Control and Code: Privacy Online
April 3
Code is law; the architecture of the Internet and the software that runs on it will determine to a large extent how the Net is regulated in a way that goes far deeper than legal means could ever achieve (or at least ever achieve alone). Technological advances have also produced many tempting options for regulation and surveillance that may severely alter the balance of privacy, access to information and sharing of intellectual property. By regulating behavior, technological architectures or codes embed different values and political choices. Yet code is often treated as a technocratic affair, or something best left to private economic actors pursuing their own interests. If code is law, then control of code is power. If important questions of social ordering are at stake, shouldn't the design and development of code be brought within the political process? In this class we delve into the technological alternatives that will shape interactions over the Internet, as well as the implications of each on personal freedom, privacy and combating cyber-crime.
Readings
- John Palfrey and Hal Roberts, The EU Data Retention Directive in an Era of Internet Surveillance
- Abelson, Ledeen, Lewis, Blown to Bits, Chapter 2: Naked in the Sunlight: Privacy Lost, Privacy Abandoned
- Jonathan Zittrain, Future of the Internet, Chapter 9: Privacy 2.0
- Warren and Brandeis, The Right to Privacy
Optional Readings
- "Making Sense of Privacy and Publicity." Transcript of talk given by Danah Boyd at SXSW. Austin, Texas, March 13, 2010
- Solveig Singleton, Privacy as Censorship (CATO)
- Lawrence Lessig, Code 2.0: Privacy
- http://paranoia.dubfire.net/2009/12/8-million-reasons-for-real-surveillance.html
- Narayanan and Shmatikov, How To Break Anonymity of the Netflix Prize Dataset
- Brin and Page, The Anatomy of a Large-Scale Hypertextual Web Search Engine
- Noam Cohen, It’s Tracking Your Every Move and You May Not Even Know (NYTimes, March 26, 2011)
- http://en.wikipedia.org/wiki/Human_flesh_search_engine
Class Discussion
April 3: Control and Code: Privacy Online Just Johnny 17:12, 15 February 2012 (UTC)
This NYTimes article about surveillance over a variety of technological mediums in Great Britain could easily be another piece of HW for tomorrow's class if anyone is interested: http://www.nytimes.com/2012/04/03/world/europe/british-government-eavesdropping-plans-draw-protest.html?hp
Interesting about Hotspot Shield, I definitely was one of the people who used it and got the impression it was private without actually noticing what it allowed AnchorFree to track. On the other hand, I'm not at all surprised by the level of intentionally misleading speech Google employs to explain its (lack of) privacy protections by taking some extremely literal approaches to what they do or don't collect. If you have all of the components of a bomb and the ability to create it, it is a little misleading to say "I do not have a bomb in my possession in any way." I doubt the police would agree with this literally correct statement. That's what Google is doing when it says it doesn't collect personal info... it just collects all of the resources needed to immediately extrapolate that personal info, which it may or may not do any time it pleases.
There is still always the problem of information overload: it's no longer what info you can collect (since, as Google shows, you can get basically anything from the average user), but rather how good you are at searching and parsing it into something useful. There is also the issue that, like we discussed with the value of immediacy over accuracy in news reporting through Twitter, it is quite possible for people with good intentions to ruin someone's privacy and safety through a rush to judgement. Look at the Trayvon case, where someone (I think it was Spike Lee?) tweeted what he though was the home address of Trayvon's killer and it ended up being the residence of an older couple who had to leave in fear for their lives. When everything is accessible, massive mistakes can be made in the space of a keystroke, and cannot be undone so easily.
I worry about the word "consent" in terms of the information we share through our technology nowadays. We lose a right to privacy when we intentionally share information with the public; we consent to have that data known. But how many people understand what they are sharing by having a smartphone/GPS in their pocket 24/7? Is the fine print in the cell phone contract enough to count as consent? What about the location tags if I post to Facebook from my phone? How do we measure the level of understanding an individual has of what their technology is broadcasting about them and decide if it counted as "informed consent?"
This week’s articles were so far the most interesting and appealing to me. The first article about the European Union and their Telecom surveillance was very accurate. The big difference between Europe and the United States in this matter is that unlike the US Government, most European governments are “spying” on their citizens through phone taps and the internet even when national security isn’t at risk. The best example of this are the numerous phone and computer taps applied to VIPs and politicians in Italy especially. The second article was also very fascinating especially when it cited George Orwell’s 1984. I fully agree with what is written in the article and I believe that people nowadays might complain about Government intrusion and their violation of our privacy, but to a certain extent people who use Facebook or even worse, Twitter to always let people know where they are or what they are having for breakfast, are the people who really shouldn’t have anything to say against governmental surveillance. I live in Italy and history has taught us that the biggest Mafia bosses like Toto’ Riina and Bernardo Provenzano were able to hide for decades without being tracked because they didn’t use technological instruments for communicating, but the famous “pizzini” which were pieces of paper with written commands passed on from man to man without being intercepted or tracked by the police. The Privacy 2.0 article was also interesting and I particularly liked reading the 1973 blue-ribbon panel report regarding the relationship between people and organizations/institutions where a physical person is starting to become simply a name on a computer file. I have experienced this to some extent in terms of job searching. I would describe myself as being a very charismatic person with a decent resume for my age, but unfortunately most jobs I have applied to in the past use an online application system where you just send in your resume and then wait for an improbable interview. I always feel as if I could really advertise myself well if I was given a chance to meet personally with an employer but so far this has not been the case, and I personally blame technology. The article written by Supreme Court Justices Warren and Brandeis was very eloquent and truthful. When I used to take Constitutional Law in college, I was always reminded by my professor that in the US Constitution there is no such word as “privacy”, even though it is one of the biggest legal issues concerning everyday citizens. Emanuele 16:14, 3 April 2012 (UTC)
Great articles. I thought the Brandeis paper was fascinating because you could have removed the publication date and I'd be convinced this was written in the past 10 years and the technologies being discussed were the tools of social media and new media (twitter, blogging). @ Emmanuelle I thought you have some great insight into the EU article. Given the Murdoch UK Scandal I'd be interested in a study that measures the amount of cases "solved" with assistance of digital fingerprints or outright surveilance in contrast versus traditional policework. What is the trend? What is the trend in our quality of privacy given the Brandeis paper? His paper had me believe these problems make "1984" look like old news (or at least they foresaw a trend that would lead to further concern). Also concerned with the number of tools available for people today to snoop on others privacy such as the cellphone services. I'm interested to see what people think of the pro's v. cons of the evolution of our privacy slipping. Brendanlong 17:12, 3 April 2012 (UTC)
This week’s readings made me think of how exposed we are in a digital world, and how difficult it is to avoid being exposed, since our behaviors leave fingerprints and footprints that can be traced. The advent of new technologies also made it easy to find information quickly about individuals. For example, it is not unusual for companies to snoop on their employee’s activity on Facebook. I also agree, to some extent, that certain individuals like to be exposed, for instance, by posting pictures of themselves on Facebook and telling people what they are doing or where they are by posting on their statuses or checking into places using applications on their phone. Due to the findability and availability of personal data, users must be cautious of their online use. For instance, Facebook’s default privacy setting is that “everyone” can publicly view your profile and activities. Most of the time I do not think about privacy invasions, because I do feel some sense of control in allowing who can access my personal information, such as blocking certain people on Facebook. I also do not mind that certain data are made public, if I do not have anything to hide. For instance, I like the fact that hiring managers can “google” my name to find out whether or not I had lied on my resume regarding my employment history. In other cases, I do occasionally worry about identity theft, but new technologies also made it easy track down the offender. Regarding my debit card, I check my bank statements regularly. So, I really think that there are some measures that people can take to protect themselves, since it is difficult to avoid being exposed or leaving a trace. Qdang 18:16, 3 April 2012 (UTC)
Interesting point Brendan on the UK Murdoch scandal... There are certainly age-old constitutional questions regarding this week's readings The notion of privacy is at the heart of this age-old question of legal overreach concerning our "natural" rights to exchange information privately. In particular, the EU Data Retention article is an eyeopening reminder that the internet is full of holes in which security agencies can extract data in non-transparent or covert ways, particularly data that does not necessarily require the legal modalities to extract. Furthermore the centralized nature of the ISP's seems to establish the infrastructure for the practical monitoring of data. The fact that such large quantities of information can be centralized in a few major portals such as Google and Facebook must be a concern if laws are structured in such a way that these internet agencies must comply with private information requests from the government.
One section of the EU retention article is particularly telling:
"We know that the NSA is engaged in some level of warrantless surveillance of the international communications of U.S. citizens, but we do not know precisely what is being done with the data."
George W. Bush's administration was the first time in my generation that I had to be concerned about my privacy, and how the government could seemingly circumvent what we assumed to be legal protections from the Constitution. With the fluidity of the infrastructure, laws that may compel telecommunications companies to provide information, and furthermore a lack of transparency by government security apparatus's, privacy and the internet will be a continued subject for discourse, particularly as circumvention measures increase power of programmers over the security of the users as stated in the story. --Jimmyh 17:20, 3 April 2012 (UTC)
I thought it was pretty neat how Brandeis and Warren were effectively peering into the future and accurately writing about our society's current issues. I agree with Brendan on that one.
I think that it can be easy to forget how little privacy we actually have, or maybe it's just that people define privacy in different ways. By now, most everyone knows that what you post on Facebook is basically public (even if your profile is private!), but people don't generally close their accounts over that. Instead, those who are concerned with privacy but still want to use the social media site try to limit what they post, or tend to be a bit more careful (one would like to think, anyway). I think our actions show that we're more accepting of less privacy, even if someone were to ask us about this, we'd say we were in favor of more privacy. Part of this has to do with convenience. But it's also important to consider the environment we live/grew up in. To many of us, certain "privacy losses" are the norm (having our photos online, etc). In "Blown to Bits," they write, "The social evolution that was supported
by consumer technologies in turn made us more accepting of new enabling
technologies; the social and technological evolutions have proceeded hand in
hand."
On the flip side of that, I think most of us would be reluctant to endorse RFID scanning of humans (although my dogs are "micro-chipped"!), RFIDs tracking our shoes/steps, or the grocery checkout scenario (in chapter 2 of "Blown to Bits") in favor of a little more convenience.
One thing that really stuck out to me was how the concept of "public" has dramatically changed. Sure, campaign contributions or voter records have been available to the public for some time now, but not to the global public. In general, we all know this is as a fact (that the general public is now the "global public"), but if you take a second to think on it, it blows your mind.
Companies "accidentally" take personal information they aren't entitled to fairly regularly. What the heck is Google up to these days, anyways? Thanks to their street view cars, they must have a nice collection of personal WiFi network information by now. But how much do we really care? What is being done about this/who is really and actively speaking out? How much does it bother you/what do you do about it? Aberg 19:46, 3 April 2012 (UTC)
The readings for this week about privacy and surveillance on the Internet were very interesting. They made me recall a Colombian case very close to my life. In 2009 I was studying a Summer School at Los Andes University in Colombia. Coincidentally one of the Colombian President Uribe’s sons was doing the same course, and we were in the same working group. We had to do the final presentation, and met for a couple of times, but suddenly he disappeared, didn’t answer the phone or e-mail anymore. Later we knew that somebody created a group in Facebook called “My compromise is to kill Geronimo Uribe (President’s son)” and his security guards had to hide him and take the most vigilant measures, especially because the present of the FARC in Colombia, an insurgent guerrilla commonly associated with terrorism acts, makes every situation like to be taken seriously.
Thus, initially this group was attributed to the FARC by the Colombian government. Nevertheless, three months later the police managed to capture the creator of this group. He was a university student around his third year making a joke, but he didn’t know what Internet surveillance was capable of, and had to pay the consequences. He used an old laptop to enter Facebook from his house, located in the countryside of Bogota, Colombia’s capital. Although it was a relief to know that the real source of this threat to the President’s son was a teenager making a joke, first of all he had to apologize for his actions, and second he went to trial to pass sometime in jail.
At that time I was wondering how was possible to achieve this capture. I was surprised by the ability of the tech people from the police to track this person’s movements, but this week, after reading the Jhon Palfrey and Hal Roberts’ article I realized how easy is track information through the Internet. Moreover, I felt more astonished knowing that surveillance and violation of privacy is possible even when the information is encrypted.Fabiancelisj 19:59, 3 April 2012 (UTC)