Notes from the research seminar Searching information on the Internet: legal implications, by Julià Minguillón, held at the Open University of Catalonia, Barcelona, Spain, on April 29th, 2010.
Tim Berners-Lee creates the World Wide Web, based on a structure and protocols that require linking to work. The URL or URI identify documents that can be found on the Internet, creating a directed graph: A points to B, but we (usually) cannot walk the inverse way, the link is not reversible (i.e. you need another link to go from B to A, the initial A to B link does not serve this purpose).
There are two main strategies to explore the Internet and find information within: browsing and searching.
Browsing
One of the “problems” of the Internet is that, as a graph, it’s got no centre: the Internet as no centre or place that can be considered as its begin.
There are some initiatives to map the Internet, to index it (like the Open Directory Project, but the speed of growth of the Internet have made them difficult to maintain… and even to use.
Searching
a web crawler explores the Internet, retrieving information about the content and the structure of a web site;
an index is created where the information is listed and categorized, and
a query manager enables the user to ask the index and retrieve the desired information.
Web crawlers require that pages are linked to be able to visit them. Ways to prevent web crawlers to explore a web site (besides unlinking) is protection by username/password, use of CAPTCHAs, use of protocols of exclusion (e.g. in robots.txt files), etc.
Protocol of exclusion (robot.txt):
Has to be public;
Indication, not compulsory;
Discloses sensible information;
Google hack: intitle:index.of robots.txt
Problems
Search engines find sensible information.
Content and links are different things. A linked content might not be in the same place as the source content where the link is published.
Users can link sensible information/contents.
Broken links and permalinks: content might be moved but engines/users might track and re-link that content.
Outdated versions (cache): to avoid repeated visiting, search engines save old versions of sites (caches), which stand for a specific time even if some content is deleted.
Software vulnerabilities:
Browsing patterns (case of AOL): what a user does on the Internet can be tracked and reveal personal information.
Nowadays, most ways to remain anonymous on the Internet is opting out of services like web crawling by search engines.
With the Web 2.0 things become more complicated. Initiallly, “all” content was originated by the “owner” of a website: you needed a hosting and to directly manage that site. When everyone can create or share content in a very easy and immediate way, the relationship server/hosting-manager-content is not as straightforward as it used to be.
Linking and tagging also complicate even more the landscape. And with the upcoming semantic web, cross-search and crossing data from different sources can make it easy to retrieve complex information and find out really sensible information.
Privacy?
Users demand more and more services and are willing to give their privacy away for a handful of candies.
Personalization is often on a trade-off relationship with privacy, and people demand more personalization.
Opt-in should be the default, but it raises barriers to quick access to sites/services, hence opt-out is the default.
An increased trend in egosurfing and aim for e-stardom is accompanied by an increasing trail of data left behind by users.
Liabilities:
The creator of content
The uploader
The one who links
The one who tags
Search engines
End users
ISPs
Aggregators
Developers
Social networking sites
etc.
Discussion
Ramon Casas points at Google cache and, while being not strictly necessary to run the search engine, it represents an ilegal copy and/or access to content that (in many cases) was removed from its original website. In his example the museum closes at 20:00 but Google leaves the back door open until 22:00.
Notes from the research seminar Citrizen security in electronic environments. The case of electornic voting, by Jordi Puiggalí, held at the Open University of Catalonia, Barcelona, Spain, on January 28th, 2010.
Citrizen security in electronic environments. The case of electornic voting
Jordi Puiggalí, Scytl
Electronic voting is the natural evolution of the electronic count in elections. Two main kinds:
Face to face: people still go to polling stations, but vote in polling machines
Remote voting: you vote from home
Advantages
Count of votes is faster and exact
Cost saving in paper and printing (though there are added costs, especially in face to face electronic voting)
Increase of accessibility for disabled people. Also avoids identifying who was the voter (e.g. there’s only one blind voter in town: the ballot-paper in Braille is theirs)
Flexibility to include last-minute changes
Support for multiple languages. This, at its turn, avoids errors and avoids identifying who was the voter (e.g. there’s only one voter in town that speaks arabic: the ballot-paper in arabic is theirs)
Prevents involuntary errors that can end up in spoiled ballot-papers
Economies of scale (specific of remote voting)
Eases citizen participation (specific of remote voting)
Increases the mobility of the voter, as they can vote from anywhere (specific of remote voting)
Eases access to the voting process thus increasing participation (specific of remote voting)
Security threats
In traditional polling, the voter has a direct relationship with their vote and the polling station, committee, etc. Electronic voting adds an infrastructure layer that implies that the relationship between voter and vote becomes indirect/mediated. This mediation poses 4 security risks
The digital nature of the votes means that they can be easily added, erased, manipulated, and the privacy of the voter compromised at large scale;
The complexity of the systems at use, with the possibility of hardware functioning errors, bugs in the software, etc.;
Lack of transparency, as the technological infrastructures are more difficult to audit (e.g. how can you tell whether someone cracked the system?);
The introduction of new actors with privileges in the voting process, like system and platform administrators that can have privileged access to the voting process.
Side note: these threats can be extrapolated to the case of health records and many other cases.
How to address risks?
Physical measures
Avoid physical access to the protected device
This cannot be done in remote voting, at least not in the whole process
Organizational measures
Who has access to what
They necessarily have to be accompanied by monitoring measures (intensive log recording)
Intensive monitoring can lead to knowing who’s voting what
Logic measures
Automatic security measures
Easier to audit
Logic measures can, at their turn, be attacked themselves
Logic measures must not interfere (or even alter) the normal voting process
Security services
Information privacy: guarantee that no one knows what you did (e.g. your vote)
Information integrity: guarantee that information is not altered
Non-repudiation: avoid that you cannot deny having done something that you actually did
Authentication: ensure that the person that claims to have done something is that person
Authorization: you can do what you are allowed to do
Auditability: be able to track the system and assess its performance
Availability: always available.
One of the big differences between circumventing security in off-line voting and online voting is that scalability of the attack is much higher in online environments. E.g. identity theft in the offline world can be easy to do once, but not several times in the same polling station, but if done once in the online world, it is very likely that it can be done again, and very quickly, ad infinitum.
Electronic voting can identify which votes are valid and which ones not. You need not invalidate the whole polling station, but only the invalid votes.
For a paper I am preparing about Politics 2.0 in Spain — and that has already produced a definition of Politics 2.0 — I had to gather quite a good bunch of literature. There is quite some information about online politics, some about politics 2.0, but very few about Politics 2.0, especially academic literature about Politics 2.0 in Spain, which is scarce. Thus, writing that paper has required some interesting academic juggling.
Below I’ve listed the bibliography that so far I’m using to structure and back my paper. Beyond the bibliography that follows, three events helped much in collecting insights, ideas and find many interesting references. My gratitude to the speakers at these events:
Arnstein, S. R. (1969). “A Ladder of Citizen Participation”. In American Institute of Planners, Journal of the American Institute of Planners, Vol. 35, No. 4, July 1969, pp. 216-224. Boston: American Institute of Planners.
Jacobson, D. (1999). “Impression Formation in Cyberspace”. In Journal of Computer-Mediated Communication, 5 (1). Washington, DC: International Communication Association.
Peña-López, I. (2008). Ciudadanos Digitales vs. Insituciones Analógicas. Conference imparted in Candelaria, May 9th, 2008 at the iCities Conference about Blogs, e-Government and Digital Participation. Candelaria: ICTlogy.
Peytibí, F. X., Rodríguez, J. A. & Gutiérrez-Rubí, A. (2008). “La experiencia de las elecciones generales del 2008”. In IDP. Revista de Internet, Derecho y Ciencia Política, (7). Barcelona: Universitat Oberta de Catalunya.
Notes from the research seminar Deliberative democracy: religion in the public sphere. Deliberative obligations of the democratic citizenry, by Cristina Lafont held at the Open University of Catalonia, Barcelona, Spain, on December 17th, 2009.
Deliberative democracy: religion in the public sphere. Deliberative obligations of the democratic citizenry Cristina Lafont
Which has to be the role of Religion in the public sphere? Which one actually is? Which should it be?
Specially in a deliberative democracy, the fact that people have religious believes makes even more important exactly knowing what are the challenges for democracy of this issue.
The deliberative democracy is a fragile balance between the right to debate whatever subject under some few but strong coercive rules.
Jürgen Habermas: a process of deliberation has to be able to be justified and without coercion. Public deliberation has to include all information available; equality, symmetry and reciprocity to all contributions, independently of their source; absence of (external) coercion; communicative equality; and participants have to be sincere, critic, have no hidden goals, and be responsible for their own opinions.
But not only procedures have to be acceptable, but also the contents of the debate.
John Rawls tries to provide an answer this last question. Thus, contents have to be dealing with the public good (vs. the private). So, what happens with religion, normally out of the public sphere? According to Rawls, Religion has to be left outside, with some exceptions, e.g. values gathered in modern constitutions, basic justice, etc.
But some incompatibilities arise when some citizens might not accept coercive solutions that come from public values but not accepted in their own set of comprehensive beliefs. Indeed, the rawlsian thought could even exclude persons themselves from the public deliberation. Or ask them to forget about their beliefs when entering a deliberative process. Or give priority to public interests over personal beliefs.
Habermas “solves” this by dividing the agora in two: the informal deliberation, where citizens can bring in all kind of beliefs, and the institutional deliberation (parliaments, etc.) where these personal beliefs should be left aside or be translated into “secular” principles (e.g. the ones gathered in constitutions).
Habermas’s solution also has some problems, like treating secular citizens differently from religious ones, sometimes leaving them aside of this “translation” of their principles, for not being as explicit as the religious ones.
Lafont offers come comments. Instead of trying to translate them into general or public reasons, an interesting approach would be to take seriously religious proposals and assume they can be right. Thus, they should be debated as proposals of general or public reasons proposals. And hence be prepared to accept them or refute them, based on grounded arguments. The debate should, then, be more about the compatibility of specific beliefs with the common and acknowledged beliefs (again, e.g. the Constitution) and not whether these beliefs are right or wrong or better than others.
[a debate follows, too complex and rich to collect here]
Two major questions today: what will we do? how will we stay safe?
Innovation come not by using specific technology or platforms but on the effective uses we put into them.
The safety issue seems not to be approachable by the Law alone, being self-regulation and self-commitment a good share of it, and collaboration and co-operation another good share of it.
In a time of crisis, the international community turns its attention to the Information Society. But this is not about hardware, but about organizational change, institutional change. A major planning has to take place to deal with focal issues like e-commerce, network safety or e-Administration.
We’d do well to learn from sub-national or even local successes in open data initiatives, or data sharing initiatives. And what a different it makes to move from the “e-” Government to the “o-” Government.
And open data might be a necessary step to change not only government but also democracy and politics, to enable citizen participation and engagement.
We’re seeing times where political crisis and financial crisis is accompanied by a demand for transparency, openness, open data, etc. And it looks like broadly demanded political reforms could move towards this direction.
This is, for instance, how Politics 2.0 evolve from Politicians 2.0 towards Political Spaces 2.0.
Politics 2.0 can be presented as a virtuous circle, where everybody is part of that circle, and where the sense of “small” (as in a small issue) can have a brand new meaning (and not be small or irrelevant at all).
Will, hence, the unconventional ways of doing politics become the conventional or mainstream ones? Do we want that?
What is the right agenda? Does a creative use of public information (initially well intended) have bad consequences?
Next steps?
W3C Access to Government interest group
Pulic Services 2.0 declaration
From “come back tomorrow” to “come back next year”?
24.4 MB)
