Tag Archive for 'Privacy' Page 3 of 7

« Older Entries
Newer Entries »

Can you answer my question?

Published
by
Elias Bizannes
on March 4, 2008
in DataPortability
. Comments

We at the DataPortability project have kick started a research phase, because we’ve realised we need to spend more time consulting with the community working out issues which don’t quite have one answer.

As Chris Saad and myself are also experimenting with a new type of social organisation as we incubate the DataPortability project, which I call wikiocracy (Chris calls it participant democracy), I thought I might post these issues on my blog to keep in line with the decentralised ethos we are encouraging with DataPortability. This is something the entire world should be questioning,

So below are some thoughts I have had. They’ve changed a lot since I first thought about what a users data rights are, and no doubt, they will change again. But hopefully my thoughts can act as a catalyst for what people think data rights really are, and a focus on the issue at stake which I conclude as my question. I think the bill of rights for users on the social web is not quite adequate, and we need a more careful analysis of the issues.

It’s the data, stupid
Data is essentially an object. Standalone it’s useless - take for example the name “Elias”. In the absence of anything else, that piece of datum means nothing. However when you associate that name with my identity (ie, appending my surname Bizannes or linking it to my facebook profile), that suddenly becomes “information”. Data is an object and information is generated when you create linkages between different types of data - the ‘relationships’.

Take this data definition from DMReview which defines data (and information):

Items representing facts, text, graphics, bit-mapped images, sound, analog or digital live-video segments. Data is the raw material of a system supplied by data producers and is used by information consumers to create information.

Data is an object and information is a relationship between data - I’ve studied database theory at university to be authoritative on that! But since I didn’t do philosophy, then what is knowledge?

Knowledge can be considered as the distillation of information that has been collected, classified, organized, integrated, abstracted and value added
(source)

Relationships, facts, assumptions, heuristics and models derived through the formal and informal analysis or interpretation of data
(source)

So in other words, knowledge is the application of information to a scenario. Whilst I apologise if this appears that I am splitting hairs, I think clarifying what these terms are is fundamental to the implementation of DataPortability. Why this is relevant will be seen below, but now we need to move onto what does the second concept mean.

Portability
On first interpretation, portability means the ability to move something - exporting and importing. I think we shouldn’t take the ability to move data around as the sole definition of portability but it should also mean being able to port the context that data is used. After all, information and knowledge is based on the manipulation of data, and you don’t need to move data per se but merely change the context to do that. A vendor can add value to a consumer by building unique relationships between data and giving unique application to other scenarios - where the original data is stored is irrelevant as long as its accessible.

Portability to me means a person needs to have the ability to determine where their data is used. But to do that, they need control over that data - which means determining how it is used. Yet there is little point being able to determine how your data is used, if you can’t determine who can access your data. Therefore, the concept of portability invokes an understanding of what exactly control and accessibility means.

So to discuss portability, requires us to also understand what does data control and data accessibility really mean. You can’t “port” something unless you control it; and you can’t “control” something, if you can’t determine who can “access” it. As I state, as long as the data is accessible, the location of it can be on the moon for all I care: for the concept of portability by context to exist, we must ensure as a condition that the data is open to access.

Ownership
Now here is where it gets complicated: who owns what? Maybe the conversation should come to who owns the information and knowledge generated from that data. Data on its own, potentially doesn’t belong to anyone. My name “Elias” is shared by millions of other people in the world. Whilst I may own my identity, which my name is a representation of that, is it fair to say I own the name “Elias”? On the flip side, if a picture I took is considered data - I think it’s fair to say I “own” that piece of data.

Information on the other hand, requires a bit of work to create. Therefore, the generator of that information should get ownership. However when we start applying this concept to something like a social relationship, it gets a bit tricky. If I add a friend on Facebook, and they accept me, who “owns” that relationship? Effectively both of us - so we become join partners in ownership of that piece of information. If I was to add someone as a friend on MySpace, they don’t necessarily have to reciprocate - therefore it’s a one way relationship. Does that mean, I own that information?

This is when the concept of privacy comes in. If I am generating information about someone, am I entitled to it? If someone owns the underlying data I used to generate that information - then it would be fair to say, I am “licensing” usage of that data to generate information which de-facto is owned by them. But privacy as a concept and in the legislation of many countries doesn’t work like that. Privacy is even a right along side other basic rights like freedom of expression and religion in the constitution of Iraq (Article 17). So what’s privacy in the context of information that relates to someones identity?

Perhaps we should define privacy as the right to control information that represents an entity’s identity (being a person or legal body). Such as definition ties with defamation law for example, and the principle of privacy: you have control over what’s been said about you, as a fundamental human right. But yet again, I’ve just opened up a can of worms: what is “identity”? Maybe the Identity commons people can answer that? Would it be fair to say, that in the context of an “identity”, an entity like a person ‘owns’ that? So when it comes to information relating to someones identity, do we override it with this human right to privacy as to who owns that information, regardless of who generated that information?

This posting is a question, rather than an answer. When we say we want “data portability”, we need to be clear what exactly this means. Companies I believe are slightly afraid of DataPortability, because they think they will lose something, which is not true. Companies commercial interests are something I am very mindful when we have these discussions, and I will ensure with my involvement that DataPortability pioneers not some unrealistic ideal but a genuine move forward in business thinking. It needs to be clear what constitutes ownership and of what so we can design a blueprint that accounts for users’ data rights, without ruining the business models of companies that rely on our data.

Which brings me to my question - “who owns what”?

My presentation at Kickstart forum

Published
by
Elias Bizannes
on March 3, 2008
in DataPortability
. Comments

I’m currently at Kickstart forum (along with the Mickster), and I just gave a presentation on DataPortability to a bunch of Aussie journalists. I didn’t write a speech, but I did jot down some points on paper before I spoke, so I thought I might share them here given I had a good response.

My presentation had three aspects: background, explanation, and implications of DataPortability. Below is a summary of what I said

Background

  • Started by a bunch of Australians and a few other people overseas in November 2007 out of a chatroom. We formed a workgroup to explore the concept of social network data portability
  • In January 2008, Robert Scoble had an incident, which directed a lot of attention to us. As a consequence, we’ve seen major companies such as Google, Microsoft, Yahoo, Facebook, Six Apart, LinkedIn, Digg, and a host of others pledge support for the project.
  • We now have over 1000 people contributing, and have the support of a lot of influential people in the industry who want us to succeed.

Explanation

  • The goal is to not invent anything new. Rather, it’s to synthesise existing standards and technologies, into one blueprint - and then we push it out to the world under the DataPortability brand
  • When consumers see the DataPortability brand, they will know it represents certain things - similar to how users recognise the Centrino brand represents Intel, mobility, wireless internet, and a long battary life. The brand is to communicate some fundamental things about a web service, that will allow a user to recognise a supporting site respects it’s users data rights and certain functionality.
  • Analogy of zero-networking: before the zeroconf initiative it was difficult to connect to the internet (wirelessly). Due to the standardisation of policies, we can now connect on the internet wirelessly at the click of a button. The consequence of this is not just a better consumer experience, but the enablement of future opportunities such as what we are seeing with the mobile phone. Likewise, with DataPortability we will be able to connect to new applications and things will just “work” - and it will see new opportunity for us
  • Analogy of the bank: I stated how the attention economy is something we give our attention to ie, we put up with advertising, and in return we get content. And that the currency of the attention economy is data. With DataPortability, we can store our data in a bank, and via “electronic transfer”, we can interact with various services controlling the use of that data in a centralised manner. We update our data at the bank, and it automatically synchronises with the services we use ie, automatically updating your Facebook and MySpace profiles

Implications

  1. Interoperability: When diverse systems and organisations work together. A DataPortability world will allow you to use your data generated from other sites ie, if you buy books on Amazon about penguins, you can get movie recommendations on your pay TV movie catalog for penguins. Things like the ability to log in across the web with one sign-on, creates a self-supporting ecosystem where everyone benefits.
  2. Semantic web: I gave an explanation of the semantic web (which generated a lot of interest afterwards in chats), and then I proceeded to explain that the problem for the semantic web is there hasn’t been this uptake of standards and technologies. I said that when a company adopts the DataPortability blueprint, they will effectively be supporting the semantic web - and hence enabling the next phase of computing history
  3. Data rights: I claimed the DataPortability project is putting data rights in the spotlight, and it’s an issue that has generated interest from other industries like the health and legal sectors, and not just the Internet sector. Things like what is privacy, and what exactly does my “data” mean. DataPortability is creating a discussion on what this actually means
  4. Wikiocracy: I briefly explained how we are doing a social experiment, with a new type of of governance model, which can be regarded as an evolution of the open source model. “Decentralised” and “non-hierarchical”, which with time it will be more evident with what we are trying to do

Something that amused me was in the sessions I had afterwards when the journalists had a one-on-one session with me, one woman asked: “So why are you doing all of this?”. I said it was an amazing opportunity to meet people and build my profile in the tech industry, to which she concluded: “you’re doing this to make history, aren’t you?”.  I smiled :)

Facebook’s privacy is smart on technology but stupid in thought

Published
by
Elias Bizannes
on November 4, 2007
in DataPortability
. Comment

I’ve had to neglect this blog because I have been insanely busy with work and my studies, and will continue to do so for the rest of the year. But I thought I’d post a quick observation I made today, that I found interesting. Even more interesting, because I rarely notice details!

Whenever Facebook notifies you of an e-mail - like for example when a friend messages you - it will actually show you their e-mail. An example is in the screen shot below, which would enable me to click ‘reply’ to their e-mail and it would go directly to their personal e-mail. (I’ve noticed however, that this will only occur if you have already added the person as a friend.)

direct e-mail

This raises some interesting issues regarding privacy. The first being, why the heck is Facebook allowing this? Am I going to reply to my friends asking them what did they say in the message?! Privacy is my right to determine when people can see information about me when I want to - and I don’t want my friends seeing my e-mail. I can think of an example when a friend collected my e-mail from my profile, and adding me to a forward list of chain e-mails. Unlike the postal system for snail mail, where people pay for sending me a message with a stamp, e-mail forces the user to pay when they receive a message through their time. Before I didn’t have a choice, but now with new ways of communicating, I can control what gets sent to me.

This actually is a bit deeper. I’ve seen fake profiles friend request me - I always deny people I don’t know, but I know that lots of my friends usually add people blindly (I remember asking a friend who a friend requester was when I noticed she was a mutual friend with him, to which he replied: “No idea, but she’s hot!”). This now just became a very easy way to obtain someones e-mail - certainly, not as easy as harvesting e-mails from a public facing website, but still another means. The concerns however is not spam but identity threats.

A crucial thing to understand about privacy, is the concept of identifiable data. Corporations can collect data about me until their heart is content and I wouldn’t mind- but only on the basis they can’t specifically identify me. An e-mail address is what I regard as identifiable information: the e-mail I use on various web services that hold different data about me, can be easily linked purely through my e-mail address.

I’ve previously said how social networking sites are a new type of communications, that are far better than e-mail. E-mail is one of the worlds most powerful technologies but also one of the most dangerous. Whilst most would think it is because of e-mail overload and spam, what I really mean is how a single e-mail address can do so much damage if used by someone trying to investigate you and your life.

As our digital world becomes more sophisticated (and scary), lets be clear of some things. People no longer need e-mail to contact you; they can instead contact your ‘identity’ which is far superior (I discussed this in the posting I linked to just above). However with this advancement, also comes the opportunity to regard what your e-mail address really is: a key piece of identifiable data that can link your multiple identity’s across the digital world into one mega profile.

« Older Entries
Newer Entries »