Privacy as Product Safety

Online social media confound many of our familiar expectaitons about privacy. Contrary to popular myth, users of social software like Facebook do care about privacy, deserve it, and have trouble securing it for themselves. Moreover, traditional database-focused privacy regulations on the Fair Information Practices model, while often worthwhile, fail to engage with the distinctively social aspects of these online services. Instead, online privacy law should take inspiration from a perhaps surprising quarter: product-safety law. A web site that directs users\u27 personal information in ways they don\u27t expect is a defectively designed product, and many concepts from products liability law could usefully be applied to the structurally similar problem of privacy in social software. After setting the scene with a discussion of how people use Facebook and why standard assumptions about privacy and privacy law fail, this essay examines the parallel between physically safe products and privacy-safe social software. It illustrates the value of the product-safety approach by considering another ripped-from-the-headlines example: Google Buzz

Privacy self-regulation and the changing role of the state: from public law to social and technical mechanisms of governance

This paper provides a structured overview of different self-governance mechanisms for privacy and data protection in the corporate world, with a special focus on Internet privacy. It also looks at the role of the state, and how it has related to privacy self-governance over time. While early data protection started out as law-based regulation by nation-states, transnational self-governance mechanisms have become more important due to the rise of global telecommunications and the Internet. Reach, scope, precision and enforcement of these industry codes of conduct vary a lot. The more binding they are, the more limited is their reach, though they - like the state-based instruments for privacy protection - are becoming more harmonised and global in reach nowadays. These social codes of conduct are developed by the private sector with limited participation of official data protection commissioners, public interest groups, or international organisations. Software tools - technical codes - for online privacy protection can give back some control over their data to individual users and customers, but only have limited reach and applications. The privacy-enhancing design of network infrastructures and database architectures is still mainly developed autonomously by the computer and software industry. Here, we can recently find a stronger, but new role of the state. Instead of regulating data processors directly, governments and oversight agencies now focus more on the intermediaries - standards developers, large software companies, or industry associations. And instead of prescribing and penalising, they now rely more on incentive-structures like certifications or public funding for social and technical self-governance instruments of privacy protection. The use of technology as an instrument and object of regulation is thereby becoming more popular, but the success of this approach still depends on the social codes and the underlying norms which technology is supposed to embed. --

A qualitative study of stakeholders' perspectives on the social network service environment

Over two billion people are using the Internet at present, assisted by the mediating activities of software agents which deal with the diversity and complexity of information. There are, however, ethical issues due to the monitoring-and-surveillance, data mining and autonomous nature of software agents. Considering the context, this study aims to comprehend stakeholders' perspectives on the social network service environment in order to identify the main considerations for the design of software agents in social network services in the near future. Twenty-one stakeholders, belonging to three key stakeholder groups, were recruited using a purposive sampling strategy for unstandardised semi-structured e-mail interviews. The interview data were analysed using a qualitative content analysis method. It was possible to identify three main considerations for the design of software agents in social network services, which were classified into the following categories: comprehensive understanding of users' perception of privacy, user type recognition algorithms for software agent development and existing software agents enhancement

Money for Nothing and Privacy for Free?

Privacy in the context of ubiquitous social computing systems has become a major concern for the society at large. As the number of online social computing systems that collect user data grows, this privacy threat is further exacerbated. There has been some work (both, recent and older) on addressing these privacy concerns. These approaches typically require extra computational resources, which might be beneficial where privacy is concerned, but when dealing with Green Computing and sustainability, this is not a great option. Spending more computation time results in spending more energy and more resources that make the software system less sustainable. Ideally, what we would like are techniques for designing software systems that address these privacy concerns but which are also sustainable - systems where privacy could be achieved "for free," i.e., without having to spend extra computational effort. In this paper, we describe how privacy can be achieved for free - an accidental and beneficial side effect of doing some existing computation - and what types of privacy threats it can mitigate. More precisely, we describe a "Privacy for Free" design pattern and show its feasibility, sustainability, and utility in building complex social computing systems

Appropriation of privacy management within social networking sites

Social networking sites have emerged as one of the most widely used types of interactive systems, with memberships numbering in the hundreds of millions around the globe. By providing tools for their members to manage an ever-changing set of relationships, social networking sites push a constant expansion of social boundaries. These sites place less emphasis on tools that limit social boundaries to enable privacy. The rapid expansion of online social boundaries has caused privacy shockwaves. Privacy offline is enabled by constraints of time and space. Online, powerful search engines and long term digital storage means private data have no expiration date. Within an online culture of anonymity and fluid self-presentation of identity, social networking sites can be turned into places of perceived safety but with privacy risks that actually extend indefinitely. While these sites do deploy privacy management features, it is not understood how people use social networking sites, how they use privacy management features, and how these two are related. In order to create better privacy mechanisms for social software, designers must first understand how members manage their privacy in the current environment. This dissertation introduces The Social Software Performance Model, which describes relevant factors and their interaction in order to explain patterns of privacy management. The Model is a synthesis of Adaptive Structuration Theory, the Fit Appropriation Model and socio-technical systems theory. Adaptive Structuration Theory attempts to explain appropriation, defined as the process by which people integrate technology into their daily tasks and activities. A central premise of this research is that the appropriation perspective is a valuable lens for teasing apart how members of these sites adopt and adapt privacy management features. Using Adaptive Structuration Theory, this dissertation developed and validated new measures that capture appropriation patterns related to privacy management within social networking sites. The research introduces three independent constructs that measure privacy management appropriation. They are the Use appropriation move, which measures actual use of privacy management features; the Familiarity appropriation move, which measure knowledge of privacy management features; and the Restricted Scope appropriation move, which measures the extent to which members independently limit the scope of their online social network to protect their privacy. Survey data was collected from subjects in two different social networking sites, Facebook and MySpace, and used to evaluate hypotheses developed from The Social Software Performance Model. Using a partial least squares analysis, the research model explained 28.5% of the variance with respect to appropriation of privacy management features. This is a strong result for exploratory research. This research makes a contribution by extending theories to a new context, by applying both the Adaptive Structuration Theory and the Fit Appropriation Model to the use of privacy management in social networking sites. Using types and sub-types of appropriation moves from Adaptive Structuration Theory, new measures were developed and validated. These new measures, with further efforts to establish validity and reliability, can be adapted to understand appropriations for other forms of social software. The main finding of the research is a method to evaluate the effectiveness of different implementations of privacy management within social networking sites. While information system theory has been primarily concerned with systems used in an organizational context, the results of this research shows these theories are relevant to new systems based on social interaction. These new types of social software, generically labeled as Web 2.0, are among the most popular on the Internet. Besides Facebook and MySpace, examples of Web 2.0 include the video sharing site YouTube.com, and the photo sharing site Flickr.com. These sites thrive on intensive social interaction, and are growing in scope and importance. There has been little consensus among researchers as to how to measure the effectiveness of Web 2.0 systems. This lack of consensus presents a strategic opportunity for information systems theory, which has made determinations of effectiveness an important focus. This research has adapted information systems theory to study the effectiveness of privacy management. The development of privacy management has proven to be a difficult problem, and a deeper understanding of its effectiveness is expected to improve the overall design of these systems. By adapting information systems theory to the use of privacy management within social networking sites, this research shows that information systems theory can also be used applied to Web 2.0 applications. This provides a foundation for the further development of methods to measure the effectiveness of additional components within social software

Contextual healing: Privacy through interpretation management

Contextual privacy is an essential concept in social software communication. Managing privacy of data disclosed in social software dependence strongly on the context the data is disclosed in. The sheer amount of posts and audiences may lead to context ambiguity. Ambiguity can affect contextual privacy management and effective communication. Current contextual privacy management approaches can be either too complex to use, or too simple to offer fine-grained control. In many cases, it is challenging to strike a balance between effective control and ease-of-use. In this article, we analyse contextual privacy by in relation to context and communication. We examine a relevant contextual privacy management framework based on the maintenance of the interpretation of data. We propose an architecture based on the utilisation of intelligent mechanisms. We conceptually analyse the usability aspect of the proposed architecture. We conclude by arguing how our conceptual framework can enhance communication and privacy in private and public spaces

Domino: exploring mobile collaborative software adaptation

Social Proximity Applications (SPAs) are a promising new area for ubicomp software that exploits the everyday changes in the proximity of mobile users. While a number of applications facilitate simple file sharing between co–present users, this paper explores opportunities for recommending and sharing software between users. We describe an architecture that allows the recommendation of new system components from systems with similar histories of use. Software components and usage histories are exchanged between mobile users who are in proximity with each other. We apply this architecture in a mobile strategy game in which players adapt and upgrade their game using components from other players, progressing through the game through sharing tools and history. More broadly, we discuss the general application of this technique as well as the security and privacy challenges to such an approach