy across from you, and not realizing that anyone can see you in the world. This kind of belief that the internet is a special area, not subject to usual policing, has recently come into conflict with the desires of actual police to track people down who are listed in these spaces. Princeton has caught people scaling buildings and drinking – both against campus rules – by searching these spaces, and Wikipedia has a whole page of campus/actual police raids of these spaces. Not to mention the records created for future employers and political enemies to check. (The comments on Ed Felten's blog have guided me in writing this.)

So this strangeness of assuming it’s a private space is running headlong into reality. Most of the social clues on these sites seem to indicate that you’re just talking to a small group, because comments come from people you know or who are repeat players. Users really don’t see EULAs or privacy notices. What they see is a warm community that seemes to care about them, and they don’t monkey with the defaults made available to them that could shield their information from people they didn’t know. Facebook supports this understanding:

We built Facebook to make it easy to share information with your friends and people around you. We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. Our default privacy settings limit the information displayed in your profile to your school, your specified local area, and other reasonable community limitations that we tell you about.

When people wake up and realize that MySpace and Facebook are not private, they will experience a kind of loss of innocence, and they may even take down their sites. Some are prognosticating that a long, slow backlash against Web 2.0's social applications is now going on. The recent embrace of a deli.cio.us "no-sharing" setting for tags seems to support this trend. (see also isolatr and snubster.

More seriously, a student in Toronto was recently suspended for making a death threat against a classmate as well as Dickens and Shakespeare on Myspace. A man, 23, flies from Georgia to Minnesota to find a 15 year old he imagines he is in love with, and the evidence shows they kept in touch via Myspace. There are a couple of murders that seem to connect to Myspace.

On the other hand, we won’t see social collapse because of people showing their profiles to others. We love to see our fellow humans talking about themselves. It’s like that great documentary series, 7-Up, tracking children across their lives (which someone should give me someday) -- completely gripping.

So what happens when Yahoo! buys Facebook, or MSN? Facebook is said to want $2 billion, and they turned down an offer for $750 million. Does all of this stuff become even more searchable? Does that make people feel betrayed? I don’t know, but I suspect it will.

And what happens when all of these applications become reachable by all mobile devices? Phones signal their locations constantly, as long as they are on. Wireless companies need this business, because mere wireless phone service isn’t really worthwhile any more. So they want to be able to allow you to wirelessly look up names and browse social software message boards.

The next step, which is not so very far away, will be the ability for someone to create a detailed dossier of your life. The idea is that all the pictures of you (taken by friends) and uploaded to Flickr could be recognized through biometric identifiers. The place of uploading can be determined because someone will know what phone was used – and all devices will have their own IP address (although the IETF has made sure that this number isn’t necessarily linked to its hardware identification, the phone's ISP will know).

Now, good things can happen this way – people can meet up and murders can be solved

But what about the looseness of online life and the free speech found there. Will this be chilled?

I don’t think so. But we will need to have better education about what happens when you interact with one of these social software applications, and make far better disclosures about what happens potentially to the information you share. Visual signals about what’s going to happen to your data might be a great idea.

Recently, six agencies cooperated to substantially simplify Gramm Leach Bliley disclosures by creating a prototype financial privacy notice. The end result is you can’t do much to limit disclosure of your data, but at least you knew that.

Speaking of police searching social network sites, it seems to me likely that the privacy backlash will come from some combustible combination of commercial plus law enforcement use of social network data.

Some background here: Our government has an insatiable desire for data, and outsources the collection of enormous amounts of it to avoid the operation of surveillance laws. This is leading to an unstable situation – the GAO reported recently that data being gathered/paid for isn’t necessarily accurate, and health data isn’t necessarily kept secure, yet it stays around forever.

A couple of recent events brought this home. The NSA scandal, reported in the NYT in Dec. 2005: President Bush had authorized warrantless wiretapping of people – telephone calls and internet communications -- on US soil without express statutory authority. (John Dean has said that Bush is acting just like Nixon.) There’s an argument over whether Bush had authority under an Authorization to use Military Force in Afghanistan, but it’s questionable. EFF has sued AT&T, pointing out that AT&T essentially opened its electronic doors to the govt, collaborating in what was arguably an illegal domestic spying program. The DOJ has kept the documents at the heart of that case from coming out, but it’s clear that what DOJ was doing was datamining enormous amounts of records, finding relationships and patterns.

So – three things are working together here, a toxic combination of a view of the presidency as being beyond the law, a view by citizens that the internet is somehow “safe,” and collaborating intermediaries who possess enormous amounts of data.

The recent Google subpoena case fits here as well. Again, the government was seeking a lot of data to help it prove a case, and trying to argue that Google was essential to its argument. Google justly was applauded for resisting the subpoena, but the case is something of a double-edged sword. It made people realize just how much Google has on hand. It isn't really a privacy case, because all that was sought were search terms and URLS stored by Google -- no personally-identifiable information. But still this case sounds an alarm bell in the night.

Just imagine what the search engines and social networks know about us – how useful they are as a kind of Easy button for law enforcement to use to pull together previously-unimaginably rich data.

But the real privacy story isn’t in social software applications or search, even though there will undoubtedly be some enormous privacy backlash soon.

The real privacy story is, as I said at the beginning, in the depths of the pipes, where the network operators are seeking control. First, all packets won’t be equal, and second, network providers will be tracking who is using their network, what IP addresses are doing what.

Prioritizing packets requires looking at them, and looking at them makes it possible for much more information to be available. Cisco, in particular, has a strategy it calls the “self-defending network,” which boils down to tracking much more information about who’s doing what. All of this plays on our desires for security – everyone wants a much more secure network, right?

So, long story short: the real battle over privacy has to do with how much the telcos will know (when they are our only ISPs) and who they’re willing to share it with, and how much they’re willing to do with it. This battle is being fought around the world, but it's a lopsided fight.

To sum up this overly long post: social networks are rich minefields for privacy backlashes, particularly when combined with governmental desire for data; but law enforcement desire for data may lead, with the telcos' cooperation, to the reality of perfectly surveilled and authenticated networks -- making the powers of MySpace seem irrelevant.

So online companies need not only to have the best practices for social data, but also to support their voices in Washington fighting for an open internet. It’s a hard fight and the telcos are way ahead of us.

Posted to:

Main Page

Comments

Post a comment

Re: Seeing privacy

by jonmars on Fri 07 Apr 2006 03:45 AM EDT | Profile | Permanent Link

I became all too aware of this when I first registered with your blog host's network and it made a search on my chosen username list my FOAF profile as the first result. Sometimes it is hard to tell what effects your actions online will have on your "privacy."

Re: Seeing privacy

by Paul Kouroupas on Fri 07 Apr 2006 01:58 PM EDT | Profile | Permanent Link

To date, the media has focused on the U.S. government's inspection of library records under the Patriot Act, but no one has investigated whether the U.S. government is working with credit card companies to examine purchasing habits. Since terrorists presumably know that their library habits are subject to scrutiny, wouldn't they just buy books instead of borrowing them? The credit card industry already has an incredible data mining operation that I am sure the U.S. government is already tapped into, but there is never any mention of this. Is that because the credit card companies are such good advertisers? A month's worth of purchasing habits is at least as revealing as a month's worth of web surfing.

Re: Seeing privacy

by Bogdan on Mon 11 Feb 2008 02:10 PM EST | Profile | Permanent Link

The right against unsanctioned invasion of privacy by the government, corporations or individuals is part of many countries' privacy laws, and in some cases, constitutions. home alarm systems

Re: Seeing privacy

by cristi on Thu 06 Mar 2008 11:10 AM EST | Profile | Permanent Link

The government has surely tapped phones, internet actions and messenger discussions without us knowing about it and as long as we're not doing anything illegal this should not bother us. The war on terror is more important. Concerning credit cards, the banks might have some sort of confidential contract with the client but when the law wants some info that confidential contract is violated. Terrorist can be tracked or monitored by watching their debt settlement and transactions. Hell, we all can be monitored like this. To be invisible means to have cash and spend it in different places, the series on the bill must not be consecutive and so on.