Privacy is a three-way relationship … or is it four+?

I’ve been reading, and I recommend, Eben Moglen’s two-part essay in The Guardian about Edward Snowden. Not the first comment but probably one of the most extensive and authoritative. Moglen is professor of law and legal history at Columbia University, and is the founder and leader of the Software Freedom Law Center (SFLC). He’s entitled to say “I told you so” since his Guardian bio lists an earlier article for the paper some three years ago. The SFLC itself is approaching its tenth birthday; it was founded by Moglen and others in February 2005.

This extended essay covers three full pages in each of two days’ papers so it’s not short reading. The consensus among those who broadly support Snowden’s action is that he has revealed a security industry operating beyond democratic control and subverting the very nature of democratic government. It exposes a supposed elite group who believe that the population at large is, or shelters, “the enemy” (terrorists is the current hate-word) and therefore, in a world where universal surveillance and analysis is possible, such surveillance is to be fully deployed. It’s a bit like The Section in Stieg Larsson’s Millennium trilogy, but at a much higher level and operating with the full power of the subverted state.

And it’s not just the American NSA, though that’s Snowden’s origin. It’s not even just the major western allies of the US. China takes the same attitude: and though politically on the opposite side to the US, on this issue it lines up behind the same attitudes.

Moglen makes a powerful point which ought to be obvious but isn’t. Privacy is not a two-way relationship (between me and Facebook, or me and Gmail, or me and Twitter, or whoever).

If I send or receive email via Google (as an example only, but they are probably the biggest) then the person to whom I send, or from whom I receive mail also falls within Google’s all-encompassing range. They have not signed an agreement with Google, but Google knows about them. Facebook knows who I post to, whose postings I read, which non-friends I look up from time to time. Twitter knows … and so on. What does WordPress know about this blog and you, my readers?

Which is ok so far as these and other providers are trustable. But Snowden avers that, with or without their consent, they are not.

There is much more analysis in the article, but let’s stick just to this one point. The privacy relationship inherent in email is at least three way: myself, my service provider and my correspondent. But there is no relationship of explicit trust or consent between my correspondent and my provider.

Moglen asserts that we have been diverted into believing that privacy is a two way relationship. It’s not.

And of course where governments step in, either by court order or by extra-legal surveillance, this relationship becomes at least four way with the fourth partner, in all probability, unrecognised and unknown.

As a lawyer, Moglen analyses two broad threads to bring the situation under control.

First: user action. This does include community development of encryption software, for example, to which governments have not either sub-poena’d or stolen the keys, or built-in back doors. But it also include major commercial interests: the security (privacy) of their online commercial transactions is a fig-leaf. They must have people who realise this; it’s been pointed out often enough in the press. But it will probably take a disaster to galvanise enough pressure to force action.

Second: legal action. The US, in particular, is prone to expensive litigation and extensive damages settlements. Let’s open up one or two of these based on breach of trust. I hope I’m not misrepresenting Moglen’s argument here, but certainly he – as a lawyer – sees scope for lawyerly involvement.

I’ve scratched the surface. If these are issues that concern you, read Moglen’s essay in the Guardian online. Then go, as I myself have not yet done, to Moglen’s own SFLC archive where the longer version is held: four presentations given last autumn at Columbia and given their own URL. Read and think and, if you’re in a position to do so, act.

And yes, this blog post will be flagged on both Facebook and Twitter …

• Privacy under attack: the NSA files revealed new threats to democracy, Guardian, 27 May 2014
• Eben Moglen: Guardian contributor bio, with links to the 2011 article<
• Snowden and the Future, Eben Moglen, Columbia, Oct-Dec 2013
• Software Freedom Law Center
• Stieg Larsson’s Millennium trilogy (Wikipedia)

Lego as social media

Yes you did read that correctly.

I caught up, a day or two ago, on a programme put out on the BBC Culture Show on 4th March about Lego.

The programme comments on the characteristics of Lego. It charts its evolution from a very simple kit of highly standard basic blocks. Today’s typical box contains the parts for a specific model, which are no way generic: many of the individual parts are of use for that model and that one only.

But what caught my attention towards the end of the programme was the description of how Lego has been used to enable communities to contribute to their own architectural evolution.

Bjarke Ingels, a contemporary leading architect, has used Lego to design architecture from a standard kit of parts: but far more imaginatively than the square tower blocks of the 1960s.

More striking still was Icelandic artist Olafur Eliasson whose Collectivity project took three tonnes of Lego to the citizens of Tirana, Albania in 2005. The bricks were just dumped in a heap in the town square and, within a short time, groups of people were creating, building, and re-imagining their city. The Lego acted as a medium through which they could express their ideas – not individually, but together. Not mentioned in the programme is that this is one of a range of similar projects; I’ve found others in Oslo (2011) and Copenhagen (2008).

At the end of the programme, there’s a move into actual social media and a look at Minecraft which, if you haven’t heard of it (I hadn’t!) is a cult computer game. Minecraft may be set to transform the cities of the future: like Tirana’s Lego, but in the virtual online world. It’s worth a look at the video on Minecraft’s home page. As Minecraft’s website says: “At first, people built structures to protect against nocturnal monsters, but as the game grew players worked together to create wonderful, imaginative things”.

Isn’t that what our social media, at their best, aim to do? Not for people to create individually, for their own gratification, but to share and create together. And like early Lego, the best social platforms are the ones which offer a simple kit of parts from which sophisticated collaborative spaces can be created.

• Lego – The Building Blocks of Architecture: BBC, 4 Mar 2014. The programme itself is not available here; this is just a short outline. It is available on YouTube: I don’t know if this is a legit copy!
• Lego Towers project from the Bjarke Ingels Group (BIG), which showcases many projects on its website. Ingels comes into the programme about 15 minutes in.
• Collectivity Project from Olafur Eliasson. The Tirana project is covered in the programme from about 19 minutes.
The Collectivity Project (Olafur Eliasson), OpenIDEO (contribution by Anne Kjaer Riechert), 17 Nov 2011.
• Olafur Eliasson’s LEGO for public tower building 2008
, YouTube, 13 Oct 2008 (Copenhagen: linked from a comment to the OpenIDEO posting)
• Minecraft

Why I hate the new Google Maps

I finally allowed myself to be pushed into using the new Google Maps instead of the old familiar one.

Here are all the things that I cannot do as easily as previously.

1 – have it open by default with my own location rather than the blanket map of the USA

2 – immediately find my own list of custom maps. It’s an extra click and I have to know that it appears as a drop down from the search bar. Custom maps have become a lot more complicated to create and manage, too, with “layers” and so on. And there’s a different set of marker icons, differently styled from the old ones. So modifying an existing map, such as the one I maintain for Brighton Early Music Festival, won’t be straightforward if I want to maintain consistent styling.

3 – sharing has changed. It used to be simple: create a map, and embed the HTML provided. Now, for example, the Brighton Early Music Festival map doesn’t properly display the venue markers. Never had a problem before. Still working on this one!

4 – “search nearby” was a simple click from the pin marker on the old version. These pin markers have got “smart” which means that if I search for Victoria Coach Station, when I click or hover on the pin what I get is a list of all the coach services which leave from there. If I right click, I get three options: Directions to here; Directions from here; and What’s here, which doesn’t seem to do anything. If I search for Ebury Street (essentially the same location) I get a pin with no smart hover at all. But the marker does not now pop up nearby information, Directions, Save and Search Nearby options.

5 – no accessible help without going out to separate web pages; and even then the instructions don’t make sense. For example, Google says that “Search nearby” is on a drop down you find by clicking the search box. No, it doesn’t. Not in Firefox. It does, though, appear to work in Chrome. I don’t like being pushed to a different browser.

6 – having found Search nearby, I get given (of course) a set of strange, supposedly related, links. Well I suppose this is what Google does. But for me, it gets in the way.

7 – extra panels and drop-downs obscure parts of the map I’m trying to look at

Now all this, and more, is partly the natural response to changing a familiar application. Let’s assume that overall the product is fuller-featured and more flexible than the old version, and its links to the rest of Google’s information are more capable. But software vendors in general are not always good at user-oriented upgrades. Keep the backward compatibility unless there’s a really, really good reason not to. Icon redesigns, and added complexity in the user interface, are not good reasons.

I’m exploring alternatives. Apple’s new map application doesn’t have near the same level of functionality, and older offerings such as Streetmap haven’t really moved on either. But for (UK) route planning, for example, I’m now using either AA or RAC route planner – which still have the simple, straightforward A-to-B interface.

• Google Maps (new version)
• How to search “nearby” in new Google Maps? Google Forum, 11 Jun 2013
• Google Removes “Search Nearby” Function From Updated Google Maps, contributor to Slashdot, 16 Jan 2014
• Route planners from the AA and RAC
Streetmap (UK)

Working with others (2)

On Thursday (4th July) I’m facilitating a Corporate IT Forum event called Collaborating with Third Parties (the working title, reflected in its URL, was “Beyond the Firewall”). As it happens this is something I have ideas about. I’ll need to work quite hard not to impose them on the group, since it’s the group’s shared learning that’s important.

Quite a long time ago now, a group of us in BP’s long-disbanded IT Research Unit worked with Imperial College, AEA Harwell (as it was), ICL (remember the British computer company?) and, in due course, many others looking at management architectures for widely distributed systems. That’s to say, where components developed by and hosted by different organisations came together to comprise composite systems which did useful work. In the late 1980s this was not a well understood way of doing applications.

In today’s Internet-enabled world, third-party components are everyday reality. Any vendor who accepts credit card transactions over the Internet, for example, may create their own payment system: but they may equally well wedge in a widget from someone else, who understands and has resolved the issues around payment protection and the compliance and standards embodied in PCI. Whoever processes their payments is almost guaranteed to then invoke either Mastercard or Visa’s online verification service. That payment, then, passes through at least two and probably three different systems before the vendor collects their money. No one organisation has responsibility for the overall system. And it doesn’t matter if you’re an organisation the size of Amazon, eBay or Tesco: when you need a card transaction verified, you don’t have a serious say in how this is done. You interface to Verified by Visa, and you do it their way or not at all.

None the less if you’re Amazon or, in the USA, WalMart, you do have a lot of clout. And if you want to do online supply chain stuff with WalMart, again, however big you are as a multinational global supplier, you do it their way.

These kind of interactions are not equal-handed. One party dominates. I wouldn’t, myself, call these interactions collaborative.

Here’s the other model. In the oil industry (back to BP again) joint ventures are commonplace. You set up a joint operating company, quite likely, with its own capital and operating and management structures: but you want to share expertise and experience and decisions even-handedly so the JV needs to draw on both companies’ information. This doesn’t happen if one of the companies puts its arm round its geology information, for example, and refuses to let the other see it.

More subtly, it doesn’t happen if one company insists that data from the JV is stored in my data centre on my servers and access is controlled by my LDAP directory. It may be stored in your data centre on your servers because that’s the best place. But you have at the least to trust your partners to have access as easily as your own people. They must also be able to decide who, from their side, is allowed access: and preferably to just set it up without referring to you.

It’s similar to what Euan Semple says about conversations. He quotes David Weinberger to the effect that “Conversations only happen between equals”; and he elaborates this. “If two people are not prepared to see each other as equal, at least for the duration of their interaction with each other, then what they are having is not a conversation”.

It’s the same for a collaborative relationship. If you want to decide whether a relationship is truly collaborative: I think this is the same as asking whether control is symmetrical. If you were in their place, and they in yours, would you be able to work in the model you’ve set up?

If I’m wrong about this, I’ll find out on Thursday. What do you think?

• Collaborating with Third Parties, Corporate IT Forum workshop, 4 Jul 2013
• Euan Semple (2012), Organisations don’t Tweet, people do, John Wiley, Chichester. Page 110 ff.
• PCI (Payment Card Industry) Security Standards: the PCI Security Standards Council
Working with others (1): feeling pleased with myself (ITasITis, 1 Jul) was about something quite different!

Facebook faces up: whose reputation?

Facebook made the mainstream news again last night. Behind the news there’s an interesting twist.

In brief: Facebook is being forced (as the commentators put it) to face up to issues of inappropriate and inflammatory comment being posted on its open platform. In the early days of the internet (think Newsgroups) or of the Web, anyone could put anything up. Communities like newsgroups or conferencing sites were largely self policing. Now, with the development of case law and some explicit regulation, it’s not such a free-for-all.

Facebook mirrors this. In many ways, for some people, Facebook is the Web. Its un-policed, self-regulated, relatively small caterpillar has become a free-flying butterfly (is that a good metaphor?) where it has millions of users, representing a wide variety of (mostly legitimate) points of view, different cultures and so on. It’s taken a while for the management of a multi-billion public company to realise they have to exercise responsibility.

OK, so far, so obvious. But the interesting thing to me about last night’s news item was that the pressure has come, specifically, from advertisers. In the Web world we’re used to thinking of advertisers as a necessary intrusion; they pay for our Google searches, our online news (paywalls apart), most of our “free” services. But here, it’s the advertisers that have forced Facebook to take notice. No, said the Nationwide Building Society (and others), we will not take the risk of our brand appearing alongside this kind of stuff.

As the BBC report says, the Nationwide action went public on Twitter. Looking at the Twitter feed for @asknationwide, on 25th May, it appears they received a large number of tweets relating to ads being displayed alongside offensive content. One tweet to @everydaysexism says “It is not our intention for our ads to appear on pages like this. We will report this page to Facebook and suspend our ads”, and they did just that.

Whoever thought that damage to brands could become a force for positive change?

• Sexism campaign: Facebook learns a lesson, Rory Cellan-Jones, BBC Technology, 29 May 2013
• Facebook bows to campaign groups over ‘hate speech’, BBC (Dave Lee and Rory Cellan-Jones), 29 May 2013
• BBC news video, 29 May 2013
• Twitter: @askNationwide and @everydaysexism (look here for other news links)

Glyndebourne’s Imago arrives

Some while ago I posted a note about Glyndebourne’s 2013 Community Opera, Imago. It’s staged this week; tickets are still available for some of the performances – at “ordinary”, not High Season, prices.

Imago is an opera about modern technology. It challenges the boundaries between real and virtual worlds, between age and youth, and between emotion and impudence. It uses serious technology in its visual effects, though not all of it is modern technology! The chorus cast and some of the orchestra are local musicians, not mainstream professionals; many of the name parts are sung by young professionals.

If you’re a techie, not used to opera, in the East Sussex area – come!

View this Glyndebourne video, or find Imago on the Glyndebourne website or on Facebook.

• Glyndebourne opera takes on social media, ITasITis, 3 Nov 2012
• Glyndebourne’s Imago website
• Imago on Facebook