web analytics

— urbantick

Archive
Tag "privacy"

The End of the Virtual? – Touch ID on the New iPhone 5s for the Real Online Self

By: admin_urbantick
25-09-2013
Uncategorised

Since the announcement of the new Apple iPhone 5s and the built in fingerprint scanning technology branded ‘Touch ID’ the discussion around security, data protection and privacy has been relaunched. It is an ongoing topic in the industry, both on the hardware side amongst producers of devices and the software side with developers of applications and services, but specifically for end users and consumers.

Until now, it was the password, or PIN, that protects and restricts access to the virtual world of data. This has led many of us to come up with creative procedures to create and remember a complicated sequence of letters, numbers and symbols in order to keep personal information secure. It has always been the debate as to how complicated these passwords need to be and how user-friendly this practice is, and often ‘better’ and ‘easier’ solutions for users were wished for.

Now Apple has implemented such a solution with their latest top of the range device. The iPhone 5s features a fingerprint scanner in the ‘Home’ button to uniquely identify a user (up to five different prints can be set up) and grant access. The ‘fingerprint identity sensor’ also allows users to shop on the iTunes Store, Apps Store and iBooks Store where the Touch ID approves purchases.

The new feature is branded by Apple as ‘convenient, highly secure and ahead of the future’. However, the technology and its implementation in mobile devices is nothing new. Motorola’s Atrix smartphone was introduced back in 2011, but also laptop manufacturers have trialled and implemented fingerprint scanner technology in the past decade [REF]. Other manufacturers, namely HTC, are gearing up to release gadgets with similar technology and features.

Although the technology is not new, it is the fact that it is being introduced on such a large scale that makes it a ‘hot topic’. According to TechCrunch, Apple has currently (2013) an estimated user base of 147 million iPhone users, plus about 48 million iPad users. Of the new iPhones (iPhone 5s and iPhone 5c), Apple sold 9 millions in just three days after their launch on the 20iest of September 2013. This is a new record, as previous implementations settled on a much smaller scale. This means that the iPhone 5s is already used by a large number of people. It could therefore be classified as ‘mainstream’ and ‘cultural commodity’. The introduction of this technology can therefore be expected to be used by a much larger customer base as any other similar implementation of biometrics so far.

In this context, the introduction of a unique and personal identifier, the fingerprint, is a smart move. Smart, because everybody knows and understands the idea of the fingerprint. It is in use as signature and plays an important role in crime investigation and law enforcement for over a century. Through its use in detective stories and crime thrillers it has also found its way into everyday culture. It is this very idea of the fingerprint as a unique identifier – ‘’your iPhone reads your fingerprint and knows who you are’’ – that Apple has turned into a selling point to the products advantage.



Image taken from fingerprintingscottsdale / Fingerprint identification plate.

It can be speculated that with the introduction of Touch ID, similarly to the introduction of the touch screen, Apple changes, once again, the way we access electronic devices and use the Internet. Whether this is intentional and whether the use of the fingerprint has played an main role in the development of the newest iPhone generation can only be speculated. A range of problematic aspects in connection to the use of this technology in electronic devices shall be discussed in the following. The points raised function only as an introduction since the topic is vast and might have implications that are yet to be discovered. We debate if the technology used in the iPhone 5s might even be the ‘End of the Virtual?’.

..Security concerns

Official concerns regarding the introduction of the Touch ID were raised amongst others by US Senator Al Franken (Chairman Senate Judiciary Subcommittee) in an open letter to Apple’s CEO Tim Cook (PDF, WEB). The letter states “…while Apple’s new fingerprint reader, Touch ID, may improve certain aspects of mobile security, it also raises substantial privacy questions for Apple and for everyone who may use your products”. Al Franken supports his concerns by saying that “Passwords are secret and dynamic; fingerprints are public and permanent”. This means, once someone has access to someone else’s fingerprint, this access cannot be reversed and the security token can not be changed. ‘’…if hackers get hold of your thumbprint, they could use it to identify and impersonate you for the rest of your life’’.



Image taken from maskable / The Touch ID explained during the introduction of the new iPone 5s at conference key note.

In this context, Al Franken also questions the filing and transferring of the fingerprint data. He demands to know if the fingerprint data stored on the phone is also being transmitted electronically to either Apple or others, and if this data is being saved on computers used to back up the device (referring to the earlier iOS version that stored unencrypted location information recorded by the device in backup files on computers). He wonders further how iTunes, iBooks and AppStore and potential future services interact with Touch ID.

These practical concerns are connected to the only recently refreshed high level discussion on data privacy with information on mass surveillance programs leaked by Edward Snowden, an American computer specialist and former CIA and NSA employee, to the Guardian in May 2013 [REF ] regarding the secret PRISM program. Similar discussions have been on the table in recent years specifically related to social media and the challenged public/private practices in an online context (Neuhaus und Webmoor, 2012, earlier blog post on urbanTick, 2011).

It seems that Senator Franken’s concerns are not ungrounded. ‘Apple’s fingerprint scan technology has been hacked’ was announced by the Computer Chaos Club, CCC, only two days after the iPhone 5s had gone on sale. The claim was backed up with a video demonstrating that ‘fingerbiometrics is unsuitable as access control method’. This ‘hack’, however, focused on the physical reproduction of a fingerprint and did not bypass the new Touch ID technology. Despite this, the attack by CCC proves how easily the new security system can be tricked and everyone with a camera, scanner, printer and a good stock of graphite powder, glycerene, and wood-glue/super-glue/theatrical-glue can repeat the procedure.

The ‘iPhone touch defeat’ also proves that users’ fingerprints are not secret, meaning that anything touched by users will have fingerprints on it, including the new phone. Senator Franken has referred to this with the ‘fingerprint being public’. And here is the real flaw of the technology. If someone gets hold of the device, he or she has basically access to ‘the lock and the key’, as the phone will be covered with fingerprints that can be reproduced to unlock the security system. Even though the chances of guessing the correct fingerprint is 1:50’000 compared to 1:10’000 with a normal 4 digit numeric key (except 1234, source Apple), now that the ‘key’ is on the phone in the form of ‘touches’ this number is meaningless, or at least reduced to 1:10.

Another question raised by the introduction of Touch ID is the digital reproduction of the fingerprint. Apple has explained that the information is not stored as a digital image. Instead it is being translated by the device into a sequence of numbers (a mathematical representation of the fingerprint derived by an specific algorithm). This implies that the print can only, if at all, re-engineered with physical access to the device. This is being discussed extensively on tech blogs, for example on The Unoffical Apple Weblog (source TUAW). In reference to these statements, it seems only a question of time until the A7 chip inside the phone is cracked.

However, the main argument highlighted by Apple is not security, but convenience. ‘’You check your iPhone dozens and dozens of times a day. Entering a passcode each time just slows you down’’. It seems as if it is annoying for customers to input four digits, or on Android models a swipe pattern. In this context, the fingerprint scanner is put forward as the user-friendly solution. With just one touch the phone is activated, unlocked and ready to use. However, when considering the security concerns discussed above, it is questionable if winning a few seconds to start up the phone is important and desirable.

..Security versus convenience

CNet askes on its website: “Should we trade our biometric data and privacy for the sake of convenience?”. The answer to this question seems straightforward: Biometrics, or biometric authentication, can be useful, but it should not be used in mobile devices as the technology is not yet error-prone and these devices can easily be lost or stolen. This seems the common agreement amongst security experts (for example in Der Spiegel). In addition, as Schneier, then President of Counterpane Systems, argued in 1998, ‘’biometrics are unique identifiers, but not secrets’’. This means, they are easy to steal and reproduce. ‘’Once someone steals your biometric, it remains stolen for life; there is no getting back to a secure situation’’. So the big question a lot of people should be asking themselves is not how quick they can access their data, but what they are giving away when using Touch ID.

In this context, it seems important to repeat that Touch ID does not actually store an image of the fingerprint, and the data is not available to any other application other than Apple apps nor stored at Apple’s servers or backed up via iCloud. For now, at least. There is no guarantee that this will be the same in the future, especially as the prospect of a vast biometric database is the dream of any national security agency, marketing company and hacker community. This means third parties will pay a lot of attention to these developments and probably exert some force to get access to some of this data. It would therefore be important to know ‘how does Apple see the actual fingerprint data and how are they going to handle it, now and in the future?’.

Whilst there are regulations as to when third parties can be forced to hand over data in connection to crime investigation, it is a complicated matter with Touch ID as the technology enables new ways of ‘tracking’ people. For example, a user logging in with Touch ID does not only confirm his or her location, but also his or her identity. This means the iPhone 5s could act as a means of evidence – ‘I was here’. So far, Apple has stated that they do not share any information with others – although the technology can be used to verify purchases. The question is therefore, as Senator Franken asks: ‘’Does Apple believe that users have a reasonable expectation of privacy in fingerprint data they provide to touch ID?’’.

There might also be some legal implications for the user of the Touch ID technology. It has been pointed out, for example by Marcia Hofmann of Wired, that the shift from PIN as an ‘known’ key to a fingerprint as a ‘what we are’ key might strip users of the right to the in the US called 5th. This Amendment protects the individual from giving evidence against him/her self. At the moment, this only applies to things one knows, knowledge, thoughts, so on and not to things one has, keys, written notes (if you write down the password on a piece of paper) or is, biometrics. Hence, on trial a person can not be forced to provide the password to a device or to decrypt information since the password is something he/she knows. A key, however, would be something the person has and this object, according to current law, can be requested. The fingerprint belongs to the person, it is part of the human body, a thing, and hence it belongs do the category of information that can not be withhold. This means access to devices or data via fingerprint scan can be enforced. This fact, in connection to Touch ID, might mean that consumers need to give up on one of their basic (human) rights, the right to withdraw information.

..Personal data and biometrics becomes mainstream

A further concern connected to Touch ID is that biometrics are becoming mainstream. Currently, the use of biometrical authentication in the public sphere is limited. Its main use is in passport and immigration control, where retina and fingerprint recognition, actual or as part of a passport, is used to identify ‘travellers’ and reduce queues at border control. Here, the data is usually linked up with secondary information or other means of verification. For example, users of a retina scan machine need also to provide their passport for optical scanning. This means, the replication of a retina scan alone does not provide access to ‘free travel’.

However, the implications of ‘normalising’ biometrics and using biometrics in everyday applications are not only connected to the risk of individuals being permanently tracked and surveilled, but also to the risk of biometrics becoming unsafe. As Schneier argued, ‘’Just as you should never use the same password on two different systems, the same encryption key should not be used for two different applications’’. This means, it is not a good idea to use your thumbprint to access your mobile phone, open your front door and unlock your file cabinet at work, as data theft would automatically lead to a catastrophe.

It could therefore be said that biometrics are not safer than other security means. With Apple suggesting to customers that ‘’Your fingerprint is one of the best passcodes in the world’’ seems therefore misleading. The question really is how much consumers are willing to trade their personal information and data for the ultimate and smooth technology experience.

In addition, in today’s context the distribution of personal information is no longer directly manageable by the individual, as user information is being left behind with every move online and regular real world services. Shopping online, borrowing books at the local library, and visiting the GP, all activities leave a ‘digital footprint’. It has become complicated to the point where it is impossible for the user to understand and control what information is left behind when using a mobile device, especially when using online and server connected apps and services. These apps are often pre-installed on the device and updated automatically. Also, the companies behind those apps are often unknown and it is unclear what kind of information they collect, store and and how this information is used or shared with third parties.

In this context, the introduction of a truly unique identifier, the fingerprint, will not only add to the information left by users, but also add to the possibility of users being personally identified across the entire range of services. This in turn changes not only the discussion around online security but also online identity. Until now, users could ‘create’ their online identity by using a pseudonym and an avatar (an icon-sized graphic image). This ‘chosen’ identity could then be adjusted or changed, any time. In the beginning of the Internet, individuals would often create and use a whole range of online identities. This has changed. Nowadays users prefer online interactions supported by ‘authentic identity’ as reported by the Guardian. This means they want to know with whom they communicate.

This practice has been taken to a new level by Google with the Google ID, an unique ID tied to an individual/account which was introduced in connection to Google+ in 2011. Facebook uses a similar user identification. Both sites, Google and Facebook, make it difficult for users to create and use multiple accounts, and it can be assumed that through this the number of IDs per individual has been dramatically reduced. This of course makes it also a lot simpler for Google and Facebook, and their respective partners, to target marketing and individual advertisement. Despite this, users often create and use different accounts for their private and professional networking. With the new Touch ID, this will no longer be possible. They will have only one account.

How individuals are uniquely identifiable online through the use and manipulation of devices is being researched widely. Besides the PIN and the here discussed biometric identification, alternative methods to provide security, in particular in connection with mobile devices, is being developed under the umbrella term of “Implicit Authentication” (via Quarz). In this case, the security is based on an ongoing security check as opposed to the one-off security check at the start of a session, for example by unlocking the phone. The idea, for example focused on by researchers at the Palo Alto Research Centre, is that the individual user displays very specific, habitual characteristics in behaviour and usage or even movement pattern that can be used to continuously monitor the usage. This will allow to determine sudden change in which case the device will immediately shut down and deny access. Such parameters being researched include location and movement patterns, the way we walk, speed and style of data input on the device, activity pattern and timing, or the subtle way the user’s hand shakes.

These methods seem, as the research shows, to deliver reliable results. At the same time, however, this extends on the privacy discussion, as data is collected on users’ bio-sensorial functions. The technology also puts pressure on individual to profile themselves. The security of such a dataset is a very different issue again, including and extending into the field of personal health and medical information. Nevertheless it represents a big move towards the identification of ‘unique’ individuals and verifying much more than the Touch ID in itself does.

..The end of the virtual?

The introduction of Touch ID or alternative biometric/behavioural authentication methods will prevent users from creating different online identities, as the fingerprint is ‘THE ID’. This means it is really you, who bought that song on iTunes, uploaded that image on Flickr and accidentally deleted that file on Prezi. And it is the very same person who called the client on Skype and tweeted about Beyonce’s concert on Twitter. It is also the same individual who banks with HSBC, shops with Sainsbury’s and hangs out at the Barbican. The point is that ‘being online’ becomes very much like ‘being offline’. Events, happenings and activities become uniquely and reliable tied to users, the individual becomes authentic and unique. Is this the end of virtual?

When looking at the introduction of Touch ID it seems so. It really is the case of as Apple put it ‘’your iPhone reads your fingerprint and knows who you are’’. Subsequently any activity becomes real and unique, and also identifiable as such by online friends and fellow users as well as service providers and traders. However, as suggested by Apple, this does not only make your life easier, but also that of marketing and consumer related businesses. At the same time, it too makes the individual responsible for his or her online activities not dissimilar to the responsibility one enjoys in person as an individual in the real world. It will no longer be possible for users to hide behind one or multiple pseudonyms or avatars. This will certainly transform practice, as both, providers and users, will have to accommodate this ‘new authentic self’ and a completely new reality of online practice.

In many ways, this discussion is related to the ‘Internet of Things’ concept which has enjoyed raising attention over the past five years. Whilst the Internet of Things is about ‘real’ objects being connected to the web, to each other and to ‘users’, Touch ID is about ‘real’ humans. An interesting aspect raised by the Tales of Things project at CASA UCL was the fact that the ‘real’ object was required to access information. This means, access to content is based on ‘real world interaction’. With Touch ID, it is very similar. It requires me, the user, to unlock information (at least once, until may fingerprint has been ‘hacked’) and interact, both online and offline. This ultimately connects the online world to reality.

This means, with and through Touch ID the online experience becomes real in the sense that it confirms that the person logging in at this moment, at this location really is the specific individual and not someone else or a bot. At a first glance, this seems great. From a security and privacy point of view, however, this raises a whole bunch of new questions and concerns that need to be addressed to enjoy this ‘brave new online world’ with yet new possibilities for both users and services. For example, national agencies and businesses might be extremely interested in this kind of data as it is the ultimate proof of someone’s activities at a given time and location. Hence, this information on habitual activities individually verified seems much more desirable for ‘outsiders’ than the actual fingerprint. Touch ID reveals what, when and where a user has been, all confirmed by his or her own fingerprint whilst unlocking or just using the device – meaning the virtual has become its realest so far with consequences and possibilities we can only begin to speculate on.



Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

..Summary

Since the launch of the new iPhone 5s by Apple, the discussion revolving around online security and privacy has been re-activated. Experts agree that with the introduction of Touch ID the use of biometrical data as a security measure in mobile devices needs to be regulated, especially in terms of storage, handling and exchange of the biometric data processed. However, when looking closer at the implications of the finger-scan-technology developed and introduced by Apple, it becomes clear that the technology not only influences the usage of our personal data, the law and rights users have, but also the way we are present online. Especially since the fingerprint, or any other to be implemented biometric or personal pattern based verification, is ‘THE ID’. With biometrical authentication, there is no way of hiding behind a pseudonym or an avatar. It is really you, the user, who activates and uses the device (at least once, before the device is ‘hacked’). This means, the new iPhone 5s links the virtual world with reality and brings them as close as they have not been before, almost merging them in practice and consequence. The online self becomes authentic. As speculated in the article, this could be the end of the virtual and the beginning of a new web and online experience where we meet real people, make real conversations, buy real goods, but also carry real responsibility.



Image taken from mymodernmet / Real life person and their avatars by Robbie Cooper.

Article written by Sandra Abegglen and Fabian Neuhaus

Simultaneously published on Everyday Click and urbanTick.

Read More

Using Social Media Data for Research: The Ethical Challenges

By: admin_urbantick
14-03-2012
Uncategorised

Millions of users leave digital traces of their activities, interactions and whereabouts on the world wide web. More and more personal conversations and private messages are being shifted to these on-the-move channels of communication despite the many metadata strings attached. In recent years, the social science aspects of this data has become increasingly interesting for researchers.

Social networking services like Foursquare or Twitter provide programming interfaces for direct access to the real time data stream promoting it as free and public data. Despite signing acceptance of public rights these services have in their usage a predominantly private feel to it, creating for the user an ambivalence between voyeurism and exhibitionism.

What is the position of academic research upon using these datasources and datasets and how can academic standards be extended to cover these new and very dynamic in time and space operating information streams whilst protecting individual users privacy and respecting a high ethical standard?

In this presentation the use of digital social networks data will be discussed both from a user and from a processing for research standpoint. Examples of data mining and visualisation will be explained in detail developing a framework for working standards.

This talk will be presented at the lunchtime seminar at CRASSH, University of Cambridge, today 2012-03-14, 12h00-14h00, Seminar Room 1, Alison Richard Building, 7 West Road. The second speaker is Dr Sharath Srinivasan (Centre of Governance and Human Rights, POLIS).

Read More

Agile Ethics for Massified Research and Visualization

By: admin_urbantick
20-10-2011
Uncategorised

The advances in online data mining and the rising popularity of online social networking data is posing challenging questions in regards to ethics and privacy. How can academic research provide a comprehensive framework to secure data management and guarantee appropriate handling?

Given the current popularity of data crunching, big data and visualisation of massive datasets the question of data management under ethical guidelines in a lot of cases are pressing. Current institutional protocols do not cover these new aspects that arise from the accessibility of large datasets of online data.

Social science so far still builds on the basics of informed consent with all involved participants. These protocols were implemented in the late seventies, long before the internet. Most of the protocols have been updated around the year 2000 in regards to online research involving online questionnaires and sometimes research with chat rooms.

The dramatic changes online social networking data brought along with API’s allowing the construction of large scale datasets connecting to Facebook, Twitter, Foursquare and the like are based on the multiplication of dimensions. Researchers are no longer working with 10, 100 or 1000 participants, but potentially with data relating to millions of individual users. Still the data in as detailed as a qualitative dataset with 100 participants might be, potentially in specific cases even more detailed. This is especially the case in regards to time and location.

Currently the discussion mainly circles around the question whether the data is free and publicly available implying that if it is to be considered so no additional measures would be necessary. The argument in this case would be that the individual users are voluntarily sharing the data publicly for free. This is however a very naive and short sighted argument. There are of course a number of complicating issues to be considered. There are three main elements to this.

NCL Twitter Sheet
Image by urbanTick for NCL / A screenshot of a Twitter data table with the different columns containing metadata. Each row represents one tweet.

The first aspect is the dynamic nature of the data. Since the data is time based and it is being produced at such a vast quantity content very quickly is superseded and disappears in the platform’s thumbs in many cases unretrievable for the individual user. In practice this can result in the fact that sets of mined data are becoming unique. In this case the acquiring of such a dataset is an act of making for which the research would have to take responsibility.

The second aspect is that the service operational aspects. It requires the user to share the information as otherwise the usage of the service in most cases would simply be impossible. If the user would not be willing to share the information this would in most cases result in the exclusion of the user or at least mean a dramatic reduction of the capacity of the service. Another aspect of the usability is that the way the user interacts with the platform easily can lead the user to believe to be acting in a private environment. In the individual setting the service only provides information of a closed circle of connections to other users. This means that the users might be tempted to share private information easily not being aware that on a larger scale all activities are public. Furthermore, it is unclear if the user has, by agreeing to use the service also agreed for all his information to be mined and researched towards specific conditions in relation to a vast number of other users.

The third aspect is the fact that no the individual datapoint, message or information is causing concern for privacy, but the series of datapoints. These newly available datasources contain a lot of metadata and continuous data which has the potential to be analysed towards patterns. In other words it is not about one or two places the individual has been to, but about the possibility to infer a very personal pattern from the information distinctively describing the personal habits in both time and space.

From these considerations and points of discussion the now published paper Agile Ethics for Massified Research and Visualization as part of the special edition of Information, Communication and Society, edited by A. Carusi is available online from Taylor & Francis.

The paper is written together with Dr. Tim Webmoore at Stanford and beside the discussion of implications as well as aspects of the development of a framework the Twitter work serves as a practical example.

The topic has already been discussed in an earlier blog post Privacy – Aspects of an Ecology of Ownership that lead at a later stage to the paper. Also a version of the paper has been presented at the Visualisation in the Age of Computerisation conference in Oxford in early 2011.

Neuhaus, F. & Webmoor, T., 2011. Agile Ethics for Massified Research and Visualization. Information, Communication & Society, pp.1-23.

Read More

Google+ Social Networking Built for Privacy?

By: admin_urbantick
01-07-2011
Uncategorised

Social Networking is the biggest and most importantly the fastest growing Internet branch at the moment. The companies have managed such a steep intake of new users over the past 18 month and most of it translated into what the company is worth.

It is what people do on the internet, they spend time on social networking sites. According to the 2011 stats published by Ken Burbary users do:
“Average user spends an average 15 hours and 33 minutes on Facebook per month, the average user visits the site 40 times per month and the average user spends an 23 minutes (23:20 to be precise) on each visit.” This is a lot of time for one network and there are many others. Most users will also be using Twitter and Gowalla and so on.

Now that the first really big hype around these sharing platforms is over the a lot of users start to rethink the practice of sharing with everybody, random and unwanted friends. They start to ask for more controle over the mechanisms behind the suggestions, the adds and the linkages. But most of all users want easier controle over what is happening around their profile.

After the 2009 wave of privacy discussion centring around Facebook and Google, most services have implemented better options, but it is getting extremely complicated to use them and manage these functions relevant. Adjusting the settings manually for each group and each page and each entry and each status and each photo and each link and each what ever…, is really taking half the fun out of the activity.

Social connections seem to be fragmented and individuals have ties to different groups of people each having different expectations, likes, standards or practices. There might be a group of work colleagues including the boss, there is the group of parents from your child’s nursery, there is a group of school friends you haven’t see in ages and there are all these nerdy people from the sunflower growing circle and so on.

You know all of them or at least have some connections to them, however certain elements do not fit from one group to the other. It’s not that you are leading a secret life in all the groups (probably you are), but the context is just different. It requires more insight to understand some of he items, inks, comments and jokes and this is relative to the groups.

Google+ you
Image taken from Google+ / The new design puts a strong emphasis on ‘you’ to reflect the software architecture focus. Also the design is slightly less comics than the other Google stuff so far. This is a good step they are taking. It has to look at bit more serious so people can trust it. This is not to say they have to drop their colours.

Very likely the work group and the parent group will not fit and so will the group of old school friends not connect to any of the content from the nerds. Managing this can be painfully complicated on existing networks. This comes as some sort of historic load of how the platforms have grown and developed. Back then there were different elements crucial, because the idea of online networking had to be introduced at first.

A new generation of social networking platforms is about to come a long and if they want to be successful they better make this management element core. Google is the first one to launch a new service with their Google+ and it is said to feature this management element very central with clever, but simple tools to adjust and handle this.

XKCD Google+
Image taken from XKCD / Google+ as discussed across offices these days.

Google+ introduces a new terminology for the wall, friends, groups and so on. It comes as Circles – a group of friends, and this is how you arrange them, Hangouts – where you can spend time with your contacts, Sparks – where you share and find new stuff.

There is a lot more like a Profile and a Stream and Photos. But also the privacy with a privacy policy and general Settings are par tof this important management board. There is also direct information on Backup, something that has never been talked about in the socil networking context so far and Google seems to be willing to offer solutions here as well as the shuttign down of acounts here called Downgrade.

Google has also changed the entry requirements and it seams that signing up to Google getting a specific gmail address is no longer necessary as it was with all the previous services. This will probably make a lot of people willing to give it a try, but then most people wil already have a gmail address from the previous services.

Very interesting will be the integration of location based and mobile sharing of which there is only little known at the moment. Will Google relaunch Latitude a fourth time or will Google+ have an integrated location service? We shall see.

It will be very interesting how these user centred setting management options will transform the service and how the platform is used. Currently it is run in privat beta, but the interest seems massive. People are keen to get into building a new social network. But then this was the same with Google Buzz and Google Wave, which both were later not that successful. However, it is likely that both of them together with latitude sort of feed into this new Google+.

The privacy and ethics discussion will be ongoing. And it will be for example interesting to what extend an API will be provided allowing to mine the social networking data at large which is generated through the use of the service. One question will be how this can be integrated with the stepped up privacy policy or whether, as Google has done so far, they restrict access to this part of the service.

Read More

Privacy – Aspects of an Ecology of Ownership

By: admin_urbantick
27-09-2010
Uncategorised

With the rise of individual online activity in chat rooms, social networking platforms and micro blogging services new datasources for social science research has become available in large quantities. The change in sample sizes from 100 participants to 100,000 is a dramatic challenge in numerous ways, technically, politically, but also ethically.
In this emerging context, because of its virtual and remote nature, the guidelines have to be reworked to meet the arising implications and establish fair, responsible and ethical management of such large quantities of information, containing potentially largely personal information of individuals.

Issues and concerns surrounding privacy and ethics have been raised recently around the data mining projects develop here at CASA. Most prominently at the CRESC conference in Oxford where it sparked a heated, but very interesting debate.

The questions arise over to what extent the users of online services agree to ‘their data’ being used for further research or analysis; potentially useful information which they often unknowingly generate while online. The lot of Survey Mapper and New City Landscape maps (NCL) generated from tweets sent with included geo location are working with data collected remotely through the internet without a direct consent from the ‘user’.

With the NCL maps for example we are working with around 150,000 twitter messages sent by about 45,000 individual twitter users. The data is collected through the public twitter API which is provided as an additional service by twitter. Using the API, twitter packages the outgoing data stream of tweets for third party developers of twitter applications. The data served through the API is believed to be exactly the same as it is used for the main twitter online page.

The implications in the case of twitter, and likly with other similar services lies in the perception of private and public. With twitter the user can set up a personal profile and start sending 140 character messages. These messages are generally undirected statements that are sent out to the world using the twitter platform. To get other peoples messages delivered onto the personal twitter account page one has to start ‘following’ other users. This needs to happen in order for other users to see one’s messages, they have to start ‘following’. Each user can manage the list of followers manually.

However, while this setting creates a sense of closed community and could, probably does, lead one to believe the information or data sent using this platform can only be read and accessed by the circle of followers (e.g. friends), this is actually not the case. Every twitter message sent, unless deliberately sent as private message, is public.

For example last week the first person was sent to curt, see the Guardian, because he tweeted a joke to his friend: ‘To bow the Robin Hood Airport sky high’. The twitter user was planning to fly out, but the airport was closed because of snow. How this message got him into trouble is not quite clear. The news article only states that an airport staff had by chance found the message using his home computer. Is he a follower of the tweeter or was he searching for the term ‘blow’ and ‘Robin Hood Airport’? However, this sounds a bit set up. But try the search. Now after the media attention the scanners will bring up loads of tweets containing the terms. So this airport staff will be very busy reading all the messages or any investigation unit filtering tweets will face some difficulties.

This is not, however, a unique case to twitter. The issue arises in a number of fields related to user generated data, ranging from Google to facebook, from Microsoft to Apple and from Oyster card to Nectar Card. Information is the basic material this bright new world is built of and the more one leverage it the bigger the value (see for instance ). The data generated by users on the web is constantly being analysed and pored back into the ocean of data. To some extend this is fundamental part of the whole web world.

How does Amazon know that I was searching for cat flap the other week, even if I was not searching it on Amazon? Or why does my webmail show ads for online degrees in the sidebar, while I am reading an email sent from a university account?
The information the user generates on the internet is leaving traces by the click and beyond. Search histories can be accessed and analysed and snippets can be located in the past. However this phenomenon is not limited to the past. It travels beside the user in the present, even arriving before hand at the shores of potential service providers almost like a rippling wave in the ocean of the web.

As described above using the example of twitter, the issue with privacy is that it is perceived in one way and handled in another. Maybe the comparison with public space could make for an interesting case. More and more public spaces are merging into corporate spaces in the city. Shopping malls start to enter the domain of the space perceived as ‘public’. Even though this is a privately owned mall and someone is making a lot of money from you being there, it successfully camouflages itself as a public space where people happily spend the money since it is so ‘convenient’. They are provided with everything they are demanding, including the selection of the peers thought the target group of the mall as well as a mix of additional factors, such as social group, economic as well as location based aspects. In this ‘easy’ setting one does not have to deal with the implication and sharing aspects of the real public space, where conflict of interest have to be solved between the parties and cannot be solved by the house rule in the appearance of the private security guard.

It could be argued that the web services are quite similar to what is described above. We are not surfing the ‘public’ internet a such, even though most websites are free to use, but they are actually private sites owned by someone and often offering a service. And of course the service provider will want to make some money. If not directly from the user, probably through a third party that offers money in exchange for something, mostly the directing of users to certain information.

In this sense the user is provided with a free service in exchange for letting himself/herself be directed to potentially interesting information and adverts.

In economical terms this is a pretty good offer and should be a win-win situation for everyone involve. But, is it?

Facebook has a number of webpages dedicated to the topic of privacy. For example one to explain the different settings categories or one for the privacy policy. The changes over the past years since the launch of facebook in 2004 have always been commented with loude voices of concern, louder more recently. Matt McKeon has put together a personal view of the evolution of facebook privacy over the years.

privacy
Image by Matt McKeon, via imgur / the Evolution of Privacy on facebook, Changes in default profile settings over time.It does actually change and automatically jump through the years, you have to be patient with this one.

Twitter also has a privacy page where they attempt to explain the company’s privacy guidelines and considerations. It states: ” We collect and use your information to provide our Services and improve them over time”. In this paper twitter clearly states that the concept of the service is to publicly distribute messages. It further states that the default setting is set to public with the option to make it more private. This is not true however, for the location information as in this case the user has to activate this feature if one chooses to include this information. In this sense every user who’s location information is mapped on the NCL maps has chosen to share this information with the word. Nevertheless there is an option to opt out of this and delete the location information of all messages sent in the past: “You may delete all location information from your past tweets. This may take up to 30 minutes”.

Twitter makes it – not perfectly – but clear what the implications are with using the service: “What you say on Twitter may be viewed all around the world instantly”.

diaspora
Image by Diaspora / the project Logo as a dandelion, to symbolise the distribution of the seeds as uses for the basic concept of the new social network.

Sailing on the wave of complaints over the treatment of privacy on facebook and other social networking sites a bottom up project has risen, DIASPORA*. A self acclaimed perfectly personal social networking platform developed by four guys, with funny enough one of the goes under the name ‘Max Salzberg?’. It reads all like a spoof as it was published on NYT earlier in May this year. But the project took of with the donation of over $10,000 within 12 days and some $24,000 within 20 days. By now they are fully funded with over $200,000 using KickStarter. This was back in May 2010 and now the developer code was published on September 15 2010. It looks cool and maybe it will bring the change, but this is probably decided by other features other than that the privacy issue. Since the big hype this discussion has dramatically calmed down, but it was definitely a good kickstart for the Diaspora* project and it shows how much people care for their privacy.

The data of interest for a whole range of commercial and academic or political bodies is not confined to only the actual message or information sent. Each account or profile contains a lot of additional information, such as name, age, gender, address, contact details, interests, birthday, shoe size. All of which can be extremely valuable, not just for marketing purposes. In addition, the very big things are the connections and networks that can be constructed from the data. Who knows who is contacting whom, when, how often and where. This is the real aspect of change with these personal information – known in internet law and policy circles as Personal Identify Information (PII). For the first time we can actually observe large-scale social interaction in dramatic detail in real time.

Even more so it becomes an implication with now almost all services integrating actual location data, either by using the integrated GPS module if used on a smart phone or for example IP or Wi-Fi access point data. Service providers know not only with whom one is connected but also where one actually is physically.

The biggest discussion around this was stirred up by Google at the launch of its Google Latitude service, discussed HERE earlier, and the Google Privacy Statement can be found HERE. The service would offer the option to distribute one’s location to a list of friends who could follow one’s movement in real time.

Concern rose over the possibility that a jealous husband could potentially log in to the service and activate the service on his wife’s mobile without her knowledge and get his wife’s position in real time delivered onto his screen. This would be actually possible but is a ridiculous scenario. There are numerous providers of such a service to be found on the internet who have actually specialised in this sort of service. However, the Google service is one for the masses and freely accessible for everyone with internet. Google reacted by sending a scheduled reminder email every week once the service is activated.

The implications of the detailed knowledge of private information and especially location information is that the identification of individuals for third parties becomes possible and potentially this information can be used to harm the individual.

This issue was brought to the pubic attention by the online platform ‘pleaserobme.com‘ which displayed information collected from social networking site of people who stated that they are actually not at home. Implying that it would now be the opportunity to burgle their house. This was made possible through the message embedded location information.

One major factor in this discussion is the scale of resolution. Having the information is not the same as being able to use it. It is a question of accessing, or making it available. There might be a degree of anonymity in the fact that the data pool is so vast that the individual personal information is actually no longer visible. This is game deciding when the actual output of the private information are visualisations.

For example with the NCL maps, even though they are based on individual twitter messages because the data has been aggregated and the resulting visualisation is a density surface generated from the tweets, the individual tweet no longer features in this data. And even if, for example, we show the location of an individual message as in the LondonTweet clip, the resolution of the clip in pixel is so low that it becomes nearly impossible to determine a definite location. The blurred pixels display more of a potential area. In addition, we are also dealing with the inaccuracy of the GPS of between 5 to 20 – maybe 100 – metres in a dense urban environment. It becomes impossible to pinpoint the exact location of an individual. Combine this with a population density as we have here in London and it is impossible to identify an individual.

twittZoom01

twittZoom02-
Images by urbanTick / This shows a zoom (part 1) in on a animation of tweets in Google Earth as to demonstrate how tricky it is to read an actual location from this, even more so if one takes the GPS accuracy into account.

In conclusion it can be said that new guidelines clearly have to be developed for the changing nature of data availability in the digital age. Both commercial companies and academic researchers have to take extra care in handling and using digital personal data. They need to be aware that just because it is accessible this does not mean it can be used. However, there also has to be a change of mindset on the user side. They cannot just make use of services provided to them without contributing anything. If the service is based on public sharing and they want to use it they have to buy in to this information economy. Similarly with good search results. If people want the best possible service to quickly find something relevant to them in the ocean of data they might have to provide a little bit of information about themselves and what they are looking for. Economies – information no less than traditional – operate upon an exchange.

As discussed above in relation to physical public space, recently people seem to be very willing to accept corporate provisions and probably the discussion has to start there with the question of how dependant on these dominating private service providers do we want to be, both virtual and real and how much of our personal information in this context is actually still really private and how much do we just want to make it private.

However these aspects and links only touch on the topic and there are a lot more aspects that need to be discussed in detail, please feel free to comment and/or contribute.

Suggested Reading:

Dutton, William H. and Paul W. Jeffreys, editors. 2010. World Wide Research. Cambridge, MA: MIT Press.

Rogers, Richard. 2004. Information Politics on the Web. Cambridge, MA: MIT Press.

Read More

About

This is about the blog. There will be some info at some point. Not that anyone is going to read it anyhow , but still it would be nice to have some kind of short on what to find here. – more

Categories

BlogRoll

A Daily Dose of Architecture
BLDGBLOG
Dezeen
Digital Urban
dpr-barcelona
GIS AgentBased Modelling
Kosmograd
Landezine
mammoth
Pruned
PYTR 75
Urban Lab Global Cities

 


Buy on amazon


Buy on amazon


Buy on amazon


Buy on amazon


Buy on amazon


Buy on amazon

© 2010 —urbantick. All Rights Reserved. Powered by Wordpress.

Designed by Wpshower