Category: privacy

Ending anonymity: the Korean identity system “debacle”

I already mentioned the problems of online bullying happening in Korea (the (online) persecution of Daniel Lee, Korea’s top actress commits suicide amid rumors, Cyberviolence in Korea), and the government’s response which consisted in imposing a “real identity” system (update on Korea’s online identity system). Ars Technica is giving us an update, which is that the system will be.. abandoned!

The best argument against laws requiring websites to use “real name” policies is South Korea’s disastrous experiment with requiring websites to collect the real names of users who post content. Freedom House told the story in a recent report:

In 2007, the internet real-name registration system was expanded to apply to any website with more than 100,000 visitors per day. Users are required to verify their identities by submitting their Resident Registration Numbers (RRNs) when they wish to join and contribute to web portals and other major sites. As RRNs are assigned only to Korean citizens at birth, foreign nationals must individually contact webmasters to confirm their identities. This included the video-sharing website YouTube, but the site’s U.S.-based parent company, Google, refused to ask its Korean customers for their RRNs. Instead, it has blocked users from uploading content onto YouTube Korea. Users are able to bypass the restriction by changing their location setting to “worldwide.” Even the Korean presidential office maintains its YouTube channel in this way.

Trying to quell extremist views by preventing them from being expressed anonymously simply isn’t going to work. The Web is a big place; no government on Earth has the reach to completely eliminate anonymous forums from the Internet. Trying to suppress anonymous posting of extremist views just forces them underground, reinforcing extremists’ persecution complex and making them even more disconnected from mainstream political debates.

After a barrage of criticism, the South Korean government has finally announced plans to abandon the system. This recent decision came in the wake of a major security breach in which information about 35 million users was reportedly stolen from two popular websites.

Link

Half of French teenagers have published information on someone else without their consent

A recent French study highlights a paradox of web 2.0. While 39% of 15-17y have been victim of someone else publishing information (photos, videos, email) on them without permission, 49% of that same age group say they have once published these information on others without their consent.

It is probably a misleading figure for three reasons:

  • Doing it once does not mean you do it all the time and that it is a way of life.
  • The people who publish on me are probably not the people I publish on. It would be interesting to separate the statistics by “type” of people, the family, the friends, people I like, people I don’t like. Maybe it is in that last category I will publish information without asking.
  • Maybe these teens are publishing information to closed spaces (like when you limit access to a post to close friends only on Facebook, formally a publication, but not to the world), the study does not differentiate between public and private.

Still, this shows that there is a difference in perception and some learning to do. Some will qualify this as unconsciousness (not being aware of the price of exposure), but I find that interpretation unlikely as this generation is very tech-savvy and is in control of their identity. See sociogeek to learn more on how people expose themselves online.


Top: Who has seen information on him/her published by another web user?
Bottom: Who has published information on someone else without his/her consent?

Hasan Elahi, living in public to reclaim your privacy

I have been fascinated by the story of Hasan Elahi ever since I read a Wired article about him. We will have the pleasure to hear his story at Lift11 where Hasan will be a speaker this February. Here is an interview I did last week, to be published on the Lift blog tomorrow. Discover how what was originally an art project became an identity management system.

Hasan Elahi is an interdisciplinary media artist with an emphasis on technology and media and their social implications. His research interests include issues of surveillance, sousveillance, simulated time, transport systems, and borders and frontiers.

At Lift11, Hasan will tell us his incredible story: he was taken into custody of the FBI as a terrorist suspect in the United States by mistake, and ended up living totally in public to protect himself from surveillance. His talk will show how forfeiting your privacy can in fact become a new form of protection of your identity.

Laurent Haug: Tell us your story, what happened?

Hasan Elahi: I was coming back from an exhibition in Dakar. As I pass through the US customs in Detroit, I handed my passport to the agent who froze. Something was obviously wrong. I was taken to a large room that belonged to the INS – the now defunct organizations regulating immigration, which which no US citizen normally ever interacts. A guy in a dark suit walks to me and says “I expected you to be older”. I asked “please explain!” The guy starts questioning me, and out of nowhere he asks me “where were you on September 12?”. I could not remember. So I took my Palm out of my pocket, and we looked up together on my calendar for detailed records. He then started to question me on a storage unit I had in Tampa, Florida. “What do you have in it?” I had clothes, junk, he looked confused and asked “no explosives?”. The FBI had received a report about “an arab man hiding explosives in a storage unit in Tampa”.

The whole thing was very strange. I had no idea what was happening. More than a confusion, it was a paranoia. I think I convinced the agent I had in front of me I had done nothing wrong. But the machine was started, and there was no way to stop it. For six months I spent my time in meetings at the FBI office, calls with the FBI, etc. It only ended when, after 9 lie detector tests, I was finally cleared of any suspicion. During that time, I had a strange survival instinct that was telling me to cooperate. I knew what was happening to me was completely illegal, and I could have fought back. But I wanted to avoid the confrontation, so I told them every single detail. I was calling every time I was moving to make sure they knew where I was and not raise a red flag.

What was your reaction after the first 6 months?

I decided to disclose my whole life online to let the FBI know where I was. I programed a software that allowed me to share my location and what I was doing. We are talking 2003, way before Facebook places or Foursquare ;) What I wanted to do was create a file on myself, a file bigger than the FBI’s file. Then it hit me: why only the FBI should know that? If I started flooding the world with my information, I would devaluate their information on me and make it worthless. Their information would have no value as it would be less exhaustive than mine. It was a very symbolic action, but if you imagine 300 million people doing that then the whole intelligence system collapses.

At the beginning my system was only disclosing where I was with a photo. Then the project grew, I added my flight data, my bank records, my phone records.

Then I started to share every single detail. Food, beds I sleep in, toilets I used, etc. And the funny thing is that people started to get nervous, they were like “we don’t need to know all this!” :) That is where I realized I was living an amazingly anonymous life. That data overload was in fact recreating my privacy. As you can not detach from Google search results, the only option you have is to flood the system, take power. You can not delete stuff, so bury it! My project – which started as an art experiment – turned at that point into an identity management mechanism.

What was the reaction of your friends and family?

First people would ask me to not stop at their houses. But as I value other peoples’ privacy, I made sure nobody was recognizable on the pictures I was publishing. Today we are talking over the phone together. But I will only disclose I was on the phone, at that time, at this location. Not who I was talking to. What I do is store pointers to information, not necessarily the information itself.

What do you want to do with this project beyond protecting yourself?

I want to expose the weaknesses of current intelligence techniques. We are very good at gathering information, but very bad at analyzing it. This is a widespread problem for society and business in general – way beyond the borders of the intelligence community.

I also want to show that it is not about fearing big brother. You can turn back the lens. That is when things start to get really interesting.

Following up on “Publicy”

Following Eric Schmidt’s latest take on privacy, I am getting some link “love” from the big guys, with Techcrunch and Cnet both pointing to an early 2009 article I wrote on my take on privacy, something I believe you are not getting at birth anymore, but need to build around the concept of a “plausible me”. Publicy is a space you can control and where you can regain your privacy by publishing fake information – like 50% of social networks users aged 13-21 who claim they falsified information (see page 28).

Almost one year has passed since that post, and this important topic deserves a few more thoughts:

  • More logging planned
    One year later, laws like Hadopi are popping up all around the world, which means every single act you do online is being monitored and logged. In France again, several databases are in the works, some storing information like philosophical, religious and sexual orientation, and other strangely irrelevant information when it comes to something the government should know on you. All this to say that the situation got worse, and definitely, privacy is not a choice anymore. Nobody can shut down all the video cameras capturing our movements in the streets.
  • Privacy in the old sense of the word is dead
    Saying this does not make me agree with that development. But whether we like it or not (and I mostly don’t), there are many files on each of us, and we need to find a way to limit their impact. Privacy in the 19th century sense of the word does not exist anymore. Reversing the trend will demand a lot of catastrophes and abuses for public opinion to realize the pitfalls of such systems, and start making the legal, social, and technological changes. It is like the financial system, one government, person or company can not change this alone. It is a global issue.
  • Privacy is not something we are granted at birth anymore
    It is not the default setting of our lives. In developed countries babies get their first database entry a couple of minutes after birth. The first data given up is weight, height, gender, name. Trivial and revealing at the same time. What is at stakes here is to find balance between the usefulness of data – tracking babies allows for better public health, and hopefully helps avoid confusions – and their nuisance potential. In the case of babies, it is pretty clear that the positive outgains the negative. But what happens for criminal databases? When they allow the capture of a recidivist, pretty good. When they prevent someone who has changed to get a new job and work himself back into society, they are a negative force. Where the balance point is depends on your political view, on whether you had such a case in your family, on the history of your country, etc.
  • Not to mention lost data…
    And I am not even talking about the worrying number of hacked/leaked data making it to the open. There is storing data, then there is securing it. And every time I call my insurance company and witness their global incompetency in handling even the most basic process, I am terrified to think that the same people are managing servers with a lot of my personal data on it.
  • The loss of the right to be forgotten is a terrible thing
    Because it prevents one from getting recognized as having gotten over any past mistake. Shrinks (they are put to contribution in the pre-cited CNET article) will tell you that a people can change radically through the long process of therapy. But as the recent Roman Polanski saga shows, there is no need for Facebook or Twitter to have things catch up with you 30 years later. Again, not a new problem, and probably more of a social than technological problem. 21st century is very bad at giving second chances it seems, despite the many stories of former convicts turning into positive forces. It is like, implicitly, society has accepted the total futility of the jail/punishment system. It does not work, criminals will strike again so we need a record on them. It is a shame there is no debate on how to regain trust in the correction system. If it was working 95% of the time we might not need databases.
  • The search for fame is not the only driver of online existence
    There are many reasons for us to go online, and therefore try to control our identity. The distance with friends (I’m in touch with my childhood friends now living in Reims, Paris, L.A, Lisbon, etc. It can only happen online), participation in a community (and something like Lift is only possible through online communities), launching a business (which means having a website with your name on it), etc. There is much more than pursuing an elusive fifteen minutes of fame. For a lateral view on this, take five minutes and read Howard S. Becker on studying new media. He mentions the many reasons why people are active online.
  • We are not the only source of negative information on us
    Where I disagree with Eric Schmidt is when he seems to imply that one is the source of all negative information about him/herself. Yes, “if you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place“, but many exceptions should be taken into account there. I am not sure 14 years old Joseph Ratzinger (a man for whom I don’t have any special sympathy whatsoever) voluntarily engaged in the Hitler Youth, yet this was held back against him when he became Benedict XVI. A disease can also be a source of information you want to rightfully hide from the public, and this should be possible. People do not chose to have cancer, yet a few cases of people fired after searching for data on this condition have surfaced. Some information can hurt us, and we might have nothing to do about them.
  • Privacy needs a serious framework
    Trying to find a definitive rule to guarantee an even privacy to all citizens is probably a lost cause, because we all need to solve a different equation. Some of us need total privacy, others need to be semi or fully public figures because of their business, personal or political activities. Being totally transparent can even protect you from government abuse! What we need is more of a framework where anybody can position the cursor as he wants, and more importantly, change its position over time. As the founder of Lift, I have to communicate online as I am the first node of a global community. Whatever my next job is, I might want to reverse the trend and become more secret. This is not really possible right now, and if you have a solution in mind you will be very rich and you should contact me, I will invest whatever I have in your company :)
  • Self regulation is already underway
    This kind of larger than life issues tends to self regulate. And I think that in the end, Google and the advertisers – often cited as the ones asking for less privacy – are the ones who have an interest in it. Why? I already mentionned earlier a study showing that 50% of users among the 13-21 age range falsify information. You want to spy on me? I will feed you with fake data to push the envelope to where I want it to be. And I will make your profiling efforts much more complicated in the process. In the contrary, if you give users a system they can trust, one where they can control what is controllable, then they will share the data advertisers need. I am sure Google [Disclaimer: a partner of Lift] understands this, as their recent Data Liberation Front initiative shows. Facebook does not seem to be that far in terms of thinking, but it will inevitably come. This reminds me of the click fraud controversy: you can hardly identify them so the solution is to acknowledge them directly in your bidding for AdWords. For more on the lying habits of online users, be sure to check Genevieve Bell’s talk at Lift08:
    [kml_flashembed movie="http://www.dailymotion.com/swf/xa2c31&related=0" width="425" height="335" wmode="transparent" /]

“Publicy”, the rebirth of privacy

Update: welcome to the Techcrunch and Cnet readers, please be sure to check the 2010 follow-up post on the matter.

Privacy is not dead. It just went global and public, which doesn’t mean you can’t control what people know about you. Actually, it is now the other way around. Let me explain.

Every time I hear someone alarmed about “the death of privacy”, I remember my grandmother telling me her childhood stories, memories dating back to the beginning of the 20th century. Only a few decades ago, life was very different. You were part of a small community, spent all your life basically surrounded by the same people who ended up knowing almost everything about you.

Peoples’ horizon was family. Families, those constructions who often end up trapping human beings into roles. There was the one who’s successful, the one who’s rich, the one who’s cheating, the one who’s funny. Every person was tagged by the group, and everybody knew everything about everybody else. Any information would end up circulating, then become an eventual chip on one’s shoulder for all his or her life. There was much less privacy than today.

Is that what we are missing? Is what we have today really worse than that?

What happens with social networks is they publish information about you to the world. Two kinds of information: the ones you control, and the ones you don’t control.

The solution to fight the ones you don’t control has been known for years. If you can’t control the conversation improve it! Become the one stop source of info about yourself. Have a profile, more active than any other profile for all matters related to you. This way your content will always beat others’ content, and you get your control back. Then it’s up to you to not being photographed while drunk at that Spring break party. But that was a good ideas (not being photographed) well before Facebook right?

Now that you are back in the driver seat, you have your privacy back. Just of a different kind. You have built a space that could be called “publicy”, or “the plausible me”. It is a credible space where people expect to see information about you. Whatever credible information you say in there will be taken as true by the world.

That is your new privacy. A space that is public but that you control, where you can say anything you want and have it taken as true.

I love doing one thing on Facebook: using my status to say what I am NOT doing. I sometimes write “Laurent is in the train to Zurich” while I am sitting at my desk in Geneva. It’s just a way to prevent last minute calls for lunch on a busy day. I do it sometimes and mostly for fun, but I could also be lying on my relationship status, telling the world I am working on a project I want my competitors to think I am working on, saying I am at one place to cover the fact I am going to another. Your privacy is the fact that, through computers and distance, nobody can really cross check information anymore.

Privacy is here and doing well. It is just different, and not something that is granted at birth anymore. You have to create it, using the tools that were supposedly taking it away from you. You used to have to build your public image, now you have to build the private one. It’s a small change if you know how to do it.

Who controls / protects the digital me?

Identity is one of the web’s next big problem, so the Identity Mash-up conference should be a very interesting place to be on June 19 and 20.

The goal of the conference is to explore the role of identity systems in furthering or inhibiting privacy, civil liberties and new forms of civic participation and commerce.

We touched on these issues at LIFT, with Marc Besson talking about securing identities, and Bruno Giussani explaining that we enter an era where you can’t control your identity anymore (video here).

Via David Galipeau)

Privacy chiefs from 40 countries have called upon the United Nations to prepare a legally binding instrument which clearly sets out in detail the rights to data protection and privacy as enforceable human rights.

Lien

Michel Jaccard m’a parlé de cette conférence qui s’est tenue il y a trois semaines à Montreux. Espérons que cette déclaration, demandant que la protection de la vie privée devienne un droit fondamental, sera entendue.

Continue reading