Thursday, March 31, 2005

Google adds a (dangerous) Firefox tune-up

Google has announced advanced searching with Firefox:
Now Google's faster than ever on Firefox and Mozilla browsers. When you do a search on these browsers, we instruct them to download your top search result in advance, so if you click on it, you'll get to that page even more quickly.
But Ed Bott (via Ed Felton) shows how pre-loading (and caching) content on my machine can be dangerous:
I'm not so sure I like this idea. It's basically the "I feel lucky" option with an extra click. On a broadband connection, would I even notice the difference? On a dial-up connection, which I had to suffer with last week, it would impose a performance penalty. I'd prefer it if this were an option.

And why only for Firefox? Is there a technical reason why this can't be done for another browser?

Updated: The more I think about this, the less I like it. What if the top search result contains content that is objectionable? If I do a perfectly legitimate search on my work computer, I have the option to avoid downloading that page based on its summary and title. But if the page downloads for me, it goes through my company's proxy servers, where it gets logged as something I downloaded. It's also cached on my computer. If that page happens to include porn or other unwanted content, I could get in serious trouble and even lose my job, even though I am completely innocent.

Google Help explains how to disable this feature in Firefox...

The default should be off, not on, in my opinion. A browser should never, ever download content from a site that you didn't specifically choose to visit. What are Google's developers thinking?

Technorati tag:

ChoicePoint to Allow People Access, but Questions Remain

The AP is reporting that ChoicePoint will allow consumers to access and review their personal information on file with the data aggregation company.
"You will receive the reports that we have on you," Don McGuffey, the firm's vice president for data acquisition, told the state's Senate's Banking, Finance and Insurance Committee on Wednesday.
This is a promising step in addressing the many problems related to the ChoicePoint fiasco, but many questions remain:
  1. Will I need to pay for reviewing my record?
  2. How often can I view my record?
  3. Will all information possessed by ChoicePoint about me be disclosed?
  4. Will I be able to see who has accessed/purchased my record?
  5. What mechanisms will be in place for me to be able to correct my record?
  6. Can I opt to have some information removed from my record?
Such questions need to be addressed to make such a move by ChoicePoint toward transparency more meaningful.

Technorati tag:

Thursday, March 24, 2005

Problems of Personalized Search

Google Blogoscoped has an interesting post on the potential problems of personalized search, including (a) as users change their behavior, relying on prior behavior becomes less accurate, (b) users don't like to login, (c) users don't always want localized searches, and so on.

The discussion, however, specifically excludes the concern over privacy with personalized searches:
The problems run deeper (and I will avoid the problem of privacy, because who knows – we might be walking into a future where people give up privacy to gain the most from web sites).
This omission is irresponsible. Privacy is a fundamental concern with web searches in general, and specifically with personalized search. The ability for a search company to efficiently track and record my search habits and tie them directly to my identity has deep privacy implications. I've commented on that here and here.

Further, its wrong to discard such privacy concerns when discussing personalized search on the basis that perhaps some people are willing to give up some privacy in order to efficiently search the web. That is exactly what is at issue, and needs to be discussed. It certainly is possible that some will make that decision (trading the value of privacy for the value of efficiency), but we will not be fully prepared to make such decisions without a public debate.
UPDATE: Philipp Lenssen at Google Blogoscoped responds to my comments, recognizing the need to discuss the privacy considerations of personalized searching. Here are some of his comments, with my new responses:
In the end, isn’t it everyone’s choice to give up certain privacy, if they are aware of what they’re giving up?
That’s a very big IF. Awareness is a key problem with privacy of personal information. Think of how few people even heard of ChoicePoint, let alone realize how much personal information they aggregate from various sources, both public and private.
there’s too much information out there for anyone to actually go through it
That logic no longer holds as information technology becomes more and more sophisticated. First, our personal information is becoming digitized: our purchase habits, our video & library rentals, doctors visits, toll booth payments, etc are now computerized. That increases the ease of collection, storage, and analysis. Coupled with this is the increased processing power and sophistication of computers and data-mining tools, easing the ability to process and analyze these mountains of data to find patters, create profiles, and even piece together separate bits of information in order to complete a “picture” of my typical day.
what kind of concrete privacy issues would you have with, say, a personalized Google?
Numerous issues come to mind: how do they track my search terms and links I click on? how is this information matched with my Gmail, Calendar and other (future) Google services? do they sell this data to marketers? to ChoicePoint? to private investigators? what legal constraints exist to prevent law enforcement from getting this data? do they need a warrant? a supeona?

These questions remain not only unanswered, but not properly explored. One suggestion for further reading is Daniel Solove’s “The Digital Person: Technology and Privacy in the Information Age”

I’m not saying that personalized search will be necessarily harmful in terms of the privacy of personal information. And perhaps users will choose to decrease privacy in order to increase efficiency or some other value. But these issues need to be critically examined in the public sphere.

Technorati tag:

Fordham Conference on "Law and the Information Society"

Fordham University School of Law is hosting a conference on "Law and the Information Society" on April 7-8.
Date(s): 04.07.05 | Thu -- 04.08.05 | Fri
Time: 9:00 a.m. – 5:00 p.m. and 9:00 a.m. – 1:00 p.m.
Location: James B.M. McNally Amphitheatre, Fordham University School of Law
Sponsor: Fordham Law Review

This Conference brings together a group of leading academic scholars to consider topics of information law and policy in the context of societal values. Rather than focus specifically on one area such as privacy or intellectual property, the conference plans a broad examination across a range of related areas that will make an important contribution to the literature with topical relevance and enduring merit. The chosen issues are:
  • The Co-existence of Privacy and Security
  • Information Regulation and the Freedom of Expression
  • Responsibility and Liability on the Internet
  • Intellectual Property and Public Values
  • Market Regulation and Innovation
  • Information Technology and International Trade
Panel speakers include Helen Nissenbaum (my advisor), Daniel Solove (I review his book, The Digital Person: Technology and Privacy in the Information Age, here), Orin Kerr, Beth Noveck, and Susan Crawford.

Technorati tag:

Wednesday, March 23, 2005

More on GoogleNews: Sources, Bias, Purpose

The concern over content selection at GoogleNews continues on Buzzmachine. I've had various reactions, which can be found throughout the comment threads, and in my earlier post on transparency. Allow me to highlight three more issues:

Sources
This issue first arose when Jeff Jarvis questioned the inclusion of Nazi news sources in GoogleNews, and called for his readers to list other "questionable" news sources in order to "judge GoogleNews' judgment."

Reader submissions included Infoshop (appears to be an Anarchist news site), antiwar.com, The Center for American Progress (described by a commenter simply as "lefty"), The World Socialist Website, Executive Intelligence Review (described by a commenter as "that outright lunatic Lyndon LaRouche's publication"), Jihad Unspun (which appears to be a very anti-American site), and Prensa Latina (Cuba's state-run media).

I'm not here to defend or support the actual content of these various news sites, but I question the point in collecting a list of "questionable" news sources. Jarvis states "I'm not suggesting that there should be an orthodoxy of news or certification of news," but it certainly does sound like he's suggesting exactly that. Calling for transparency is one thing, but gathering lists of "questionable sites scraped by Google" sounds like little else than a desire to create a regime of news certification.

The whole point of GoogleNews is that you have a wide variety of sources. You can read, filter, process, absorb what you want, and ignore the rest. A plurality of voices, perspectives and, yes, even biases is a positive feature of web-based news aggregation. Readers might actually learn something about the world (and themselves!) by reading about how people they don't agree with (including anarchists, socialists, leftys, communists, etc) see an issue.

[To his credit, Jeff later asks for suggestions of what other sources should be included in GoogleNews which are not - a much more valuable endeavor.]

Bias
Many commenters suggested bias at GoogleNews in not only the selection of news sources, but also which articles are listed from a search query. Such things are difficult to prove, but bias in computer systems do exist. (see B. Friedman and H. Nissenbaum, "Bias in Computer Systems" (pdf), ACM Transactions on Information Systems July 1996, 330-347.) Three kinds of biases could exist here:

Technical bias, which would arise from technical constraints, such as only certain types of news sites are available to Google's crawlers, an error in Google's algorithms allowing certain sites to appear to be more relevant, etc.

There also could be preexisting bias, having its roots in existing social institutions, practices and attitudes. Perhaps Google only lists certain news sites and not others because existing cultural norms preference one type organization over another. Perhaps the writers of the code themselves had biases in the type of news they would like to have appear on GoogleNews' pages.

The third bias is emergent bias, which is when a bias emerges only in a context of use. Perhaps only after a sharp increase use of (reliance on?) GoogleNews for providing news information has a bias in news sources emerged.

In all accounts, biased computer systems are instruments of injustice, though admittedly, to varying degrees. In Google's case, bias would certainly violate their unofficial "don't do evil" motto and destroy public trust in the company. For such reasons, freedom from bias must be counted among the set of criteria by which the design of technical systems are evaluated. (For more on this last point, see our Values in Design website)

Purpose
Finally, the actual purpose of GoogleNews is at issue here. How do we (how should we) define GoogleNews: do they "report" news (in the sense of how the NYT or FOXN report), or do they simply provide "access" to what others report (merely a gateway).

Put another way, should GoogleNews be a place one can find for only certain news reporting, or a place where one can find all news reporting. Are they a portal to all that's out there, or a gateway to only the "good" stuff? How we answer these questions is vital to what we can expect (demand?) from GoogleNews.

(Interestingly, this debate mirrors many of the concerns throughout the history of dictionaries and encyclopedias: should a dictionary be a source for each and every word you come come across (including slang, profanity, improper words), or a source for only proper English words)
UPDATE: Jeff Jarvis responds to my discussion of "Source" above, countering my argument for plurality in news sources with the sentiment: "Is it worth knowing what nazis think is news? No, it is not. In no universe." I disagree. And so does this commenter at his site:
Actually, on the premise that exposure to all knowledge is to be desired, I disagree that Nazi news should be excluded. I try to read news from those who disagree with me and those like me, so that I won't cut myself off from those points of view.

If more of us read the hatred and exaggerations of Nazis, as we do read them from al-Qaeda and other hate-filled organizations, we might be more aware of the negatives involved. And act more sensibly in the interests of reason and the reasonable.

Technorati tag:

German Greens Worry About Google

[via Google Blogoscoped]

The German green party, Bündnis 90/ Die Grünen, is worrying about search engine monopolies and a lack of transparency (and a long-lived cookie) in Google. The green party is currently ruling this country in a coalition with the SPD. Their timing for these statements seems a little awkward, as there’s nothing new to be found. Some excerpts from their publication from March 21 [Blogoscope's translation]:
“For many internet users, Google is synonymous to searching: 75% use Google to find information. The verb “to google” even made it into the dictionary.

Search engines make it easy to find a variety of information online. But they’re doing more than that: they decide on what will be shown first, and what will not be shown at all.

The Green party wants to have a barrier-free access to information. Citizens must be able to gather information from different sources. This is the basis for participating in a democracy. (...)

To avoid depending on one information, the Green party thinks it’s important we strengthen alternatives to search engine monopolists.”

Technorati tag:

Tuesday, March 22, 2005

Privacy and VehicleTravel

Privacy.org points to a Boston.com article that discusses recent privacy concerns about the upcoming implementation of E-ZPass (electronic toll collection) in New Hampshire:
The E-ZPass system that will soon make it easier to pay tolls in New Hampshire will make it easier to track people's movements, privacy advocates warn.

State officials say strict policies are in place to prevent that, and stress that E-ZPass will be voluntary. They also say the system will reduce traffic congestion and put off the need to expand the current toll plazas.
PrivacySpot pointed to a similar article today (from US News) which lists new gadgets that collect information on speed, braking, acceleration, location of cars which are targeted to parents who want to keep better tabs on their kids' activities and driving habits. This article makes no mention of any privacy concerns (there's no guarantee that such tools would be used only in parent-child relationships).

Both of these articles bring to light many of the growing privacy concerns related to advances in both information & automotive technology. Similarly, my own research has explored the privacy implications of a new technology called Vehicle Safety Communications, which rely on the creation of autonomous, self-organizing, peer-to-peer wireless communication networks – so-called ad-hoc networks – connecting vehicles with roadside infrastructure and with each other. I am presenting a paper on this topic at "Science and Technology in Context: An Interdisciplinary Graduate Student Conference" next month, and will post my paper later this week.

Technorati tag:

IT Developers Need to Consider Privacy Implications of Systems

Privacy Digest points to this ComputerWeekly.com article reporting a debate among senior representatives from IT user companies, suppliers, government and universities about how IT designers' need to be aware of privacy concerns when designing their systems.
IT can have a major impact on personal privacy even if system developers do not plan any deliberate intrusion, so IT specialists need to think more widely about the potential uses of their systems.
[...]
IT people should start to think beyond engineering and take account of the need to respect and protect privacy. They should not consider themselves as mere tool developers, use of whose tool is someone else's concern, the debate heard.

At system development level, IT professionals need to think about the privacy and security implications of what they are developing, how to minimise leakage, and how to enable individuals to check personal information handled by their systems. Security professionals need to be included in the design of systems, not just at the deployment stage.

At a broader professional level, IT people need to think about privacy, spread awareness of the issues, and consider social needs and how they are met in systems. IT professionals at this level have a duty to share awareness of what a system implies for the overall context, involving IT and human processes, the debate heard.
This concern is central to my research, as indicated by our Values In Design project website:
How do we ensure a place for values, alongside technical standards such as speed, efficiency, and reliability, as criteria by which we judge quality and acceptability of computer and information systems and new media? How do values such as privacy, autonomy, democracy, and social justice become integral to conception, design, and development, not merely retrofitted after completion?
It is encouraging to hear IT professionals disucssing how they can be proactive in influencing the design of their systems in a value-sensitive way.

Technorati tag:

Demanding Transparency in GoogleNews

Jeff Jarvis recently demanded more transparency in GoogleNews:
We're demanding transparency of mainstream news.

Well, it's high time we get transparency from GoogleNews.

Instapundit and LGF point to a nazi site -- complete with "love your race" graphics -- that is part of Google News, while mainstream sane blogs are not.

Enough.

Google: Release a complete list of your news sources now. And institute a means for questioning those choices and for suggesting other choices now.

Google: It's bad enough that you won't share information about ad revenue sharing. But not to share information about your means of selecting news sources is inexecusable... in this case, evil.
First, Google does have a means for "questioning those choices and for suggesting other choices." Their FAQ includes links to information such as How do you decide what stories are published on the Google News home page? and What if I don't see my favorite news source in Google News? You can also recommend a news source quite easily.

But more importantly, Jeff's call for transparency assumes that GoogleNews is a public good. Google is a for-profit corporation, with no implicit responsibility to the public, only to its shareholders. (Of course, Google wants to provide useful news to its customers to encourage use of Google's other for-profit services)

Jeff's demand for transparency illuminates the fact that Google has become considered a neutral source for information, which it clearly is not.

Technorati tag:

Sunday, March 20, 2005

Mind-Mapping and Spatial Information Navigation

Today's New York Times includes a story on mind-mapping software, "To-Do List: Shop, Pay Bills, Organize Brain." It suggests that to learn new topics, organize ideas and spur creative thinking, people should draw dynamic and unstructured "mind maps" rather than traditional lists and outlines:
Ever since high school, I have relied on classic I, II, III-style outlines to organize ideas. (The best computerized outliner, in my view, is still NoteMap, $149 from CaseSoft.com.) With MindManager, you create an outline not by writing out a list but by entering one main idea in the middle of the screen - and then having related ideas radiate out, with spokes. The subideas can have their own connections and nodes, and all parts of the maps can be easily linked to relevant side material - e-mail, Web pages, documents and so on.

It sounds gimmicky but seems less so in practice. Here is important news: MindManager's intellectual effect seems the opposite of PowerPoint's. As any veteran of business briefings knows, the visual tools in PowerPoint can blur distinctions and impose an artificial sameness on ideas. At a minimum, MindManager doesn't retard clear thinking, and it might actually help.

"For me, there is a big difference between laying out ideas in this kind of map" and just writing them in a list, says Michael Jetter, Mindjet's co-founder. "It's like when you look at ads. The white space can be as important as the words. I find when I am able to space out the ideas in a certain way, somehow I can move around them easily rather than starting from the top. It's the same information, but you look at it differently."
This article illuminates my critique of our current information interfaces. The dominant technology for organizing and navigating information on our computers is a two-dimensional and strictly hierarchical system. This is most obviously represented by the traditional "file tree" structure – each file has a single location and a single path to find it. Over recent decades, of course, numerous graphical computer interfaces and data management systems have been developed. The Mac/Windows operating systems invoke a graphical desktop metaphor to guide users in the manipulation and storage of files. Yet, even with is iconic focus, the fixed linearity of the textual interfaces of its command-line ancestors remain visible. Instead of truly immersing ourselves into the graphical potential of these interfaces, we still navigate them in a strong textual sense. One doesn’t think graphically about where files can be located in the interface. In reality, one thinks: I’m pretty sure I put it in the “Things to Do” folder, but maybe it’s in “Unfinished Business.” In other words, information is still organized textually, in terms of strict categories defined by the names of folders within the linear file management hierarchy.

Apple’s experimental HotSauce interface, on the other hand, attempts to move beyond two-dimensions into a more immersive and spatial three-dimensional interface. In HotSauce, your documents are presented as a galaxy of interrelationships between themes, not in a strict hierarchy of folders. The user is able to zoom in and out of the “constellations” to understand how files are related to each other and retrieve data relevant to their search. Buy prioritizing a spatial and three-dimensional method of understanding and navigating the data in your computer, HotSauce presents a break from the traditional hierarchical information interfaces. With the increased sophistication of virtual environments, augmented reality and other “off-the-desktop” technologies, three-dimensional user interface design has become a critical area for researchers to understand.

Another example of a spatial information navigational system comes from the search engine tools used to help navigate the World Wide Web. While Berners-Lee understood the human mind’s ability to link random bits of data and envisioned an online information-space where anything could be linked to anything else – a web of information, his vision has only been partially achieved given the current navigational tools. While the Web is made up of seemingly infinite links among information sites, our navigation of that space remains rooted in the linear, hierarchical interface of the search engine. The results of searches are listed textually with a built-in presumption of what should be clicked on first; then you click the “Back” button to return; then you click on the next site, and so on. These static lists provide no sense of the interrelationships between data on the Web – there is no depth, only length.

By contrast, consider the experimental search engine Kartoo.com, which displays the results of searches through visual and spatial relationships. Using varying colors and shapes to simulate three-dimensional depth, Kartoo presents search results on a cartographic map to help the user visualize the associative relationship between sources of information and other key terms related to their search. Holding the mouse over any topic on the map draws visual links to the related sites, and moving over a site reveals links to the relevant keywords. A similar graphical search engine interface that presents information in a spatial map is Grokker, offered by Groxis. These dynamic web search engine interfaces improve navigation by visually mapping the associative links between sets of information, allowing users to move even further away from the ‘hierarchical straitjacket’ Berners-Lee reviled.

Technorati tag:

Saturday, March 19, 2005

French News Agency Sues Google News

French news agency Agence France Presse has sued Google, alleging the Web search leader includes AFP's photos, news headlines and stories on its news site without permission (read AFP's copyright notice here). The French news service is seeking damages of at least $17.5 million and an order barring Google News from displaying AFP photographs, news headlines or story leads. AFP's charge:
Without AFP's authorization, defendant is continuously and willfully reproducing and publicly displaying AFP's photographs, headlines and story leads on its Google News web pages.
Google's response:
"We allow publishers to opt out of Google News but most publishers want to be included because they believe it is a benefit to them and to their readers," Google spokesman Steve Langdon said of the AFP lawsuit.
This seems to come down to the delicate balance of whether news agencies should welcome the aggregation and distribution of their content via Google News (thereby driving traffic to their sites), or be angered that Google is appropriating the agencies' content without permission or compensation. In this particular case, if AFP didn't want that content to be publically available, they shouldn't put it on their public web servers accessible by Google's bots. Also, there doesn't appear to be any material "damage" to AFP, since Google News only provides exerpts of stories, and a reader would have to click through to AFP to read the full text, allowing AFP to cross-sell or otherwise generate revenue from that site visit. Further, as of now, Google News does not feature advertising, so an argument could be made that Google does not profit from their news aggregation (Google News remains in "beta"). (Of course, Google hopes that users of Google News will migrate to other Google services which are profit centers for them.) On the other hand, AFP is a news agency, and only those who contract with them and pay some type of subscription fee are supposed to be allowed to provide their content to readers. Whether Google News, as an aggregator, violates this copyright will remain an interesting case to follow.

Technorati tag:

Friday, March 18, 2005

Wired: Search Rank Easy to Manipulate

Wired Magazine reports on how search engine optimization expert Greg Boser manipulates search engine results. He complicates Google's claim that PageRank "relies on the uniquely democratic nature of the web by using its vast link structure as an indicator of an individual page's value." From the article:
"The search engines live in a fantasy world," Boser said. "Every link is a vote. But people buy and sell links."

Although Google claims its "complex, automated methods make human tampering with (the) results extremely difficult," that's simply not true. Digital vote rigging is merely part of doing business, according to Boser.

Technorati tag:

Thursday, March 17, 2005

Blogs as Information Interfaces

There's a discussion at Jeff Jarvis' Buzzmachine about what term should be used to describe "blogs" (the assumption being, apparently, that "blogs" is too techie, or has a negative connotation, or something like that). Jeff has frequently used the term "citizens' media," but Bill Keller suggested perhaps "peoples' media" is a better fit. Jeff's current offering is Volksmedia: "I like that. It has a funky, retro, populist, Volkswagen feel, of course, with that buggy attitude." An almost certain response was the connotation between "volks" and Hitler. So, toss that out.

I suggested in the comments that there's no need to hold onto the "media" handle at all. Blogging doesn't need to be defined as "something like the existing media, but of the people." Naming it "citizens' media" follows the common trend of naming a new technology in terms of the old (often by negating part of its original features): "horseless carraige" or "wireless." Rather than thinking about how blogs can be related to traditional media, we should think about blogging's unique formal features: connectivity, conversational, global, informational, and so on.

I would argue that blogs are information interfaces. Information interfaces are technologies for arranging, storing, displaying, retrieving and navigating information, ranging from scientific classification systems, encyclopedias, maps, library card catalogs, computer files sytems, graphical user interfaces, and web search engines. An information interface serves as a kind of translator, mediating between an information-space and the user, making one sensible to the other. An information interface is a necessary medium by which we gain knowledge. As such, an information interface plays a crucial role in not only the communication and representation of books in a collection, files on a hard drive or information on the web, but also in how we understand these information-spaces, and ultimately, the world around us.

While I typically equate information interfaces with file navigation systems, the idea can easily be extended to blogs. Blogs, especially when utilized in conjunction with tools such as RSS feeds and Technorati, represent a interface between users and information - bringing us into closer conversations, closer informational scrutiny, and closer apprehension of knowledge.

Blogs are an interface more than a medium; they bring people and ideas in contact with each other.
MORE: Do you want to define the tool, or that which it facilitates? The Internet is not called "people's computers" or the "folks network". Rather, it is talked about in terms of what it creates, the space it enables: "cyberspace"

Is this a blog, a folkmedia? Or is it something more than the sum of its parts: a conversation, a space where information is shared & critiqued? "Infospace" "Idea-space"

Technorati tag:

Wednesday, March 16, 2005

Harvard-Google Project Faces Copyright Woes

This Harvard Crimson article discusses concerns that the Google Print lirary project to digitize books at Harvard's libraries (among others) may infringe copyright law. The debate is whether Google's digitization efforts fall within "fair use" or are "illegal duplication" (note this appears to concern only those books not yet in the public domain).
“The law does not permit wholesale copying (which is what digitisation is) by a commercial organisation of works that are still in copyright,” [Sally Morris, chief executive of the Association of Learned and Professional Society Publishers] wrote. “It is also illegal to make those works available digitally once they have been copied.”

Morris wrote that Google needs to obtain permission from publishers before using their work. While she wrote that it may be impractical to ask every publisher, Google should ask permission through collective licensing organizations.

But Jonathan Zittrain, faculty co-director of Harvard Law School’s Berkman Center for Internet and Society, wrote in an e-mail that he believes the pilot project is not a copyright infringement.

“This is what fair use is designed for,” he wrote. “By showing only snippets, the market for the books themselves is not harmed.”

Technorati tag:

Monday, March 14, 2005

Draft of "A Model Regime of Privacy Protection"

Privacy law expert and law professor Dan Solove (I reviewed his latest book, The Digital Person, here) and Chris Hoofnagle (of EPIC) have published the first draft of "A Model Regime of Privacy Protection." From the abstract:
Privacy protection in the United States has often been criticized, but critics have too infrequently suggested specific proposals for reform. Recently, there has been significant legislative interest at both the federal and state levels in addressing the privacy of personal information. This was sparked when ChoicePoint, one of the largest data brokers in the United States with records on almost every adult American citizen, sold data on about 145,000 people to fraudulent businesses set up by identity thieves.

In the aftermath of the ChoicePoint debacle, both of us have been asked by Congressional legislative staffers, state legislative policymakers, journalists, academics, and others about what specifically should be done to better regulate information privacy. In response to these questions, we believe that it is imperative to have a discussion of concrete legislative solutions to privacy problems.

What appears below is our attempt at such an endeavor. Privacy experts have long suggested that information collection be consistent with Fair Information Practices. This Model Regime incorporates many of those practices and applies them specifically to the context of commercial data brokers such as Choicepoint. We hope that this will provide useful guidance to legislators and policymakers in crafting laws and regulations. We also intend this to be a work-in-progress in which we collaborate with others. We welcome input from other academics, policymakers, journalists, and experts as well as from the industries and businesses that will be subject to the regulations we propose. We invite criticisms and constructive suggestions, and we will update this Model Regime to incorporate the comments we find most helpful and illuminating. We also aim to discuss some of the comments we receive in a commentary section. To the extent to which we incorporate suggestions and commentary, and if those making suggestions want to be identified, we will graciously acknowledge those assisting in our endeavor.
I agree with PrivacySpot's assessment:
Something like this has been needed for a long time, and I am pleased to see it written by heavy hitters like Solove and Hoofnagle. This pedigree will (hopefully) ensure that the document is taken seriously by policymakers. It needs to be. Recent scares involving T-Mobile, Choice Point, LexisNexis, and Kaiser, as well as highly-publicized incidents involving Paris Hilton and, er, Fred Durst, have vividly illustrated the point that privacy protection has not caught up with recent advances in surveillance and data sharing technology.

Technorati tag:

Graduate Student Workshop: Values in Computer and Information System Design

The website for the Workshop Values in Computer and Information System Design has launched (my design).
Graduate Student Workshop: Values in Computer Information System Design

Despite a growing body of research and scholarship dedicated both to theoretical and practical dimensions of this important subject, institutional responses have been sporadic and somewhat sparse. Several goals have motivated the design of this workshop:
  • Deepen knowledge and understanding of the complex interplay between social, moral, political and cultural values and technology through the aggregation and study of a diverse canon of works;

  • Create opportunities for collaborations among researchers and scholars (current and future) historically separated by institutional, geographic, and disciplinary boundaries;

  • Reveal relevant literatures, approaches, and methodologies to graduate students, who might not, in the normal course of their respective programs, see them;

  • Promote the development of collegial networks among established scholars and as well as students.
In the first week, students will cover core readings of theoretical works on the complex interplay between the design of information and communications devices, systems, and infrastructures on the one hand and social, ethical, and political values, on the other. The curriculum will also cover approaches to design and design methodologies which incorporate a broad vision of what it means to build “good” systems. The Workshop will place special emphasis on privacy and information infrastructures.

In the second week, guest faculty, including major theorists and design practitioners, will lead discussions and share their own work. A panel of Silicon Valley leaders convoked on one day of the workshop will reflect on how values bear on their own work in the corporate world.
The workshop is directed by Geoffrey Bowker (Santa Clara University) and Helen Nissenbaum (New York University), and hosted by the Center for Science, Technology & Society at Santa Clara University. It is sponsored by the National Science Foundation and the Ford Foundation. The website includes student and faculty bios, project descriptions, related links, and more.

Technorati tag:

Saturday, March 12, 2005

AIM Terms of Service: Waiving your right to privacy

Privacy Digest reports that an update to AOL's Instant Messenger Terms of Service includes an explicit waiver of privacy. From the subsection "Content You Post" (emphasis added):
Although you or the owner of the Content retain ownership of all right, title and interest in Content that you post to any AIM Product, AOL owns all right, title and interest in any compilation, collective work or other derivative work created by AOL using or incorporating this Content. In addition, by posting Content on an AIM Product, you grant AOL, its parent, affiliates, subsidiaries, assigns, agents and licensees the irrevocable, perpetual, worldwide right to reproduce, display, perform, distribute, adapt and promote this Content in any medium. You waive any right to privacy. You waive any right to inspect or approve uses of the Content or to be compensated for any such uses.

UPDATE: AOL has responded to this issue, stating that not only has this particular TOS been in place for over a year, but that the terms of service do not imply that the company has the right to use private IM communications, and the section quoted in the original Slashdot article applies only to posts in public forums -- a common provision in most online publishers' terms of service. However, it matters not when this particular TOS when into effect or whether AOL is currently actively monitoring communications - it still has the hidden clause "You waive any right to privacy." How might a court interpret this clause if a disupute arises? How aware are users of its existence? Why should a TOS require that I give up my right to privacy?

Technorati tag:

Thursday, March 10, 2005

Online Shopping Cart Company Fined For Selling User Data

TechDirt reports that an online shopping cart company has been fined by the FTC for selling user data to telemarketers and junk mailers without permission. Apparently, even if the website used to purchase something has a privacy policy and "opt out" boxes, the third-party who actually facilitates the shopping cart doesn't abide by those policies. That's a problem that must be addressed: any company who collects and sells a user's data must be required to inform the user of those events. Further, the penalty in this case was only $9,000 - the amount the firm profitied from this action. Considering that nearly 1 million users had their data sold without their permission, this punishment is laughable, and does little to deter future infractions.

Technorati tag:

Tuesday, March 08, 2005

Eye-Tracking Study of Google Results Page

[from The Unofficial Google Weblog]

Two search marketing companies and an eye-tracking firm called Eyetools have produced one of the most interesting studies of consumer response to a Google results page. By tracking eye movements, a picture emerges of the hot spots on a results pasge, outside of which a listing or sponsored listing is not likely to be noticed. See the eye-opening (so to speak) screen shot here. The study indicates that any listing below 7th place stands a less-than-50-percent chance of being seen. Sponsored ads become invisble to more than half of viewers if they are not in the top spot of the AdWords column. Intriguingly, most people’s eyes are glued to the left-hand side of the page, not even completing a scan of entire listings.

Technorati tag:

Why Google isn't what it used to be

Matt McAlister writes a wonderful (and only partially tongue-in-cheek) post on how Google has morphed from a search company into an advertising company, and eventually into "a fast-growing capitalistic enterprise competing for world domination." Some excerpts:
The AutoLink debate seems more like the catalyst for venting frustration in a perception shift than a real complaint about the technology. Google was once the enabler of open market conversations, a doorway to a future where innovators could circumvent the establishment on the way toward improving the world we live in. But there's something about this new feature that changes all that.

Product launches such as Orkut, Gmail, Image Ads, and Google News all stripped away the once-thick varnish of credibility and trust that Google commanded amongst the digerati. They bought closed software tools companies like Blogger and Picasa. And then Google went public. The true intentions of the company's founders became obvious to everyone. They want to be rich! How rude!

[...] The company's Do-No-Evil mantra then read more like a laughable reverse-psychology trick or 1999 marketing ploy. Craig Newmark suddenly looked like a saint, and Google was merely one product launch away from turning its core supporters into rebel forces in the fight against evil corporations.

[...] It couldn't be clearer from their own statements that Google has monolithic intentions: "Google's mission is to organize the world's information and make it universally accessible and useful." The difference between Google and the CIA is that Google let's everyone see what is in their database.

Fine. They are doing an incredible job of building an information services powerhouse with a river of revenues to distribute and impressive products that do impressive things. Stockholders and advertisers should be very pleased. Consumers should marvel at what Google offers.

[...] Should consumers of Google products trust that Google is providing any of these services primarily for the user's benefit? Don't believe it for a second. Those days disappeared long ago. It's time to get reacquainted with Google and understand it for what it is today...a fast-growing capitalistic enterprise competing for world domination.

Technorati tag:

Sunday, March 06, 2005

Personalized search: who owns the information?

In an interesting post forecasting the rise of personalized searching, Greg Yardley raises an important concern about who actually "owns" the personal information/history upon which search companies will base "personalization."
Pretend it’s December, 2007. You’ve been using Google (or Yahoo, or MSN, or A9) as your primary search engine for the past two years. When these companies first introduced effective personalized search in late 2005, you might have been a little hesitant at first, but the benefits quickly spoke for themselves and you (like everyone else) became a regular user of the service. Two years later, personalized search is just taken for granted.

Now pretend your RSS-feed aggregator delivers an announcement to your personal internet appliance during your morning commute. A start-up has spent the last year indexing the internet and promises to deliver results to you using a revolutionary new algorithm, far better than anything currently available. Curious, you go to try the new engine out. But when you get there, you realize that this search engine doesn’t know you yet. When you search for ‘python,’ you get results on snakes, and ‘ruby’ brings up jewelry stores. It can’t anticipate your behavior; it makes no useful suggestions. The base search results are better - but without the personalized search history you’ve built up over the past two years, it simply can’t compete with Google (or Yahoo, or MSN, or A9). If only you could feed this new competitor your personal search history - but that’s owned by Google (or Yahoo, or MSN, or A9), and they’re not about to hand it over. Great for them - not so great for anyone itching to compete with them. Not so great for you, either.

Personalized search engines that make intelligent use of your search and browsing history are coming, and they will make search technology today obsolete. You will want to use one. Yet this will make you effectively beholden to the engine you use and give data to. I don’t want to have to depend on anybody in this way. That’s why I think we need standards for recording and storing personal search history now. Just like I can transfer my RSS feeds from one newsreader to another using OPML, I should be able to transfer my search history from one engine to another. Maybe I can’t persuade a site like A9 to actually delete my information, but at least I could keep a local copy and take my business to another engine.

Technorati tag:

Saturday, March 05, 2005

ChoicePoint to give up some personal data sales

Finally, an encouraging development from the ChoicePoint fiasco. InfoWorld reports that ChoicePoint will stop selling sensitive consumer data to many of its customers, except when that data helps complete a consumer transaction or helps government or law enforcement. Perhaps an end is near for the market of selling personal consumer information (including social security & drivers license numbers) to virtually anyone who wants it. From the article:
The company decided to stop selling sensitive data, such as Social Security numbers and driver's license numbers after being tricked into divulging personal information on about 145,000 people to identity thieves who posed as customers, according to a statement attributed to ChoicePoint Chairman and Chief Executive Officer (CEO) Derek V. Smith.

"These changes are a direct result of the recent fraud activity, our review ... of our experience and products, and the response of consumers who have made it clear to us that they do not approve of sensitive personal data being used without direct benefit to them," Smith said in the statement, which was posted on ChoicePoint's Web site.

From now on, ChoicePoint will only sell sensitive personal information to customers when the data is necessary to complete a transaction, to accredited corporate customers that will use the data for user authentication or fraud prevention, or to help federal, state and local government and criminal justice agencies, ChoicePoint said.

The move, which should be complete within 90 days, will eliminate a number of "information products" that the company now sells to its customers, especially small businesses, the company said.
[via Privacy Digest]

Technorati tag:

Friday, March 04, 2005

MGM v. Grokster

The Electronic Frontier Foundation has an excellent page summarizing the MGM v. Grokster case and a complete listing of all the supporting court documents and amicus briefs related to the case. From their page:
EFF is defending StreamCast Networks, the company behind the Morpheus peer-to-peer (P2P) file-sharing software, in an important case that will be heard before the Supreme Court of the United States on March 29, 2005.

Twenty-eight of the world's largest entertainment companies brought the lawsuit against the makers of the Morpheus, Grokster, and KaZaA software products, aiming to set a precedent to use against other technology companies (P2P and otherwise). As we noted in our arguments before the Ninth Circuit, the case raises a question of critical importance at the border between copyright and innovation: When should the distributor of a multi-purpose tool be held liable for the infringements that may be committed by end-users of the tool?

The Supreme Court's landmark decision in Sony Corporation of America v. Universal City Studios, Inc. (a.k.a. the "Sony Betamax ruling") held that a distributor cannot held liable for users' infringement so long as the tool is capable of substantial noninfringing uses. In MGM v. Grokster, the Ninth Circuit found that P2P file-sharing software is capable of, and is in fact being used for, noninfringing uses. Relying on the Betamax precedent, the court ruled that the distributors of Grokster and Morpheus software cannot be held liable for users' copyright violations. The plaintiffs appealed, and in December 2004 the Supreme Court granted certiorari.

"The copyright law principles set out in the Sony Betamax case have served innovators, copyright industries, and the public well for 20 years," said Fred von Lohmann, EFF's senior intellectual property attorney. "We at EFF look forward to the Supreme Court reaffirming the applicability of Betamax in the 21st century."

For more about what's at stake in the case, see:

Technorati tag:

Thursday, March 03, 2005

Ethics of Robot Design

There's a discussion today on Slashdot regarding the threats and benefits of using robots to monitor both children and employees. As reported by ABC News, Microsoft is researching such technology:
The teddy bear sitting in the corner of the child's room might look normal, until his head starts following the kid around using a face recognition program, perhaps also allowing a parent talk to the child through a special phone, or monitor the child via a camera and wireless Internet connection.

The plush prototype, on display at Microsoft Corp.'s annual gadget showcase Wednesday, is one of several ideas researchers have for robots. The idea is to create a virtual being that can visit the neighboring cubicle for a live telephone chat even as its owner is traveling thousands of miles away, or let the plumber into the house while its owner enjoys a pleasant afternoon in the sun.
The issues and concerns related to the interaction between humans and robots in intimate surroundings relate directly to an informal seminar I attended yesterday with Prof. Sherry Turkle of MIT's Program in Science, Technology, and Society. Prof. Turkle spoke about her research for her forthcoming book on "evocative objects" - technologies we use to think with, to think about ourselves and our relationships. Her work has focused on "relational artifacts," robots designed to forge relationships with people - especially useful for both children and the elderly. Examples include the therapy robot Paro (a baby seal) and Hasbro/iRobot's My Real Baby.

During our discussion, important value and ethical issues arose in the design and use of such "relational robots." These robots are meant to create bonds and simulate "authentic" relationships. They react to voices, track their owner's eyes, respond and project emotions, and so on. Yet, they remain robots - all these actions and reactions are programmed - pre-determined. So, how do the designers decide what emotions to program and which to omit? In an effort to be realistic, My Real Baby gets happy as well as sad. If you bounce her when she's happy, she gets more happy; if you bounce her when she's fussy, her fussiness only increases. How should she react, then, if she is abused? It is not hard to imagine a child (especially one who is herself a victim of abuse) to violently shake, strike or otherwise "abuse" the doll. How should this evocative object respond? Should she show pain? Begin to cry? Eventually "pass out" or even "die" if the abuse continues? How "real" should the robot be in order to create an "authentic" relationship?

[In the end, the designers wanted the doll/robot to react as a child would, with pain and sadness. However, the company's lawyers stepped in and were concerned that any type of response by the doll might encourage further abuse (stimulus-response theory), and they didn't want to be accused of actually encouraging abusive behavior. In the end, the doll simply did not react to abuse.]

Other ethical dilemmas related to the design of such robots included whether they should be capable of deception or betrayal, two common features of human relationships. Or, should they "die." On one hand, the experience of death as part of the life cycle is an important part of psychological development and would add to the "authenticity" of the relationship. On the other hand, one of the benefits of these robots seems to be the avoidance of the emtional damage that can happen when a "real" companion (whether a human friend, or even a companion dog) dies.

Joseph Reagle has blogged his reactions to Turkle's talk.

Technorati tag:

Tuesday, March 01, 2005

Yahoo to preserve e-mail of Marine killed in Iraq

One example of the type of ethical issues that cross Srinija Srinivasan's desk at Yahoo! is whether family members should have access to the e-mail of a deceased relative. From Yahoo's perspective, to release messages from a deceased user's e-mail account would violate the privacy rights of the deceased and those with whom they have corresponded.

Such a dilemma moved towards resolution today when Yahoo! announced they would preserve the e-mail of a Marine killed in Iraq (contrary to company policy of deleting unused accounts after 120 days). Whether the password will be released to the family remains an open issue. Here's an excerpt:
WIXOM, Mich. (AP) — Officials at Yahoo have taken action to preserve the e-mail account of a Michigan Marine killed in Iraq.

Lance Cpl. Justin M. Ellsworth, 20, was killed Nov. 13 during a foot patrol in Al Anbar province. After his death, his father, John Ellsworth, found himself in a legal battle with Yahoo! when he tried to access to Justin's Yahoo! e-mail account.

The father pleaded with the company to give him access to the account to fulfill the family's wish of knowing Justin's last words, photographs and thoughts from Iraq. While Justin was in Iraq, he and his father discussed the e-mails Justin had in his account and how John would make copies of all the correspondence for a scrapbook.

But without the account password, which only Justin and Yahoo know, the family's request was denied. To release those messages in such circumstances, Yahoo said, would violate the privacy rights of the deceased and those with whom they have corresponded.

Yahoo policy calls for erasing the entire account if, after 120 days, there is no activity.

John Ellsworth told The Detroit News for a Tuesday story that his attorneys are negotiating with Yahoo to get the e-mail password released.

Yahoo spokeswoman Mary Osako said Yahoo has been working with Ellsworth on a "shared goal of finding a mutually agreeable resolution to a complicated and, in many ways, uncharted issue."
[via TechDirt]

Technorati tag:

Choicepoint's CISO Interview & "Social Hacking"

ChoicePoint's CISO, Richard Baich, is interviewed by SecuritySearch.com, where he makes his case that the ChoicePoint fiasco is not a security or hacking issue:
This is not an information security issue. My biggest concern is the impact this has on the industry from the standpoint that people are saying ChoicePoint was hacked. No we weren't. This type of fraud happens every day. ...This is a business process that failed. Before the media calls this a hack, it should get the facts straight. You could say they're the same, they're not.
I've made a similar point, but to a different end. Calling this hacking seems to take ChoicePoint off the hook for poor vetting and business processes. For Baich to say this is simply fraud which "happens every day" is a weak attempt to absolve them of responsibility. ChoicePoint is not the victim here - consumers are.

I agree with Bruce Schneier's assessment:
This isn't a computer hack in the traditional sense, but it's a social engineering hack of their system. Information security controls were compromised, and confidential information was leaked. ...I'm sure he's exaggerating when he says that "this type of fraud happens every day" and "frauds happens every day," but if it's true then Choicepoint has a huge information security problem.

Technorati tag: