My inaugural lecture. Three poarts : 1 . Are social neworking sites actually "anti-social"? 2. In depth discussion of the problems of SNSs and privacy, esp re recent Facebook privacy controversy since December 2010 changes. 3. Some ways to see SNSs as "pro-social" esp looking at democratic social media participation in the campaign against the Digital Economy Bill Nov 09-May 10.
1. Anti-Social Networking Inaugural Lecture May 21, 2010 Lilian Edwards Professor of Internet Law University of Sheffield Law School [email_address] Pangloss : http://blogscript.blogspot.com/ Twitter @lilianedwards
Talking outside my domain of expertise – law – when in fact much of what I discuss is about technology, policy, sociology and this time, politics – a particularly scarey rthing to do at Sheffield with its world beating politics dept. However for at least the last five years I have been saying that each of my talks contains less law than the last – so this lecture merely extends the long tail in that direction, as it were Inaugurals of course ought to about your tried and tested research – but here for first half I’m talking about an issue which is in the news as we speak to extent I left a slide in called “breaking news!” in case my entire argument was destroyed at 4pm today.. I know it’s not fashionable to use ppt anymore !! And not a fully written out lecture with lovely turns of phrase – I tried but I am simply not a speechwriter - I am a performer.
Facebook has c 400 m users worldwide – shortly about to reach 40% of all global users of the Internet UK users spend almost quarter of their time online on SNSs – May 2010 – email only 7.2% - adult sites only c 3%! Ofcom figs for UK – May 15, 10 Pic: That’s Aaron Sorkin who wrote the West Wing – writing a film of the mamking of facebook called The Social Network – direc ted by Davs Fincher who wrote Fight Club AND STARRING Justin Timberlake ! Life is stranger than fiction..
From the ECD Safer Social Networking guideline 4 types of problems Contact – inappropriate contact by adults with children for purposes such as grooming, stalking, harassment, or threats or actual violence Conduct – how young people themselves behave online and to each other – inc bullying & victimisation Illegal or age inappropriate content And my own – loss of privacy online FB especially but also sites like MySpace, YouTube and Hotmail have in their time become the favoured target of the redtop press. One can’t help feeling the combination of enormous “viewing figures” – uptake by half the country and virtually everyone under 25 - combined with a heady mix of sex, violence and technophobia is the perfect recipe to sell tabloids in a declining newspaper market- and enables papers to get their own back on the Internet medium that is very largely about to replace them. Enabling Criminal behaviour by third parties - threats, stalking, bullying or violence – from pure online grooming of children to cyber stalking of women/exes etc – to at worst case murder - Sydney case, 17 may Preceded by many other cases – eg in UK Ashleigh Hall 17 who was murdered by Peter Chapman, a sex offender who met her after befriending her via FB & posing as a fellow teen – convicted march 2010 – leading CEOP the Child Exploitation Online Protection centre to brand FB as “the website of choice for bullies, for dangerous individuals, for rapists and murderers” No suggestion these acts of violence would not have occurred via more traditional means – SNSs
Chatroulette! Connects you randomly to some other person to chat to on video . Widely believed to be used for gay sex. What’s to stop kids using it?? Should adults be using it?? Observations Many of the most lurid cases would probably have occurred with or without SNSs Many are casesd where SNSs have exacerbated existing rpblems rather than created new ones. Very few new problems needing solved by new criminal laws – despite media frenzy whenever child protection is engaged, we already have too many criminal laws not too few and those we have are largely adaptable to the online environment with a few exceptions , eg , cartoon porn – so solutions lie in education, guidelines and enforcement – which is a matter offunding and political will as much as anything. In short there is not too much here of interest for a lawyer not a criminologist or a socioloogist. What are the really new problems with SNSs? Privacy and data disclosure.
I want to talk about one particularly problematic area which is privacy and data disclosure on social networks. A Crucial problem right now - Never before have so many given away so much information about themselves B Under review currently in the EC Commission review of the Data protection Directive , the instrument which has regulated data privacy through the EU since 1995 (in UK , DPA 1998) – and I’m helping in that process C Topical as FB’s attitude to privacy has been under renewed attacks since changes to terms and conditions Xmas last year and may even be reaching some kind of regulatory tipping point. Check the info given away here against the categories of sensitive data which are regarded as partiocularly sensitive in the DPD the racial or ethnic origin of the data subject *(b) his political opinions **(c) his religious beliefs or other beliefs of a similar nature **(d) whether he is a member of a trade union **(e) his physical or mental health or condition **(f) his sexual life
More seriously.. Playing hookey;; playing truant.. I’m gay.. Allows searches of information available to public – often clearly not intended to be public. May be because of default changes not stupidity of users. Do you want your mother to know you’re gay? Your employer to know you’re looking at other jobs elsewhere?
Should we worry about this? Surely if people WANT to share data we shouldn’t do anything to stop them – the choice or autonomy argument 2. Common anti privacy argt – that there are no worries about data disclosure and abuse of that data on SNSs because if you have nothing to hide, you have nothing to fear. But not true – even for those with quite ordinary lives! Eg scams – most common passwords used for banking, or personal data used for security questions, or verifying data, involve data often revealed on profiles - birthdates, maiden names, parents names, pets, place of birth etc etc. Studies show you only need to reveal sex, postcode and date of birth to become a victim of ID thgeft. 2. More seriously – future risks - David Lyons – social sorting & profiling 3. The problem is not necc that somerthing illegal or shameful is reveled but the context: in particular almost every major firm now scrutinises applicants via looking at FB etc for “red flags”.
How do we think our data should be protected online??? FB princ looks good – how far is this the reality and how far does it accord with the law?? Law: The EC and the UK subscribe to a regime known as data protection. Basis of this unlike in USA is that a person – the data subject – should be Able to control what uses are made of their personal information. Importantly , a data subject must usually, though not invariably, consen t to their data being collected or processed or distributed or published – intended to provide control to the data subject and ensure “fair processing”. Key elements of this regime are that -you consent to the use of your data for a particular purpose Your data is retained only as long as is necessary to fuilfil that purpose - you can withdraw that consent - you can find out what data is held about you at any given time. How does FB stand up to this regulatory benchmark? Principles look good – but reality is that privacy on FB is determined by TWO THINGS: the privacy policy you agree to wheh you sign up; and the way the software of the site is set up – in particular if it makes data pubklic by default or protects it by default to only being seen by your named friends.
The reality is that Facebook demands consent as the price of entry to its walled garden and thereby avoids, or to put it another way, fulfils, the requirements of data protection law. But what do people consent to? Can they tell? I’m not sure I can tell nowadays frankly. Now even a specialised lawyer has a tough time working out just what a user is consenting to vis a vis there privacy, let along say an 18 year old student or a 75 year old granny – or my mum 1 . PP - Too long and legalese & they keep changing!! This is because as a startling graphic by the New York Times just showed, FB’s PPs have gone from 1000 words long in 2005 to five times that length – of legalese – in 2010. The FB 2010 privacy policy is now longer than the US constitution at 5,830 words long. The related privacy FAQ add another 45.000 words - about 3 times the length of the average student dissertation. Can we really expect the average consumer to read this and respond with any semblance of meaningful, informed consent? Nor are these T & C written in the user firndly language of the FB Princs I showed above. 2. No one reads T and C anyway Of course this assumes that anyone actually does read T & C before signing up to giving away their data. All the evidence, anecdotal and survey, suggests that the average consumer rarely if ever does. In one emblematic recent experiment, 7,500 shoppers unknowingly signed their souls over to a computer-game store after failing to read the terms and conditions on their website. GameStation added a clause to online purchases earlier this month stating that by agreeing to the contract, customers granted them the right to claim their soul. While all shoppers during the test were given a simple tick box option to opt out, very few did this, which would have also rewarded them with a £5 voucher. The store claims this shows 88 percent of people do not read the terms and conditions of a website before they make a purchase. (they also said they would not enforce the condition:_)
Another way to look at it is to consider what data Facebook discloses by default when you sign up. In other words, if you create a profile or do things on the site, how much of it is public before you the user do anything? Again this keeeps changing. T Another useful graphic from a private user called Matt McKeon using data gathered by US digital rights org the EFF produced some very useful graphics tracking how much data the PP demanded the user to disclose as the policy canaged from 2005 through to 2010. He has it for every year but ‘ll just shopw you 2005 and 2010..
In December 2009 FB changed the defaults the sites so that much data that was once by default private now became public – even some one to one chats between users, eg – and some data was shared automatically with other websites when users visited them. This is why some of the people on OpenBook are saying things they probably never expected anyone except thjeir friends to read – they don’t realise the terms of using the site have changed and now some of their very personal data is public. Protecting your privacy now on FB – ie changing the default settings , and keeping on top of new changes - is complicated enough that people are writing software to do it for you – tools liike ReclaimYourPrivacy.Org & SaveFace..-> Can it really be this difficult you ask?? see NYT times graphic.
This is the NYT’s attempt to illustrate how complicated it is to secure your data using FB privacy controls now. To make all your data private ie visible by friends only, it is necc to click through more than 50 privacy buttons which requires choosing from more than 170 options . Why is it this difficult? (1) FB say their intent is to make life easier for the user – to allow them granular control balanced against not having to make too many choices by setting the dfeaults in particular ways the average user might approve of. (2) BUT – a cynic might say that FB perhaps not really trying to help you take control of your data? Remember that FB’s entire business model is based on using and selling – in aggregate anonymised form, though that could change – to 3 rd parties trying to sell you things, marketers trying to build up databases and profiles etc. Their business model is based on data disclosure, and privacy is the enemy of that model. So given (1) illusory consent , as required by DP law, given to an ever changing blank cheque of data disclosure, which no one reads anyway and (2) Ever changing software defaults which subtly encourage data disclosure and make self protection ridiculously difficult - Is there a case for mandatory regulation of SNSs to protect privacy and If so, what form might that regulation take??.
So far we have looked at one institution that might have been expected to protect the privacy of users on FB - DP law - but found that because of the illusory nature of the consent provided on FB, it is ineffective – trumped by contract. We might then ask, doesn’t the market operate to provide better privacy? There is certainly enough pressure from FB users and the media from time to time: as we sit here FB is in the middle of yet another privacy storm over changes to the T and C made in December and called an online crisis meeting for its users to attend last Tuesday. The answer seems to be market failure. As already noted, SNSs themselves as a business have no incentive to promote privacy rather than disclosure so long as they can maintain their user base. At 400m users, FB seems to have little to fear from the departure in umbrage of a few offended geeks. As one person put it in the blogosphere “ Deleting your profile on FB has become the equivalent of saying you’ll really start go to the gym. Everyone feels better for saying it but very few will actually do it.” The lock in effects – you don>t want to leave the place where all your friends are and there is nowhere comparable to go – are too strong. Even if we look at smaller smaller SNSs around the globe we find a pattern of anti-privacy practices. In a remarkable piece of work in 2009 Joseph Bonneau of Cambridge Computer Lab found looking at over 45 SNSs globally, that those which explicitly marketed their privacy features as a plus did less well in the market. Those that consistently hid their privacy features – although they existed if tracked down, thus satisfying regulators - did well. Why is not proven by the survey there is speculation it is a mixture of deriving the maximum free data from users who never think to lock down, and scaring off the more privacy fundamentalist users who would protect their data and by example encourage other more naïve users to do the same. HOWEVER ANTI REGN You have no privacy get over it - Argt that privacy is no longer cool. Ev in fact seems to be in fact yp usually say in surveys they do care about their privacy. The disconnect is that they do relatively little to protect it. The sense is of being bamboozled by inertia and complexity in a world where no one ever has enough time or information combined wity peer presure to join networks everyone else is on and finds extremely useful. Education : LOTS of support for this – relatively cheap – suits industry – govt seen to “do something” –Home Office code for SNSs, EU Safer Social Networking Principles 2009. I would say given the evidence esp that younger users uniformly want jam today & worry about risk tomorrow – that education is not enough. But perhaps the tide is turning – OFCOM 2010 – study of 1200 UK users done every 6 mos – shows remarkable growth in UK of users securing their data: 80% said they only allowed friends and family to see profile – but, given changing nature of defaults, are they right?? Web 2.0 funding?
( WED) An example of market pressure succeeding? True, This followed reports of numerous people threatening to delete their accounts, bad press and the formation of protest groups on FB and elsewhere – but it also followed a stern letter being sent by the Art 29 Working party, the EDC’s watchdog committee on privacy which said: that changes Facebook made to its privacy settings late last year were “unacceptable”. “ It is unacceptable that the company fundamentally changed the default settings on its social-networking platform to the detriment of a use r,” said a statement from the Working Party. Us senators have also expressed concern. Since the EC are currently seriously reviewing the privacy problems of SNSs as part of the review of the DPD, it can be argued that if FB have caved in, that choice has been made more to stave off regulation than to gratify their market. When privacy practices were similarly attacked in Canada by the Privacy Commissioner there, FB were forced to make substantial changes to their site settings and software, which because of the way the site is set up they had to implement globally.
What would be my preferred solution? You should not have to give up using SNSs to protect yourself from potential privacy related harms. Nor should SNSs which do wonders for communication, association, campaigning – see later – be unable to survive. But neither DP law not private governance is striking the right balance between privacy and profit . A mixture of regulation of SNS contracts between site and users and what is known as “privacy by design” – manipulating the default settings and other software further better privacy. In the case of SNSs much can be done as we’ve already seen by mandating that defaults be set to a reasonably protective setting. Eg profiles for those who register as under 18s to be automatically friends only; that all profiles should be hidden from from search engines till you “opt in”? (would have stopped OpenBopk). That yr data should not be shared with 3 rd party websites without your explicit consent I have suggested an “Install” routine for all, adults and kids,m to bring your privacy settings to your bespoke optimal level? The EDPS is backing this kind of privacy by design and Viviane Reding the commissioner in charge of DP has said she is considering introducing it as a new principle into the regime of data protection. At the meeting I attended in Brussels last week, we discussed how the technology mandates for defaults above could most easily be achieved by negotiating authorised standard contracts for users of SNSs – or by industry agreement on technical standards, sunch as the ISO standard on data security, or codes of practice. There are ways to solve this problem. More radical would be to go beyond simple privacy settings of defaults to more like the rt to forget or more accurately to be forgotten – French DPA – or the right to delete – Viktor Mayer Scoenberger. Interoperability might create a more competitive market – if you coiuylod go to a different site, with better privacy practices, but still get invites from and play Scrabble wityh all your friends eg.
So far we have talked about social networking as anti-social in the sense of promoting phenomena which are not good for society: like stalking and threats online; grooming of children for sexual purposes; promoting unhealthy behaviours via websites enabling everything from anorexia to jihad to suicide; distributing unhealthy content such as child and violent or extreme pornography; and finally, in more detail, we have looked at how social networks are nefariously encouraging especially the youth of today to prejudice their own futures by disclosing data that may well end up being very harmful to them. So why don’t we just ban em? Well we can’t. They would relocate to a jurisdn where they weren’t banned tomorrow; moving a server isn’t very difficult; US would never ban em because too much money plus First Am’t.
Never was this more true of the DEB..One of the most controversial bills ever to be passed at the fag end of an exhausted Parliament, promoted by a shady coalition of partisan industry muscle and largely techno-illiterate party front benches, dazzled by very expensive lobbyists and the promise of actors and pop stars backing them in the looming election campaign. Was involved both in academic criticism of but also campaigning against the Digital Economy Bill, from Nov 09 till April 6 th , Last day of Parliament before the election, when , to give away the end, it passed! Why – not so important – but basically two undesirable objects Aimed to allow for the disconnection of the Internet accounts of those alleged to be unlawful downloaders or filesharers Was to allow the blocking of certain websites alleged to be involved in (or likely to be) copyright infringement, or indeed “locations” including eg entire mobile networks. Take my word for it that these provisions had already been severely criticised by the European Parliament and appeared to involve substantial breaches of due process, other human rights eg rt to expression and education, and would be productive of social harms such as damage to social inclusion .
C 20,000 watched on BBC parlimant or via iPlayer as the fate of DEB was decided finally in second reading in HC on last day of parl. All the MPs gone home.. Tom Watson MP checked on responses on twitter by mobile and passed them to other speakers. C 1 tweet every 2 seconds on #debill
Debilitate – theyworkfor thebpi.org didyourm p vote.co.uk?
Is “better than the alternative” a complete excuse for all the drawbacks of representational democracy? (Flinders talk) Problems especially in a technological society desperately needing regulation by p[eople who understand its benefits, its risks and what it can and cannot do. Non responsive – with a few honorary exceptions like Tom Watson, Eric Joyce and indeed Nick Clegg widely rumoured to write his own tweets/
What might such deliberative democracy involve? I think we already saw one example in the national election debates. Indubitably changed the course of the election – it wasn’t the Internet election it was the TVG election - but as well as getting only c 15 m viewers on TV it became the most tweeted event ever in Twitter’s UK history. Interestingly most commentators noted the Twitter coverage was highly influential despite obviously ionvolving far smaller nos than TV audience – because reactions were shared many to many. The approval ratings of twitter watchers through the debate also interestingly matched very closely the wider audience response – implying twitter can be valuable as an instant tool of analysis. Future directions? Non-representational - communicatyion between MPs and constituents on Twitter for direct expectation of views being presentedl. Genuine sense of being listened to. Non geographical “I come from the Internet” – Tapsgate suggests online focus groups to provide input into govt consultations -Non-party – more likely to be interested in an issue where they have knowledge or contacst than a party platform.
Perhaps we’d rather have joy than misery at our polling stations but the fact of long queues at polling stations – almost unknown in UK politics – of predominantly the young, even our students! – often branded apolitical, apathetic and disengaged from civil society – should gladden the hearts of democrats. That engagement almost certainly came from social networks : And THAT is one reason why despite all their anti social aspects, social networking can in the optimistic terminology of Obama be a force for change to the good.