"Secret" service, now on Facebook!

sirjohnA small row in the UK because the wife of the new head of MI6 has placed pictures of her family including her husband on Facebook including information on the place where they live, where they go on holiday and other information. I think this is a good example of how more and more people are used to publicising information on themselves that they would not have thought about publicising some years ago.
Reaction of the foreign secretary: ‘It is not a state secret that he wears Speedo swimming trunks. Let’s grow up.’
Of course he is right on the swimming trunks. I omitted that picture not of secrecy but of bad taste … However this is an example how social networking is becoming part of our everyday existence and that even the family of the head of MI6 do not realize the width of the audiences like Facebook has.

We know what you did last summer

Some time ago I wrote about the dangers of developments like child dossiers used by governments. One of the major risks is that people that will use this information use it without knowledge of the context when the information was stored. Information without context is hard to interpret leaves a lot of room for personal biases.
The Rathenau project I am doing deals with how the information anyone can find on the Internet will more and more become the context from which much of the official information in databases like Electronic Patient Files, Child Dossier, Civil Administration and others will be interpreted. This I showed also in the case on the social services. And many will recognize how they are using information found on the Internet as the context of the CV of a job applicant.
In relation to the social services we can debate whether this is a bad thing. After all the government also used special “kliklijnen” where people can complain anonymous about the black market activities of their neighbour on welfare. Not to say I approve of this method but it is legal.
But what about a health insurance company that starts to search the Internet for information on their patients. By law the insurance company has no access to the patients medical record. Are they allowed to factor in the information they can find on the Internet? I would say not but how can we prevent them from using this information. We can not prevent them from finding this information…
An example someone from CBP gave made me think. Say a woman just found out she is pregnant and has discussed morning sickness on a forum on the Internet. A week later she has a job interview where the HR manager has found this information. Even though as a society we have accepted that a potential pregnancy should not be discussed in job interviews we can not prevent people from using this information when they accidentally find it. And due to all kinds of mechanism I will discuss soon it is getting harder to stay anonymous on the Internet.
We can and should not control the information that is on the Internet. But on the one hand we will have to develop laws that govern what institutions are allowed to use and on the other hand we ourselves will have to deal with the fact that much personal information can be found.
Unless of course your name is Jan Jansen…

Scalia likes …

Some time ago I had a discussion at the Rathenau institute with Geert Munnich about a new project they are setting up (the picture on the side I took of Geert and Mirjam Schuijff to show them that it is not only information they publish themselves that may harm their privacy but also pictures someone else might take that includes date and GPS data). During this meeting we talked about the idea that in a way the Internet is often used for the same purpose as the formal databases are used to find information about people. There is so much valuable information to find on people if you take some effort to find it. It is probably even richer than the data in many formal databases like those form the civil service.
In relation to this I came across this article. It deals with Judge Scalia of the supreme court in the USA. He has always played privacy issues down in relation to information stored on the Internet. However, recently a professor of law in the USA asked a group of his students to compile a dossier on judge Scalia based on information they could find on the Internet. This turned into a 15 page dossier with much information that is fairly personal like the food he likes, the movies he goes to, private e-mail addresses and more. The response of Scalia was as follows:

It is not a rare phenomenon that what is legal may also be quite irresponsible. That appears in the First Amendment context all the time. What can be said often should not be said. Prof. Reidenberg’s exercise is an example of perfectly legal, abominably poor judgment. Since he was not teaching a course in judgment, I presume he felt no responsibility to display any.

I think this reaction completely disregards the duty we have as a society to protect people from too much information floating around. We know that not everybody will be responsible with information they find.
Of course, there is nothing of interest to find about me …

Social netWORKing

Being the center of your networkOne of the most fascinating developments there are at the moment at the workplace is I think the use of social networking tools. What can ben seen in several reports is that the use of social networking tools (for example to find the right person for a task) is growing rapidly within companies (Funny thing is that in many cases this is happening completely below the radar of the IT department). The tools are used for example to find the right person with the right expertise as close by in your network as possible. Directly based on previous work done by people like reports they wrote, memberships of communities, questions they answered etc. Maybe even based on the emails you sent to specific people though in this respect there are of course issues on privacy that we have to deal with
IBM is developing some quite interesting applications around lotus connections dealing with social networking. Recently they have developed a tool called Atlas that is capable of showing you your network, how it relates to the subjects you are dealing, with and how to reach people. Important is that this information is also showed in relation to the company structure and (other) communities.
What I especially like about developments like these is that it gives the individuals in an organisation the power to create their own network besides the structure of the organisation. Links are being made that work instead of links that are made to control power (or am I being naive and will it still be used to do that?). I think due to the transparancy it will give the individual more power to reach his goals based on achievement instead of organisational position. People can create their own organisation that supports their work within the overall organisation. This leads to fascinating possibilities.
Of course their are lots of questions on how this will work. How do we deal with privacy, will the organisation not use the transparency to discipline people instead of giving them more freedom. What is the role of management in structures like these?

Context is King

IYOUITOne of the area’s of research from Telematica Instituut is using technology to determine the context of people. For example where you are, who you are with, what is your mood, what are you doing. This context is very usefull input for a lot of other things like recommendation (when you search for a restaurant to dine with you new girlfriend and value my opinion you do not want to use my recommendation of a restaurant I liked because it is so nice for the kids). So context is king for lots of new “social” applications.
For this we have created a new application called IYOUIT (meaning I, You and It). This is an application for mobile phones (Symbian S60) and constantly monitors your context and shares this with your friends. Recently this tool is made available to all. Have a look at it. It uses only the standard phone sensors (GSM signal, Bluetooth, WiFi, GPS if available) to determine things like location, who is close and such.
One of the things this also shows is the power of “mashup programming”. The application uses all kinds of readily available applications. Google Maps of course but also weathersites. Why measure local temperature (and be dependent on extra hardware sensors) if you can find the local temperature based on your location data on a existing weather site?

Scroogled

Rogier sent me this link. Especially this part was kind of icky:

The man made a note, did some clicking. “You see, I ask because I see a heavy spike in ads for rocketry supplies showing up alongside your search results and Google mail.”
Greg felt a spasm in his guts. “You’re looking at my searches and e-mail?” He hadn’t touched a keyboard in a month, but he knew what he put into that search bar was likely more revealing than what he told his shrink.
“Sir, calm down, please. No, I’m not looking at your searches,” the man said in a mocking whine. “That would be unconstitutional. We see only the ads that show up when you read your mail and do your searching.

“We do not look at your searches but at the add”. Somehow this statement gives me the shivers.

Google, formerly known as the NSA

I am member of a guidance committee for Rathenau instituut in the Netherlands for a project about privacy. In this project we deal with the changing concept of privacy in our society. I talked about it some time ago in this post. It still amazes me how much people put on the net (including what I put on the Net, look at the sidebar of this Blog).
In this project a special website has been developed that invites people to comment on privacy, discuss and share all kind of ideas in a creative way around this subject (the website is www.privacyproject.nl). The information on the side ranges from exhibitionists to people putting an image of their passport on the web to people completely hiding how they look in real life. In the end a television documentary will be made out of it.
There is one item on the site that is I think very interesting. A colleague of mine, Rogier Brussee, has a conspiracy their for some time that Google is in fact a front for the NSA. Funny thing is if you look in the history of Google that they got quite large initial funding in order to pay for all the servers they needed to store all their data. Without it Google would not be able to show how good they are. But at this moment there really was not even a beginning of a business model. So his theory is that the NSA is the one that funded it (this is the organization with one of the largest budgets in the USA so funding 30 million dollar is mere noise to them). Their strong emphasis on “Don’t be Evil” of course fits nicely into this idea…
Just look at what Google knows of you:

  • It knows what you are interested in based on your searches as well as what link in the search results you clicked (the link you click on is not the real link but links to Google and than transfers you to the site you wish to go. Also you can save bookmarks, the kind of information on your iGoogle page, Google reader to show what blogs you are interested in (subscribed as well as the one you click on to read). The list goes on: adds you click on, the spell checker I use to check this blog so they already know I am writing about this before I post it …)
  • It knows what you are going to do based on your calendar info. The one thing that really surprises me is that Google does not yet have a tool to store your to-do items since this is a much better way (finer grained) for predicting what people are doing than your calendar).
  • It knows with whom you communicate and about what, based on your Gmail.

An of course, items like google apps enhance the knowledge about you by knowing what you are writing (though you would have sent it out with Gmail so they would have known anyhow.
Looking at this amount of data they have about a lot of people must the the ultimate dream of the NSA. Looking at the video below it is clear that more people are beginning to be suspicious.

Though I must say that I am totally addicted to Googe: Gmail, Calendar, Apps, Psearch, Scholar, and probably lots of others I use but do not know they are Googles (I use a very nice ToDo app that for all I know may be a front for Google (who is a front for …). I use them all because I like how they work (Hey Google, when are you going to develop this ToDo application, and when you are at it, why can’t I synchronize with my phone through SyncML…. If you do that you also know who I am calling).
I just hope they are not Evil…..

Identity

When I have an appointment at an organisation that is very security conscious (e.g. Police, Thales, the home office and others) I normally have to show an official ID like driver license or passport. In normal life we all feel comfortable doing this when there is a reason for this security. And we see it as a normal task of the government to provide us with the means to identify ourselves in a way that creates a fair amount trust that we are who we say we are.In digital life there is a serious lack of trustworthy identification. At the moment I am developing a project that deals with organising prevention, care and cure bottom up. Not starting with the specialists but with the people in the local districts. Helping people organise this in their own district can help to strengthen the social fabric of our society. Through helping people to help each other and through a stronger say from the civilians living in these areas in what is important. For them and for the district. This is especially important in areas with problems like the Ella Vogelaar wijken in Rotterdam.
For some services you definitely need to know who the person is that is asking questions. For example in the case that a person wishes to view his medical info. Not from a big brother perspective but from the perspective of the user who does not want his information abused.
Yesterday I had a discussion with the EDBR in Rotterdam and this issue surfaced also here. The risk is that all organisations dealing with these areas are creating services that are going to develop their own identification, resulting in numerous ID’s and passwords. This makes the service less easy to use but also lowers the security dramatically because people will start to use easy passwords and such.
In real life we as well as the government feels it is logical that he government organises and operates a secure and trustworthy mechanism to proof identities. Why is it than that in the electronic domain the government hesitates so much. Several government administrators have been sent away due to problems with physical passports. But in the electronic domain, that is becoming more and more vital, the government leaves us in the cold. There is the service DigiD but the government is very hesitant to have this used by private companies (including hospitals).
Ensuring trustworthy identification is an important task of the government, in real life as well as in the electronic domain. For many initiatives that are using Internet to enhance the lives of civilians (us) and companies delivering services to these civilians it would be a big step forward when there is a trustworthy and easy to use identification service available for all.
Like a passport.

Quis custodiet ipsos custodes?

Does Wikipedia work or doesn’t it? That is the question.There is a lot of discussion on what the quality of Wikipedia is and how we should use it. An interesting point of view is the comparison with Open Source software. I think there are two quite important distinctions how Wikipedia and the Open Source movement handle the way they organize their processes.
Wikipedia is for the most part anarchy. Anybody can simply put some information in and correct whatever is there. Even when Einstein would have written the part about relativity than john doe can easily “improve” upon it. On pages where this leads to numerous changes (who the hell does this Einstein guy thinks he is by changing what I, John Doe, have shown to the world…) the adopt a feudalist approach where some people (the Aristocracy) have received special administrator powers by Jimmy Wales (the King, Wikipedia: c’est moi).
Open Source has adopted a much more open approach to this. Also here you find the few who are at the inner circle with special powers but they are promoted there by the group based on their merit. In software it is pretty easy to see if something works or not (most of the time). Either it crashes or it works. Either the function works or it does not. That makes it much easier to spot the talent and quality of developers compared to the quality of the contributors to Wikipedia. And of course: Linus Torvalds is no emperor. No, Linus is God and above us all. Considering the ubiquitousness of Linux at least he knows what we all are doing.
My conclusion is: you definitely need some sort of structure to make these things work. And the risk of structures, organisation and hierarchy’s is that they are easily abused.
But does this not like a lot like real (physical) life. The Romans already understood this: “who will guard the guards” (as you clever readers already understood from the title. I had to look it up on the Internet …).
We already have a history in mechanisms for this kind of situation for more than 3000 years since the forum in Athens and it is called democracy (OK, there where times when it did not work…).
In a democracy we elect people to rule our country. We elect people to make the laws and to enforce the laws. We appoint people that judge others within the context of that law. Reality is a big social network. And you know, when we are not satisfied with the ones that rule we send them away during election time.
The mechanisms in social software should not be that different from our democratic rules: we elect people in whom we trust that they will govern rightly. Some rules will be hard to change (the constitution or the way we vote for administrator) and others will be easy to change (parking fines or the mechanism how a recommendation is calculated), depending on how important they are for the foundation of the community. And regularly we will have the opportunity vote or run for administrator ourselves.
In order to make this work we should not just look at Machiavelli but also to Montesquieu who wrote about how to design the checks and balances to prevent the Machiavellian Kings.

Is your past coming to get you?

Just after my last post I read this article about the way digital traces from a young and sometimes foolish past can catch up to you. In the article I mentioned above from danah boyd a hypothetical case is written where somebody gets confronted during a job interview with the fact that she has protested against the WTO and Chinese policies (full case from the Harvard Business Review can be found here). In the guidance committee for Rathenau I talked about in the last post we also talked about a similar issue: what about all the pictures, video’s and other digital traces that show that we did some pretty silly things (well, I did… of course way past …).
Some of these things we would like not to be brought up during a job interview (or during a sales call, or …). Privacy seems to be terminally ill if she would not already have been deceased during my last post. Or is the context changing?
I think that the context is changing rapidly. Not just my silly actions from the past are online, yours are too, with the rest of the world. If people do not put the information online themselves, your ex-partner will (I will not post the link to this site due to bad taste, of the site that is :-)). It is a bit like in the movie “Crocodile Dundee”

Crocodile Dundee is explaining how they handle it when somebody has a problem in the Bush: If you have a problem, you tell Wally. Wally tells everyone … No problem.

When all our escapades are online than we will not be surprised to find all kinds of information that in the past we would have found not suitable. But now all is online. Just look in the digital mirror once in a while…
You put it on Internet, Internet tells everyone, No problem!