I am giving a talk with that title at Cornell on Thursday. It will be livestreamed at 4:15pm—details here. Thursday morning I am giving a talk on an earlier book, Excellence Without a Soul—that too will be livestreamed if anyone is interested. Same link.

A Harvard Law School student has filed a class action lawsuit against Google for Buzz’s privacy violations. The student, Eva Hibnick, says “I feel like they did something wrong,” which is surely true but probably not her best lede. “The document cites the Federal Electronic Communications Privacy Act, the Federal Computer Fraud and Abuse Act, the Federal Stored Communications Act and California common and statutory law,” says ABC News. The kitchen sink, in other words.

The Electronic Privacy Information Center has already complained to the Federal Trade Commission (see here for EPIC’s press release, with a link to the complaint itself). This lawsuit seems like overkill, no matter how mad people are, given the risks we’ve written about elsewhere of stretching any available law to make a club with which to attack a technological innovation.

—-

I was on the Callie Crossley Show on WGBH radio in Boston yesterday giving Google a piece of my mind about Buzz. But I was gentle compared to Callie herself. You can hear the short segment here.

Google yesterday reversed the crucial error it made when it rolled out Buzz. It decided not to initialize the service to follow your email correspondents, but simply to show those people to you as suggestions. In other words, you now have to opt in to following people, rather than opting out if you don’t want to follow them.

Bravo. You can pick at the edges–the company responded at first just by making the opt-out clearer, and didn’t go to opt-in until it realized that the first change wasn’t making the tidal wave of criticism any less powerful. But all things considered, this is a very professional response to a very serious self-inflicted wound.

The Toyota analogy I mentioned earlier sticks in my mind. Was there something in their management structure that allowed this horse to get out of the barn? Will there be some mistrust of Google now, some greater awareness that the company never guaranteed Gmail users absolute privacy in the first place and that it retains the right to make commercially advantageous use of their data?

Sigh. It is so sad to see Google lurch from doing the wrong thing (helping the Chinese thought control regime) to doing the right thing (announcing they’d rather lose the business than keep censoring in China) to doing a spectacularly wrong thing: The much-hyped Buzz social network service sets up your initial group of contacts from the list of people with whom you’ve been exchanging email and instant messages. And then makes that list of contacts public to the world. So lawyers could be exposing their clients, doctors their patients, husbands their mistresses, journalists their tipsters, you name it.

Buzz is an opt-out service–you’re in it until you tell Google you want to be out. And it is hard to get out (though in the past few days Google has, in response to the furious reaction it’s gotten, made the instructions a bit more visible). Even if you get out of Buzz, however, your secret lover may be exposing you. Happy Valentine’s Day!

This reminds me of Facebook’s Beacon fiasco, in which the company did not think through the consequences of having members announce to their friends what they were buying. Except worse, because ANYBODY knows that your email contacts are private information. How could Google not have had this pointed out to them in some focus group? For that matter, don’t they employ some house skeptics who are there just to point out the kinds of flaws that lots of bloggers pointed out almost immediately after the product was released?

Google’s response, according to today’s New York Times, is that a lot of people like the way it works. Which I am sure is true, and is a reason why big industries get regulated. The interests of minorities, no matter how serious, are not as important as providing the majority a product they like. Except that this time it looks like Google miscalculated the size of the minority of people concerned about their privacy, and the intensity of their feelings. I hope Google, like Toyota, is doing some soul-searching about how they got into their current pickle.

Thanks to danah boyd for pointing me to this excellent post from a lawyers’ blog explaining and analyzing the privacy problem and giving specific instructions about how to turn Buzz off. Very much worth a read.

The Associated Press reports a strange case in which a Facebook user logged into her account from her cell phone and wound up in someone else’s. Except it turns out that though strange, it is not unprecedented. A couple of people even wound up in each other’s accounts.

It’s a little hard to figure out what is going on, but it seems that the wrong cookie (code identifying the Facebook account) got installed on the user’s cell phone. According to the story, it’s AT&T’s fault, though it is hard to be sure since all the cases involve not just the same carrier but the same web service (Facebook) and the same Nokia phones. If, as reported, it’s a bug in AT&T’s cell-phone-to-Internet connection, it’s easy to imagine that a user might be taken to another’s Gmail account in the same way.

If the connection had been encrypted, that would probably have prevented the cookie bug from doing any harm. But Facebook does not use encrypted connections.

Which reminds me of something I should have mentioned earlier. In what was already a good week for Google on the privacy front, because of its announcement that it would stand up to the Chinese censors, Google announced in a much less publicized blog post that it was going to enable https by default for Gmail. That is, up to now, your Gmail has flowed to you in plaintext, available for sniffing and snooping anywhere in the Internet. There was always a way to change that default and have your Gmail encrypted, but it took a little digging to find the check box and few people bothered. The disadvantage to Google in making encrypted email the default is that the encryption takes time, so Google had to upgrade its systems, costing them money. Now they have decided to to exactly that, and once again, good for them!

Added a little later: The betting in the Slashdot comment thread is that it’s simpler than the AP story suggests. As one comment says,

My guess is that it’s as simple as this: the http returned by a request to “www.facebook.com” was cached by AT&T and delivered to other users who attempted to fetch that URL in an attempt to save bandwidth. The login credentials are irrelevant… once AT&T cached the page it thought of as “www.facebook.com” it would deliver it to anyone who asked for that URL. It probably only changed for the next person because someone insisted on logging out and back in, and the caching server detected the change then re-cached the NEW user’s page. This used to happen a lot on the internet to unencrypted streams that allowed log-ins. These days most caching servers are properly configured, but it’s still an easy mistake to make if you’re setting up a caching proxy.

That is, sometimes an ISP will cache (keep its own local copy) of a web page it retrieves from a server so the ISP can deliver it to multiple users who may request it without going back to the server for a fresh copy each time. Obviously this is the wrong thing to do if there is any possibility that the page may change in an important way in between requests that the ISP is receiving. Perhaps it was just delivering one party’s version of “facebook.com” (a logged in page) to another user who also asked for “facebook.com”. Whatever it was doing, it was wrong! And reminds us that nothing in a distributed system ever works better than the poorest code that gets invoked. Even retrieving a web page involves lots of parties.

While preparing a talk about privacy yesterday, I wanted to cite an example of a commercial service that lures people into surrendering their location information in exchange for social connectivity, restaurant recommendations, and the like. I was planning to make the point (and did, when I gave the talk at the HELIN conference today) that location information has cash value, and there are a variety of business models based on getting people to give it up for free and then cashing in on the data that gets collected.

Nothing wrong with this in principle, as long as people understand what they are giving and what they are getting. They are getting connectivity and exposure and recommendations, and they are giving data about the places they go, perhaps not just to the social network but to the business partners of the for-profit corporation that is running it.

In any case, forgetting the names of these networks, I did a little searching and then settled on foursquare as the example I would use. “Check-in to find your friends, unlock your city,” says the site, and the front page then gives a rolling report of what the site members are doing and saying, for example, “Jim N. in DeKalb, Illiois became the mayor of Caribou Coffee.” You can click on the name of the member (player, really) or the establishment to get more information about either. As the site explains,

People use foursquare to “check-in”, which is a way of telling us your whereabouts. When you check-in someplace, we’ll tell your friends where they can find you and recommend places to go & things to do nearby. People check-in at all kind of places – cafes, bars, restaurants, parks, homes, offices.

You’ll find that as your friends use foursquare to check-in, you’ll start learning more about the places they frequent. Not only is it a great way to meet up with nearby friends, but you’ll also start to learn about their favorite spots and the new places they discover.

Not just your friends, either. Just watch the latest check-ins scroll by on the foursquare home page, and you will get lots of interesting tidbits about lots of people. I was starting to groan about the usual privacy questions—who owns the location data, how long does foursquare hold it, how hard will it be for an unhappy spouse or employer to get hold of it, can the company sell it to business partners—when I moved on to work on the next slide.

And then I woke up this morning to discover that foursquare had cut a deal with Harvard University. As Harvard’s official organ, the Gazette, explains,

The service, which is accessible from smartphones and other mobile devices, enables students and visitors to explore the campus and surrounding neighborhoods while sharing information about their favorite places.

The Gazette goes on to proclaim that we are #1: “Harvard is the first university to use foursquare to help students explore their campus and surrounding places of interest.” (Maybe we should take pride in this, though UNC Charlotte claims to be the first university to use foursquare, for a somewhat different purpose. Years ago, when Harvard fell to #2 in the US News rankings, our humor magazine pointed out that this was a good thing, as it would teach us humility, and we should strive to be #1 in humility as we are in everything else.)

Having spent many an afternoon over the past year in information security meetings, where the University has been developing policies and standards for how information about our students may be accessed, stored, and moved, I immediately started wondering whether Harvard had somehow signed onto a deal to encourage students to surrender their privacy, and if so, who was the commercial beneficiary. The Gazette story doesn’t mention data privacy at all. It simply has a Harvard spokesman echoing foursquare’s utopianism.

We believe that Harvard’s participation will allow our community to engage with friends, professors, and colleagues in new ways. We also hope visitors and neighbors will benefit from the platform as it grows through use.

So visiting high school students and Chinese tourists are apparently also the intended “beneficiaries” of this “service.”

As Hal Roberts of the Berkman Center pointed out when I asked him about this story, foursquare’s privacy policy is pure boilerplate:

We receive and store certain types of information whenever you interact with our Service or services. Foursquare automatically receives and records information on our server logs from your browser including your IP address, cookie information, and the page you requested.

It goes on to explain how they aggregate this data and analyze it, and how they won’t disclose it in a way that would identify you personally. Only problem is, the privacy policy doesn’t mention the really private information foursquare collects—the location information. That simply isn’t covered by any of the boilerplate. So they can do what they want with it, without asking. Moreover (and thanks to doc searls for pointing this out), foursquare explicitly says that they may sell that information, and even if they don’t, the company will pass it on if it gets acquired. And that by signing up, you are acknowledging that you understand all that.

Business Transfers: In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Moreover, if Foursquare, or substantially all of its assets were acquired, or in the unlikely event that Foursquare goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Foursquare may continue to use your Personal Information as set forth in this policy.

It’s a free country. If people think it’s fun for people to know where they are, and they understand what they are doing, by all means they should go for it. I am not a killjoy.

But I am puzzled that Harvard wants to encourage this behavior—that it has somehow analyzed the social benefits and the evident commercial interests and privacy risks involved here, and has come to the conclusion that on balance it would be a good thing if a lot of students signed up.

I hardly dare wonder if Harvard itself might have a pecuniary interest in the success of the partnership. I hope not, and that it has simply seen great benefits to the community—and few risks. I would love to know more.

Added January 14: Perry Hewitt, who is quoted in the article, wanted to be clear that there is no “partnership” (as I called it) between Harvard and foursquare. Harvard is simply a foursquare “presence”—as it would be anyway, whether Harvard formally cooperated or not. By allowing foursquare to create a Harvard badge, Harvard is simply making more convenient something people would be doing anyway. I am grateful to Perry for getting back to me and clarifying these points.

World of Warcraft (WoW) is a huge online fantasy war game, with more than ten million accounts. Here is a nice holiday-weekend “bits” story: a man with an arrest warrant out on him in Indiana for two years on drug charges has been arrested in Ottawa, Canada. The crucial information as to his whereabouts was provided by Blizzard Entertainment, the game company that runs WoW. As Matt Robertson, the investigator in the county sheriff’s department, tells the Kokomo (IN) Perspective,

“You hear stories about you can’t get someone through the Internet. Guess what? You can. I just did. Here you are, playing World of Warcraft, and you never know who you’re playing with.”

Robertson seems to have take a lot of small steps to put the story together. A childhood friend of the suspect said he had moved to Canada — good to know, of course, but making many of the standard law enforcement protocols useless. Somewhere along the line a tip came in that he was a WoW fan, so the investigator sent a subpoena for the suspect’s records — a transnational subpoena with no legal force at all.

“They don’t have to respond to us, and I was under the assumption that they wouldn’t,” said Roberson. “It had been three or four months since I had sent the subpoena. I just put it in the back of my mind and went on to do other things. Then I finally got a response from them. They sent me a package of information. They were very cooperative. It was nice that they were that willing to provide information.”

That information included the suspect’s IP address, in particular. From the IP address Robertson got the latitude and longitude (here is one site that will do that for you) and then used Google Earth to home in on the neighborhood. He couldn’t quite get to the street address that way, but close enough that Canadian authorities did the rest.

So just remember that. In a multiuser game you can think of yourself as living out of time, out of space, and out of your own skin, but you aren’t. Someone knows a great deal about you, and might even be willing to answer a polite request to reveal it.

Which may be what we actually want. Or is it?

The Wall Street Journal (story here; subscription needed) reports that Wikipedia is losing editors faster than it is recruiting new ones. Since about the beginning of 2008, departures have exceeded arrivals in the corps of volunteers who contribute to Wikipedia and scour it for accuracy–or in some cases, opportunities for petty vandalism.

It’s hard to know exactly what’s going on, and the Journal raises several possibilities without claiming it knows what is true. The original editors have been at it for almost a decade; perhaps they have burned out. Perhaps all the easy and interesting stories have been written; there isn’t much new to say about Crime and Punishment within Wikipedia’s stylistic strictures. (In fact if you check that entry’s history, it was modified only 10 days ago, but only to reverse some act of vandalism.) Can it be that from the standpoint of the totality of human knowledge, Wikipedia editing has now reached a state of diminishing returns? Also, perhaps, it is not so much fun as it used to be; there are more rules to follow, and more people checking on your edits, than there used to be.

It’s an important question. Wikipedia is one great success of crowdsourcing, of a useful artifact produced using the lunatic fringe of democratic participation. What if the model is unsustainable after awhile, because at some point there are more people who have their fun as trolls than there are as builders?

In New York, some clown started a blog called “Skanks in NYC” for the sole purpose of heaping verbal abuse on, well, whatever people he thought deserved that appellation. The blog was hosted by Blogger.com, a Google service. The site apparently was active for only a day, during which the clown posted five items, one of them referring to a model named Liskula Cohen as a “ho” and a few other things.

Ms Cohen wanted to know who was speaking ill of her, and asked Blogger to disclose that information so she could pursue a defamation suit. I pick up the story from CNN:

On Monday, New York Supreme Court Judge Joan Madden ruled that Google must hand over to Cohen any identifying information it possesses about the blog’s creator. ‚Ķ¬†”The protection of the right to communicate anonymously must be balanced against the need to assure that those persons who choose to abuse the opportunities presented by this medium can be made to answer for such transgressions,” the judge said ‚Ķ.

And Blogger did, under the court order, turn over to Cohen the IP and email addresses of the blogger. A Google attorney said the company was sensitive to both privacy and to cyberbullying, but a court order trumps any concerns of the company.

Now it turns out that the blogger clown is one Rosemary Port, a Fashion Institution of Technology student who, according to the Daily News, had been involved in some sort of personal quarrel with Cohen. Cohen has decided not to pursue the defamation suit. Port, however, says she will sue Google for $15 million for invasion of her privacy.

“Before her suit, there were probably two hits on my Web site: One from me looking at it, and one from her looking at it,” Port said. “That was before it became a spectacle. I feel my right to privacy has been violated.”

That’s an odd transition — she put it up on the Web where anybody in the world could see it. But only a couple of people did, so she claims a privacy invasion when so much attention got focused on it. Still, she didn’t think she was going to be unmasked. Port’s lawyer makes a knee-jerk appeal to the pseudonymously published Federalist Papers, which lobbied for adoption of the U.S. Constitution.

I doubt Port has a case. Google’s Privacy Policy states, “Google only shares personal information with other companies or individuals outside of Google in the following limited circumstances: ‚Ķ¬†We have a good faith belief that access, use, preservation or disclosure of such information is reasonably necessary to (a) satisfy any applicable law, regulation, legal process or enforceable governmental request ‚Ķ.” Sounds like that covers it. Anyone who’s signed up for a Gmail account agreed to that. (Actually, just doing a Google search causes you to agree to these terms implicitly, but that’s another matter.)

Bloggers (and blog commenters) beware. You can use anonymity tools, such as Tor, if you are really worried about being discovered, but if you do something unlawful behind the veil of an anonymous blog, your cover may be blown.

(It’s a separate question whether calling someone a “ho” or a “skank” actually constitutes defamation. I have no opinion on that one.)

The state of Illinois has enacted a law prohibiting anyone classified as a sex offender from using any social networking site. The definition of the latter is quite complicated — it certainly covers more than Facebook and Myspace. Blogs may qualify as well. The language is hard to parse.

I understand the impulse, but this looks like another blunt instrument designed in a moment of panic, like the Child Online Protection Act we discuss in Chapter 7 of Blown to Bits.¬†¬†Andrew Moshirnia argues that it’s probably unconstitutional as other such laws have proved to be — it simply restricts too much speech that doesn’t need restriction in order to get at the subset that is actually objectionable. Moshirnia points out two other minor problems: it won’t work (it’s too easy to create a fake identity online) and sex offender registries are overbroad (read my other book, Excellence Without a Soul, if you’d like to see how one Harvard undergraduate earned his status on the list). Then there’s the fact, abundantly documented in the Internet Safety Technical Task Force report, that the Internet is not the enabler of sex crimes that politicians love to pretend it is.

Go after the crimes, not the tools. The fact that some people can use their liberty for evil ends is no reason to restrict anyone’s liberty pointlessly.