Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Email Address:
Recent Posts
Archives
Categories
- 2nd screen
- Content Protection
- design
- fashion
- history
- IoT
- philosophy
- photography
- post-production
- Quality Control
- science
- security
- technology
- Uncategorized
Meta

Browsing Tags security

The Perception of Privacy

June 5, 2012 · by parasam

Another in my series of posts on privacy in our connected world… with a particular focus on photography and imaging

As I continue to listen and communicate with many others in our world – both ‘real’ and ‘virtual’ (although the lines are blurring more and more) – I recognize that the concept of privacy is rather elusive and hard to define. It changes all the time. It is affected by cultural norms, age, education, location and upbringing. There are differing perceptions of personal privacy vs collective privacy. Among other things, this means that most often, heavy-handed regulatory schemes by governments will fail – as by the very nature of a centralized entity, the one-size-must-fit-all solution will never work well in this regard.

A few items that have recently made news show just how far, and how fast, our perception of privacy is changing – and how comfortable many of us are now with a level of social sharing that would have been unthinkable just a few years ago. An article (here) explains ‘ambient video’ as a new way that many young people are ‘chatting’ using persistent video feeds. With technologies such as Skype and OoVoo that allow simultaneous video ‘group calls’ – teenagers are coming home from school, putting on the webcam and leaving it on in the background for the rest of the day. The group of connected friends are all ‘sharing’ each other’s lives, in real time, on video. If someone has a problem with homework, they just shout out to the ‘virtual room’ for help. [The implications for bandwidth usage on the backbone of networks for connecting millions of teens with simultaneous live video will be reserved for a future article!]

More and more videos are posted to YouTube, Vimeo and others now that are ‘un-edited’ – we appear, collectively, to be moving to more acceptance of a casual and ‘candid’ portrayal of our daily lives. Things like FaceTime, Skype video calls and so on make us all more comfortable with sharing not only our voices, but our visual surroundings during communication. Maybe this shouldn’t be so surprising, since that is what conversation was ‘back in the day’ when face-to-face communication was all there was…

We are surrounded by cameras today: you cannot walk anywhere in a major city (or even increasingly in small towns) without being recorded by thousands of cameras. Almost every street corner now has cameras on the light poles, every shop has cameras, people by the billions have cellphone cameras, not to mention Google (with StreetView camera cars, GoogleEarth, etc.) One of the odd things about cameras and photography in general is that our perceptions are not necessarily aligned with logic. If I walk down a busy street and look closely at someone, even if they see me looking at them, there might either complete disregard, or at most a glance implying “I see you seeing me” and life moves on. If I repeat the same action but take that person’s picture with a big DSLR and a 200mm lens I will almost certainly get a different reaction, usually one that implies the subject has a different perception of being ‘seen’ by a camera than a person. If I repeat the action again with a cellphone camera, the typical reaction is somewhere in between. Logically, there is no difference: one person is seeing another, the only difference is a record in a brain, a small sensor or a bigger sensor.

Emotionally, there is a difference, and therein lies the title of this post – The Perception of Privacy. Our interpretations of reality govern our response to that reality, and these are most often colored by past history, perceptions, feelings, projections, etc. etc. Many years ago, some people had an unreasonable fear of photography, feeling that it ‘took’ something from them. In reality we know this to be complete fallacy: a camera captures light just like a human eye (well, not quite, but you get the idea). The sense of permanence – that a moment could be frozen and looked at again – was the difference. With video, we can now record whole streams of ‘moments’ and play them back. But how different really is this from replaying an image in one’s head, whether still or moving? Depending on one’s memory, not very different at all. What is different then? The fact that we can share these moments.. Photography, for the first time, gave us a way to socialize one person’s vision of a scene with a group. It’s one thing to try to describe in words to a friend what you saw – it’s a whole different effect when you can share a picture.

Again, we need to see the logic of the objective situation: if a large group shares a visual experience (watching a street performer for example) what is the difference between direct vision and photography? Here, the subject should feel no difference, as this is already a ‘shared visual experience’ – but if asked, almost every person would say it is different, in some way. There is still a feeling that a photograph or video is different from even a crowed of people watching the same event. Once again, we have to look to what IS different – and the answer can only be that not only can a photo be shared, but it can shared ‘out of time’ with others. The real ‘difference’ then of a photo or video of a person or an event is that it can be viewed in a different manner than ‘in the moment’ of occurrence.

As our collective technology has improved, we now can share more efficiently, in higher resolution, than in the days of campfire songs and tales. Books, newspapers, movies, photos, videos… it’s amazing to think just how much of technology (in the largest sense – not just Apple products!) has been focused on methods improving the sharing of human thought, voice, image. We are extremely social creatures and appear to crave, at a molecular level, this activity. In many cultures today, we see a far more relaxed and tolerant attitude towards sharing of expression and appearance (nudity / partial nudity, no makeup, candid or casual appearance in public, etc. etc.) than existed a decade ago. We are becoming more comfortable in ‘existing’ in public – whether that ‘public’ is a small group of ‘friends’ or the world at large.

One way of looking at this ‘perception of privacy’ is through the lens of a particular genre of photography: streetphotography. While, like most descriptions of a genre, it’s hard to pin down – basically this has evolved to mean candid shots in public – sort of ‘cinema vérité’ in a still photo. Actually, the term paparazzi is a ‘sub-group’ of this genre, with typically their focus limited to ‘people of note’ (fashion, movie, sports personalities) – whose likenesses can be sold to magazines. While this small section has undoubtably overstepped the bounds of acceptable behavior in some cases, it should not be allowed to taint the larger genre of artistic practice.

The facts, in terms of what’s legally permissible, for ‘streetphotography’ do vary by state and country, but for most of the USA here are the basics – and just like other perceptions surrounding photography, they may surprise some:

Basically, as the starting premise, anything can be photographed at any time, in any place where there is NOT a ‘reasonable expectation of privacy’.
This means, that similar to our judicial system where ‘innocent until proven guilty’ is the byword, in photography, the assumption is that it is always permissible to take a picture, unless specifically told not to by the owner of the property on which you are standing, by posted signs, or if you are taking pictures of what would generally be accepted as ‘private locations’ – and interestingly there are far fewer of these than you might think.
The practice of public photography is strongly protected in our legal system under First Amendment rulings, and has been litigated thousands of times – with most of the rulings coming down in the favor of the photographer.
Here are some basic guidelines: [and, I have to say this: I am not a lawyer. This is not legal advice. This is a commentary and reporting on publicly available information. Please consult an attorney for specific advice on any legal matter].
- Public property, in terms of photography, is “any location that offers unfettered access to the public, and where there is not a reasonable expectation of privacy”
- This means, that in addition to technically public property (streets, sidewalks, public land, beaches, etc. etc.), that malls, shops, outdoor patios of restaurants, airports, train stations, ships, etc. etc. are all ‘fair game’ for photos, unless specifically signposted to the contrary, or if the owner (or a representative such as a security guard) asks you to refrain from photography while on their private property.
- If the photographer is standing on public property, he or she can shoot anything they can see, even if the object of their photography is on private property. This means that it is perfectly legal to stand on the sidewalk and shoot through the front window of a residence to capture people sitting on a sofa… or for those low flying GoogleEarth satellites to capture you sun-bathing in your back yard… or to shoot people while inside a car (entering the car is forbidden, that is clearly private property).
- In many states there are specific rulings about areas within ‘public places’ that are considered “areas where one has a reasonable expectation of privacy” such as restrooms, changing rooms, and so on. One would think that common sense and basic decorum would suffice… but alas the laws had to be made…
- And here’s an area that is potentially challenging: photography of police officers ‘at work’ in public. It is legal. It has been consistently upheld in the courts. It is not popular with many in police work, and often photographers have been unjustifiably hassled, detained, etc. – but ‘unless a clear and obvious threat to the security of the police officer or the general public would occur due to the photography’ this is permitted in all fifty states.
- Now, some common sense… be polite. If requested to not shoot, then don’t. Unless you feel that you have just captured the next Pulitzer (and you did it legally), then go on your way. There’s always another day, another subject.
- It is not legal for a policeman, security guard or any other person to demand your camera, film, memory cards – or even to demand to be shown what you photographed. If they attempt to take your camera they can be prosecuted for theft.
- One last, but very important, item: laws are local. Don’t get yourself into a situation where you are getting up close and personal with the inside of a Ugandan jail… many foreign countries have drastically different laws on photography (and even in places where national law may permit, local police may be ignorant… and they have the keys to the cell…) Always check first, and balance your need for the shot against your need for freedom… 🙂

What this all shows is that photography (still or moving) is accepted, even at the legal level, as a fundamental right in the US. That’s actually a very interesting premise, as not many things are specifically called out in this way. Most other practices are not prohibited, but very few are specifically allowed. For instance, there is no specific legal right to carpentry, although of course it is not prohibited. The fact that imaging, along with reporting and a few other activities are specifically allowed points to the importance of social activities within our culture.

The public/private interface is fundamental to literally all aspects of collective life. This will be a constantly evolving process – and it is being pushed and challenged now at a rate that has never before existed in our history – mainly due to the incredible pace of technological innovation. While I have focused most of this discussion on the issues of privacy surrounding imaging, the same issues pertain to what is now called Big Data – that collection of data that describes YOU – what you do, what you like, what you buy, where you go, who you see, etc. Just as in imaging, the basic tenet of Big Data is “it’s ok unless specifically prohibited.” While that is under discussion at many levels (with potentially some changes from ‘opt out’ to ‘opt in’), many of the same issues of ‘what is private’ will continue to be open.

Privacy, Security and the Virtual World…

March 27, 2012 · by parasam

I’ve written on this before, and will again I am sure. It’s an important issue that interests and concerns me, and I assume many of my readers as well. The issue of privacy and security is fundamental, and much of human history and our legal system has been concerned with these issues. “A man’s house is his castle and fortress, et domus sua cuique tutissimum refugium” was written in 1628 by Sir Edward Coke in his legal treatise The Institutes of the Laws of England – (the Latin at end of the sentence translates to and each man’s home is his safest refuge). This principle has been used by countless societies since then to allow defense of what is considered ‘private property’ – whether this be real or virtual.

The recent rate of technological innovation has vastly outstripped the pace of our legal systems as well as even our social, cultural and philosophical consensus. We are now forced to grapple with realities that were only months or a few years back not even conceptualized. And the challenges keep on coming. Here are some recent examples of really good ideas that can have some really bad consequences…

♦ We have all heard much about ‘locational privacy’ – the result of our personal location being revealed through GPS, cellphone tower triangulation, WiFi hotspot location, etc. etc. While incredibly useful and convenient (just ask Siri “where can I get a pizza?”, and with no further information she gives you 3 choices within a few hundred meters…) – this technology can also provide unwitting information for stalkers, abusive partners, criminals, or just plain overzealous advertisers to invade our sense of personal privacy.

Another example: recently mall owners were thwarted in their attempts to track shoppers without notification using their mobile devices. PathIntelligence was hired by Promenade Temecula in southern California and Short Pump Town Center in Redmond, VA to test their FootPath Technology system – without knowledge or consent of shoppers. Basically, the system uses the TMSI signal (Temporary Mobile Subscriber Identifier) – which is emitted continuously anytime a cellphone is powered on [it’s part of the basic cellphone technology – allowing a user’s phone to be identified by a nearby tower, so that when the user wants to place a call a link can be established and authenticated]. There is no way for a user to know they are being monitored in this fashion, and the only way to not be detected is to turn your phone off – not a realisitic answer – particularly if you don’t know you’re being monitored in the first place! The full article is here.

The upside of this technology is [supposedly] anonymous foot traffic info so retailers in malls can see where patrons go when they leave Macy’s for example – which fast food place do they go to next? This of course can be consumed by targeted ad campaigns.The downside: using ‘orthogonal data mining’ techniques (whereby separate databases are ‘mined’ for information based on specific search parameters that yield collective data that is much more informative than any one particular database may yield), it would be entirely possible, for example, to derive the following information: – a so-called ‘anonymous’ shopper buys perfume at Macy’s, using their Macy’s charge card. Since the fine print on your charge agreement with Macy’s is different (and, like most department and other chain stores – allows much more use of your personal data) than your generic VISA or MasterCard, your purchase is now linked to your past history of Macy’s shopping. Now, while the FootPath system only tracks ‘anonymous’ cellphones, it doesn’t take rocket science to start following digital breadcrumbs.. Shopper “Jane Doe” buys perfume at 10:18AM in Macy’s; an anonymous shopper leave Macy’s at 10:21AM and goes to Steve Madden (women’s shoes, for you clueless guys) and buys a pair of sandals, again on a charge card… you get the picture… At best, your patterns, lifestyle, etc. are merged into what is often being called a ‘creepybase’ – a database so personally identifying as to have a significant ‘creep factor’ – and worth a lot to advertisers who desire the most detailed profiles possible. At worst, your ‘profile’ is sold off to criminals who (and this real BTW!) build ‘target profiles’ of people that buy at certain stores (i.e. have a certain level of income), and how long they take to do that… so they won’t be home when their homes are robbed…

♦ Again, another example of how basic locational services (GPS, often augmented with WiFi hotspot triangulation) is being extended. Google was awarded a patent recently for a new technology to determine not just where you are but what you are doing: based on ambient sounds, temperature and any other data that can be measured, either directly or indirectly, by your smartphone or other data device. An actual example provided by Google in the patenet application: “You’re attending a baseball game and call Google’s 411 service for information about a nearby restaurant. The cheers of the crowd and the sounds of the announcer are picked up by your phone. Google’s system analyzes the background noise, takes into account your location, determines that you’re at a ballgame and delivers related ads or links to your phone with sports scores and news.”But did the user know that their call to information was being monitored in that fashion, and used for targeted advertising? And remember, the web never, never, never forgets. Anything. Ever. Regardless of what anyone or any company tells you. And oh by the way the next time you call in sick when the surf’s up… better not be at the beach with a wave crashing in the background… (soundproof padded rooms for certain phone calls will soon be necessary…)

♦ There are new technologies that aim to ‘read’ moods and emotions of speakers. By using advanced voice recognition software that is sensitive to not only the actual words, but the contextual semantics of speech and word patterns, tonal variances in speech sounds, breathing cadence, etc. the algorithms can, on the good side, be used to identify sales pitches that are disguised; scam artists that seek to prey on the eldly, etc. But, since this game is a contstant cat-and-mouse, within a week expect the ‘bad guy’ to be self-monitoring his own speech patterns with such a tool – and using it to analyze his mark’s speech to see if the person on the other end of the phone is suspicious, distressed – or calm and accepting.

♦ Face recognition has received a lot of press recently – it’s getting a LOT better, and is now within the reach of a casual consumer, not just police departments. Researchers at Carnegie Mellon University recently identified about a third of all randomly selected, previously unknown (to the researchers) subjects, just using facial recognition technology recently acquired by Google. With a little social engineering, that figure went up to over 70%. And that’s not all: The professor running the research showed: “As a demonstration of his latest project, Prof. Acquisti also built a mobile-phone app that takes pictures of people and overlays on the picture a prediction of the subject’s name and Social Security number. He said he won’t release the app, but that he wanted to showcase the power of the data that can be generated from a single photo.” This particular research typically got the first five numbers of the SSN correct on the first attempt, all 9 numbers after only 4 attempts.Now, a new startup (Faced.me) has an app that will shortly release that allows VERY fast facial recognition (under 1 second) – and then can automatically link to that person’s Facebook, Twitter, LinkedIn accounts. Now this can be cool – a useful tool for salepeople, tradeshows, conventions, etc. — but the potential ‘creep factor’ is obvious… troll a shopping mall for teenage girls (who are notoriously lax with online security, and tend to post their life story, and pictures, on just about every social site) and snap pix, get IDs, log into FB page, – well you get the picture…

♦ Augmented Reality (AR) has been around for some time, but only recently has it moved from motion picture screens as ‘magic’, and heads-up displays of fighter aircraft (where terrain-following radar is used to call up actual photos from a flight path to better identify obstacles and targets when flying at extremely low altitude (and yes, fighter aircraft DO fly under bridges!). You can now download an app for your iPhone or iPad (Autonomy’s Aurasma) that performs automatic AR on images that are in it’s library. For instance, you point your iPhone camera (while in the Aurasma app) at a still photo of a sporting event, within seconds a live video overlays the still of the game highlights… it’s an advertisers mecca: point this app at billboards, storefronts, print ads in magazines – and a targeted video that is tuned to the user (using of course all the other bits we have discussed above) starts playing.However… now the ‘cloud’ knows exactly what you are looking at, what you like while you are there, etc. etc. And, BTW, do you know that ALL of the iPhone (and iPad) hardware is available to any app developer – just because you are using the rear-facing camera to run the AR app, for example, does not mean the little front-facing camera (that sees you!) cannot be turned on and used at the same time… and of course with facial recognition – and the fact that you are so close to the camera – sophisticated facial feature analysis algorithms can read your emotional state, track where your eyes are focused on the image (and since the image is being fed to you by the app, the app creator knows exactly what part of the image is catching your eye)… [big note: I am NOT saying that this particular app – Aursama – does this, nor do I even suspect that it does – just pointing out what is perfectly legal, feasible and possible today].

The above are just a few examples of how recent technological advancements have put real pressure on our sense of privacy and security. I am not advocating a return to kerosene lanterns and horses – I personally derive much benefit from these new features. I like the fact that I can just raise my phone and ask Siri “Is it going to rain today?” – no matter where I am – and with no other information provided directly by me – I get my answer in a few seconds. But we collectively must address these new ‘freedoms’ and figure out how to protect our ‘castles’ – even if they are made of virtual bits and not bricks.

I don’t yet have a plethora of answers for these challenges, nor am I sure I even have all the questions… but here are a few points for consideration:

The definition of privacy has a lot to do with the concept of boundaries. The walls of your house are a boundary: police need a warrant to enter without invitation, defense against criminal entry is usually legal, etc. Even in public, the inside of your car is a boundary, again, any broach of this boundary without invitation is considered a breach of privacy. And that was recently extended by US Supreme Court to mean that police can’t stick a GPS tracking device on the outside of a car without a warrant…As a society, we must respect boundaries, both social, physical and moral. Without such respect, chaos ensues. Some boundaries are already accepted as ‘virtual’ – but well respected in both moral and legal realms. Even in a public place, if you go to kiss a girl and she says “No!” – you are most definitely crossing a boundary if you don’t respect that – and you will likely have significant consequences if you don’t…

What then are the virtual ‘boundaries’ of data about our behavior? Who owns that data that is collected about our purchasing habits, travel preferences, musical likes, etc.? How do we collectively establish a normative acceptable protocol for targeted advertising that won’t creep out consumers (remember the Target scandal over pregnancy products pitches?) and yet at the same time prove effective so that company ad spends are seen to be worthwhile? Remember, that there is no such thing as free. Ever. Only alternatively funded. Every ‘free’ Google search you get to make is paid for by those pesky little ads at top and side of page. The internet that we know and love costs a LOT to run. Forbes estimates $200 billion per year. And that’s just operating expenses, not capital investment. While it’s really impossible to say, several sages that know much more than me about this have estimated a world-wide investment of $2 trillion is currently invested in the entire internet infrastructure. Now that’s enough cash to even get China’s attention… And most of us access this for a very small cost (just our data costs from internet provider) and pay nothing further for all the sites we visit (with small percentage of paying customers: porn and news are the two largest ‘paywalls’ on the ‘net). So we must all thank the advertisers. They pay for most of the rest.

Assuming that at some point we come to a collective agreement on ‘what is ok and what is not’ in terms of virtual behavior (and this is not simple – the internet by it’s very nature has no effective ‘nation-state’ boundaries) then how do we police this? Today, with only very small exceptions (and even then mostly unenforceable) in the World Court, all legal redress is localized. Witness the tremendous difficulty that movie studios have with enforcing even egregious piracy actions from off-shore server farms. The combined forces of NSA, CIA, FBI, etc. etc. are frequently brought to bear on international money laundering, etc. – with many more failures than they will ever admit. If these boys, with their almost inexhaustable store of high-tech toys, can’t easily wrestle the beast of recalcitrant bits to the ground, what chance will the virtual equivalent of ‘small claims court’ have for the average citizen? These are real questions that must be resolved.

Whose Data Is It Anyway?

February 17, 2012 · by parasam

A trending issue, with much recent activity in the headlines, is the thorny topic of what I will call our ‘digital shadow’. By this I mean collectively all the data that represents our real self in the virtual world. This digital shadow is comprised of both explicit data (e-mails you send, web pages you browse, movies/music you stream, etc.) and implicit data (the time of day you visited a web page, how long you spent viewing that page, the location of your cellphone throughout the day, etc.).

Every time you move through the virtual world, you leave a shadow. Some call this your digital footprint. The size of this footprint or shadow is much, much larger than most realize. An example, with something as simple as a single corporate e-mail sent to a colleague at another company:

Your original e-mail may have been a few paragraphs of text (5kB) and a two page Word document (45kB) for a nominal size of 50kB. When you press Send this is cached in your computer, then copied to your firm’s e-mail server. It is copied again, at least twice, before it even leaves your company: once to the shadow backup service (just about all e-mail backup systems today run a live parallel backup to avoid losing any mail), and again to your firm’s data retention archive – mandated by Sarbanes-Oxley, FRCP (Federal Rules of Civil Procedure), etc.

The message then begins its journey across the internet to the recipient. After leaving the actual e-mail server the message must traverse your corporation’s firewall. Each message is typically inspected for outgoing viruses and potentially attachment type or other parameters set by your company’s communications policy. In order to do this, the message is held in memory for a short time.

The e-mail then finally begins its trip on the WAN (Wide Area Network) – which is actually many miles of fiber optic cable with a number of routers to link the segments – that is what the internet is, physically. (Ok, it might be copper, or a microwave, but basically it’s a bunch of pipes and pumps that squirt traffic to where it’s supposed to end up).

A typical international e-mail will pass through at least 30 routers, each one of which holds the message in its internal memory for a while, until that message moves out of the queue. This is known as ‘store and forward’ technology. Eventually the message gets to the recipient firm, and goes through the same steps as when it first left – albeit in reverse order, finally arriving at the recipient’s desktop, now occupying memory on their laptop.

While it’s true that several of the ‘way-stations’ erase the message after sending it on its way to make room for the next batch of messages, there is an average memory utilization for traffic that is quite large. A modern router must have many GB of RAM to process high volume traffic.

Considering all of the copies, it’s not unlikely for an average e-mail to be copied over 50 times from origin to destination. If even 10% of those copies are held more or less permanently (this is a source of much arguing between legal departments and IT departments – data retention policies are difficult to define), this means that your original 50kB e-mail now requires 250kB of storage. Ok, not much – until you realize that (per the stats published by the Radicati Group in 2010) approximately 294 billion e-mails are sent EACH DAY. Do the math…

Now here is where life gets interesting… the e-mail itself is ‘explicit data’, but many other aspects (call it metadata) of the mail, known as ‘implicit data’ are also stored, or at least counted and accumulated.

Unless you fully encrypt your e-mails (becoming more common, but still only practiced by a small fraction of 1% of users) anyone along the way can potentially read or copy your message. While, due to the sheer volume, no one without reason would target an individual message, what is often collected is implicit information: how many mails a day does a user or group of users send? Where do they go? Is there a typical group of recipients, etc. Often times this implicit information is fair game even if the explicit data cannot be legally examined.

Many law enforcement agencies are permitted to examine header information (implicit data) without a warrant, while actually ‘reading’ the e-mail would require a search warrant. At a high level, sophisticated analysis using neural networks are what is done by agencies such as the NSA, CSE, MI5, and so on. They monitor traffic patterns – who is chatting to whom, in what groups, how often, and then collating these traffic patterns against real world activities and looking for correlation.

All of this just from looking at what happened to a single e-mail as it moved…

Now add in the history of web pages visited, online purchases, visits to social sites, posts to Facebook, Twitter, Pinterest, LinkedIn, etc. etc. Many people feel that they maintain a degree of privacy by using different e-mail addresses or different ‘personalities’ for different activities. In the past, this may have helped, but today little is gained by this attempt at obfuscation – mainly due to a technique known as orthogonal data mining.

Basically this means drilling into data from various ‘viewpoints’ and collating data that at first glance would be disparate. For instance, different social sites may be visited by what appears to be different users (with different usernames) – until a study of ‘implicit data’ [the ip address of the client computer] is seen to be the same…

Each web session a user conducts with a web site transmits a lot of implicit data: time and duration of visit, pages visited, cross-links visited, ip address of the client, e-mail address and other ‘cookie’ information contained on the client computer, etc.

The real power of this kind of data mining comes from combining data from multiple web sites that are visited by a user. One can see that seemingly innocuous searches for medical conditions, coupled with subsequent visits to “Web MD” or other such sites could be assembled into a profile that may transmit more information to an online ad agency than the user may desire.

Or how about the fact that Facebook (to use one example) offers an API (programmatic interface) to developers that can be used to troll the massive database on people (otherwise known as Facebook) for virtually anything that is posted as ‘public’. Since that privacy permission state is the default (unless a user has chosen specifically to restrict it) – and now with the new Facebook Timeline becoming mandatory in the user interface – it is very easy for an automatic program to interrogate the Facebook archives for the personal history of anyone that has public postings – in chronological order.

Better keep all your stories straight… a prospective employer can now zoom right to your timeline and see if what you posted personally matches your resume… Like most things, there are two sides to all of this: what propels this profiling is targeted advertising. While some of us may hate the concept, as long as goods and service vendors feel that advertising helps them sell – and targeted ads sell more effectively at lower cost – then we all benefit. These wonderful services that we call online apps are not free. The programmers, the servers, the electricity, the equipment all costs a LOT of money – someone has to pay for it.

Being willing to have some screen real estate used for ads is actually pretty cheap for most users. However, the flip side can be troubling. It is well known that certain governments routinely collect data from Facebook, Twitter and other sites on their citizens – probably not for these same citizens’ good health and peace of mind… Abusive spouses have tracked and injured their mates by using Foursquare and other location services, including GPS monitoring of mobile phones.

In general we collectively need to come to grips with the management of our ‘digital shadows.’ We cannot blindly give de facto ownership of our implicit or explicit data to others. In most cases today, companies take this data without telling the user, give or sell it without notice, and the user has little or no say in the matter.

What only a few years ago was an expensive process (sophisticated data mining) has now become a low cost commodity. With Google’s recent change in privacy policy, they have essentially come out as the world’s largest data mining aggregator. You can read details here, but now any visit to any part of the Google-verse is shared with ALL other bits of that ecosystem. And you can’t opt out. You can limit certain things, but even that is suspect: in many cases users have found that data that was supposed to be deleted, or marked as private, in fact is not. Some companies (not necessarily Google) have been found to still have photos online years after being specifically served with take-down notices.

And these issues are not just relegated to PC’s on your desk… the proliferation of powerful mobile devices running location-based apps have become an advertiser’s dream… and sometimes a user’s nightmare…

No matter what is said or thought by users at this point, the ‘digital genie’ is long out of the bottle and she’s not going back in… our data, our digital shadow, is out there and is growing every day. The only choice left is for us collectively, as a world culture, to accept this and deal with it. As often is the case, technology outstrips law and social norms in terms of speed of adoption. Most attempts at any sort of unified legal regulation on the ‘internet’ have failed miserably.

But that doesn’t mean this should not happen, but such regulation must be sensible, uniformly enforceable, equitable and fairly applied – with the same sort of due process, ability for appeal and redress, etc. that is available in the ‘real world.’

The first steps toward a more equitable and transparent ‘shadow world’ would be a universal recognition that data about a person belongs to that person, not to whomever collected it. There are innumerable precedents for this in the ‘real world’, where a person’s words, music, art, etc. can be copyrighted and protected from unauthorized use. Of course there are exceptions (the ‘fair use’ policy, legitimate journalistic reporting, photography in public, etc.) but these exceptions are defined, and often refined through judicial process.

One such idea is presented here, whether this will gain traction is uncertain, but at least thought is being directed towards this important issue by some.

[shortly after first posting this I came across another article so germane to this topic I am including the link here – another interesting story on data mining and targeted advertising]

Anonymity, Privacy and Security in the Connected World

February 3, 2012 · by parasam

Anonymity: the state of lacking individual characteristics, distinction or recognizability.

Privacy: the quality or state of being apart from observation, freedom from unauthorized intrusion.

Security: defending the state of a person or property against harm or theft.

The dichotomy of privacy versus social participation is at the root of many discussions recently concerning the internet, with technology often shouldering the blame for perceived faults on both sides. This issue has actually been with us for many thousands of years – it is well documented in ancient Greece (with the Stoics daring to live ‘in public’ – sharing their most private issues and actions: probably the long forerunner of Facebook…); continuing up until our current time with the social media phenomenon.

This is a pervasive and important issue that sets apart cultures, practices and personality. At the macro-cultural level we have societies such as North Korea on one side – a largely secretive country where there is little transparency; and on the other side perhaps Sweden or the Netherlands – where a more homogeneous, stable and socialistic culture is rather open.

We have all experienced the dualistic nature of the small village where ‘everyone knows everybody’s business’ as compared to the ‘big city’ where the general feeling of anonymity pervades. There are pros and cons to both sides: the village can feel smothering, yet there is often a level of support and community that is lacking in the ‘city’. A large urban center has a degree of privacy and freedom for individual expression – yet can feel cold and uncaring.

We enjoy the benefits of our recent social connectedness – Facebook, Twitter, etc. – yet at the same time fear the invasiveness of highly targeted advertising, online stalking, threats to our younger children on the web, etc. There is really nothing new about this social dilemma on the internet – it’s just a new territory for the same old conundrum. We collectively have to work out the ground rules for this new era.

Just as we have moved on from open caves and tents to houses with locked doors behind gated communities, we have moved our ‘valuables’ into encrypted files on our computers and depend on secure and reliable mechanisms for internet banking and shopping.

The challenge for all of us that seek to adapt to this ‘new world order’ is multi-faceted. We need to understand what our implicit expectations of anonymity, privacy and security are. We also need to know what we can explicitly do to actually align our reality to these expectations, should we care to do so.

Firstly, we should realize that a profound and fundamental paradigm shift has occurred with the wide-spread adoption of the internet as our ‘collective information cloud.’ Since the birth of the internet approximately 40 years ago, we have seen a gradual expansion of the connectedness and capability of this vehicle for information exchange. It is an exponential growth, both in physical reality and philosophical impact.

Arthur C. Clarke’s observation that “Any sufficiently advanced technology is indistinguishable from magic” has never been more true… going back thousands of years in philosophy and metaphysics we see the term “akashic records” [Sanskrit word] used to describe “the compendium of all human knowledge.” Other terminology such as “master library”, “universal supercomputer”, “the Book of Knowledge”, and so on have been used by various groups to describe this assumed interconnected fabric of the sum of human knowledge and experience.

If one was to take an iPad connected to the ‘cloud’ and time travel back even a few hundred years, this would be magic indeed. In fact, you would likely be burned as a witch… people have always resisted change, and fear what they don’t understand – weather forecasting and using a voice recognition program (Siri??) to ask and receive answers from the ‘cloud’ would have seriously freaked most observers…

Since we humans do seem to handle gradual adaption, albeit with some resistance and grumbling, we have allowed the ‘internet’ to insidiously invade our daily lives until most of us only realize how dependent we are on this when it goes away. Separation of a teenage girl from her iPhone is a near-death experience… and when Blackberry had a network outage, the business costs were in the millions of dollars.

As ubiquitous computing and persistent connectivity become the norm the world over, this interdependence on the cloud will grow even more. And this is true everywhere, not just in USA and Western Europe. Yes, it’s true that bandwidth, computational horsepower, etc. are far lower in Africa, Latin America, etc. – but – the use of connectivity, cellphones and other small computational devices has exploded everywhere. The per-capita use of cellphones is higher in Africa than in the United States…

Rose Shuman, an enterprising young woman in Santa Monica, formed Question Box, a non-profit company that uses a simple closed-circuit box with a button, mike and speaker to link rural farmers and others in Africa and India to a central office in larger towns that actually have internet access, thereby extending the ‘cloud’ to even the poorest communities with no direct online connectivity. Many other such ‘low-tech’ extensions of the cloud are popping up every day, serving to more fully interconnect a large portion of humanity.

Now that this has occurred we are faced with the same issues in the cloud that we have here on the ground: how to manage our expectations of privacy, etc.

Two of the most basic exchanges within any society are requests for information and payment for goods or services. In the ‘good old day’ information requests were either performed by reading the newspaper or asking directions at the petrol station; payments were handled by the exchange of cash.

Both of these transactions had the following qualities: a high level of anonymity, a large degree of privacy, and good security (as long as you didn’t lose your wallet).

Nowadays, every request for information on Google is sold to online advertisers who continually build a detailed dossier on your digital life – reducing your anonymity substantially; you give up a substantial amount of privacy by participation in social sites such as FaceBook; and it’s easier than ever to ‘follow the money’ with credit-card or PayPal transactions being reported to central clearing houses.

With massive ‘data mining’ techniques – such as orthogonal comparison, rule induction and neural networks – certain data warehouse firms are able to extract and match facets of data from highly disparate sources and assemble an uncannily accurate composite of any single person’s habits, likes and travels. Coupled with facial recognition algorithms, gps/WiFi tracking, the re-use of locational information submitted by users and so on, if one has the desire and access, it is possible to track a single person on a continual basis, and understand their likes for food and services, their political affiliation, their sexual, religious and other group preferences, their income, tax status, ownership of homes and vehicles, etc. etc.

The more that a person participates in social applications, and the more that they share on these apps, the less privacy they have. One of the side effects of the cloud is that it never forgets… in ‘real life’ we tend to forget most of what is told to us on a daily basis, it’s a clever information reduction technique that the human brain uses to avoid overload. It’s just not important to remember that Martha told us in passing last week that she stopped at the dry cleaner… but that fact is forever burnt into the cloud’s memory, since we paid for the transaction with our credit card, and while waiting for the shirts to be brought up from the back we were on our phone Googling something – and Google never forgets where you were or what you asked for when you asked…

These ‘digital bread crumbs’ all are assembled on a continual basis to build various profiles of you, with the hope that someone will pay for them. And they do.

So… what can a person do? And perhaps more importantly, what does a person want to do – in regards to managing their anonymity, privacy and security?

While one can take a ‘bunker mentality’ approach to reducing one’s exposure to such losses of privacy this takes considerable time, focus and energy. Obviously if one chooses to not use the internet then substantial reductions in potential loss of privacy from online techniques occur. Using cash for every transaction can avoid tracking by credit card use. Not partaking in online shopping increases your security, etc.

However, even this brute-force approach does not completely remove the threats to your privacy and security: you still have to get cash from somewhere, either an ATM or the bank – so at least those transactions are still logged. Facial recognition software and omniscient surveillance will note your presence even if you don’t use FourSquare or a cellphone with GPS.

And most of us would find this form of existence terribly inconvenient. What is reasonable then to expect from our participation in the modern world which includes the cloud? How much anonymity is rightfully ours? What level of security and privacy should be afforded every citizen without that person having to take extraordinary precautions?

The answers of course are in process. This discussion is part of that – hopefully it will motivate discussion and action that will spur onwards the process of reaching a socially acceptable equilibrium of function and personal protection. The law of unintended consequences is very, very powerful in the cloud. Ask any woman who has been stalked and perhaps injured by an ex-husband that tracked her via cellphone or some of the other techniques discussed above…

An interesting side note: at virtually every ‘battered woman’s center’ in the US now the very first thing they do is take her cellphone away and physically remove the battery. It’s the only way to turn it off totally. Sad but true.

There is not going to a single, simple solution for all of this. The ‘data collection genie’ is so far out of the bottle that it will be impossible on a practical basis to rewind this, and in many cases one would not want to. Nothing is for free, only alternatively funded. So in order to get the usefulness many of us find by using a search engine, a location-based query response for goods or services, etc. – the “cost” of that service is often borne by targeted advertising. In many cases the user is ok with that.

Perhaps the best solution set will be increased transparency on the use of the data collected. In theory, the fact that the government of Egypt maintains massive datasets on internet users and members of particular social applications is not a problem… but the use that the military police makes of that data can be rather harmful to some of their citizens…

We in the US have already seen efforts made in this direction, with privacy policies being either voluntarily adhered to, or mandated, in many sectors. Just as physical laws of behavior have been socially built and accepted for the common good, so does this need to occur in the cloud.

Rules for parking of cars make sense, with fines for parking in areas that obstruct traffic. Breaking into a bank and stealing money will incur punishment – which is almost universal anywhere in the world with a relative alignment of the degree of the penalty. Today, even blatant internet crime is highly variable in terms of punishment or penalty. With less than 20% of the 196 countries in the world having any unified set of laws for enforcement of criminal activity on the internet, this is a challenging situation.

Today, the truth is that to ensure any reliable degree of anonymity, privacy and security of one’s self in the cloud you must take proactive steps at an individual level. This requires time, awareness, knowledge and energy. Hopefully this situation will improve, with certain levels of implicit expectations coming to the norm.

Page 2 of 2 « Previous 1 2