TagsAI Alignment Apple application management apps Archimate Atos Themes Big Data bionic computing Changing Customer Cloud cloud computing Collaboration Connected World Current Affairs data downturn Education enterprise architecture Facebook generation y Google ideas information security Innovation Java Knowledge and Craftmanship Linux media Microsoft mobile New ways of working open innovation open source Oracle Practical recession Research SaaS Security semantic web social media Social networking The Future! Transformation trust Twitter virtualisation web Working in IT
The Problem with Privacy and Social Networks
January 25th, 2010 Steve Nimmons Tags: Connected World, context aware, Current Affairs, Facebook, information security, Social networking, trust
Posted in Firm of the Future, Strategy & Innovation, Trends |
“Privacy is an onion” (patent pending maxim); it is situational, temporal and multi-dimensional. Perhaps said axiom should be recast as a ‘genetically modified onion’.
Perusing articles on Facebook privacy control changes from a well-known security company, there is the revelation that “no private information should be on the Internet”. A wise statement for an information security purist, but what constitutes ‘private information’, to what degree is it fluid and are the controls within Social Networks sufficient to allow us to restrict access in the ways we demand / require? What are the ‘sociological norms’, and what of ‘super-social’ libertines (such as I) that have exceeded Dunbar’s Number by a magnitude of 700%?
How does information aggregation affect risk and perception of privacy control – are we at risk through inference channels in the Social Network? How do we perceive and manage trust? With rigour, paranoia, neutrality; is it earned, easily lost. How do we convey this and ensure our privacy is being managed accordingly? This brief set of questions hints at the complexity: cultural and emotional; qualitative; psychological; behavioural that guides our experiences online. Are Social Networks really equipped to meet sophisticated information management demands from a savvy user-base? How will they augment existing controls to facilitate virtual world technologies and context aware devices that would provide further “locational” (excuse the Social Computing neologism) and situational information?
Today’s Social Network (I take Facebook as a pervasive example) is a walled-garden (in general terms). Most users create a ‘private’ profile and control access by granting or denying friend requests, which can then (by and large) see profile information, pictures, status updates and other friend connections (there are nuances, but for brevity I generalise). My ‘bug bear’ with this model is a) poor visualisation of what effect the setting of privacy attributes has b) it’s not more walls we need, it’s more gardens! I shall elaborate on my latter ethereal viewpoint. Going back to trust, you may trust someone implicitly in the office, but don’t want to entrust them with private information in a personal Social Network. Trust and privacy are also really inter-woven concepts. There are also gradations of trust. For example I might trust someone based on their profession (doctor, airline pilot), but there is a limitation in the trust.
I might trust someone with another career background differently, or the trust may be quite neutral. We need more trust and privacy zones (which need to be explicitly defined and explicitly visible) to place individual connections inside a more sophisticated information handling model within the Social Network. In a rudimentary sense this exists with “Friend’s Lists”. These can be created in Facebook and ‘friends’ added to multiple lists which can then be used to permit or deny access to information at a group level. I term this ‘rudimentary’ as the configuration is somewhat arcane, and the visualisation of the result is best described as disappointing, a point to which I shall return.
Aggregation of information and how this affects risk exposure and privacy concerns are also interesting. Simplistically it might be argued “have a sparse profile with little personal information and this is a non-issue”. Whilst logical from a simplistic perspective, consider the aggregation of information from interaction, commentary, and chat services (etc.) and over time information aggregation becomes an increasing concern. I have also (of late) been thinking about the risk of “Inference Channels” in Social Networks. Database and data mining “theorists” will be familiar with this concept. Without diving into a treatise on Claude E Shannon and Entropy Theory, suffice to say this is concerned with deducible links through network connections and whether knowing about a set of relationships (perhaps even individual pieces of personal information) could lead to the discovery of inferred or elicited relationships or information. This may of course be entirely benign, but the Inference Channel has an implied risk that ‘unknown information’ will be discovered through analysis of multiple relationships (as I mention a known concern in highly secure database systems). A subject on which I have written (at some length) is also the opportunity for Social Engineering and leveraging elicited information for nefarious purposes. I am satisfied that the corporate world is generally cognizant of such risk, but wonder if more could be done in terms of “general public education.”
Risks have a tendency to multiply rather than divide, and the unrelenting pace of Social Network development leads me to concerns over a number of “emerging technologies”. Those that read my recent predictions on Social Network developments will have noted my belief that virtual world technologies will augment the rather unsophisticated and stifled ‘networking’ model that we have today. Context Aware devices will provide further enrichment, but both enrich not only networking experience but also the quality of personal information (now situational) that might ‘leak’. The Social Network’s model for configuring privacy controls, defining trust relationships and visualising the result is not equipped for this (I think it barely struggles with today’s limited demands).
Control, visualisation, predictability have been central themes of my ‘critique’ of existing offerings. I therefore close by suggesting a few improvements and opportunities for development and research in this area:
- Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my GM Onion model) or perhaps more simply a ‘radar’ or quadrant model on which connections could be placed within ‘trust zones’ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between. So my ‘quadrant model’ needs to work in three dimensions!
- A trust and privacy ‘radar’ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.
- Inference Channels are ‘tricky’ due to the myriad of links, attributes and permutations affecting such. I continue to read widely on the subject and would welcome comments on how this might be best addressed. One area that would be interesting to research further would be ‘real-time risk advisors’ (as an example) on chat services seeking to warn users when the aggregation of personal information across “conversations” reaches a certain threshold. This would have numerous applications.
Finally, I hope my musings have not dissuaded anyone from participating in ‘speculative networking’. We don’t agonise over privacy concerns before exchanging business cards, so with a degree of care and attention pro-active and speculative Social Networking can be beneficial. But remember, I am a self-confessed libertine!
Steve is head of Enterprise Architecture Consulting in the UK, a member of the Atos Scientific Community and global track leader for Open Innovation. A Certified European Engineer, Chartered Engineer, Chartered Fellow of the British Computer Society, Fellow of the Royal Institution, Royal Society of Arts, Linnean Society, Society of Antiquaries of Scotland, Institute for the Management of Information Systems and Institution of Analysts and Programmers he is a Freeman of London, an Honorary Citizen of North Carolina and a Commissioned Kentucky Colonel. Steve describes himself as a “polymath, lapsang souchong ‘addict’ and a pattern seeker”