Identity
January 29, 2013
Graph Search and the Like.
The question the new Graph Search at Facebook continually elicits in me as I've discussed it on various lists, as well as read a couple dozen articles on it, is:
Do I really need my whole graph to find what I need?
First.. how much and what do i need?
Advertisers, marketers, graph search makers, all operate on the assumption that we all need much more than we do.. and if the last 5 years had taught us anything, it's that a lot of people borrowed a lot of home equity to buy crap they later dumped at Goodwill..
In other words.. yes.. we do need some things, a plane ticket, rental car.. a new laptop.. etc. But I do think many know how to get those things.. without necessarily getting all that much input from others.
And that leads to my other point: how many others do you need, and how much of their input?
This weekend I had a guest here.. who rented a car from Avis.. and it's the third time she's signed up for the lowest level car and then been given a 3-series BMW or a Mini.. for $25 a day.
That's a nice to know factoid.. but if everyone coming to SFO knew it.. she would never get a BMW for a tin can on wheels price.. we talked about whether she would share this anywhere.. and she said no.. she would not share it. Though she's very active on many social communities.
Another angle: about 7 years ago, I was in a book club with Jerry Michalski and about 5 others.. and we would read books on ants and viruses and ecosystems.. trying to apply those understandings to what was going on online.. we did it for a couple of years and it was very helpful.
But one of our conclusions after talking through two dozen books and working through the logic of different takes on systems and people and flows of information was that in the end, you only need the right 5 people to help you find the things you need, get the right ideas, advice, etc to make good choices.. and these were verbal conversations because most often, even if these people were highly active online, they wouldn't necessarily share certain information online, for various reasons (it took too much time, there were consequences for having those opinions, they didn't want to be bugged, etc). In fact, much of the time the good intel didn't make it to the searchable web for months or a year or two later.. and I still find that true today, even with Twitter, FB, quora, tumbler, etc. People who really know stuff don't want or need to show it off.. and there is downside for sharing the data.
So these questions linger for me.. as I think about Graph Search.. which may have some value.. but I am highly skeptical of what, how much, etc.
There will be some value.. but I think maybe it will be comparable to the kind of "lift" that an Ad gets, when some new technology is added to the Ad selection or whatever.. often that lift is just a couple of percent better than before but to Ad people.. that's great.. because they are doing something at scale.
For us.. for individuals.. if Graph Search got us 10% better intel over what we could otherwise find using existing search systems.. would that be worth the increased personal exposure and loss of control over our data we give away in a system like this...
And lastly, I'm skeptical because I do believe Facebook's biggest issue is trust -- people withhold information intentionally. It's not a safe place and most people know it.
Graph Search makes Facebook a lot less safe. Which leads also to the question: do I need to know who in my graph likes something salacious? Really, does this help us develop better relationships or just make our current relationships a bit more unsavory?
So if people search, see what's exposed, and cut down their sharing even more, then the effectiveness of Graph Search goes way down. That 10% bump in quality information you got with Graph Search could turn out to drop 20 points.. you might find that you have -10% quality over your search results compared to before Graph Search.
I think Graph Search will only work when we have Personal Data Stores, and can set terms for use of our data, and then our friends can search our non-public, but friend-shared information, without fear that a company like Facebook will sell us out.
Until then, I'm very skeptical of Graph Search at Facebook, other than as a model for the sea change to come where we will drive our own data and interactions, and treat Facebook as the bar or restaurant it is, where I would most definitely want the in-person protection of clothing. As it stands now, we just got more naked in Facebook, which doesn't deserve to also hold our personal information the way it does now (leading to our naked state there). It's just a Cheesecake Factory online, but most people don't see that yet.
January 27, 2013
Likes, and the Like.
Last week, I went through my whole Facebook list and undid things that "seemed" like they might be an issue if they came up in FB's new Graph Search.
But it's hard to know what could be an issue..
I will say that the way i see the "like" button being used it multifaceted. People like things for many reasons:
* to acknowledge receipt or that they've seen something
* to thank someone for remarking
* to thank someone for taking an action or sharing something
* to show laughter
* to acknowledge understanding the item or page
* to promote a comment so other's see it
* to help a friend who asked you to like something
* to comment without commenting
* to show the poster that you are "there" in their world
* to make it so that you will keep seeing the poster's facebook stuff
* to start receiving the "RSS" feed in your news feed of a page, person, or thing
* to get access to coupons, deals or a contest
* to make the liker noticeable to someone they aren't "friends" with..
* to cause a post, photo or page to show up in their feed to promote it (without actually liking the thing)
* to pee on the item to "aggregate it" in your list of items you want to keep a link to and it may not be because you like the actual thing in the page, photo or post
* to give more happy birthday comments or appreciate other's HBs because the birthday person is close to the liker (a spouse, perhaps)
*and* it's also done to actually "like" something in the traditional sense.
I can even see people "liking" likes (not functionally possible.. but it's done in a way by liking a comment that says something in the above list of ways of paying attention.)
The problem is, most of what I see as "likes" aren't about liking something, as in " I like it !! ". They are about the fact that there is no other way to do something to something on FB in any way, with the exception of commenting which isn't always possible, because you may not have rights to comment due to your relationship with the poster and the privacy settings the poster has set on FB.
Those likes are about attention to something with a variety of meanings.
I'm sure there are more reasons to "like" that aren't about actually having a favorable thought about an item, post, update, photo, page, etc..
But you get my point.
And so Graph Search is silly.. when the search results assume the "likers" all have affection or agree with the item and weren't doing something for some other social reason out of expediency.
Update 4/2/2013: Here are a couple of example screengrabs from my own feed that show this is something others are becoming more and more aware of as they try to make sense of the "like" and the like:
November 14, 2011
Should an Actress be Suing IMDB Because She Doesn't Want Her Age Posted?
Brad McCarty of The Next Web thinks the IMDb: Age-publishing lawsuit is “a frivolous abuse” and should be dropped.
Reading his piece, I can see that on first glance, it sounds silly. An actress anonymously sues the Amazon-owned IMDB folks because they won't remove her birthdate, claiming that it will adversely affect her career. And now, IMBD has asked the judge to only allow the lawsuit to move forward if her name is made public:
"Truth and justice are philosophical pillars of this Court. The perpetuation of fraud, even for an actor's career, is inconsistent with these principals. Plaintiff's attempt to manipulate the federal court system so she can censor iMDb's display of her birth date and pretend to the world that she is not 40 years old is selfish, contrary to the public interest and a frivolous abuse of this Court's resources."
But this argument between IMDB and the actress points to a much bigger issue, and it's not the one about IMDB making its living trading on other's data, whether from Hollywood or the users who add to the IMDB system for free, which I would understand is a fairly selfish undertaking by IMDB.
Why should IMDB be able to operate "selfishly" by publishing people's personal data, outside their discretion, and the actress in question not be able to "selfishly" make a living by trading in her looks for salary? I would say IMDB is pretty hypocritical here. And do they really think the Judge, the public, or the Hollywood set they make money from, are that stupid that we wouldn't understand that IMDB is selfish too?
I understand from reading the Hollywood Reporter article that the IMDB believes she may be the same actress that years ago tried to change her birthday, submitted by a previous agent to IMDB. Since IMDB believes this is an issue of fraud (they have no proof), they now want the identity of the actress made public. But since the old information isn't part of the case, does it really matter? Yes, I get that actresses have lied about their ages for a long time, but is it really "in the public interest" to out this woman? It's definitely in her economic interest not to out her, so i just think Amazon-IMDB are being nasty and frankly it seems frivolous of them to try to out her.
But this is really beside the point.
The Larger Issue
I believe people should be able to choose what personal information is shown about them on websites.. especially data that isn't or wasn't before the past 10 years, public. It's easy to dismiss this as vanity or frivolous.. but as more and more personal data is out there, and as people lose control of it.. it points to a much larger issue: how do individuals control information about them that doesn't really need to be public?
I can see that by having her age obscured, the people who hire her would just think of her age based upon appearance.. which is actually for an actress or actor, probably a good measure. Giving the specific age will plant that in producer's and public's heads. So I can see her point.
Rather than get into a discussion of harms and "how bad is it" about one or another data breaches, I think the real question is:
What kind of society do we want to have, where everyone's data is public and out of their control? What does it do to us, to devolve into a totalitarian model where everyone is afraid because frankly, everyone has something to hide? Or maybe their friends do.
Right now, life and health insurance companies are telling the press and their investors that they are screening people in Facebook. And it's not just you under scrutiny. It's your friends. This was covered extensively in the Wall Street Journal "what they know" series a year ago. There are also finance companies that are telling users to "unfriend" anyone they are connected to in Facebook with bad credit... because when you are reviewed, friends with bad credit will reflect on you.
This issue of personal data and control is much larger than an actress and her age being displayed without her consent.
It's about how we allow others to show information about us, verses having control of it ourselves. I think for a civil and democratic society to work, we can't leave that up to companies with no oversight and a big profit motive, but instead need to think about giving the individual ultimate control over certain types of personal data.
So while the actress may be vain, may be trying to gloss over her age, or may just be reflecting the economic realities of her profession, which i do think are real, and we may poo-poo this as silly, this lawsuit reflects the much greater tension about personal data and control and actually could be a really interesting test case, given that we don't have much privacy law in the US.
May 29, 2011
Discussion: Building for a Personal Data Ecosystem - A Case Study
Just left the Quantified Self conference where I led a session in the last breakout on "building for a personal data ecosystem." Since we weren't on the official program, i was very happy to be holding something in an Infinity session. Fifteen or so people came, and I talked about Personal Data Ecosystem Consortium and our mission for a user centric data model where user's control their data through agents, or Personal Data Stores. I also mentioned what I was seeing at the event, which was lots of folks building apps, making new silos of data, and repeating the model where users' data is in question as to who owns it, and users don't really have access to their data except through the a service's website and possibly an API that might send a little data somewhere else (like twitter or facebook).
I suggested that in a Personal Data Ecosystem, apps makers could take data from their users and send it straight through to the users' Personal Data Stores (PDS). That way if the app or hardware changed or ceased to support their old systems, the user would have their old data to play with in their PDS. And I talked about open formats for the data (think.. what about an open format for Heart Monitor data, where you pulse is described and you can take that data anywhere). Services could think about just providing a great service, instead of trying to manage all the user data storage and security. Users would control their data in their Personal Data Stores/Lockers/Banks, and I said that a bunch of companies were building these PDSs, including Sing.ly which is building the Locker Project.
Sing.ly happened to have someone there, Jared Hansen, who is a developer in the open source project. And there was a guy from Basis, Bashir, who is building hardware (like a wristwatch) that you monitor things like your heartrate with.. though it does monitor many other things as well on your body. We also had a couple of health researchers there, plus other health and wellness companies looking at data, as well as Ian Li, of Carnegie Mellon who is researching data collection and normalization, and a woman from the EFF. And we had a couple of users who talked about what users need.
After a few minutes, Bashir from Basis explained their dilemma around the hardware which isn't all that profitable for them. So initially they were questioning what to do with the data and how to monitize the company. Should they sell the data, or give it to users, or charge uses for it, or give it away to developers who could create a great ecosystem by building lots of apps, thus driving more sales? And who's data is it?
WOW. WOW!!!!
So we were off an running, with the impromptu Basis use case of how to get the value of the data, include the user and let the user have choice and autonomy, and how to leverage what is being done out in the marketplace and with developers creativity with data. Oh.. and don't forget about participating in microformats and Activity Streams creation to make bottom up grass-roots standards for the data formats and exchanges.
We talked through what it would mean to give away the data, support users and ask them if they wanted their data included in studies, get additional revenue for Basis while maintaining the inclusion of the user in the process and what developers could and should do. We brainstormed a lot of things, and covered the good and bad points of how it would all work and how to support Basis' market model while still being good and fair to the users.
I have no idea what Basis will do, but I would love it if they would join the Personal Data Ecosystem Consortium in the Startup Circle, to help build out ways to make a user centric data system for user's wellness data collected with Basis hardware.
What an amazing opportunity Basis has for doing the right thing for users, and leading the wellness and personal data ecosystem by creating a win-win for themselves and users. They could create a new market for wellness data, that is user driven.
Frankly, we need more discussions like this. It's not about Do Not Track models where we kill all the data plus the value of it, and it's not about "business as usual" where the user isn't included and businesses do whatever they want with user data.
It's about creating markets that do right by users and have companies making money ethically and conversing with us in the market.
Thanks to everyone who came! We had many representatives of the relevant stakeholders and the discussion was enlightening and rare.. but one I hope to make more common in the near future!
May 28, 2011
Where is the Personal Data Awareness? And what are the Missed Opportunities at QS2011
I'm at the Quantified Self Conference in Mountain View today and tomorrow.
A few thoughts. There are lots of people here from various disciplines: health care, tech companies like 23andme.com that marry personal genomics and tech, apps makers and health and wellness hardware makers. And lots of folks just wanting to track themselves.
Sessions are preprogrammed (in other words, the conference is all done top down broadcast mode), and now and then in people's statements, a person will pass along the vibe of the old style medical industry (that is: we know more than you and we'll tell you what's true.. that mode was in the opening session where we were lectured to). Though I just walked through all the sessions in round 1 and the individual break out sessions are more discussion mode which is great to see.
There was a near complete lack of consciousness about protecting user's data as I walked in and spent a few minutes in each of the first 6 sessions. The impicit assumption was that "we" (builders, companies, etc) can take data and use it for whatever "we" want. Building systems that aren't just about more silos with data lock-in, or building for a Personal Data Ecosystem model where users keep their own archives and data, and then choose where their data goes, what purpose it's used for and control what is happening isn't on the radar. It is especially important that we look at issues of privacy, control, autonomy, choice and transparency for the highly personal, very sensitive data collected around personal wellness and health.
There is a single session, led by lawyers about privacy in round 2. But the rest of the sessions do not seem to be aware at all that they need to build from concept on for privacy, data control by the users, where users keep their data and the applications, devices and monitoring tools "use" the data with permission.
And there is no session about personal data control, where the QS apps would work on a Personal Data Store. I've asked to have one.. but we'll see if they decide to let me do it. The assumption is developers will just build more silos with more data collected, about you, crossed with other data about you, that after combined, creates yet another silo of data. There may be an API available, but effectively, the data is stuck in another silo, that a regular user can't really get at it, hold it, control it, share it, correct it or delete it.
It's dismal.. thinking about how all this highly personal data is just assumed to be owned by apps makers and companies and users are just cows in a big milking system. The participants of QS are just continuing the tradition started by the health industry and continued by tech company silos in making the users say "Moo." Pick your ecosystem and prepare to be milked.
Lastly, I'm really happy to report that the QS organizers decided to order a really healthy vegetable lunch salad (with either chicken or tofu on it).. Great work on that front!
May 13, 2011
McKinsey's Research Arm Claims Big Data Mining Will Save Us All
Steve Lohr has a write up in today's NYTimes: Mining of Raw Data May Bring a Surge of Innovation about McKinsey & Company's report on Big Data: The Next Frontier for Innovation, Competition and Productivity.
I think we need to challenge assumptions about the inputs... compare the inputs from "hoovered" personal data to that of what people assemble in personal data stores operating in a Personal Data Ecosystem.
Execs from Rapleaf and Intellius have admitted publicly, recently, that they know half their data is bad, they don't know which half. I also sat recently with the woman from Experian who is in charge of segregating and keeping separate data from the internet (verses financial data which is regulated) for their offerings about users. When I posited that a lot of her data was likely wrong, she agreed.
User's obscure their data intentionally because they are scared.
For myself, I can tell you that in the last few years, I have obscured data online (birthdate, zip code, name, address, phone number, preferences, email addresses) as well as health info (not to my doctors, but to data collectors whom I do not trust yet claim they never share the data. For example, you can't get a mammogram in SF / Children's Hosp without sharing a huge amount of very personal data.. so i made it all fake because I don't trust the lab and who they sell the data to...). And I fake it to the pharmacy when they ask for more than my basic info to fill a prescription. In fact my current insurance company has my name and birthdate a little wrong and i'm not correcting them.. because it makes it harder to aggregate my data across systems. Oh.. and my bank spells my name: Hoddler .. and has a slightly incorrect address (don't you love how they key in the wrong data!) and i'm not correcting that either.
I fake all sorts of stuff on and offline... I fail to correct bad data... I know many others do too.. I have since 1994 been faking my data online. Somehow even then, without understanding the privacy issues or how the internet worked then, I just didn't trust the system because I knew then we had no privacy protection in this country (US). As I began working with online technology in 1997, and started really understanding it, I've felt more than ever the need to obscure my data and make it difficult to combine in a pivot about me.
I get that this security by obscurity and mistakes doesn't cut it, but it's the best I can do right now.
So my question for the McKinsey research people is: have they factored this in?
And have they factored in that users have obscured enough information that me at one site cannot be aggregated with me at another site?
Or have they factored in that the people at institutions who key in the data from our driver's licenses get it wrong (my bank with my name and address) or the insurance co (my application correctly filled out.. with my name and DOB) or whatever?
The answer is to give us proper protections for our data. 4th amendment protections and rights over sharing of our data, so that we make sure the data is right. We can aggregate our own data in Personal Data Stores. Then we can trade fairly for that data if we agree to being included in the big data systems McKinsey is saying will help us so much.
I agree big data analytics can help us as a society, but not without good data, and not without including users into the system, as equitable players who deserve to have rights over our data, including choice and autonomy to participate in big data systems.
But until then.. big data is working with databases that are half right.. because we don't have choice, autonomy, rights or protections as users, and that's the first problem with McKinsey's assumptions.
April 29, 2011
Tracking Do Not Track at Morris + King
A bit of Context
Obviously, this diagram is a little cynical (courtesy of Chinagrrrl), but not too far off from how we manage personal data online today. But there are a lot of proposals on the table to fix this dilemma. One is Do Not Track which industry sees as something they can self-impose on an *opt-in* basis (for themselves) and opt-out (for the users) and self-regulate by having advertising trade org.s monitor compliance, with the FTC stepping in as necessary. There are also a number of DNT bills introduced in Congress and various hearings on tracking where the FTC would regulate implementation. And Johns Kerry and McCain have introduce a Rights and Responsibilities proposal in the Senate, that instead of Do Not Track (Kerry's LA, Danny Sepulveda told me DNT is a waste of time) suggest ways that data collectors would have to be responsible with our data. However, that bill lets 3rd party marketing, data tracking and Facebook's privacy bending ways totally off the hook. Both of these plans / legislative initiatives completely ignore the more than 40 startups and companies building for the
That said, the rest of this post describes the Tracking DNT panel at Morris + King the other night.
Tracking Do Not Track
Tuesday night I was on a panel at Morris + King, an PR firm in NYC, called Tracking Do Not Track. Our hosts: Andy Morris and Dawn Barber (who co-founded NY Tech Meetup with Scott Heifferman) were very good about putting together a diverse group of people to talk about Do Not Track and the various issues with personal data and the advertising industry that have so many talking these days. My guesstimate was that about 100 people attended, mostly from industry (tech & advertising).
Our group included:
Brian Morrisey (Editor in Chief of Digiday, an ad industry trade publication) as Moderator
David Norris (CEO of Blue Cava)
Dan Jaffe (Exec VP, Govt Relations for the Assoc of National Advertisers - ANA)
Helen Nissenbaum, Professor, Media, Culture & Communication at New York University
and me: Chair of the Personal Data Ecosystem Consortium
We started off with Brian's question: who are you, what do you do in a nutshell, and what do you think of the state of online privacy these days?
I was first.. and gave a quick explanation of PDEC which is to say that we offer a middle way between Do Not Track (DNT) and what is going on now online (Business as Usual). Our middle way offers a market solution to users' wanting control of their data, and the tracking and digital dossier building by shadowy companies to stop..we don't believe DNT will work and don't support it, though we do see that some kind of "Rights and Responsibilities" legislation would help create a level playing field for any company that collects personal data. Those rights and responsibilities for personal data collectors needs to include giving user's a copy of their data, so they can then put them into personal data stores (or banks, lockers, etc) and then use the data as the person sees fit.
Oh, and I said the state of online privacy was pretty dismal, though I was optimistic because it feels like this year, it's actually possible to get personal data some basic protections similar to HIPPA or FCRA where user's can get their data, and we can make the Personal Data Ecosystem emerge as a market solution that finally works for people. Granted, it's a 5-7 year proposition to really create a new market, but we can actually start this year because of the 40 or so startups that are funded and building pieces of the PDE and the push in the US Government to do something about the dismalness of online privacy.
Helen Nissenbaum, whom I've admired for years for her thoughtful approach to privacy and usability, agreed that privacy online was pretty bad, and explained her work around Adnostic, a "privacy preserving targeted advertising" system made with some Stanford folks.
By far, the best comment Helen made all night was that tracking and aggregating data that pivots on people is not ethical, that it's bad for people and for the incremental 1% improvement we might see in targeted advertising, it's not worth the incredible intrusiveness of tracking. In particular she said, "Anonymization does not change intrusiveness."
Dan Jaffe spoke next, and surprise, agreed that online privacy is not good, but talked about how publishers need to support their businesses and that behavioral advertising is helping them do it, and that Do Not Track should be self-regulated by the industry because they know their business best. And government has a tendency to screw up regulations and therefore, we should let advertisers figure out what works.
Next up was David Norris, who agreed with my use of the word, "dismal" to describe online privacy and said that Blue Cava was supporting a self-regulatory model because they didn't feel that Do Not Track as proposed for legislation was a good idea.
We chatted about the viability of Do Not Track, and with Norris, Jaffe and me all agreeing it wasn't a good idea. However Jaffe said he didn't like the idea of any regulation, that the industry could do it themselves, and that my "data rights and responsibilities" support for legislation would be just as bad for data collectors.
Folks in the audience, like Esther Dyson, pushed back on Jaffe, saying that she wanted the ability to choose where and when her data was out at some vendors site, and that's why, she said, "I'm supporting Mary and her organization" because it's a market model that gave her choice.
I was very pleased to hear her endorse us (thank you Esther!)
In the end, I think we got our message out which is that tracking individuals is a bad thing, that users should be the only ones tracking themselves across sites, but that sites can track within the site to optimize business. And that users should have a marketplace to trade data, like they do in mileage accounts, and choose when they trade, as partners, and not have it done for them in secret as is the case now. And that we want to see users data protected with a basic set of rights, like Health, Education and Financial data currently is now.
Curiously, Dan Jaffe made a comment about HIPPA, the health data protection law, suggesting that users get their health data so maybe they could get their personal data too. Given that that is a law, and he was opposed to regulation of any sort otherwise, I wasn't sure what to make of this.
However, I was really pleased with the opportunity to talk about PDEC, the startups and tech efforts to create a personal data ecosystem, and to provide a different view than the usual support for Do Not Track as we try to figure out what is best for our society.
Thanks Andy and Dawn for inviting me!
March 12, 2011
The right to oblivion
Yesterday at this NCUA ICANN meeting in SF the right to oblivion was mentioned several times. It seems to be on people's minds as they try to figure out what privacy and data control mean to companies, to users, to privacy advocates and regulators.
Peter Fleischer who is Google's Global Privacy Counsel wrote a post on this topic: "Foggy Thinking about the Right to Oblivion" and I think he missed something very important in the discussion where people want to be "let alone." He mostly focuses on explicit data, the kind that user's put out there knowingly. But there is also implicit data, that users expect will stay within a website, and yet doesn't.
So I left this comment, but wanted to post it here as well:
I think you are missing an important distinction. There is data a user puts on the web: a facebook comment, a tweet, a flickr photo, etc. And there is data the user didn't expect to go anywhere except stay with the business they do or did business with:
* geolocation logs from one's mobile carrier
* purchases made with a vendor
* financial statements and the various actions one takes with bill pay, online banking and financial organization
* search activity logs
* an email address given to Facebook to be used as a login
The problem is that users expect that this data will stay with the obvious parties: you purchase something and your data should stay with the vendor and the shipping company. But the reality is your data is being sold all over, beacons are all over the purchase site, and you have no notice at all. Much less consent, except in some privacy policy you cannot begin to understand.
Or Facebook gives your email address to Rapleaf who matches it with activities all over the web. You have no idea, nor did you expect this.
Or you search on your mom's medical condition and now the beacons have transmitted the info to advertisers and pharmaceutical companies.
And you thought deleting your cookies would help. A complete waste of time now with flash cookies, beacons and fingerprinting of your computer.
What I think user's want is the right to control their own data. The right to ask that it be deleted after a period. The right to correct it if something is wrong, and the right to hold it, so they may store it in a personal data store (PDS).
And why, you ask, would anyone use a PDS? Well.. do you use Mint, or Dopplr, or Trippit, or have a mileage account? For that last one, you can get amazing things like free hotel room or plane tickets or even goods like flowers. We already use personal data stores now.. just very primitive ones. And we want the ability to trade our data because we might get a free book or discounted things. Those markets are yet to be sorted out.. but the apps to make that work are coming.
There is a lot to work out here, but there is a Personal Data Ecosystem coming.. companies are building for it, and frankly, we do need a little regulatory help on the side to support user's rights to their data.
And to keep sites, like the examples above, from sending your data off site through beacons and trackers or other data agreements. Instead, Ad companies should be sending websites a black box to process user data internally, and then pick relevant ads, so that sites never have their user's data leaving the site for any reason, unless the user takes it to their PDS.
It's the right thing to do for people.
February 19, 2011
PDEC Response to the FTC Do Not Track White Paper
Here is a link to the Personal Data Ecosystem Consortium response (pdf) I submitted late last night to the FTC about their Do Not Track white paper (pdf).
I got the letter and Q&A to the FTC (33 pages!) just in the nick of time as submission "00472"... at just about 9pm PST on February 18, after which the FTC shut down the submission site. You can see other submissions here but for now, nothing submitted last week is actually listed. Check back early next week for updates and the PDEC submission.
After working on this for 3 weeks off and on, between other endeavors, it's a huge relief to get it off.
Now the real work begins!
February 07, 2011
Speaking of Speaking.. the Personal Data Ecosystem Emerges
The last two weeks I've been speaking a lot. Why?
On 1/28/11 I was at She's Geeky SF leading a session with Kaliya Hamlin, Executive Director of Personal Data Ecosystem, where about 50 women came to talk about what this emerging organization and space are all about, and hear about what Kaliya Hamlin and I were submitting to the Department of Commerce in response to their Green Paper. On 1/3/11 I was at BigDataCamp 2011 (the night before O'Reilly's Strata) in Santa Clara, to lead a session on Personal Data Ecosystems. And on 2/3/11, I was on a panel called CRM versus VRM: Who Controls the Conversation at the Conversational Commerce Summit in SF. Also talking about the Personal Data Ecosystem.
Why all this talking? Well.. as I mentioned Kaliya Hamlin and I have submitted a response to the Department of Commerce Green Paper where they asked for comments about the FTC's Do Not Track proposal and options for how to protect user privacy and conduct secure logins, while still engaging in what the DOC does.. which is advise Congress on how to promote commerce in the Union.
I'm the Chair of the Board of Personal Data Ecosystem Consortium.
And I'm currently writing a response to the FTC's Do Not Track proposal.
Why all this work? Well.. I think the two extremes of on the one hand: shutting down tracking, or on the other: allowing a sort of "business as usual" stance for the intense tracking that goes on as we traverse the web, use our cell phones and generally act through digital mediums aren't the answers. We do need to dramatically alter what is happening, but not shut down the data.
Why? Instead of do not track, I want there a systems where *only I can self tracking*. Because I am the *only* ethical integration point of data about me.
Can you imagine if we did a "do not track" in 1979 when Airline Mileage Programs were just getting started? People have benefited enormously from them.. to the tune, per the Economist in 2005, of $700 billion in benefits. People want some self tracking, if they get something of value. They may want their histories private, but able to share a score or a piece of it, when they want. Because our data is gold. And we deserve to benefit from it.
We need to track ourselves, but only if we want to. And there needs to be no tracking of us, across sites, if we don't want it. But if we do, we need the ability to take our data, aggregate it, and trade it for goods. And to correct it, or delete it Like free plane tickets. And a lot of other things I think we can't imagine now. Because the Personal Data Ecosystem, and things like Vendor Relationship Management are just getting started.
We need to limit the surreptitious stalking of ourselves across digital platforms and sites by others, and take back the ownership of our own data, to be aggregated, deleted and managed only by the individual. And traded when we want to in a marketplace. And we need 4th Amendment protection for our personal data stores.
And we need marketplaces, much like the Mileage marketplaces, that allow us to trade our information, we need Personal Data Services that will store our data, make it portable, so that we can move our data when we want to (think taking your money from one bank and putting it into another) and we need an applications market for developers to do creative and interesting things with our data.
It's time.
January 12, 2010
Information Technology meets Medical: Why We Should All Be a Little Worried
Today I had what I would say was an anecdotal experience regarding data privacy.. calling my OBGYN to make my annual appointment. I ended up using their new website and giving various personal data, only to figure out that they have no privacy policy for data, that the data was going to a third party, and that in trying to make an online appointment, all I really got after sharing data was an email form to request an appointment.
So, here's the scoop.
In calling into the doctor's office, I got their voice system which has always required lots of number punching to finally get through to someone to make an appointment. It's better than 10 years ago where you could literally never talk to anyone in their offices and would just punch numbers endlessly until leaving them a message. That would be followed by a return call that you would invariably miss, having to start the process over, to get another call back.. all to just make an appointment.
Anyway, calling in today only requires two selections, before being told my call was in line to be picked up after approximately 6 minutes of estimated wait, OR I could use their online system. Whooppee! I could make an appointment using what I imagined was a calendar with available timeslots to book appointments? So here is Golden Gate Obstetrics (GGObgyn) big chance to show how they are using information technology to help people organize this process of getting an appointment better and faster!
Super cool!
Er... NOT. So. Fast.
Following the voice system at GGObgyn, I go to http://goldengateobgyn.medem.com/ which redirects me to http://www.ggobgyn.mymedfusion.com/:
The branding all over the site is "Golden Gate Obstetrics" so I'm thinking: okay, this is their site, even though it's got some other root domain name (mymedfusion.com).. in other words, Golden Gate Obstetrics is responsible for my health info, and I just need to get in to see their calendar and choose a time or something. So I go to "create an account" (Note below I've made screen shots of the *second* account I made, called 'testacct' to see what was going on a second time.. since the first time when I made an account for myself, it went by quickly and I wasn't suspicious until the end of the very end of the process):
I put in my name, SS # and DOB and email. After submitting, I was brought to this form (screenshots are in two parts as it was a longer page):
As you can see, there's enough data request there for someone to do some damage if they wanted to. At this point I was getting a little concerned about where this data was going, but keeping in mind GGObgyn's history where getting staff on the phone to make appointments is so difficult, I went ahead and submitted my data.
The screen instantly took me to a logged in state, saying "we are now your Health Record provider" which I found totally freaky. I don't want them to be my Health Record provider. I just want to schedule an appointment. All this, without requesting any sort of email verification or other checking... just gave me an account. At that point, I could go make an appointment:
To say the least, I was shocked. So I just put in all this personal information, dinked around with forms etc, to be given a glorified email form to request an appointment? With structured data about which day of the week I want the appointment? How about a calendar with available time slots? So I could just pick based upon my availability? No... it appears they are going to email me back or call me with times so we could go back and forth over schedules again, in email? Really? This is the promise of information technology for scheduling? I mean aside from the privacy issues, I really felt like I'd been had in terms of my time sink for their silly email form.
I notice there is no help or privacy statement on any of the pages in their system (and I clicked on all of them), and the "ask a question" page is all about medical stuff, not using the website. But I figure GGObgyn is responsible for this site. So I call them, and after a lengthy wait, get the appointment receptionist. And I ask, where did my data go? And she says she doesn't know, but they own the site, so therefore my data is safe.
This seemed reasonable given the interface on the GGObgyn website was so incomplete with so many important things missing (like a privacy statement as I entered in my SS # and DOB and address, etc. or even a privacy policy in the footer somewhere, or a help page, or real contact info), it had to have been done by people who don't normally develop websites.
I asked if the receptionist could give me the privacy policy, or tell me where my data had gone, and she said she would pass me to the "online manager" named Olivia. Olivia started off my telling me she sits on the system "all day long... as account requests from users to join their online system appear on my screen.. I look the patient up and put through the approval if the new user is in fact a patient."
ME: "Really? because my account approval seemed instantaneously to happen on my screen."
Olivia: "Oh yes.. I did that."
ME: "Wow.. you're fast."
Then Olivia reiterated to me that she's there literally every minute at work approving patient account requests.. because she manually approves all new accounts and also is there to pass along requests of appointments.. etc. And she was sure there was a privacy policy somewhere on the system. Her description of the account approval process sort of contradicts the fact that I could make an account called "testacct" and get right into their system without any approval but I didn't bother mentioning that. I just wanted to know where my data had gone from my first real account made with them.
After that, she could only talk about how to use the system from her perspective, not mine. In other words, Olivia had no idea what regular users face (ie, There is no privacy information, as I typed in my personal data, and no real idea other than from reading the URL in the address bar that maybe a third party was collecting my data, etc. Reading address bar URLs is something most users don't do.)
I told Olivia she literally wasn't getting the problem, because she just kept repeating to me how she uses the system (as an administrator over user accounts and for appointments where, I'm guessing, she has to be seeing an administrator version of the Medfusion system or some kind of much more powerful interface than the one regular users see when they log into the system). So she said she wanted to pass me to their office manager, Laura, who said, as she picked up the call:
"Mary, i've been listening to your call with Olivia" ... er.. okay.. no one disclosed to me that my call with Olivia was going to be monitored by others listening in. Unsettling. And possibly illegal. But whatever, that's really the least of my concerns here.
I told Laura there was no disclosure to me in advance of having a third party get my personal data.. and after Medfusion had it, I had no way of finding out what they are going to do with it.
I asked Laura about GGObgyn's ownership of Medfusion, but she replied that Golden Gate Obstetrics *did not* own Medfusion as the receptionist had told me. Instead, GGObgyn used them because they could not email "using Gmail or AOL" about appointments because that "wasn't safe." I was thinking really? Because having a website where my data just goes to third parties with no written privacy policy seems pretty unsafe.
So she explained that every page on their site (see all the screenshots and look hard for it!) have some sort of key symbol in yellow (it's not on any of the screen shots I took of the site, and I took shots of every page on their site), which if i click on the key, "will take me to their privacy policy." Okay.. so ignoring the obvious question of why they have a yellow key to signal a privacy policy (totally not intuitive from a user perspective), I look all over all the webpages that I can get to from the left side navigation, read them to Laura, and confirm that I cannot find the key.
Laura replied, "Well I can't help you anymore, because this is a waste of our time.. if you didn't want to put your information into MedFusion then you shouldn't have."
ME: "But your voice system told me to. And your name is on the website, and you aren't really disclosing that you are giving my data to a third party, MedFusion or telling me what they or you are going to do with it."
Laura: "Well, I can print the privacy policy and fax it to you."
ME: "But I don't have a fax machine. Can't you email it?"
Laura: "No.. maybe i could scan it and send it in email, but I'm not sure... and there isn't anything else I can do anyway." (It was clear she was trying to end the call.)
ME: "Er... Okay." (And then I hung up.)
A few hours later while writing this post, looking at the GGObgyn site, I noted that they added a privacy policy to the left side navigation, though that policy doesn't govern anything about what I entered into the GGObgyn site because it wasn't there when I gave my data. Medfusion and GGObgyn are under no obligation to keep my data safe or private, based on that policy.
No help or contact pages appeared afterward.
The privacy policy, which I read through, has a few issues. First, it starts off just saying "we" .. and my question is, We Who? I mean.. is it Medfusion? or GGObgyn? Me and GGObgyn together? Or someone else?
At the end of the privacy policy, it says under a section called OUR NOTICE OF PRIVACY PRACTICES:
By law, we must abide by the terms of this Notice of Privacy Practices. We reserve the right to change this notice at any time as allowed by law. If we change this Notice, the new privacy practices will apply to your health information that we already have as well as to such information that we may generate in the future. If we change our Notice of Privacy Practices, we will post the new notice in our Center, have copies available in our office and post it on our website.
So basically, they have to follow the policy, but can change their privacy policy at any time and it's retroactively applied to my old data and old terms? Well, I can see why GGObgyn wouldn't even bother having a privacy policy before because essentially, I have no rights over my data anyway.. because they can just change my rights whenever they want to suit themselves? I feel really good about my personal and medical information held by Golden Gate Obstetrics now.
And then, under COMPLAINTS:
If you think that we have not properly respected the privacy of your health information, you are free to complain to us or to the U.S. Department of Health and Human Services, Office for Civil Rights. We will not retaliate against you if you make a complaint. If you want to complain to us, send a written complaint to the contact person at the address shown at the beginning of this Notice. If you prefer, you can discuss your complaint in person or by phone.
So.. GGObgyn seriously expects me to complain to the USDoHHS? Why do we have to escalate this to a federal agency? Why can't they discuss it directly with their patients? I would rather just start by telling GGObgyn (which as you can see from the above dialog was incredibly successful, but they really ought to be open to hearing from their users about issues). In looking at the complaints section of the GGObgyn privacy policy, I note that I can contact the person listed "at the top of the privacy policy." Except, surprise! There is no one listed at the top of it. In fact, I don't even really know who "we" is in the policy language. So.. I guess I won't be contacting the "we" in this policy.
If I did want to complain about a privacy policy and questionable data usage problem, frankly I would use the Federal Trade Commission form because the FTC governs these things (see their most recent list of cases here where they go after companies that fail to protect user data and medical information, including the recent CVS case where they violated financial and medical data privacy rules). I have zero confidence that the Office of Civil Rights at the USDoHHS would even have a clue about privacy and my data on a website.
One thing.. after the GGObgyn privacy policy appeared, no one from GGObgn emailed me, or called me, to say that it was now up on their website. Of course, they have all this contact info and my name in their patient files and in their online system that Olivia who runs their website presumably could pull up very quickly and easily send me an email telling me to look at the policy.
I would also recommend that businesses like Golden Gate Obstetrics use the FTC page on Protecting their user's data and privacy which is very helpful when trying to figure out how to present privacy info on a website.
Frankly, I have no way to alert anyone at GGObgyn to this blog post, or to my thoughts on the subject, other than to call back, sit on hold, and talk with the three people I already discussed this with, who were ranged from unhelpful to hostile. Since GGObgyn doesn't seem open to discussing their websites problems and the fact that the cat is kind of out of the bag now with my data going God knows where into various company's hands, I'm posting this example of how companies, particularly *medical* entities, with no experience or understanding of information technology systems and websites need to use extreme care, and not assume that office staff trained to run a medical office has any idea what users need or will face with a website collecting personal or medical data.
I hope people at medical or other data collection companies will realize the importance of protecting user data and being straight with us about what's happening to personal and medical information. My experience is just one, but if this becomes representative of people's experience with their medical providers, we ought to be very worried.
Note: I took a look, when writing this post, at ratings for Dr. Wiggins, whom I really like and have enjoyed having as my doctor. You can see from the ratings at Health Grades that Dr. Wiggins is well liked by patients but the appointment system and her office staff.. not so much. I hope GGObrgn does an overhaul on all their office administration and website that interacts with patients before they venture further with information technology as tool for communications.
April 23, 2008
Data Sharing Summit Report
Last Friday and Saturday the Data Sharing Summit was held in SF. I attended a bit on Friday, but not Saturday. It looked like a lot got done by the participants, and so they did accomplish a lot!
Kaliya Hamlin has posted notes and goals for the next meeting in one month.
Here is an excerpt of the results:
Do-able Now
* Portable Identities (OpenID, LiveID, FB-ID)
* OAuth (sever to server) delegated auth.
* Contacts Portability (FOAF, XFN, Microformats, like MicroID)
* Sync (feed sync)
* Social Network Portability (Open Social FB platform)
* Social Application Portability
Do-able Soon
* Standard Schema for Profile
* Standard Schema for Address books
* Media portability + metadata + permissions
* Linking ID’s of different ecosystems?
Looking forward to the Data Sharing Summit 2 at the Computer History Museum in Mountain View on May 15th.
March 18, 2008
Data Sharing Events Coming Soon!
There are two new events coming up for the Data Sharing group (we met last August in great camp type open space event where many interesting things developed, came to light, got solved, etc.) I'm on the advisory group, and will definitely be there and would love to see anyone who cares about attention data, both the control aspects at a site, as well as ownership issues, get moved forward in a community oriented way there as well.
Also, Mitch Ratcliffe wrote a great post today on these issues which you should totally checkout.
Here is the write up from the Facebook group entry:
* A Data Sharing Workshop at the Downtown San Francisco State University campus on April 18th and 19th.
* Data Sharing Summit 2 at the Computer History Museum in Mountain View on May 15th. (This is immediately following the Internet Identity Workshop May 12-14).
Hopefully at the first event some more clarity will emerge about how to actually do and get adoption of data sharing technologies. The second event we can see progress (it being a month later) and may have more 'decision makers' considering data sharing implementations and vendors that have ways to do it.
The goal of these events is to work together to build consensus around and get adoption of emerging data sharing standards. As with the previous summit, the upcoming event will follow the open space (un)conference format. The agenda is created on the first day of the event, allowing everyone to participate in the discussion.
Although Marc Canter was a key organizer of the first Data Sharing Summit, he has stepped back and his involvement is just one of group of advisors:
* David Recordon, Six Apart
* Joseph Smarr, Plaxo
* Chris Saad, Faraday Media
* Mary Hodder, Dabble
* Luke Sontag, Vidoop
* Kevin Marks, Google
* Marc Canter, Broadband Mechanics
The events will be produced by Kaliya Hamlin and Laurie Rae, who are collaborating with the Data Portability community and the SFSU Institute for Next Generation Internet.
We would like to invite you to attend one or both of these events.
Please go to http://datasharingsummit.com or to go ahead and register right away to to our Eventbrite page to register. We will be charging admission to cover the costs required for organizing these events.
The Early Bird rates are as follows:
April 18-19 Workshop
* Regular, $110.00
* Independent/Startup/Non-Profit, $80.00
* Student, $50.00
Workshop One-Day Only:
* Regular, $65.00
* Independent/Startup/Non-Profit, $50.00
April 18-19 & May 15:
* Corporate, $200.00
* Independent/Startup/Non-Profit, $140.00
May 15th Summit Only:
* Corporate, $100.00
* Independent/Startup/Non-Profit, $70.00
The Early Bird cut-off dates are April 7, 2008 for the Workshop and May 7th, 2008 for the Summit. Prices will increase by $50.00 after the cut-off dates.
We can bring you this event at such a low admission fee because 1/2 our costs are paid by sponsors - both small ($200) to the large (several thousand). PLEASE contact Laurie Rae at laurierae@datasharingsummit.com if you would like to sponsor.
Please contact us if you have any questions identitywoman@datasharingsummit.com & laurierae@datasharingsummit.com
We look forward to seeing you in April and May.
May 14, 2007
IIW Project Recap
Today at the IIW (internet identity workshop) at the Computer History Museum in Mountain View, I took notes on the presentations of the projects in existence for more than 6 months. They are below. But I also noticed that they all said they did the same set of things, to make their own projects play with all the rest. Yes, they all have slight variants, like one or another is in php, or java, or ruby, or whatever. But they talked about trading identity bits around like they would send around email. And let's face it, we all have different email clients written in different languages, but the email itself moves around regardless of that.
So I'm wondering what the real differences are. If this is a matter of semantics, between projects, I'm hoping that by the end of the conference (Wednesday afternoon) they've all combined and will work for a less confusing and more aligned identity space.
I had the sense, while taking notes, that each project was slightly restating the same terms, so I aggregated them below. But this could have been buzz word bingo, for all the similarities we were hearing about each. Help us out here, tell us why we really need all you!
| Project | Trusted ID | Open Implementation / Interoperability | Open Standards for ID trading | Work With the Others/Convergence | Usability/User Centric | Strong Privacy Concern |
|---|---|---|---|---|---|---|
| OSIS | Yes | Yes | Yes | Yes | Yes | Yes |
| SAML, Liberty Alliance, openLiberty, and Concordia | Yes | Yes | Yes | Yes | Yes | Yes |
| CARDSPACE | Yes | Yes | Yes | Yes | Yes | Yes |
| HIGGENS PROJECT | Yes | Yes | Yes | Yes | Yes | Yes |
| OPEN ID | Yes | Yes | Yes | Yes | Yes | Yes |
| SHIBBOLETH | Yes | Yes | Yes | Yes | Yes | Yes |
Notes start here:
1. OSIS -Dale Olds, Johannes Earnst
Open source identity selector
Johannes
Kim Cam
Dave Winer
Michael Graves
Early 2006 met to work on this and it became what is now called cardspace
Aligned multiple distributed systems for trust
coordinated MS cardspace project spec for making it open source
they want to do more with open implementations but don't endorse standards per say
want to collaborate multiple systems into something interoperable
steering committee / working group
they've worked on a bunch of the projects that will be in the speed geeking session
they focus on:
interoperability of standards, meaning of data, and types of information
determine relying parties and help make agreements for that
help determine consistent user experience
2. SAML, Liberty Alliance, openLiberty, and Concordia - by Eve Maler
federated identity means distributing identity tasks and information across domains
XML Based frameworks standardized at OASIS for marshaling security and ID info and exchanging
SAML is about assertions about subjects
Comes in layers
-- assertions get used by protocols to get used by certain tasks
-- specifies single sign on
History: SAML, Shibboleth and Liberty framework have converged over time
Shibboleth is now part of SAML2 as of 2005
Liberty is == to SAML
LIBERTY ALLIANCE = 150 governmental agencies, businesses, orgs and agencies
mission: foster a ubiquitous interoperable privacy
dev. open tech standards
human to application standards
Liberty people service: groups and roles are defined and shared
they are starting to offer
CONCORDIA PROGRAM
initiative to make umbrella standards to harmonize identity protocols
3. CARDSPACE - Mike Jones, MS
About bringing about convergence in identity space with MS and other partners
Care about threats to online safety
Criminal situation is bad
Try to bring usable, safe DI to users
Think about claims made by an issuer by a subject
7 laws of identity
-- Consistency is very important
usability, usability, usability
Microsoft Open Spec: cardspace.netfx3.com
4. THE HIGGENS PROJECT - Mary Ruddy
higgens is a species of tasmanian long-tailed mouse
open source
user centric and privacy centric
interoperable system for authentication
-- example where no password is required
doesn't share some info.. let's users choose
powered by interoperability framework
-- interoperate with lots of situations: financial, employment, etc
multi-protocol
all tokens/protocols/ systems
modular
5. OPEN ID - David Recordan, Bill Washburn
interoperable, single sign on
control URL in OID 1.0
added / extended to support iNames last summer
Single sign on
FOAF support - ex. could pull in AIM list
consumer level light weight ID
90 million Open IDs
(including every AOL/MS user)
problems: yes.. but solutions will be discussed here
Bill Washburn - openID Foundation
foster and promote openID for user centric ID on the net
Dick Hardt
Scott Kveton
Johannes Earnst
Drummond Reed
David Recordan
Arthur Bergman
join!
6. SHIBBOLETH / INTERNET 2 MIDDLEWARE - Bob Morgan (Univ WA)
They focus on attributes - work with Higgens
Shared identity with more than just handle style login - need more assertions
Education focused - work with universities
March 24, 2007
FBI Gag Order Abuse: Please Read This. It's Very Important.
Put down your Britney and your Anna Nicole.
When I read the first parts, I thought, why not just personally protest the order and expose it? But by the end, I could see why he didn't and why it really matters that we not ruin the democracy, in order to save it
from the terrorists. Again. We keep doing things to become what we despise. This doesn't end well if we keep going in this direction. Only with notice and sunlight do we stop it.
From Anonymous, My National Security Letter Gag Order Friday, March 23, 2007; Page A17
It is the policy of The Washington Post not to publish anonymous pieces. In this case, an exception has been made because the author -- who would have preferred to be named -- is legally prohibited from disclosing his or her identity in connection with receipt of a national security letter. The Post confirmed the legitimacy of this submission by verifying it with the author's attorney and by reviewing publicly available court documents.
The Justice Department's inspector general revealed on March 9 that the FBI has been systematically abusing one of the most controversial provisions of the USA Patriot Act: the expanded power to issue "national security letters." It no doubt surprised most Americans to learn that between 2003 and 2005 the FBI issued more than 140,000 specific demands under this provision -- demands issued without a showing of probable cause or prior judicial approval -- to obtain potentially sensitive information about U.S. citizens and residents. It did not, however, come as any surprise to me.
Three years ago, I received a national security letter (NSL) in my capacity as the president of a small Internet access and consulting business. The letter ordered me to provide sensitive information about one of my clients. There was no indication that a judge had reviewed or approved the letter, and it turned out that none had. The letter came with a gag provision that prohibited me from telling anyone, including my client, that the FBI was seeking this information. Based on the context of the demand -- a context that the FBI still won't let me discuss publicly -- I suspected that the FBI was abusing its power and that the letter sought information to which the FBI was not entitled.
Rather than turn over the information, I contacted lawyers at the American Civil Liberties Union, and in April 2004 I filed a lawsuit challenging the constitutionality of the NSL power. I never released the information the FBI sought, and last November the FBI decided that it no longer needs the information anyway. But the FBI still hasn't abandoned the gag order that prevents me from disclosing my experience and concerns with the law or the national security letter that was served on my company. In fact, the government will return to court in the next few weeks to defend the gag orders that are imposed on recipients of these letters.
Living under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case -- including the mere fact that I received an NSL -- from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been. I hide any papers related to the case in a place where she will not look. When clients and friends ask me whether I am the one challenging the constitutionality of the NSL statute, I have no choice but to look them in the eye and lie.
I resent being conscripted as a secret informer for the government and being made to mislead those who are close to me, especially because I have doubts about the legitimacy of the underlying investigation.
The inspector general's report makes clear that NSL gag orders have had even more pernicious effects. Without the gag orders issued on recipients of the letters, it is doubtful that the FBI would have been able to abuse the NSL power the way that it did. Some recipients would have spoken out about perceived abuses, and the FBI's actions would have been subject to some degree of public scrutiny. To be sure, not all recipients would have spoken out; the inspector general's report suggests that large telecom companies have been all too willing to share sensitive data with the agency -- in at least one case, a telecom company gave the FBI even more information than it asked for. But some recipients would have called attention to abuses, and some abuse would have been deterred.
I found it particularly difficult to be silent about my concerns while Congress was debating the reauthorization of the Patriot Act in 2005 and early 2006. If I hadn't been under a gag order, I would have contacted members of Congress to discuss my experiences and to advocate changes in the law. The inspector general's report confirms that Congress lacked a complete picture of the problem during a critical time: Even though the NSL statute requires the director of the FBI to fully inform members of the House and Senate about all requests issued under the statute, the FBI significantly underrepresented the number of NSL requests in 2003, 2004 and 2005, according to the report.
I recognize that there may sometimes be a need for secrecy in certain national security investigations. But I've now been under a broad gag order for three years, and other NSL recipients have been silenced for even longer. At some point -- a point we passed long ago -- the secrecy itself becomes a threat to our democracy. In the wake of the recent revelations, I believe more strongly than ever that the secrecy surrounding the government's use of the national security letters power is unwarranted and dangerous. I hope that Congress will at last recognize the same thing.
August 04, 2006
OpenID2 Developer Info Day Aug 10th Bay Area
From Kaliya Hamlin:
- I am really pleased to announce that we have an OpenID Informational Evening for Developers August 10th 6-9 in Berkeley at 2029 University, Upstairs.
- The Big news is the community has converged and figured out the authentication layer - OpenID…OpenID is just the authentication layer - but on top of this ad hoc standard lots of cool stuff can happen. The goal of the evening is not to geek out on identity but to connect with a developers working on applications that require users to login.
- Find out more about what it is…how it works…how you can install. The incentives to learn are high with the $5000 bounty for having OpenID in Open Source projects.
- Presenting and answering Questions
David Recordon formerly of Live Journal/Six Apart now of Verisign will be presenting a bit about the origins of OpenID but most importantly how it works…and how you install it.
- Andy Dale from ooTao will talk a bit about i-names and how they work with OpenID2 and looking forward to what comes next after authentication - profile sharing. ooTao is also data sharing are running ibroker services.
- Mary Hodder CEO of Dabble will talk about the work happening around the development of itags.
- I am helping coordinate the evening please RSVP to me - kaliya (at) Mac (dot) com and feel free to ask me any questions.
- If you know a developer - pass the word along.
ps. for all you Technorati guys who keep having questions, now is your chance to ask the guys who know.
- UPDATE: Scott Keveton from JanRain will be there too. He just posted an OpenID walk through on his site.
- UPDATE 2:Dick Hardt from Sxip will be in town and will also be joining us for the evening. Hopefully he will share some of the cool stuff sxip is doing with OpenID.
December 31, 2003
Privacy and New Technology: System Openness, User Control and Good Interface are Key to Making Users Feel More Comfortable, But So Would A Blanket Privacy Policy
Ross Mayfield has a really interesting discussion roundup on his site, about users driving policy. As the discussions around various blogs became more specific, much of it centered around privacy and social norms issues, particularly mismatched expectations between users and a system's designers. Design issues at the development level are key to narrowing these, giving users control and notice, as well as a good interface to easily understand and make good choices that suit their privacy needs and intentions with their information or system expectations. But I keep returning to the feeling that, regarding privacy, we really need a blanket privacy policy to make users feel comfortable as they interact in the digital world, and on the internet. This cannot be resolved with better interfaces, user control and system openness alone, though those are key to making information technologies work well and giving users what they want on a system level, leading to more informed users, and integrity in the relationships between systems and users and their data.
Systems and companies may make some relatively small amount of money now by using collected information from and about users, for purposes other than the users intended, for use outside of their relationships with those specific companies. But instances like those discussed below cause users to feel worried and sometimes outright scared, where they then refuse to participate in a system or with a company at all, or find themselves shocked after the fact by the results of their interactions with a company or entity. Unless people feel comfortable and protected, those profits resulting from systems currently selling or manipulating user data in ways the user doesn't intend will remain small in comparison to the tremendous amount of money to be made in web services, social networks, and with all sorts of other information technologies were most users to participate because they felt safe.
Most users will not now participate in information technology systems that require a lot of personal data unless there is something they get in return, and even then, it's a subset of the total internet user population. If users really trusted that they were in control of their own data, so they knew when their data went beyond those specific company systems and relationships, and could decide when and where to participate, instead of operating in a state of uninformed fear as companies currently now offer with no or little privacy policies, and little in the way of overall government protection, those companies (and many new ones based on new technologies) using exactly this kind of personal user data could make many times over what they do now. It is short term greed that keeps companies operating as they do, which keeps users from participating, which leads to few participants out of the whole of those using the internet. And yet, one company's policy to the next is confusing and unreliable, and not something people can or want to keep track of, and the resulting confusion also contributes to far less participation. I believe the only route to real information technology development with personal data and the profits that will follow is a blanket policy that every company will have to follow assuring customers of their own data privacy. Users would feel secure and many many more would participate, and those companies would make far more than they have seen under the current (no) privacy regime.
The discussion Ross catalogued partly centered around this: Danah Boyd responded to Wendy Seltzer (responding to Cory Doctorow saying that the last twenty years have been about technology and the next twenty will be about policy). Wendy suggested that originally, she thought that technology developments bringing about privacy tensions might ease as people became more sophisticated users, but instead she saw the gap as a critical mass of users would always lag behind technology developments as they learned a new information technology well enough to overcome, accept, steer away from or rearrange the privacy breaches, and so social norms developed as a result of these new technologies lag behind. Danah replied that social norms weren't falling behind, they are instead going in one direction while technologies are developed in another, and it baffles the social norms trying to cope.
I think in a way they are both right (both scenarios can exist with the same technology depending on use and result); it's not only lagging user competency and then the attendant reactions from users that will adjust, making some mental calculation with a new technology in order to get the amount of privacy or control they need, and it's not just diverging social norms, but also other issues on the design and development end that might solve this, like notice, good interface and user control, that allow for users to know immediately, and then deal with the privacy issues as they use the new technology, instead of finding out about their loss of privacy when it's too late, that will counter these kinds of issues. Technologists can do much better with design, as could corporate policies for privacy be much better, as could users in learning new technologies and protecting their own privacy as needed. But for most people and companies, the benefits will come when users know they are protected, understand a basic structure of privacy across companies and websites, which all interested can rely on, leading to users releasing information. Interesting uses of people's data will follow while still maintaining privacy and user control.
And yet instances of technology development seem to move in exactly the opposite direction at times, leading to scares with users, resulting in less participation with systems that might benefit us all if many participated, and well designed, with privacy built into the architecture, and privacy as a given right between users and the entities with whom they deal.
John Battelle points to a particularly disconcerting social and privacy issue brought up by a new web service, Cardbrowser. Apparently, they have 17,000 (and counting) business cards they've collected from some major conferences, with no privacy policy posted and little information about whether they let those giving the cards (presumably for the purposes of making a new contact person to person, not being entered into a web-searchable database for the whole internet to search, though this is unknown because they publish nothing about their data or privacy policies) know that the cards would end up there, or allowing users to be in control of their own information, or for that matter whether the companies on those cards know. Also, what about the idea that without your approval, Cardbrowser is linking and distributing your name, title, company name, phone numbers and location, attendance record, and dates, which is information that together with other personal information in publically available databases, might lead to even greater matching and sifting of personal digital identities that people don't want out there for just anyone to see without some reason or a warrant or some kind of permission and reciprocity (as our current analog social norms often dictate).
Similar issues exist with your cell phone keeping tabs on you. There's good and there's bad in systems like that, where some users want to keep track of their kids, which may not be objectionable, but others including the companies that buy the phones for their employees may do it for reasons that are totally unacceptable. These kinds of information technologies can allow uses that previously didn't exist, and therefore, there is a lag before a critical mass of users understands what is happening and does something about it, or at least has notice that the shift has occured and can then make choices about when to allow it, or self-censor.
In the case of the tracking phones, it becomes a matter of each user knowing when the tracking is turned on, and having control over that tracking. It's a matter of notice, and a matter of interface. A good interface, on any system that tracks your behavior, your movements, your private, semi-private, semi-public and public behavior, would show the tracking, and give control choices at the time of use. But well designed systems are rare today, and it's the invisible nature of the tracking, and our relationship to the data from the tracking, that causes consternation and upset. A blanket privacy policy would alleviate many fears and open up many new information technology development possibilities as well as many customers for companies to development relationships.
