Because we are Internet users, or intensive SNS users, we can put interesting and critical questions. Would it make any difference wouldn’t we be such kind of users?
Article 29 Working Party: how to find a data controller, how to define the default settings, what should be the usage of nicknames and pseudonyms, how should we treat peole under 18 (or under 14, as it also is the case of Spain), what happens to non-members of SNS, or what exactly is the domestic exemption?
Users create cognitive shortcuts that create some harms on our society that we do not fully understand. And solutions to these shortcuts are not that simple, because it attempts against the very nature of SNS and what their users are actually looking into them.
Sunday Express publishing “dirty” stories and being violently “punished” by it
We are reaching a breaking point regarding the Terms of Service and conditions of SNS: either we will give up the fight, or we will ignore them or fight them until the end.
Data protection and Social Networking Sites Chaired by Mònica Vilassau
Spain has circa 8,000,000 SNS users that usually set by default the lowest levels of data protection. It’s difficult to find out who’s the owner of data and who’s reliable of data protection. And it’s usual to find use of third parties’ data not only without their consent but without their knowledge.
There’s an urgent need to raise awareness about the privacy risks of using social networking sites and being on the Net.
Parents letting their kids freely browse SNS is like letting them go outside and play on the street unsupervised and unaware of some basic issues.
On the other hand, be have also to build confidence in the digital environment, and Law should have a role in trying to bring back (or build) confidence on the system.
There are shared risks where one’s actions have impact on third parties. What happens when data usage goes beyond the household or domestic arena? It’s known that increasingly SNS users use data for commercial purposes or, to say the least, not for strictly personal reasons.
But who’s liable for data protection infringement in SNS? If there’s been a data mining process for commercial uses, liability is easy to track back. But if the origin is a misuse coming from a particular individual, liability becomes not that easy to stablish.
SNS management is an approach to risk management. We should minimize risks for those acting legally, while prosecuting those who act illegally.
Pablo Pérez San-José, Gerente del Observatorio de la Seguridad de la Información Instituto Nacional de Tecnologías de la Comunicación (INTECO)
The Observatorio de la Seguridad de la Información [Observatory for the Information Security] is aimed towards monitoring and promoting policies for the security of data and information.
Hugh success of SNS at the kids and youngsters level. 43% kids using Tuenti, 80% using YouTube. Attractive because of the online-offline combination.
Three main key points concerning security hazards in SNSs:
Creation of profile: terms of service not clear. TOS should be written in plain English. Quite often, users are asked to fill in lots of data that are legally very sensible. Even if these data are not compulsory, they appear on the sign up form and people normally fill them in. User age verification should be more effective (in Spain, you need parental consent to share data if you’re under 14 y.o.). Default privacy settings are very low, allowing maximum visibility.
Participation in the SNS: excessive personal information made public on your profile. Non-authorized indexation by search engines. Installation and generic usage of cookies without the user’s knowledge. Reception of hipercontextualized advertising. Giving away intellectual property rights. Malware, phishing, pharming, etc. that use the information available on SNSs to customize to a higher degree attacks to other users. Spam based on false profiles. Sensitive and inappropriate content for minors. Cyberbulling, grooming.
Signing off: impossibility to completely and definitely erase your profile. Information that remains on third parties’ profiles.
Recommendations:
Be proactive following the law
Better age verification
Appropriate content (depending on environment and target) and well tagged
Awareness raising
Fostering secure environments, good practices, and a harmonized international law, while enabling the enforcement of law
Facebook and risks to de-contextualization of personal information Franck Dumortier, Researcher, Centre de recherches informatique et droit (FUNDP-CRID)
Facebook’s model is based on the presentation of the users’ profiles, the visualization of the network of relation to others, and, most important, use real-world identification signs, including real names and real places.
When is there de-contextualization?
Behaviours and information used in another context from that for which they were intended
Violation of contextual norms of appropriateness or distribution
While on the real world anyone more distant than the friend of a friend is a stranger, on Facebook anyone you don’t actively hate is a friend. This enables wider dissemination of sensitive and decontextualized content. The driver being the presence of a visible network, tagging, pressure to join the network, etc.
Privacy is a human right, and is normally treated as a data-subject. But he is also a contextual-human, so privacy should also be seen as a right to contextual integrity, and as a right to self-emancipation from one’s own context.
Facebook as a Foucault’s heterotopia: a place that includes all other places, including its relationships.
In this sense, dealing with the “data subject” (identifying someone by reference to one or more factors specific to one aspect of his identity) is a partial approach, and the right to protect data is the right provided to “dividuals” (as divided individuals, parts of individuals).
A prime effect of Facebook, as an heterotopical environment, is to artificially recompose individuals.
De-contextualization threatens data protection rights.
Data protection in Google Bárbara Navarro, European director of Institutional Relations of Google in Spain and Portugal.
Businesses are increasingly aware that data protection and privacy are important issues that need being addressed. There is a general claim that demands privacity on demand: I want to upload everything and then be able to manage my own privacy — and the SNS provider respect and protect it.
Some questions on Google and privacy: excessive data retention; Google Street View and Google Earth and their photos; contextual advertising: is it good or bad; cloud computing and jurisdiction; health records; etc.
In most cases, the user can opt-out (temporal or permanent) on specific aspects: ask the deletion of a photo, stop receiving contextualized advertising, etc. Google’s commitment is that the user is the owner of its own information and the things Google does with it.
Three axes of action:
Education
Collaboration
Regulation
Q&A
Q: Should the government rank and publish what SNS is more data privacy compliant? A: The government should enforce the law but, as it happens with any kind of crime, most information cannot be made public.
James Grimmelmann: If we prohibit sites like Facebook, is there a threat from behaving as more integrated individuals? If it is our will not to be “dividuals”, is there a threat against us if we ban heterotopies like Facebook? Franck Dumortier: Constituting a unique space is wrong because contexts might not fit, because different dimensions of the self might not be overlapping.
Q: How is it that there’s that much content on YouTube from TV channels? Bárbara Navarro: normally it’s individuals who upload videos on YouTube and TV Channels the ones that have to ask for this content to be retired. On the other hand, Google has created a scanning device that can identify protected content and not permit it being uploaded. It is also true, nevertheless, that most channels have their own YouTube channel and they normally allow protected content to be uploaded by individuals as it provides publicity.
Q: Imagine a user that joins a SNS focusing on a specific disease or illness, he then recovers and wants to quit the network and erase all data. How to? Esther Mitjans: The user made an cost-benefit analysis before joining and decided that it was worth joining the network, we should not forget about this. Notwithstanding, they should be following the requisites of the SNS to delete all their traces.
Facebook’s mission is to make the world more open, people more available one’s to each others, to make information more accessible. Facebook is the people, is the communities. But what are the economics behind SNSs? These social networking sites are expensive to maintain, and so a business plan is required… and this business plan often includes (or involves) intellectual property rights. Intellectual property rights often hold by third parties.
What are the copyright consequences of creating content on a social networking site? what jurisdiction applies? What appears on the sites is protected. But who owns these rights?
In the case of Facebook, IP rights are transferred (non-exclusively) to Facebook, with no financial compensation, also transferable at its turn, etc. In the case of MySpace the license includes transforming content, etc.
A CC-by-nc-nd license would be a good solution to all these agreements where usage is allowed but with more restrictive clauses that clearly benefit the copyright owner. Protecting your rights ex-ante is most difficult in SNS.
When there’s infringement, liability has to be demonstrated and author ownership also recognized.
Another problem is that once the content is made available, the operator of the site should communicate that it is published under copyright law. If it includes adaptation, then the limits of the right to make derivative works should also be clearly stated on the platform.
What happens when there’s more than one creator and people have collaborated to create that work? On user generated content sites, things get complicated, because collaborative work overlaps with a sequence of several re-creations (or modifications) of the original work.
In the US, in a joint work one of the joint authors can exploit the work on their own, but in Europe agreement must be reached among all joint authors. When there are incremental contributions (v1.0, v1.1, v1.2, etc.) exploitation of the work becomes way more complicated as incremental authorship increasingly becomes unclear.
The potential value of the works shared also poses different problems: while it’s likely to see IP problems on YouTube because of the higher potential value of the content shared there, this is less likely to happen in e.g. Flickr or Facebook.
Possible defences
Copyright does not apply because there is no “copy”, as the original was used
The original can be used because there is a signed license
It’s part of an exception to the law (and there are lots of them and distinguishing whether they apply and which one applies is really complicated)
What’s the liability of the intermediaries? SNSs, those making links, carriers, hosting providers, etc.
In Europe copyright and trademark infringement applies equally, though there are some safe harbours that cover intermediaries on some specific cases. But as soon as you don’t fall on safe harbours, the principles of copyright infringement apply, but they are not the same ones across Europe and, also, not the same ones as in the US.
Indeed, even within country regulatory frameworks, difficulties still apply: e.g. what is a hosting provider? Does it have to monitor all the content on its site? Is it an editor (like in a journal) or just a holding platform?
In order to benefit from the safe harbour (US law) YouTube cannot perform any kind of price discrimination for advertising depending on the content watched (e.g. home made video vs. commercial Hollywood movies). This is not optimal on a business model point of view, but it is a requisite of the safe harbour clause on the US copyright law (“you don’t know what’s on your site”).
Difference between IT Law and IT for Lawyers. It is very difficult that IT Law and IT regulation can answer all the questions that the Internet is bringing on the table.
The Spanish Constitution (1978) already spoke about privacy and honour, but later on this article was limited to data protection in the Spanish Law (1999). Privacy and data get separated one from the other (good), but privacy seems to be forgotten from the citizen bill of rights (bad).
In Spain, all rights infringements are understood the “old” way but infringements related to data. Most likely Spanish Law should be updated in fields such as privacy or security under the light of the debate that is taking place at the international level.
The international community seems to be reaching a growing consensus based on:
Awareness raising in the field of privacy and digital competences, including engineers that are coding the applications
Liability of the providers, but also of the users when they upload or tag third parties’ content or information
Right to inform: about privacy risks (or information leakages), identity, consent, etc.
Technological measures: use of nicknames, privacy by default, privacy enhancing technologies (PET), etc.
The problem is that social network analysis to mine data from SNSs represents a real threat even when the user is behaving correctly concerning their own privacy. The semantic web will make this even more transparent and privacy more fragile.
What is then the role of Privacy enhancing technologies?
Privacy preserving data mining (P2PM) technologies, to block data mining procedures
Use of several nicknames to protect access and avoid nickname tracking
Reputation systems that guarantee privacy: be able to change nicknames, etc. but keep reputation despite the changes of digital identities
Technologies for transparency and information control
Summing up, regulation in privacy issues is still limited and technology is underused and expensive (PETs are normally added up ex-post, which implies costs). We should maybe be moving towards privacy in the design, that privacy is part of the core business. PETs would then disappear and be embedded in the usual code and practices.
Q&A:
Miquel Peguera: Could control by ISPs be set by agreement or contract and then disable the safe harbour? Could YouTube discriminate prices based on the number of visits? Does it make any sense to protect a user identity by using nicknames, when precisely is the absence of nicknames the norm in SNSs? Alain Strowel: Control is difficult to state by contract. Jane Ginsburg: This kind of agreements might imply a legal incoherence. Regarding popularity and price discrimination, it should be proven that this is a legitimate criteria, and that popularity is not an intrinsic characteristic for copyrighted material.
James Grimmelmann: the increasing value of trademarks and names on the Internet, bound to digital identity and usually regulated by the domain name registry might now be at stake when SNSs such Facebook allow you to create subdomains under their domain. How does this change things? Alain Strowel: it surely puts a lot of pressure on trademark law, indeed, and trademark liability, and not only IP law.
Q: How will ISP and content and online services providers agreements evolve? Jane Ginsburg: We’d expect to see more compatibilities amongst contracts across jurisdictions. People should figure out how to draft contracts that can be enforceable in as much jurisdictions as possible.
There are plenty of motivations to use Social Networking Sites (SNS) and many risky ways for your privacy and security in using them. Why, then, keep using them?
SNS have profiles for their individuals, links to other people and a social graph that maps your network.
Your profile expresses and identifies, in some way, with your identity. But it’s not only what you say about you, but what your “friends” say about you: the people you befriend in a SNS is also adding up to your own identity.
People that you befriend, talk about you, comment the things you say or state, and links between users are created. Links that, all together, form a social graph where you can map your friends, the friends or your friends, etc.
Some false assumptions in SNSs
If everybody’s doing it, you do it too
There’s many people doing it, so I’ll keep unnoticed
False sense of privacy, “I’m alone here”
Feeling that everybody’s like us in the SNS
Electronic mediation makes us underestimate the impact of our actions
Distorted sense of (real) friendship and of knowing who the others are
Feeling that everything is under control and that one can “see” everything
Social harms
Disclosure: letting some intimacies known on SNS can spread quicker and broader than anywhere else
Surveillance: the mere sense of being watched all the time is by definition a limit to your own freedom (and scary and creepy to many too)
Instability: assumptions about an SNS that prove wrong along time, leading to privacy issues, e.g. seein photos you shouldn’t be allowed to see, Facebook Beacon, bugs…
Disagreement: you might not agree with some privacy issues, e.g. you can remove a tag from a photo, but not the photo itself. Or you would want to remove someone as a friend, but this someone feel hurt if you do, which leads to an embarrassing situation.
Spillovers: my decisions might have consequences to your privacy. Your decision on your profile affect who can see my information (e.g. you decide your friends list is public, hence I appear on your profile)
Denigration: defamation, attacks to persona, including how you present yourself. And this can be really subjective: how you match different groups of people (professional acquaintances, family, friends) reading the same type of information about you, without context, without filtering. And more: your profile can degenerate into an advertising platform.
Solutions?
Clearer privacy policies, but how to make simple what is complex?
Better technical controls to customize your privacy levels, better definitions, higher accuracy or detail in controlling your privacy setup
Data ownership: you should be free to take your information and move it where you want, data portability. If I’m your friend on a SNS: whose is this information (i.e. “we are friends”), yours or mine? Data portability is a solution but also a way to circumvent and decontextualize some security issues about privacy
The same motivations that drive us into SNS are the ones that lead to mistakes, and mistakes lead to harms. This makes really difficult how to solve some problems related to privacy.
Most privacy violations are produced by ourselves, we have met the enemy and he is us, it’s individual users (not anonymous big brothers) the ones that are violating privacy on a peer-to-peer basis.
Privacy violations spread as a virus: SNS are privacy viruses that spread from person to person.
Q&A
Miquel Peguera: how should default settings be set? is data portability the solution? A: default settings should be set to more privacy friendly levels. New features, for instance, are set on an opt-out basis, not an opt-in. The problem with data portability is whose is the ownership of data, specially when this “ownership” is shared?
Q: why is Facebook’s newsfeed a weapon? A: The problem is that there is a huge granularity on what you (and Facebook… and advertisers) can see and use for several purposes.
Ismael Peña-López: isn’t privacy overstated? A: Even if that might be true, the question is that people seeked some cover in SNS thinking that they privacy was assured there vs. the openness of the broad Internet. And the fact is that people got outraged when they found they search for privacy had been violated. So the point is not whether privacy is good or not, but that some people’s desire for privacy was guaranteed and then systematically violated.
Q: What happens when privacy can lead to crime? A: A big difference between SNS and typical surveillance tools is that the later are held by the power that should be having this kind of control, and opperated on a transparency basis. Instead, SNS surveillance systems are more complex, distributed and highly out of control.
Mònica Vilasau: are we more confident on the Net than offline? A: Psicologycal effects are really important in how we behave on SNSs.
Daithí Mac Sithigh: What are going to be the next steps of Facebook in the subject of privacy? A: Facebook is an extraordinary arrogant company. Dealing with privacy discussion, they would acknowledge they made a mistake, but won’t move back and, especially, won’t loose control.
Q: Can we increase control on existing or new SNSs? A: What we’ve been seeing so far is that this is a major challenge, that what people look for in networks is exactly the opposite of what would be needed to make these networks more privacy compliant.
More Information
Grimmelmann, J. (forthcoming 2009) Saving Facebook In Iowa Law Review, #94
All politics is both personal and local… and national… and… Have to manage the way to connect the personal to the local.
Emergent e-campaign strategy: depends on infrastructure and the tools; and of the logic of networked communities, whether they are autonomous or not. A difference between building “real” communities, or populist platforms addressed to many in general (to the “herd”).
A major challenge: how to measure actions, people, quality, etc. A need to modelize “digital natives” and the way they interact between each other and through technology.
Main research approaches in Politics 2.0, all of them interrelated:
We should not embrace the discourse and language of marketing or consultants, of populism, of counter-hegemonic collectives.
We have to assess the validity of our data, and collaborate both with the industry and the subjects of our studies.
We have to clarify what we understand by counter-power measures of ICTs and also, the concept of empowerment, and the concept of mobilization.
Is it a grassroots approach really a better system? Shouldn’t leaders lead? Is there still a role for leaders to “educate” the voter or to find “better” solutions and show them to the citizen?
Brian Krueger
Everything that’s great can be used against you: we should be thinking about Internet surveillance and monitoring. We know little about it and should be paying more attention to it. And this includes the sheer sensation of being monitored, as it has behavioural effects (e.g. self-censorship). Evidence shows that people feel monitored if they’d type “impeach Bush” or “assassinate Bush”. Open political criticism is tied to the feeling of being watched. And this sensation of being watched most probably changes your own behaviour, even if you’re not actually watched. And it’s likely to change how and how much you are participating.
Bruce Bimber
Motivation, attitudes, trust… the umbrella were to begin exploring participation. And then focus also on the changes that the new media are infringing to the landscape.
How would the landscape look like when “all” the people would have been socialized with these new media?
How different Web 2.0 tools differentiate one another? What different specific applications do they have?
We’re right to talk about choice, but we do still have not good models how to measure how choice happens and why.
More effort should be made in analysing how citizens can affect agenda-setting, on a decentralized and bottom-up communication scheme. And also how horizontal communication happens, how peer-to-peer can pass the message on.
Should focus more not on how people mobilize, but what the specific motivations and contexts are. What keeps people awake at night.
Andrew Chadwick
We need more appreciation of social network environments (i.e. tools), and balance technological determinism with social determinism, keeping in mind how technology did change some human behaviours.
How do we contextualize a campaign or social movement, specially when social movements increasingly look like parties and parties increasingly look like social movements, and borrow each one’s instruments and techniques.
Look at how citizens cognitively negotiate information overload in an age of information saturation (not scarcity).
Can we do politics in a space owned by the market and private interests? Can the citizens build their own forums, create their own network effects and avoid commoditized online spaces?
We do need to start looking in more sophisticated ways how people are exposed to online content, including accidental exposure.
There are many cross-section analyses, but few panel-data analysis, which are usually acknowledged to be more robust (though more difficult and expensive). And we should use more the “free range” data that people automatically create with their actions (e.g. logs) instead of “battery raised” surveys. And combine methods.
We should be aware of how mobile technologies might be changing the economy of attention and politics.
Discussion
Bruce Bimber: mobility is more about time, more about “always on” rather than physical space or ubiquity (Chadwick fully agrees).
Rachel Gibson & Bruce Bimber: there are places where the local factor really matters and shapes how the institutions work or are built and managed.
Granularity in citizen’s online engagement Andrew Chadwick
Dissatisfaction with the debate around e-Democracy and the concept of the public sphere. A new approach is needed and it would be worth looking at it from Yochai Benkler’s point of view, who states that granularity (of collaboration) determines the success of a (collaborative) project.
The online scenario has change with the appearance of the Web 2.0. Thus, online politics should be reshaped accordingly, and make possible more granular ways to participate.
Usability is one of the things that have radically changed in recent years. Web 2.0 platforms are simple and more easy to use. It is also easier to aggregate simple and small contributions together.
Low threshold political behaviour is central in most Web 2.0 political websites.
Web 2.0 do not solve the trust issue, but they have no doubt addressed this subject and they are far better than other solutions (newsgroups, IRC, etc.).
Community engagement requires third places not explicitly political/politicized (squares, bars, etc.) and this is going online now too. Facebook-like platforms are places where politics can piggy-back other conversations and meetings.
More granularity does not necessarily means less quality (i.e. because there is “less effort” and “less commitment” in just e.g. sending a single petition to the Prime Minister). Numbers matter. And, indeed, more granularity implies less risk.
Granular participation needs reconceptualization of decentralized politics. How to measure this? What’s the role of the intermediaries? Do we need them? Will political content be created?
How to support new patterns of interaction between politicians or policy-makers and the citizens? Will this interaction take place in third places? Will people welcome politicians in these third places? Will politicians be willing to enter these places?
Participation in online creation communities Mayo Fuster
Online Creation Communities (OCCs) are collective action performed by individuals that cooperate, communicate and interact, mainly via a platform of participation in the Internet, with the goal of knowledge-making and which the resulting information al pool remains freely accessible and of collective property.
Political relevance: they are spaces for civic engagement in the dissemination of alternative information and for participation in the public sphere; and citizen engagement in the provision of public civic information.
There is very strong inequality in participation: active participants (1%) that heavily contribute and are responsible for most of the content; contributors (9%), a low percentage of participants that make small or indirect contributions; and lurkers (90%), a large presence of individuals that do not participate. This pattern repeats everywhere and everywhen.
For Openesf.net the distribution is: 82% lurkers, 14.3% contributors and 3.7% active participants. Distribution of profiles varies depending on what is understood by participation.
97% of participants in Openesf.net presented themselves as individuals, not as members (or even representatives) of organizations.
Participation as an eco-system:
Participation is open, the system is open to participation
Participation has multiple forms and degrees which are integrated: a critical mass is essential to initiate the project; weak cooperation enriches the system; lurkers provide value as audience or through unintended participation that improves the sys tem
Participation is decentralized and asynchronous
Po is public
P is autonomous, each person decides which level of commitment they want to adopt and on what aspects they want to contribute
Participation is volunteering
Norms, technology and information: Pondering the infrastructural choices of “e-participation” Anders Koed Madsen
Analysis of portals to gather political or public-service-like content: How do the different portals shape and materialize the abstract pormises of citizen participation? Which elements give promises of new modes of citizen-engagement?
1st dimension: Structured semantics vs. unstructured semantics. This is a basis for both transmission and deliberation, though there is a trade-off between noise-reduction and diversity of inputs. There are also differences in how interaction is facilitated. Reacting citizen vs. proactive; moderated vs. unmoderated; agenda setting vs. open agendas; etc.
2nd dimension: Rationalistic content vs. non-rationalistic content. Differences in forms of content. The semantic choice can constrain the dialogue.
3rd dimension: Loose moderation vs. strict moderation.
How the election of these dimensions can affect content?
Discussion
Brian Krueger: does really a bigger size in the network implies a more useful network? Isn’t there a trade-off between size and usefulness? Is there a way to create networks that are useful to share knowledge?
Ismael Peña-López (re: Chadwick’s): One variable missing in the equation of how Web 2.0 have changed the landscape is the focus of most Web 2.0 platforms, or who benefits from them, shifting form the organization to the individual. Contributing to newsgroups benefited the community, uploading photos on Flickr benefits me; participating with a political party benefits… the party, but participating in TheyWorkForYou or FixMyStreet benefits… me! It is, again, a switch from push strategies (be engaged, then work for the party/candidate) to pull strategies (work for you, then be engaged). In some way, the Web 2.0 allows for including the concept of utility in the equation of political engagement.
Ismael Peña-López (re: Krueger’s comment on Chadwick’s): useful for who? the bigger the network, the more useful for aggregate purposes (more data, more content) though it can be overwhelming at the individual level. In fact, the ideal would be huge networks made out of many small personal networks. Indeed, to share knowledge there must be that shift from working for the others (push) to working for oneself (pull) and then reuse/aggregate this content so that it is connected with other content and people, building a network up.
3,6 MB)
