Day 2 of Supernova 2008 kicked off this week with a variety of panels to choose from. While many of the Web 2.0-ers were getting settled in the Open Flow Track, MC-ed by Tantek Çelik, , I joined the alternative crowd for the Privacy and Security in the Network Age panel.The session started with the overarching ideas around privacy. Online, everything we do creates data and/or a transaction. A lot of privacy concerns are no longer about who you are, but what you do. Typical "duh" factors exist such as technology is always moving faster than laws. Even when laws are made, they risk being ineffective, as many have seen in the case of the CAN-SPAM Act, or lacking true protection, as with the company-not-user-data-protection under Sarbanes-Oxley. Bruce Schneier, of BT Counterpane, brought up various points about how he views the reality of privacy. In the "security vs. privacy" argument (e.g. you have to give up your privacy to gain security) Schneier stated that you should call bullshit on that false dichotomy, giving examples such as burglar alarms, and that the reality is about "liberty vs. control".Fran Maier, of TrustE, went on to elaborate that a lot of the current architecture for privacy online is a question of "choice or consent". Examples like Facebook were given as case studies of more granular privacy controls. I have recently made similar remarks about FireEagle's consideration of location privacy. Focusing on overall online privacy (not just focused on social networking), the panelists agreed that intrusion issues of spam and phishing were not about privacy, but rather about control. With issues of control, entrepreneurs can often take advantage by providing anti-spam/virus products. This made me question why, with the open APIs on social networks, no one has built a similar solution for blocking spammers/trolls/stalkers from friending you? It has been discussed before with all the chatter around data portability and XFN to include the ability to port your "block list" from network to network as well, but we've yet to see this come to fruition.More importantly, the panel called for a system of accountability for privacy and security. It was stated that security includes how you live everyday (e.g. living in fear). Public shaming of companies used to work as one of the only ways to get them to increase their lack of security measures, but with data breeches being reported more often now, the press barely makes a mention of it anymore. While that is certainly a negative, the positive effect has been that it's now a lot easier to resolve identity theft. Since identity theft is so common, companies know how to deal with it. On average, a victim of new account fraud loses only about $40 and 10 hours to clean it all up. Again, I have to wonder if the Web 2.0 companies will ever reach a time where dealing with identity theft, stalking, harassment, abuse, etc. will become so common that they (like credit card companies today) will know how to deal with it without putting their victim consumers through more trouble? I raised this question to the panel, who seemed pessimistic about that prospect. Unlike credit card companies, social networks have little if any financial incentive to provide security, and as such, it will most likely always take a second priority.In the end, Schneier said that society may not be ready to handle privacy - similar to pollution, it may take a good 20 years or so for the masses to truly wrap their heads around it and do something.
Supernova 2008: Defining the Challenges
Supernova 2008 held day 1 of the three-day conference yesterday in San Francisco's Mission Bay Conference Center. The opening session tackled "defining the challenges", which was admittedly a fairly vague title. Clay Shirky, author of Here Comes Everybody, started off the session taking about the characteristics of organizing groups online and offline. Shirky pointed to prospering examples of organizing groups online such as the Meetup Alliance.The presentation pointed out a number of case studies to gain insights from. From a flashmob being arrested in Belarus for organizing a collective "everyone eat ice cream at the same time" event to Xerox's lack of source code in 1980, characteristic contrasts were made between the ease of online versus offline. It was explained that density and continuity in niche groups used to exist due to inconvenience, but those same aspects need to now exist by design online in order to be able to network and organize effectively.Questions from the audience asked for advice on "community management" (or, lack of a better English phrase, as Kevin Marks stated). Shirky said that a self-policing communities often take care of the problems that arise. Later, Shirky clarified, to my concern of the possibilities for a community run by mob rule, that this mostly works and works when the community knows they can "call a cop at key moments".