Tinkebell

Regarding privacy a lot of fuss is often made about the information that the government collects about this. And I must say the government collects a lot.

An interesting case recently was with two criminals in the Netherlands. After stealing 21 cars they have been apprehended. The police stores every license plate in a database of every care that drives on the highway at Zwolle. It turned out that each time a stolen car drove by the same car was just behind it. This is the first time that the judge has to decide if this large database of car movements in the Netherlands can be legally used to search for clues.

As for the storage of personal information we can distinguish three domains who has access to the information: the government, (networks of) companies and the Internet.

As for the Government I am not that worried. I do believe that we have a strong democracy that will correct itself when information is misused too often. Of course that government may change. However, when it changes the government would start to implement a lot more means to spy on us anyway. As long as the use of the information is transparent I won’t lose much sleep over it.

As for companies it starts to become more complex. Banks, Supermarkets, web-stores, Google and others collect huge amounts of data. When companies combine this information it makes you feel digitally naked. Sometimes this is information that is collected without the person knowing that it is collected.

The website geencommentaar.nl had collected the IP addresses of people that signed a petition with false names after a post at another website, geenstijl.nl that asked people to invalidate the petition. These IP addresses where than supplied to other websites in order to block the people behind it. The CBP has taken action in this case.

There are rules to what kind of information can be combined but it is often a shady area. In the example above it became transparent but especially in commercial environments it will often be hidden. The risks are significant. Much of this information in the hands of insurance companies will lead to a risk selection that is, from a societal point of view, not what we want. The acquisition of hospitals by insurance companies is a dangerous move in this respect.

In this case we are talking about information collected by (fairly large) companies. And companies can be found and are subject to regulations. This means that with a good legal framework it is a subject that can be controlled to a large extent.

As for Internet things are getting messy. The Internet is more and more used by people as the context to interpret information. If someone applies for a job he or she is googled. If a social worker is looking into a case it is not only the “kinddossier” that they look at but also hyves is checked. Internet has become the context in which official information is interpreted. And context information may be more important than the official information…

Problem which information on the Internet is that it is much harder to control in presence and in use. You can not stop a company from using the information on a potential pregrancy of a candidate that they have found. And you often can not have information removed that you do not like. And sometimes people leave information on websites that is plain false in order to harm someone.

People should become much more aware how much information can be found on them. Tinkebell recently published a book with all the hate-mail she got combined with personal information of the people that had send this e-mail. The people sending the hate-mail had the idea that they could send their messages in anonymity. Of 30% of the hate-mail she has received she could find extensive personal information on the net and has published this personal information together with hate-mail. I think a brilliant action.

We can not stop the amount of personal information on the Net. It is not just the information you publish yourself but also information others publish about you. What we need is some sort of digital mirror that shows us how the world sees us through the eyes of the Internet. Just like the mirror that hangs in you hallway and where you check your physical representation before going into the world. And like how we use clothes to create an image to the outside world we will pro-actively plant information on the net to create the image we want.

Have you already checked you profile?

Reaction of the foreign secretary: ‘It is not a state secret that he wears Speedo swimming trunks. Let’s grow up.’

Of course he is right on the swimming trunks. I omitted that picture not of secrecy but of bad taste … However this is an example how social networking is becoming part of our everyday existence and that even the family of the head of MI6 do not realize the width of the audiences like Facebook has.

The Rathenau project I am doing deals with how the information anyone can find on the Internet will more and more become the context from which much of the official information in databases like Electronic Patient Files, Child Dossier, Civil Administration and others will be interpreted. This I showed also in the case on the social services. And many will recognize how they are using information found on the Internet as the context of the CV of a job applicant.

In relation to the social services we can debate whether this is a bad thing. After all the government also used special “kliklijnen” where people can complain anonymous about the black market activities of their neighbour on welfare. Not to say I approve of this method but it is legal.

But what about a health insurance company that starts to search the Internet for information on their patients. By law the insurance company has no access to the patients medical record. Are they allowed to factor in the information they can find on the Internet? I would say not but how can we prevent them from using this information. We can not prevent them from finding this information…

An example someone from CBP gave made me think. Say a woman just found out she is pregnant and has discussed morning sickness on a forum on the Internet. A week later she has a job interview where the HR manager has found this information. Even though as a society we have accepted that a potential pregnancy should not be discussed in job interviews we can not prevent people from using this information when they accidentally find it. And due to all kinds of mechanism I will discuss soon it is getting harder to stay anonymous on the Internet.

We can and should not control the information that is on the Internet. But on the one hand we will have to develop laws that govern what institutions are allowed to use and on the other hand we ourselves will have to deal with the fact that much personal information can be found.

Unless of course your name is Jan Jansen…

• In some cases Google has by accident photographed famous dutch people. Even though the faces are blurred in most cases the people are still clearly recognisable. This may of course be a problem since it makes the place where someone lives visible for everyone.
• In one case a crime is even solved. Some time ago a person was mugged in the street, just a the moment the Google streetview care was driving by taking pictures. The criminals got away. After some months the person looked at the streetview pictures of that location and to his surprise he could see himself and the boys that mugged him running away. He called the police, they called Google for the un-blurred pictures and got them. The criminals are apprehended.

Streetview now even has it’s own site where remarkable pictures can be found. Two people walking hand in hand on four separate pictures and others, famous people, people driving through red and others. The sheer amount of pictures that are being taking leads to all kinds of new questions how we should deal with it in relation to privacy.

How do you feel about this trend, do you see it as an invasion of your privacy?

In relation to this I came across this article. It deals with Judge Scalia of the supreme court in the USA. He has always played privacy issues down in relation to information stored on the Internet. However, recently a professor of law in the USA asked a group of his students to compile a dossier on judge Scalia based on information they could find on the Internet. This turned into a 15 page dossier with much information that is fairly personal like the food he likes, the movies he goes to, private e-mail addresses and more. The response of Scalia was as follows:

It is not a rare phenomenon that what is legal may also be quite irresponsible. That appears in the First Amendment context all the time. What can be said often should not be said. Prof. Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any.

I think this reaction completely disregards the duty we have as a society to protect people from too much information floating around. We know that not everybody will be responsible with information they find.

Of course, there is nothing of interest to find about me …

The man made a note, did some clicking. “You see, I ask because I see a heavy spike in ads for rocketry supplies showing up alongside your search results and Google mail.”
Greg felt a spasm in his guts. “You’re looking at my searches and e-mail?” He hadn’t touched a keyboard in a month, but he knew what he put into that search bar was likely more revealing than what he told his shrink.
“Sir, calm down, please. No, I’m not looking at your searches,” the man said in a mocking whine. “That would be unconstitutional. We see only the ads that show up when you read your mail and do your searching.

“We do not look at your searches but at the add”. Somehow this statement gives me the shivers.

In this project a special website has been developed that invites people to comment on privacy, discuss and share all kind of ideas in a creative way around this subject (the website is www.privacyproject.nl). The information on the side ranges from exhibitionists to people putting an image of their passport on the web to people completely hiding how they look in real life. In the end a television documentary will be made out of it.
There is one item on the site that is I think very interesting. A colleague of mine, Rogier Brussee, has a conspiracy their for some time that Google is in fact a front for the NSA. Funny thing is if you look in the history of Google that they got quite large initial funding in order to pay for all the servers they needed to store all their data. Without it Google would not be able to show how good they are. But at this moment there really was not even a beginning of a business model. So his theory is that the NSA is the one that funded it (this is the organization with one of the largest budgets in the USA so funding 30 million dollar is mere noise to them). Their strong emphasis on “Don’t be Evil” of course fits nicely into this idea…
Just look at what Google knows of you:

• It knows what you are interested in based on your searches as well as what link in the search results you clicked (the link you click on is not the real link but links to Google and than transfers you to the site you wish to go. Also you can save bookmarks, the kind of information on your iGoogle page, Google reader to show what blogs you are interested in (subscribed as well as the one you click on to read). The list goes on: adds you click on, the spell checker I use to check this blog so they already know I am writing about this before I post it …)
• It knows what you are going to do based on your calendar info. The one thing that really surprises me is that Google does not yet have a tool to store your to-do items since this is a much better way (finer grained) for predicting what people are doing than your calendar).
• It knows with whom you communicate and about what, based on your Gmail.

An of course, items like google apps enhance the knowledge about you by knowing what you are writing (though you would have sent it out with Gmail so they would have known anyhow.

Looking at this amount of data they have about a lot of people must the the ultimate dream of the NSA. Looking at the video below it is clear that more people are beginning to be suspicious.

Though I must say that I am totally addicted to Googe: Gmail, Calendar, Apps, Psearch, Scholar, and probably lots of others I use but do not know they are Googles (I use a very nice ToDo app that for all I know may be a front for Google (who is a front for …). I use them all because I like how they work (Hey Google, when are you going to develop this ToDo application, and when you are at it, why can’t I synchronize with my phone through SyncML…. If you do that you also know who I am calling).

I just hope they are not Evil…..

For some services you definitely need to know who the person is that is asking questions. For example in the case that a person wishes to view his medical info. Not from a big brother perspective but from the perspective of the user who does not want his information abused.

Yesterday I had a discussion with the EDBR in Rotterdam and this issue surfaced also here. The risk is that all organisations dealing with these areas are creating services that are going to develop their own identification, resulting in numerous ID’s and passwords. This makes the service less easy to use but also lowers the security dramatically because people will start to use easy passwords and such.

In real life we as well as the government feels it is logical that he government organises and operates a secure and trustworthy mechanism to proof identities. Why is it than that in the electronic domain the government hesitates so much. Several government administrators have been sent away due to problems with physical passports. But in the electronic domain, that is becoming more and more vital, the government leaves us in the cold. There is the service DigiD but the government is very hesitant to have this used by private companies (including hospitals).

Ensuring trustworthy identification is an important task of the government, in real life as well as in the electronic domain. For many initiatives that are using Internet to enhance the lives of civilians (us) and companies delivering services to these civilians it would be a big step forward when there is a trustworthy and easy to use identification service available for all.

Like a passport.

Some of these things we would like not to be brought up during a job interview (or during a sales call, or …). Privacy seems to be terminally ill if she would not already have been deceased during my last post. Or is the context changing?

I think that the context is changing rapidly. Not just my silly actions from the past are online, yours are too, with the rest of the world. If people do not put the information online themselves, your ex-partner will (I will not post the link to this site due to bad taste, of the site that is ). It is a bit like in the movie “Crocodile Dundee”

Crocodile Dundee is explaining how they handle it when somebody has a problem in the Bush: If you have a problem, you tell Wally. Wally tells everyone … No problem.

When all our escapades are online than we will not be surprised to find all kinds of information that in the past we would have found not suitable. But now all is online. Just look in the digital mirror once in a while…

You put it on Internet, Internet tells everyone, No problem!

It is amazing how much information can be found on all of us. So much that it amazes me when I can not find digital traces of a person on the Internet. Recently I talked to a job applicant at Telematica Insituut. One of the things I always do before the interview is Google the person. Sometimes quite interesting information pops up that you can use in the interview. In general I feel this is good. It gives me much more insight in what a person really has done. When I googled this person, to my surprise, no info at all came up. It surprised me so much that during the Interview I made it a subject to talk about (after all, we did make him an offer…).

But there is also a down side to this. I am member of a committee guiding the research on privacy by the Rathenau instituut, an institute that does research on politically sensitive subjects in order to inform parliament and other politicians. During on of the discussions we had on a report that is recently published (you can find it here) somebody gave an example that made me think:

Suppose you are female. And you are three months pregnant. And you are looking for a job.

As as society we have arranged that a future employer is not allowed to ask if you are pregnant. Because this would put women in a disadvantaged position. After all, men can’t get pregnant. This is a delicate issue: the future employer, especially if it is a small company, can be seriously harmed this way. But as a society we feel that this solution is the best possible.

Next comes our wonderful world of social software. Buying and selling things (baby stuff), discussion on all kinds of fora (what to do when you are three months pregnant) and of course blogging (how happy you are). The more important these kind of fora are for us, the more chance there is that digital traces can be found. And that may Not Always Be A Good Thing. Of course, people can use other names but the more important these Internet based social structures are for our lives, the less room there will be for fake names (remember reputation?).

On the one hand I think that we will have to accept that the nature and importance of privacy has changed. More and more we will have to look in our digital mirror to see how the other people see us through the digital domain. I think many people already sometimes type in their own name in Google to see how the world sees us. I do! On the other hand we have to realize that, because of the different mechanisms on the Internet, we have to develop other measures to protect people in situations we have agreed to protect.

I do not believe in a ban on googling an applicant. Employers will do this anyhow and will take the information they have found in consideration. Making some sites not searchable is also not the answer since this would make them worthless. I do not have the answer but I do know that we, as people working on social software, will have to develop the answers in the coming years.