Posted on Jun 22, 2008


Day 2 of Supernova 2008 kicked off this week with a variety of panels to choose from. While many of the Web 2.0-ers were getting settled in the Open Flow Track, MC-ed by Tantek Çelik, , I joined the alternative crowd for the Privacy and Security in the Network Age panel.

The session started with the overarching ideas around privacy. Online, everything we do creates data and/or a transaction. A lot of privacy concerns are no longer about who you are, but what you do. Typical “duh” factors exist such as technology is always moving faster than laws. Even when laws are made, they risk being ineffective, as many have seen in the case of the CAN-SPAM Act, or lacking true protection, as with the company-not-user-data-protection under Sarbanes-Oxley. Bruce Schneier, of BT Counterpane, brought up various points about how he views the reality of privacy. In the “security vs. privacy” argument (e.g. you have to give up your privacy to gain security) Schneier stated that you should call bullshit on that false dichotomy, giving examples such as burglar alarms, and that the reality is about “liberty vs. control”.

Fran Maier, of TrustE, went on to elaborate that a lot of the current architecture for privacy online is a question of “choice or consent”. Examples like Facebook were given as case studies of more granular privacy controls. I have recently made similar remarks about FireEagle’s consideration of location privacy. Focusing on overall online privacy (not just focused on social networking), the panelists agreed that intrusion issues of spam and phishing were not about privacy, but rather about control. With issues of control, entrepreneurs can often take advantage by providing anti-spam/virus products. This made me question why, with the open APIs on social networks, no one has built a similar solution for blocking spammers/trolls/stalkers from friending you? It has been discussed before with all the chatter around data portability and XFN to include the ability to port your “block list” from network to network as well, but we’ve yet to see this come to fruition.

More importantly, the panel called for a system of accountability for privacy and security. It was stated that security includes how you live everyday (e.g. living in fear). Public shaming of companies used to work as one of the only ways to get them to increase their lack of security measures, but with data breeches being reported more often now, the press barely makes a mention of it anymore. While that is certainly a negative, the positive effect has been that it’s now a lot easier to resolve identity theft. Since identity theft is so common, companies know how to deal with it. On average, a victim of new account fraud loses only about $40 and 10 hours to clean it all up. Again, I have to wonder if the Web 2.0 companies will ever reach a time where dealing with identity theft, stalking, harassment, abuse, etc. will become so common that they (like credit card companies today) will know how to deal with it without putting their victim consumers through more trouble? I raised this question to the panel, who seemed pessimistic about that prospect. Unlike credit card companies, social networks have little if any financial incentive to provide security, and as such, it will most likely always take a second priority.

In the end, Schneier said that society may not be ready to handle privacy – similar to pollution, it may take a good 20 years or so for the masses to truly wrap their heads around it and do something.


  1. Tantek
    June 22, 2008

    Good post and a must read for anyone building a site that has social network profiles.

    Here is the link to the “block list” portability effort in progress:

    Most of the work so far has been in researching what existing sites do with respect to blocking, and documenting those examples, in the hopes that a common language/semantic can be found:

    I encourage folks to add more sites/examples to that wiki page. Thanks!

  2. Chuck Simmins
    June 22, 2008

    The desire for privacy and the desire for security are not congruent “shapes”. I would prefer that no one be able to steal from me but I have little to hide or that I wish to hide.

    Security, in and of itself, is completely dependent upon the actions of people, people who are responsible for networks, for upgrading software and for managing settings. If everyone did the basics, such as just using every Window’s security update that comes out, security would improve.

    But, people drink and drive, have unsafe sex, and fail to update. My net security is dependent on imperfect humans.

  3. Woeful
    June 22, 2008

    With cellphones, GPS, FISA, and Google tracking a lot of what we do online, privacy is a thing of the past. Corporations, and/or the Government can build some fantastic profiles on us now through the sites we visit, the users we friend, the products we buy, and the books we read, then they can track where physically we go back in reality via GPS. CREEPY! We’ve made it really easy for Orwell’s dystopia to become reality.

  4. The Facebook Parallax |
    June 22, 2008

    […] all your friends are this linked in, and sharing the bits about their lives, how do you opt out? You’re getting tagged in Facebook photos, all of your friends are talking openly about […]

  5. Marty Net
    June 23, 2008

    It has been said that – when you have an environment where someone can do whatever they want someone well. Trolls, spammers and ID thief’s are able to feel and act as if they are anonymous. It cost them nothing to maim and abuse anyone or anything. You want to keep the spammers and trolls out of a community just start charging them a dollar and use snail mail verification, and / or moderate the site. The spammer won’t pay a dime to spam, and the id thief and troll either can’t afford a dollar or won’t spend a dollar as long as there is a free place to wreak havoc. The lack of anonymity provides the opportunity for legal recourse. We don’t have to give up freedom for security, but we do have to pay for it; or, so it seems.

    Reading back over my stream of thought, it occurs to me that there is some freedom lost. The freedom of the moment. The freedom to just decide to join a community now or post a comment now. Waiting for verification, online or especially via snail mail loses the moment and almost surely prevents us from commenting now about what we just read, or from becoming involved in a community just as we become interested, or from asking a question just when the answer was needed.

    As a coworker pointed out to me, we do live in interesting times. It will be interesting to see how the worlds leaders, who’s thinking is rooted in the 20th century, and todays young 2.0er’s will grapple with this problem.

  6. DieLaughing
    July 3, 2008

    Every time this topic is brought up I like to point out that the first person to allow individuals to *directly* monetize their own personal data will be richer than God.

  7. Gerhard Kaiser
    August 21, 2008

    Big brother watching You ……
    Gerhard Kaiser – Google me