âPrivacy is an onionâ (patent pending maxim); it is situational, temporal and multi-dimensional. Perhaps said axiom should be recast as a âgenetically modified onionâ.
Perusing articles on Facebook privacy control changes from a well-known security company, there is the revelation that âno private information should be on the Internetâ. A wise statement for an information security purist, but what constitutes âprivate informationâ, to what degree is it fluid and are the controls within Social Networks sufficient to allow us to restrict access in the ways we demand / require? What are the âsociological normsâ, and what of âsuper-socialâ libertines (such as I) that have exceeded Dunbarâs Number by a magnitude of 700%?
How does information aggregation affect risk and perception of privacy control â are we at risk through inference channels in the Social Network? How do we perceive and manage trust? With rigour, paranoia, neutrality; is it earned, easily lost. How do we convey this and ensure our privacy is being managed accordingly? This brief set of questions hints at the complexity: cultural and emotional; qualitative; psychological; behavioural that guides our experiences online. Are Social Networks really equipped to meet sophisticated information management demands from a savvy user-base? How will they augment existing controls to facilitate virtual world technologies and context aware devices that would provide further âlocationalâ (excuse the Social Computing neologism) and situational information?
Todayâs Social Network (I take Facebook as a pervasive example) is a walled-garden (in general terms). Most users create a âprivateâ profile and control access by granting or denying friend requests, which can then (by and large) see profile information, pictures, status updates and other friend connections (there are nuances, but for brevity I generalise). My âbug bearâ with this model is a) poor visualisation of what effect the setting of privacy attributes has b) itâs not more walls we need, itâs more gardens! I shall elaborate on my latter ethereal viewpoint. Going back to trust, you may trust someone implicitly in the office, but donât want to entrust them with private information in a personal Social Network. Trust and privacy are also really inter-woven concepts. There are also gradations of trust. For example I might trust someone based on their profession (doctor, airline pilot), but there is a limitation in the trust.
I might trust someone with another career background differently, or the trust may be quite neutral. We need more trust and privacy zones (which need to be explicitly defined and explicitly visible) to place individual connections inside a more sophisticated information handling model within the Social Network. In a rudimentary sense this exists with âFriendâs Listsâ. These can be created in Facebook and âfriendsâ added to multiple lists which can then be used to permit or deny access to information at a group level. I term this ârudimentaryâ as the configuration is somewhat arcane, and the visualisation of the result is best described as disappointing, a point to which I shall return.
Aggregation of information and how this affects risk exposure and privacy concerns are also interesting. Simplistically it might be argued âhave a sparse profile with little personal information and this is a non-issueâ. Whilst logical from a simplistic perspective, consider the aggregation of information from interaction, commentary, and chat services (etc.) and over time information aggregation becomes an increasing concern. I have also (of late) been thinking about the risk of âInference Channelsâ in Social Networks. Database and data mining âtheoristsâ will be familiar with this concept. Without diving into a treatise on Claude E Shannon and Entropy Theory, suffice to say this is concerned with deducible links through network connections and whether knowing about a set of relationships (perhaps even individual pieces of personal information) could lead to the discovery of inferred or elicited relationships or information. This may of course be entirely benign, but the Inference Channel has an implied risk that âunknown informationâ will be discovered through analysis of multiple relationships (as I mention a known concern in highly secure database systems). A subject on which I have written (at some length) is also the opportunity for Social Engineering and leveraging elicited information for nefarious purposes. I am satisfied that the corporate world is generally cognizant of such risk, but wonder if more could be done in terms of âgeneral public education.â
Risks have a tendency to multiply rather than divide, and the unrelenting pace of Social Network development leads me to concerns over a number of âemerging technologiesâ. Those that read my recent predictions on Social Network developments will have noted my belief that virtual world technologies will augment the rather unsophisticated and stifled ânetworkingâ model that we have today. Context Aware devices will provide further enrichment, but both enrich not only networking experience but also the quality of personal information (now situational) that might âleakâ. The Social Networkâs model for configuring privacy controls, defining trust relationships and visualising the result is not equipped for this (I think it barely struggles with todayâs limited demands).
Control, visualisation, predictability have been central themes of my âcritiqueâ of existing offerings. I therefore close by suggesting a few improvements and opportunities for development and research in this area:
- Visualisation of Social Network privacy controls is poor. The granularity of access controls is too coarse. My solution would be creation of (either my GM Onion model) or perhaps more simply a âradarâ or quadrant model on which connections could be placed within âtrust zonesâ (by dragging and dropping them onto the appropriate region). Configuration is half the battle, and visualisation of the resultant privacy controls effect is essential. This is where current controls are weakest. I also want multiple walled gardens to play with (where I could segregate user groups) and ensure no (uncontrolled) information leakage between. So my âquadrant modelâ needs to work in three dimensions!
- A trust and privacy âradarâ would be equally interesting, with those closest to the centre having the greater trust relationship and access to more personal data.
- Inference Channels are âtrickyâ due to the myriad of links, attributes and permutations affecting such. I continue to read widely on the subject and would welcome comments on how this might be best addressed. One area that would be interesting to research further would be âreal-time risk advisorsâ (as an example) on chat services seeking to warn users when the aggregation of personal information across âconversationsâ reaches a certain threshold. This would have numerous applications.
Finally, I hope my musings have not dissuaded anyone from participating in âspeculative networkingâ. We donât agonise over privacy concerns before exchanging business cards, so with a degree of care and attention pro-active and speculative Social Networking can be beneficial. But remember, I am a self-confessed libertine!
This article first appeared on the Atos Origin CIO / CTO Blog in January 2010.
