Chủ Nhật, 19/09/2010, 17:15
Nguy cơ từ “Internet không bao giờ quên”
http://nhipsongso.tuoitre.vn/Index.aspx?ArticleID=401201&ChannelID=550
TTCT - Những dữ liệu cá nhân đưa lên Internet hằng ngày không hẳn là điều tốt. Nó như con dao hai lưỡi mà ngày nào đó sẽ quay lại “đâm” vào bạn, buộc nhiều người phải thay tên đổi họ để thoát khỏi quá khứ kỹ thuật số mang đầy thông tin cá nhân họ đã đưa lên mạng.
“Xóa thời niên thiếu” không đơn giản như động tác bấm phím - Ảnh: Hoài Linh
Lời cảnh báo trên của Eric Schmidt, giám đốc điều hành Google - cỗ máy tìm kiếm thông tin trên mạng lớn nhất thế giới hiện đang tạo ra doanh thu hàng tỉ USD mỗi năm bằng cách hoàn thiện công nghệ tích trữ, lưu trữ và phục hồi thông tin của người sử dụng - đã nhóm lên một cuộc tranh cãi rộng hơn về một thế giới “không bỏ quên bất cứ điều gì”.
Câu chuyện của Stacy Snyder
Stacy Snyder là một ví dụ điển hình về việc không kiểm soát được những thông tin cá nhân của mình sau khi đã tung lên mạng. Năm 2006, Snyder - khi đó 25 tuổi và đang là giáo viên tập sự Trường trung học Conestoga Valley ở hạt Lancaster, Pennsylvania, Mỹ - đã đưa lên trang MySpace của mình bức ảnh chụp cô tại một bữa tiệc, trong đó cô đội mũ cướp biển, tay cầm ly rượu với chú thích “tên cướp biển say xỉn” bên dưới bức ảnh.
“Điều mà mọi người không nhận ra là khi đưa thông tin gì lên mạng, bạn đã mất quyền sở hữu và kiểm soát thông tin đó ngay lập tức. Ai cũng có thể tải về, lưu trữ và phát tán thông tin đó. Nó vượt ngoài tầm tay của bạn”
RICK FERGUSON
(một chuyên gia an ninh mạng ở Trend Micro)
Chuyện tưởng như một trò đùa vui trong bữa tiệc bạn bè lại trở nên nghiêm trọng khi người giám sát của Snyder tại trường trung học tìm thấy bức ảnh này trong một lần lục kiếm thông tin về cô trên mạng.
Ban giám hiệu trường cho rằng bức ảnh của Snyder “không phù hợp với tiêu chuẩn nghề nghiệp” của một giáo viên và hiệu trưởng Trường đại học Giáo dục Millersville nơi Snyder theo học cáo buộc cô khuyến khích học trò dưới tuổi mình uống rượu. Hậu quả là trước lễ tốt nghiệp đại học, Snyder đã không được cấp bằng dù cô hoàn thành các kỳ thi cũng như giai đoạn thực tập và học bạ không có vấn đề gì.
Snyder đã đâm đơn kiện Trường Millersville về chuyện phạt một hành vi trong quá khứ và hoàn toàn hợp pháp của cô. Nhưng năm 2008, một thẩm phán bang đã bác bỏ thỉnh cầu của Snyder với lý do tấm ảnh của cô không phục vụ tốt cho công việc trong một ngành nghề liên quan đến công chúng mà cô đang theo đuổi. Cuối cùng Snyder đành ngậm ngùi từ giã giấc mơ mà cô theo đuổi suốt bốn năm tại trường đại học chỉ vì một sơ suất của mình.
Câu chuyện của Snyder đặt ra cho người sử dụng Internet một thách thức mà hàng triệu người trên toàn cầu đang đối mặt: làm thế nào để có được cuộc sống tốt nhất trong một thế giới ghi lại mọi thứ và không bỏ quên thứ gì trên Internet khi mỗi hình ảnh ta đưa lên mạng, những thông tin cá nhân mới nhất, những bài viết trên blog, trên Twitter, những câu chuyện phiếm, tâm sự vụn vặt hằng ngày... có thể được lưu giữ mãi mãi?
Với những trang như LOL Facebook Moments chuyên thu thập và chia sẻ những sự việc cá nhân gây sốc trích từ những người sử dụng Facebook, rõ ràng những thông tin cá nhân này luôn được nhiều người lục tìm trên mạng nhiều tháng, nhiều năm sau này. Đã có trường hợp một thiếu nữ Anh bị sa thải chỉ vì một hôm ông chủ tìm thấy trên trang Facebook của cô tâm sự rằng: “Tôi quá buồn chán” (!).
Nguy cơ đầy rẫy
Trước sự phát triển như vũ bão của các mạng xã hội, hiện có khoảng 600 triệu người có lý lịch cá nhân trên mạng. Facebook đã vượt qua MySpace năm 2008 để trở thành địa chỉ mạng xã hội lớn nhất với khoảng 500 triệu thành viên, ước tính những người sử dụng Facebook dành mỗi tháng khoảng 500 tỉ phút cho mạng này và chia sẻ hơn 25 tỉ nội dung gồm những câu chuyện mới, blog và hình ảnh. Gần đây, Library Congress - thư viện lớn nhất thế giới hiện nay - thông báo sẽ lưu trữ vĩnh viễn toàn bộ những gì trên Twitter kể từ năm 2006. Hiện Twitter có hơn 100 triệu thành viên.
Một nguy cơ rất rõ ràng là mọi người, từ bạn bè thân hữu đến những nhà tuyển dụng và cả kẻ thù, đều có thể tiếp cận hình ảnh, video và blog của các cá nhân chỉ với vài cú nhấp chuột đơn giản. Theo một điều tra của Microsoft thực hiện gần đây, 75% chuyên gia nhân sự và nhà tuyển dụng Mỹ tìm hiểu thông tin trên mạng, sử dụng nhiều địa chỉ khác nhau để nghiên cứu kỹ về ứng viên trước - bao gồm những công cụ tìm kiếm, mạng xã hội, hình ảnh và video, trang web cá nhân, Twitter và những địa chỉ chơi game. 70% nhà tuyển dụng Mỹ loại ứng viên chỉ vì lý do đăng những hình ảnh hoặc có những cuộc thảo luận, tranh cãi giữa những thành viên mạng mà họ cho là không thích hợp.
Trường hợp của Snyder là lời cảnh báo đối với những bạn trẻ đang muốn làm một nghề mà mình đeo đuổi. Hàng triệu bạn trẻ, những người đang nộp đơn xin việc, sẽ thấy rằng có quá nhiều chi tiết trên mạng gây khó khăn cho họ đối với nhà tuyển dụng mà giờ họ không thể gỡ xuống hoặc đã quá muộn để gỡ xuống. “Internet không bao giờ quên” là một sự đe dọa, ngăn cản chúng ta vượt qua quá khứ để tiến đến tương lai cho những khởi đầu mới.
Theo dự đoán của các chuyên gia mạng, trong tương lai gần những công cụ tìm kiếm trên Internet chắc chắn sẽ được nối với các công cụ tìm kiếm tập hợp mạng xã hội để nối dữ liệu từ các nguồn trên mạng như đóng góp chính trị, blog, video trên YouTube, những trang web bình luận, bất động sản và album ảnh. Những tập hợp này sẽ tiến đến việc xếp hạng danh tiếng công chúng và cá nhân giống như trang Unvarnished, thậm chí xếp hạng tín nhiệm như cha mẹ tốt, những cuộc hẹn hò tốt, đạo đức và gia cảnh, nhà tuyển dụng tốt, rủi ro bảo hiểm tốt...
Có câu nói rằng luôn có cơ hội lần hai. Nhưng sự thật là đối với một ngân hàng trí nhớ vĩnh viễn ngày càng mở rộng của web, sẽ khó có những cơ hội lần hai để thoát khỏi một bức thư tươi rói trong quá khứ kỹ thuật số của bạn.
Phản ứng và giải pháp
Nỗi lo về việc Internet lưu giữ quá nhiều thông tin cá nhân tăng mạnh trong năm nay, sau khi Facebook đưa ra cải tiến mới khiến thông tin của người sử dụng được đưa ra công chúng nhiều hơn. Tháng 12-2009, Facebook thông báo nhiều thông tin cá nhân của người sử dụng trước đó, bao gồm bạn bè, tình trạng hôn nhân, quan hệ gia đình... sẽ là thông tin “công chúng” chứ không phải cá nhân.
Tháng 4 năm nay, Facebook giới thiệu hệ thống tương tác Open Graph chia sẻ thông tin trong trang web cá nhân của bạn và bạn bè với các địa chỉ đối tác bạn đến. Điều này vấp phải sự chỉ trích kịch liệt từ người sử dụng, các nhà lập pháp và những người vận động chống lại việc Internet tác động đến đời tư của cá nhân. Bốn thượng nghị sĩ dân chủ Mỹ đã viết thư cho ông chủ Facebook Mark Zuckerberg diễn tả lo lắng về vấn đề này.
Khắp thế giới, từ các nhà chính trị, học giả và các cá nhân đang tìm cách phản ứng lại thách thức duy trì kiểm soát nhận diện của cá nhân trong một thế giới kỹ thuật số “không bao giờ quên”.
Tháng 2 năm nay, Liên minh châu Âu (EU) tài trợ chiến dịch “Think B4 U post” (Think before you post: Suy nghĩ kỹ trước khi bạn đưa thông tin lên) kêu gọi bạn trẻ cân nhắc những hậu quả có thể xảy ra khi công khai hình ảnh của họ và bạn bè cho công chúng mà không suy nghĩ kỹ và chưa xin phép họ. Vào tháng 4-2010, bốn sinh viên Đại học New York đã lên kế hoạch xây dựng mạng xã hội Diaspora miễn phí, trong đó không bắt buộc người sử dụng cam kết về việc cho phép mạng sử dụng những thông tin cá nhân của họ.
Ở Mỹ, một nhóm các nhà khoa học, học giả luật và chuyên gia mạng đang tìm cách tạo lại khả năng “quên” của kỹ thuật số. Công ty tư vấn ReputationDefender (Bảo vệ danh tiếng) là một giải pháp tạm thời cho việc đối phó với “thế giới không quên” của Internet.
ReputationDefender do một sinh viên luật Đại học Harvard thành lập, chuyên cung cấp dịch vụ làm sạch hình ảnh trên mạng. Hiện ReputationDefender có khách hàng tại hơn 100 quốc gia và là công ty thành công nhất trong việc giải quyết những vấn đề liên quan đến danh tiếng của người sử dụng được đưa lên Facebook và Google. Công ty sẽ giám sát danh tiếng của khách hàng trên mạng, liên lạc với các địa chỉ web và yêu cầu gỡ bỏ những mục nhạy cảm.
Với sự giúp đỡ của công nghệ tìm kiếm, ReputationDefender có thể tấn công dồn dập các trang web bằng những thông tin tích cực hoặc vô hại về khách hàng của mình, hoặc tạo ra những trang web mới hay nhân lên các đường dẫn đến trang web hiện tại để đảm bảo hiện ra những thông tin tích cực tại hàng đầu và đưa những trang web tiêu cực xuống những trang sau của Google.
Trong khi đó, nhiều nhà lập pháp Mỹ bắt đầu suy nghĩ những luật mới giúp kiểm soát đời tư cá nhân trên Internet được chặt chẽ hơn. Điều này chắc còn lâu mới thành hiện thực, nhưng trước hết thay vì đâm đơn kiện như trường hợp của Stacy Snyder sau khi sự đã rồi hay thuê một công ty dọn sạch “đống rác” của chúng ta trên mạng, mỗi cá nhân cần phải tự bảo vệ mình và ý thức về việc đưa thông tin gì lên Internet.
Rick Ferguson, một chuyên gia an ninh mạng ở Trend Micro, đã nói: “Điều mà mọi người không nhận ra là khi đưa thông tin gì lên mạng, bạn đã mất quyền sở hữu và kiểm soát thông tin đó ngay lập tức. Ai cũng có thể tải về, lưu trữ và phát tán thông tin đó. Nó vượt ngoài tầm tay của bạn”.
HOÀI ANH
(Theo New York Times, Independent)
July 21, 2010
The Web Means the End of Forgetting
By JEFFREY ROSEN
http://www.nytimes.com/2010/07/25/magazine/25privacy-t2.html?_r=1&scp=3&sq=ReputationDefender&st=cse
Four years ago, Stacy Snyder, then a 25-year-old teacher in training at Conestoga Valley High School in Lancaster, Pa., posted a photo on her MySpace page that showed her at a party wearing a pirate hat and drinking from a plastic cup, with the caption “Drunken Pirate.” After discovering the page, her supervisor at the high school told her the photo was “unprofessional,” and the dean of Millersville University School of Education, where Snyder was enrolled, said she was promoting drinking in virtual view of her under-age students. As a result, days before Snyder’s scheduled graduation, the university denied her a teaching degree. Snyder sued, arguing that the university had violated her First Amendment rights by penalizing her for her (perfectly legal) after-hours behavior. But in 2008, a federal district judge rejected the claim, saying that because Snyder was a public employee whose photo didn’t relate to matters of public concern, her “Drunken Pirate” post was not protected speech.
When historians of the future look back on the perils of the early digital age, Stacy Snyder may well be an icon. The problem she faced is only one example of a challenge that, in big and small ways, is confronting millions of people around the globe: how best to live our lives in a world where the Internet records everything and forgets nothing — where every online photo, status update, Twitter post and blog entry by and about us can be stored forever. With Web sites like LOL Facebook Moments, which collects and shares embarrassing personal revelations from Facebook users, ill-advised photos and online chatter are coming back to haunt people months or years after the fact. Examples are proliferating daily: there was the 16-year-old British girl who was fired from her office job for complaining on Facebook, “I’m so totally bored!!”; there was the 66-year-old Canadian psychotherapist who tried to enter the United States but was turned away at the border — and barred permanently from visiting the country — after a border guard’s Internet search found that the therapist had written an article in a philosophy journal describing his experiments 30 years ago with L.S.D.
According to a recent survey by Microsoft, 75 percent of U.S. recruiters and human-resource professionals report that their companies require them to do online research about candidates, and many use a range of sites when scrutinizing applicants — including search engines, social-networking sites, photo- and video-sharing sites, personal Web sites and blogs, Twitter and online-gaming sites. Seventy percent of U.S. recruiters report that they have rejected candidates because of information found online, like photos and discussion-board conversations and membership in controversial groups.
Technological advances, of course, have often presented new threats to privacy. In 1890, in perhaps the most famous article on privacy ever written, Samuel Warren and Louis Brandeis complained that because of new technology — like the Kodak camera and the tabloid press — “gossip is no longer the resource of the idle and of the vicious but has become a trade.” But the mild society gossip of the Gilded Age pales before the volume of revelations contained in the photos, video and chatter on social-media sites and elsewhere across the Internet. Facebook, which surpassed MySpace in 2008 as the largest social-networking site, now has nearly 500 million members, or 22 percent of all Internet users, who spend more than 500 billion minutes a month on the site. Facebook users share more than 25 billion pieces of content each month (including news stories, blog posts and photos), and the average user creates 70 pieces of content a month. There are more than 100 million registered Twitter users, and the Library of Congress recently announced that it will be acquiring — and permanently storing — the entire archive of public Twitter posts since 2006.
In Brandeis’s day — and until recently, in ours — you had to be a celebrity to be gossiped about in public: today all of us are learning to expect the scrutiny that used to be reserved for the famous and the infamous. A 26-year-old Manhattan woman told The New York Times that she was afraid of being tagged in online photos because it might reveal that she wears only two outfits when out on the town — a Lynyrd Skynyrd T-shirt or a basic black dress. “You have movie-star issues,” she said, “and you’re just a person.”
We’ve known for years that the Web allows for unprecedented voyeurism, exhibitionism and inadvertent indiscretion, but we are only beginning to understand the costs of an age in which so much of what we say, and of what others say about us, goes into our permanent — and public — digital files. The fact that the Internet never seems to forget is threatening, at an almost existential level, our ability to control our identities; to preserve the option of reinventing ourselves and starting anew; to overcome our checkered pasts.
In a recent book, “Delete: The Virtue of Forgetting in the Digital Age,” the cyberscholar Viktor Mayer-Schönberger cites Stacy Snyder’s case as a reminder of the importance of “societal forgetting.” By “erasing external memories,” he says in the book, “our society accepts that human beings evolve over time, that we have the capacity to learn from past experiences and adjust our behavior.” In traditional societies, where missteps are observed but not necessarily recorded, the limits of human memory ensure that people’s sins are eventually forgotten. By contrast, Mayer-Schönberger notes, a society in which everything is recorded “will forever tether us to all our past actions, making it impossible, in practice, to escape them.” He concludes that “without some form of forgetting, forgiving becomes a difficult undertaking.”
It’s often said that we live in a permissive era, one with infinite second chances. But the truth is that for a great many people, the permanent memory bank of the Web increasingly means there are no second chances — no opportunities to escape a scarlet letter in your digital past. Now the worst thing you’ve done is often the first thing everyone knows about you.
THE CRISIS — AND THE SOLUTION?
All this has created something of a collective identity crisis. For most of human history, the idea of reinventing yourself or freely shaping your identity — of presenting different selves in different contexts (at home, at work, at play) — was hard to fathom, because people’s identities were fixed by their roles in a rigid social hierarchy. With little geographic or social mobility, you were defined not as an individual but by your village, your class, your job or your guild. But that started to change in the late Middle Ages and the Renaissance, with a growing individualism that came to redefine human identity. As people perceived themselves increasingly as individuals, their status became a function not of inherited categories but of their own efforts and achievements. This new conception of malleable and fluid identity found its fullest and purest expression in the American ideal of the self-made man, a term popularized by Henry Clay in 1832. From the late 18th to the early 20th century, millions of Europeans moved from the Old World to the New World and then continued to move westward across America, a development that led to what the historian Frederick Jackson Turner called “the significance of the frontier,” in which the possibility of constant migration from civilization to the wilderness made Americans distrustful of hierarchy and committed to inventing and reinventing themselves.
In the 20th century, however, the ideal of the self-made man came under siege. The end of the Western frontier led to worries that Americans could no longer seek a fresh start and leave their past behind, a kind of reinvention associated with the phrase “G.T.T.,” or “Gone to Texas.” But the dawning of the Internet age promised to resurrect the ideal of what the psychiatrist Robert Jay Lifton has called the “protean self.” If you couldn’t flee to Texas, you could always seek out a new chat room and create a new screen name. For some technology enthusiasts, the Web was supposed to be the second flowering of the open frontier, and the ability to segment our identities with an endless supply of pseudonyms, avatars and categories of friendship was supposed to let people present different sides of their personalities in different contexts. What seemed within our grasp was a power that only Proteus possessed: namely, perfect control over our shifting identities.
But the hope that we could carefully control how others view us in different contexts has proved to be another myth. As social-networking sites expanded, it was no longer quite so easy to have segmented identities: now that so many people use a single platform to post constant status updates and photos about their private and public activities, the idea of a home self, a work self, a family self and a high-school-friends self has become increasingly untenable. In fact, the attempt to maintain different selves often arouses suspicion. Moreover, far from giving us a new sense of control over the face we present to the world, the Internet is shackling us to everything that we have ever said, or that anyone has said about us, making the possibility of digital self-reinvention seem like an ideal from a distant era.
Concern about these developments has intensified this year, as Facebook took steps to make the digital profiles of its users generally more public than private. Last December, the company announced that parts of user profiles that had previously been private — including every user’s friends, relationship status and family relations — would become public and accessible to other users. Then in April, Facebook introduced an interactive system called Open Graph that can share your profile information and friends with the Facebook partner sites you visit.
What followed was an avalanche of criticism from users, privacy regulators and advocates around the world. Four Democratic senators — Charles Schumer of New York, Michael Bennet of Colorado, Mark Begich of Alaska and Al Franken of Minnesota — wrote to the chief executive of Facebook, Mark Zuckerberg, expressing concern about the “instant personalization” feature and the new privacy settings. The reaction to Facebook’s changes was such that when four N.Y.U. students announced plans in April to build a free social-networking site called Diaspora, which wouldn’t compel users to compromise their privacy, they raised more than $20,000 from more than 700 backers in a matter of weeks. In May, Facebook responded to all the criticism by introducing a new set of privacy controls that the company said would make it easier for users to understand what kind of information they were sharing in various contexts.
Facebook’s partial retreat has not quieted the desire to do something about an urgent problem. All around the world, political leaders, scholars and citizens are searching for responses to the challenge of preserving control of our identities in a digital world that never forgets. Are the most promising solutions going to be technological? Legislative? Judicial? Ethical? A result of shifting social norms and cultural expectations? Or some mix of the above? Alex Türk, the French data-protection commissioner, has called for a “constitutional right to oblivion” that would allow citizens to maintain a greater degree of anonymity online and in public places. In Argentina, the writers Alejandro Tortolini and Enrique Quagliano have started a campaign to “reinvent forgetting on the Internet,” exploring a range of political and technological ways of making data disappear. In February, the European Union helped finance a campaign called “Think B4 U post!” that urges young people to consider the “potential consequences” of publishing photos of themselves or their friends without “thinking carefully” and asking permission. And in the United States, a group of technologists, legal scholars and cyberthinkers are exploring ways of recreating the possibility of digital forgetting. These approaches share the common goal of reconstructing a form of control over our identities: the ability to reinvent ourselves, to escape our pasts and to improve the selves that we present to the world.
REPUTATION BANKRUPTCY AND TWITTERGATION
A few years ago, at the giddy dawn of the Web 2.0 era — so called to mark the rise of user-generated online content — many technological theorists assumed that self-governing communities could ensure, through the self-correcting wisdom of the crowd, that all participants enjoyed the online identities they deserved. Wikipedia is one embodiment of the faith that the wisdom of the crowd can correct most mistakes — that a Wikipedia entry for a small-town mayor, for example, will reflect the reputation he deserves. And if the crowd fails — perhaps by turning into a digital mob — Wikipedia offers other forms of redress. Those who think their Wikipedia entries lack context, because they overemphasize a single personal or professional mistake, can petition a group of select editors that decides whether a particular event in someone’s past has been given “undue weight.” For example, if the small-town mayor had an exemplary career but then was arrested for drunken driving, which came to dominate his Wikipedia entry, he can petition to have the event put in context or made less prominent.
In practice, however, self-governing communities like Wikipedia — or algorithmically self-correcting systems like Google — often leave people feeling misrepresented and burned. Those who think that their online reputations have been unfairly tarnished by an isolated incident or two now have a practical option: consulting a firm like ReputationDefender, which promises to clean up your online image. ReputationDefender was founded by Michael Fertik, a Harvard Law School graduate who was troubled by the idea of young people being forever tainted online by their youthful indiscretions. “I was seeing articles about the ‘Lord of the Flies’ behavior that all of us engage in at that age,” he told me, “and it felt un-American that when the conduct was online, it could have permanent effects on the speaker and the victim. The right to new beginnings and the right to self-definition have always been among the most beautiful American ideals.”
ReputationDefender, which has customers in more than 100 countries, is the most successful of the handful of reputation-related start-ups that have been growing rapidly after the privacy concerns raised by Facebook and Google. (ReputationDefender recently raised $15 million in new venture capital.) For a fee, the company will monitor your online reputation, contacting Web sites individually and asking them to take down offending items. In addition, with the help of the kind of search-optimization technology that businesses use to raise their Google profiles, ReputationDefender can bombard the Web with positive or neutral information about its customers, either creating new Web pages or by multiplying links to existing ones to ensure they show up at the top of any Google search. (Services begin from $10 a month to $1,000 a year; for challenging cases, the price can rise into the tens of thousands.) By automatically raising the Google ranks of the positive links, ReputationDefender pushes the negative links to the back pages of a Google search, where they’re harder to find. “We’re hearing stories of employers increasingly asking candidates to open up Facebook pages in front of them during job interviews,” Fertik told me. “Our customers include parents whose kids have talked about them on the Internet — ‘Mom didn’t get the raise’; ‘Dad got fired’; ‘Mom and Dad are fighting a lot, and I’m worried they’ll get a divorce.’ ”
Companies like ReputationDefender offer a promising short-term solution for those who can afford it; but tweaking your Google profile may not be enough for reputation management in the near future, as Web 2.0 swiftly gives way to Web. 3.0 — a world in which user-generated content is combined with a new layer of data aggregation and analysis and live video. For example, the Facebook application Photo Finder, by Face.com, uses facial-recognition and social-connections software to allow you to locate any photo of yourself or a friend on Facebook, regardless of whether the photo was “tagged” — that is, the individual in the photo was identified by name. At the moment, Photo Finder allows you to identify only people on your contact list, but as facial-recognition technology becomes more widespread and sophisticated, it will almost certainly challenge our expectation of anonymity in public. People will be able to snap a cellphone picture (or video) of a stranger, plug the images into Google and pull up all tagged and untagged photos of that person that exist on the Web.
In the nearer future, Internet searches for images are likely to be combined with social-network aggregator search engines, like today’s Spokeo and Pipl, which combine data from online sources — including political contributions, blog posts, YouTube videos, Web comments, real estate listings and photo albums. Increasingly these aggregator sites will rank people’s public and private reputations, like the new Web site Unvarnished, a reputation marketplace where people can write anonymous reviews about anyone. In the Web 3.0 world, Fertik predicts, people will be rated, assessed and scored based not on their creditworthiness but on their trustworthiness as good parents, good dates, good employees, good baby sitters or good insurance risks.
Anticipating these challenges, some legal scholars have begun imagining new laws that could allow people to correct, or escape from, the reputation scores that may govern our personal and professional interactions in the future. Jonathan Zittrain, who teaches cyberlaw at Harvard Law School, supports an idea he calls “reputation bankruptcy,” which would give people a chance to wipe their reputation slates clean and start over. To illustrate the problem, Zittrain showed me an iPhone app called Date Check, by Intelius, that offers a “sleaze detector” to let you investigate people you’re thinking about dating — it reports their criminal histories, address histories and summaries of their social-networking profiles. Services like Date Check, Zittrain said, could soon become even more sophisticated, rating a person’s social desirability based on minute social measurements — like how often he or she was approached or avoided by others at parties (a ranking that would be easy to calibrate under existing technology using cellphones and Bluetooth). Zittrain also speculated that, over time, more and more reputation queries will be processed by a handful of de facto reputation brokers — like the existing consumer-reporting agencies Experian and Equifax, for example — which will provide ratings for people based on their sociability, trustworthiness and employability.
To allow people to escape from negative scores generated by these services, Zittrain says that people should be allowed to declare “reputation bankruptcy” every 10 years or so, wiping out certain categories of ratings or sensitive information. His model is the Fair Credit Reporting Act, which requires consumer-reporting agencies to provide you with one free credit report a year — so you can dispute negative or inaccurate information — and prohibits the agencies from retaining negative information about bankruptcies, late payments or tax liens for more than 10 years. “Like personal financial bankruptcy, or the way in which a state often seals a juvenile criminal record and gives a child a ‘fresh start’ as an adult,” Zittrain writes in his book “The Future of the Internet and How to Stop It,” “we ought to consider how to implement the idea of a second or third chance into our digital spaces.”
Another proposal, offered by Paul Ohm, a law professor at the University of Colorado, would make it illegal for employers to fire or refuse to hire anyone on the basis of legal off-duty conduct revealed in Facebook postings or Google profiles. “Is it really fair for employers to know what you’ve put in your Facebook status updates?” Ohm asks. “We could say that Facebook status updates have taken the place of water-cooler chat, which employers were never supposed to overhear, and we could pass a prohibition on the sorts of information employers can and can’t consider when they hire someone.”
Ohm became interested in this problem in the course of researching the ease with which we can learn the identities of people from supposedly anonymous personal data like movie preferences and health information. When Netflix, for example, released 100 million purportedly anonymous records revealing how almost 500,000 users had rated movies from 1999 to 2005, researchers were able to identify people in the database by name with a high degree of accuracy if they knew even only a little bit about their movie-watching preferences, obtained from public data posted on other ratings sites.
Ohm says he worries that employers would be able to use social-network-aggregator services to identify people’s book and movie preferences and even Internet-search terms, and then fire or refuse to hire them on that basis. A handful of states — including New York, California, Colorado and North Dakota — broadly prohibit employers from discriminating against employees for legal off-duty conduct like smoking. Ohm suggests that these laws could be extended to prevent certain categories of employers from refusing to hire people based on Facebook pictures, status updates and other legal but embarrassing personal information. (In practice, these laws might be hard to enforce, since employers might not disclose the real reason for their hiring decisions, so employers, like credit-reporting agents, might also be required by law to disclose to job candidates the negative information in their digital files.)
Another legal option for responding to online setbacks to your reputation is to sue under current law. There’s already a sharp rise in lawsuits known as Twittergation — that is, suits to force Web sites to remove slanderous or false posts. Last year, Courtney Love was sued for libel by the fashion designer Boudoir Queen for supposedly slanderous comments posted on Twitter, on Love’s MySpace page and on the designer’s online marketplace-feedback page. But even if you win a U.S. libel lawsuit, the Web site doesn’t have to take the offending material down any more than a newspaper that has lost a libel suit has to remove the offending content from its archive.
Some scholars, therefore, have proposed creating new legal rights to force Web sites to remove false or slanderous statements. Cass Sunstein, the Obama administration’s regulatory czar, suggests in his new book, “On Rumors,” that there might be “a general right to demand retraction after a clear demonstration that a statement is both false and damaging.” (If a newspaper or blogger refuses to post a retraction, they might be liable for damages.) Sunstein adds that Web sites might be required to take down false postings after receiving notice that they are false — an approach modeled on the Digital Millennium Copyright Act, which requires Web sites to remove content that supposedly infringes intellectual property rights after receiving a complaint.
As Stacy Snyder’s “Drunken Pirate” photo suggests, however, many people aren’t worried about false information posted by others — they’re worried about true information they’ve posted about themselves when it is taken out of context or given undue weight. And defamation law doesn’t apply to true information or statements of opinion. Some legal scholars want to expand the ability to sue over true but embarrassing violations of privacy — although it appears to be a quixotic goal.
Daniel Solove, a George Washington University law professor and author of the book “The Future of Reputation,” says that laws forbidding people to breach confidences could be expanded to allow you to sue your Facebook friends if they share your embarrassing photos or posts in violation of your privacy settings. Expanding legal rights in this way, however, would run up against the First Amendment rights of others. Invoking the right to free speech, the U.S. Supreme Court has already held that the media can’t be prohibited from publishing the name of a rape victim that they obtained from public records. Generally, American judges hold that if you disclose something to a few people, you can’t stop them from sharing the information with the rest of the world.
That’s one reason that the most promising solutions to the problem of embarrassing but true information online may be not legal but technological ones. Instead of suing after the damage is done (or hiring a firm to clean up our messes), we need to explore ways of pre-emptively making the offending words or pictures disappear.
EXPIRATION DATES
Jorge Luis Borges, in his short story “Funes, the Memorious,” describes a young man who, as a result of a riding accident, has lost his ability to forget. Funes has a tremendous memory, but he is so lost in the details of everything he knows that he is unable to convert the information into knowledge and unable, as a result, to grow in wisdom. Viktor Mayer-Schönberger, in “Delete,” uses the Borges story as an emblem for the personal and social costs of being so shackled by our digital past that we are unable to evolve and learn from our mistakes. After reviewing the various possible legal solutions to this problem, Mayer-Schönberger says he is more convinced by a technological fix: namely, mimicking human forgetting with built-in expiration dates for data. He imagines a world in which digital-storage devices could be programmed to delete photos or blog posts or other data that have reached their expiration dates, and he suggests that users could be prompted to select an expiration date before saving any data.
This is not an entirely fanciful vision. Google not long ago decided to render all search queries anonymous after nine months (by deleting part of each Internet protocol address), and the upstart search engine Cuil has announced that it won’t keep any personally identifiable information at all, a privacy feature that distinguishes it from Google. And there are already small-scale privacy apps that offer disappearing data. An app called TigerText allows text-message senders to set a time limit from one minute to 30 days after which the text disappears from the company’s servers on which it is stored and therefore from the senders’ and recipients’ phones. (The founder of TigerText, Jeffrey Evans, has said he chose the name before the scandal involving Tiger Woods’s supposed texts to a mistress.)
Expiration dates could be implemented more broadly in various ways. Researchers at the University of Washington, for example, are developing a technology called Vanish that makes electronic data “self-destruct” after a specified period of time. Instead of relying on Google, Facebook or Hotmail to delete the data that is stored “in the cloud” — in other words, on their distributed servers — Vanish encrypts the data and then “shatters” the encryption key. To read the data, your computer has to put the pieces of the key back together, but they “erode” or “rust” as time passes, and after a certain point the document can no longer be read. Tadayoshi Kohno, a designer of Vanish, told me that the system could provide expiration dates not only for e-mail but also for any data stored in the cloud, including photos or text or anything posted on Facebook, Google or blogs. The technology doesn’t promise perfect control — you can’t stop someone from copying your photos or Facebook chats during the period in which they are not encrypted. But as Vanish improves, it could bring us much closer to a world where our data didn’t linger forever.
Kohno told me that Facebook, if it wanted to, could implement expiration dates on its own platform, making our data disappear after, say, three days or three months unless a user specified that he wanted it to linger forever. It might be a more welcome option for Facebook to encourage the development of Vanish-style apps that would allow individual users who are concerned about privacy to make their own data disappear without imposing the default on all Facebook users.
So far, however, Zuckerberg, Facebook’s C.E.O., has been moving in the opposite direction — toward transparency rather than privacy. In defending Facebook’s recent decision to make the default for profile information about friends and relationship status public rather than private, Zuckerberg said in January to the founder of the publication TechCrunch that Facebook had an obligation to reflect “current social norms” that favored exposure over privacy. “People have really gotten comfortable not only sharing more information and different kinds but more openly and with more people, and that social norm is just something that has evolved over time,” he said.
PRIVACY’S NEW NORMAL
But not all Facebook users agree with Zuckerberg. Plenty of anecdotal evidence suggests that young people, having been burned by Facebook (and frustrated by its privacy policy, which at more than 5,000 words is longer than the U.S. Constitution), are savvier than older users about cleaning up their tagged photos and being careful about what they post. And two recent studies challenge the conventional wisdom that young people have no qualms about having their entire lives shared and preserved online forever. A University of California, Berkeley, study released in April found that large majorities of people between 18 and 22 said there should be laws that require Web sites to delete all stored information about individuals (88 percent) and that give people the right to know all the information Web sites know about them (62 percent) — percentages that mirrored the privacy views of older adults. A recent Pew study found that 18-to-29-year-olds are actually more concerned about their online profiles than older people are, vigilantly deleting unwanted posts, removing their names from tagged photos and censoring themselves as they share personal information, because they are coming to understand the dangers of oversharing.
Still, Zuckerberg is on to something when he recognizes that the future of our online identities and reputations will ultimately be shaped not just by laws and technologies but also by changing social norms. And norms are already developing to recreate off-the-record spaces in public, with no photos, Twitter posts or blogging allowed. Milk and Honey, an exclusive bar on Manhattan’s Lower East Side, requires potential members to sign an agreement promising not to blog about the bar’s goings on or to post photos on social-networking sites, and other bars and nightclubs are adopting similar policies. I’ve been at dinners recently where someone has requested, in all seriousness, “Please don’t tweet this” — a custom that is likely to spread.
But what happens when people transgress those norms, using Twitter or tagging photos in ways that cause us serious embarrassment? Can we imagine a world in which new norms develop that make it easier for people to forgive and forget one another’s digital sins?
That kind of social norm may be harder to develop. Alessandro Acquisti, a scholar at Carnegie Mellon University, studies the behavioral economics of privacy — that is, the conscious and unconscious mental trade-offs we make in deciding whether to reveal or conceal information, balancing the benefits of sharing with the dangers of disclosure. He is conducting experiments about the “decay time” and the relative weight of good and bad information — in other words, whether people discount positive information about you more quickly and heavily than they discount negative information about you. His research group’s preliminary results suggest that if rumors spread about something good you did 10 years ago, like winning a prize, they will be discounted; but if rumors spread about something bad that you did 10 years ago, like driving drunk, that information has staying power. Research in behavioral psychology confirms that people pay more attention to bad rather than good information, and Acquisti says he fears that “20 years from now, if all of us have a skeleton on Facebook, people may not discount it because it was an error in our youth.”
On the assumption that strangers may not make it easy for us to escape our pasts, Acquisti is also studying technologies and strategies of “privacy nudges” that might prompt people to think twice before sharing sensitive photos or information in the first place. Gmail, for example, has introduced a feature that forces you to think twice before sending drunken e-mail messages. When you enable the feature, called Mail Goggles, it prompts you to solve simple math problems before sending e-mail messages at times you’re likely to regret. (By default, Mail Goggles is active only late on weekend nights.) Acquisti is investigating similar strategies of “soft paternalism” that might nudge people to hesitate before posting, say, drunken photos from Cancún. “We could easily think about a system, when you are uploading certain photos, that immediately detects how sensitive the photo will be.”
A silly but surprisingly effective alternative might be to have an anthropomorphic icon — a stern version of Microsoft’s Clippy — that could give you a reproachful look before you hit the send button. According to M. Ryan Calo, who runs the consumer-privacy project at Stanford Law School, experimenters studying strategies of “visceral notice” have found that when people navigate a Web site in the presence of a human-looking online character who seems to be actively following the cursor, they disclose less personal information than people who browse with no character or one who appears not to be paying attention. As people continue to experience the drawbacks of living in a world that never forgets, they may well learn to hesitate before posting information, with or without humanoid Clippys.
FORGIVENESS
In addition to exposing less for the Web to forget, it might be helpful for us to explore new ways of living in a world that is slow to forgive. It’s sobering, now that we live in a world misleadingly called a “global village,” to think about privacy in actual, small villages long ago. In the villages described in the Babylonian Talmud, for example, any kind of gossip or tale-bearing about other people — oral or written, true or false, friendly or mean — was considered a terrible sin because small communities have long memories and every word spoken about other people was thought to ascend to the heavenly cloud. (The digital cloud has made this metaphor literal.) But the Talmudic villages were, in fact, far more humane and forgiving than our brutal global village, where much of the content on the Internet would meet the Talmudic definition of gossip: although the Talmudic sages believed that God reads our thoughts and records them in the book of life, they also believed that God erases the book for those who atone for their sins by asking forgiveness of those they have wronged. In the Talmud, people have an obligation not to remind others of their past misdeeds, on the assumption they may have atoned and grown spiritually from their mistakes. “If a man was a repentant [sinner],” the Talmud says, “one must not say to him, ‘Remember your former deeds.’ ”
Unlike God, however, the digital cloud rarely wipes our slates clean, and the keepers of the cloud today are sometimes less forgiving than their all-powerful divine predecessor. In an interview with Charlie Rose on PBS, Eric Schmidt, the C.E.O. of Google, said that “the next generation is infinitely more social online” — and less private — “as evidenced by their Facebook pictures,” which “will be around when they’re running for president years from now.” Schmidt added: “As long as the answer is that I chose to make a mess of myself with this picture, then it’s fine. The issue is when somebody else does it.” If people chose to expose themselves for 15 minutes of fame, Schmidt says, “that’s their choice, and they have to live with it.”
Schmidt added that the “notion of control is fundamental to the evolution of these privacy-based solutions,” pointing to Google Latitude, which allows people to broadcast their locations in real time.
This idea of privacy as a form of control is echoed by many privacy scholars, but it seems too harsh to say that if people like Stacy Snyder don’t use their privacy settings responsibly, they have to live forever with the consequences. Privacy protects us from being unfairly judged out of context on the basis of snippets of private information that have been exposed against our will; but we can be just as unfairly judged out of context on the basis of snippets of public information that we have unwisely chosen to reveal to the wrong audience.
Moreover, the narrow focus on privacy as a form of control misses what really worries people on the Internet today. What people seem to want is not simply control over their privacy settings; they want control over their online reputations. But the idea that any of us can control our reputations is, of course, an unrealistic fantasy. The truth is we can’t possibly control what others say or know or think about us in a world of Facebook and Google, nor can we realistically demand that others give us the deference and respect to which we think we’re entitled. On the Internet, it turns out, we’re not entitled to demand any particular respect at all, and if others don’t have the empathy necessary to forgive our missteps, or the attention spans necessary to judge us in context, there’s nothing we can do about it.
But if we can’t control what others think or say or view about us, we can control our own reaction to photos, videos, blogs and Twitter posts that we feel unfairly represent us. A recent study suggests that people on Facebook and other social-networking sites express their real personalities, despite the widely held assumption that people try online to express an enhanced or idealized impression of themselves. Samuel Gosling, the University of Texas, Austin, psychology professor who conducted the study, told the Facebook blog, “We found that judgments of people based on nothing but their Facebook profiles correlate pretty strongly with our measure of what that person is really like, and that measure consists of both how the profile owner sees him or herself and how that profile owner’s friends see the profile owner.”
By comparing the online profiles of college-aged people in the United States and Germany with their actual personalities and their idealized personalities, or how they wanted to see themselves, Gosling found that the online profiles conveyed “rather accurate images of the profile owners, either because people aren’t trying to look good or because they are trying and failing to pull it off.” (Personality impressions based on the online profiles were most accurate for extroverted people and least accurate for neurotic people, who cling tenaciously to an idealized self-image.)
Gosling is optimistic about the implications of his study for the possibility of digital forgiveness. He acknowledged that social technologies are forcing us to merge identities that used to be separate — we can no longer have segmented selves like “a home or family self, a friend self, a leisure self, a work self.” But although he told Facebook, “I have to find a way to reconcile my professor self with my having-a-few-drinks self,” he also suggested that as all of us have to merge our public and private identities, photos showing us having a few drinks on Facebook will no longer seem so scandalous. “You see your accountant going out on weekends and attending clown conventions, that no longer makes you think that he’s not a good accountant. We’re coming to terms and reconciling with that merging of identities.”
Perhaps society will become more forgiving of drunken Facebook pictures in the way Gosling says he expects it might. And some may welcome the end of the segmented self, on the grounds that it will discourage bad behavior and hypocrisy: it’s harder to have clandestine affairs when you’re broadcasting your every move on Facebook, Twitter and Foursquare. But a humane society values privacy, because it allows people to cultivate different aspects of their personalities in different contexts; and at the moment, the enforced merging of identities that used to be separate is leaving many casualties in its wake. Stacy Snyder couldn’t reconcile her “aspiring-teacher self” with her “having-a-few-drinks self”: even the impression, correct or not, that she had a drink in a pirate hat at an off-campus party was enough to derail her teaching career.
That doesn’t mean, however, that it had to derail her life. After taking down her MySpace profile, Snyder is understandably trying to maintain her privacy: her lawyer told me in a recent interview that she is now working in human resources; she did not respond to a request for comment. But her success as a human being who can change and evolve, learning from her mistakes and growing in wisdom, has nothing to do with the digital file she can never entirely escape. Our character, ultimately, can’t be judged by strangers on the basis of our Facebook or Google profiles; it can be judged by only those who know us and have time to evaluate our strengths and weaknesses, face to face and in context, with insight and understanding. In the meantime, as all of us stumble over the challenges of living in a world without forgetting, we need to learn new forms of empathy, new ways of defining ourselves without reference to what others say about us and new ways of forgiving one another for the digital trails that will follow us forever.
Jeffrey Rosen, a law professor at George Washington University, is a frequent contributor to the magazine. He is writing a book about Louis Brandeis.
Part I: Answers to Questions About Internet Privacy
By THE NEW YORK TIMES
http://bits.blogs.nytimes.com/2010/07/26/part-i-answers-to-questions-about-internet-privacy/
Paul Ohm, left, and Michael Fertik. Last week, we asked readers to submit questions to Michael Fertik, founder of ReputationDefender, and Paul Ohm, a law professor at the University of Colorado, in response to The New York Times Magazine article “The Web Means the End of Forgetting.”
Below are their responses. In some cases, we shortened the questions and fixed typos.
We are no longer accepting questions for this feature. You can read the second and final round of answers here.
Q.What is the best way to maintain an online alias for any material that you do not wish to be publicly connected to you, while still allowing friends and some acquaintances to stay in contact?
— Anonymous
Mr. Ohm: Rephrasing the question a little, if you want to say something online that might make prospective employers think twice before hiring you, can you use technology to make the comment untraceable? You can try, but there are no guarantees. Post under a pseudonym; set up a new e-mail address for receiving responses (as a commenter, Fred H, recommends); and use a tool that obscures your I.P. address, like Tor, the onion router. If you do all of this, a prospective employer would need to work very hard to associate the comment with you.
But understand two significant limits to this kind of technological self-help. First, you can’t make mistakes. For example, if you slip up and sign your real name to a supposedly pseudonymized post, this link between you and your alter ego will end up in Google. Second, given how quickly information search tools evolve, you should assume that your pseudonymized messages will become easier to associate with you over time.
Q.Last week, I killed my Facebook account and my Twitter account. The risks were just too great — even though I was careful what I posted. Now that I’m out of the social networks, do I need to do more to erase anything I might have left behind? — Citizen
Mr. Fertik: Your Facebook information isn’t instantly deleted when you press the “delete my account” button. It takes 14 days from when you press the button to when your account is actually closed. If you try to log into Facebook (or even use certain Facebook-connected Web sites) before that time period has passed, your account will be revived as if nothing happened.
But more important, even if you quit Facebook, other people can still spill your personal information online without your consent. Friends can still write comments about you and post photos. And thanks to photo-recognition technology, even untagged images of you can be identified.
To take control, set up alerts with your name, monitor social networks and ask friends to keep you informed. One other note — as a result of using social-networking sites, your browser will also most likely have several tracking cookies that identify personal information about you to advertisers. These cookies may persist even after you’ve logged out and closed your accounts. You will need to clear your browser cookies or block these advertising tracking networks.
Q.Professor Ohm is right on the mark in calling for strong legislation that would protect Americans’ rights to engage in any lawful off-hours, off-employer-premises activities as they choose without fear of employment discrimination. How can we best craft such legislation to make it truly enforceable and effective? — Scott Enk
Mr. Ohm: I think the only remotely likely source for a new law like this in the United States is a forward-looking state legislature. I doubt any judge will stretch the privacy torts far enough to forbid this kind of background checking. The Federal Trade Commission focuses on consumer privacy and corporate unfair and deceptive practices. And Congress probably lacks the political will to enact a federal law like this.
Is any state legislature likely to enact such a law? Perhaps. Many states have proved themselves to be great champions of personal privacy. Just in the past few years, for example, California has enacted a tough data-breach notification law, and Massachusetts has enacted the most aggressive data-privacy law in the country.
History has taught us that the best time to enact a privacy law is immediately after somebody suffers a sensational, newsworthy privacy harm. When someone leaked Judge Robert Bork’s video rental records, Congress enacted the Video Privacy Protection Act. When a stalker tracked down and killed the actress Rebecca Schaeffer using D.M.V. records, Congress passed the Driver’s Privacy Protection Act. I wonder if the story of Stacy Snyder — the would-be schoolteacher denied a teaching degree because of a MySpace photo — is sensational enough to encourage legislatures to act.
Q.I am a medical student about to apply to residency positions. Is there any way to influence what results (and in what order) come up when someone Googles my name? — SAMS
Mr. Fertik: You are absolutely right that higher education and hiring managers will Google you, and that what they see will make a difference in your career. A recent Microsoft study found that 70 percent of hiring managers admitted rejecting candidates because of information they found by searching for the person’s name in a search engine.
Today, when every “life transaction” — hiring, dating, getting insurance, applying for school — is directly affected by a search engine, you must make sure that people who see your “online résumé” — effectively, the first page of a Google search for your name — see positive, truthful and highly relevant information about you.
It can be very difficult to move existing content up or down in a Google search, but there are some tricks that are worth a try in your situation. Try building more links to the most relevant content that you would like residency directors to see. In many cases, this will help bring that information to the top of a search. Or ask friends to link to the stronger content from their blogs and Twitter accounts. I believe you should have more control over your digital résumé. Invest the time necessary to build up your Google CV, since it is now the only CV that really counts.
Q.Am I right to be concerned about this trend — of every aspect of our lives being stored as data by large corporations? I’m not conspiratorial/paranoid by nature, but this is one realm that has given me thought. — Jason
Mr. Ohm: Given examples from the past, you’re right to worry that companies suffering economic hard times might consider making money selling their users’ secrets. During the dot-com bust, the bankrupt online toy store Toysmart tried to sell its customer-information database to help ease the pain to its creditors. After the F.T.C. sued the company for violating its privacy policy, Toysmart destroyed the database. More recently, as I have written about, several small Internet service providers began experimenting with tailoring the ads a customer saw to the Web pages he or she had recently browsed; most of them abruptly ended these experiments once Congress began asking questions.
Even companies not under economic distress dream up ways to turn user secrets into cash. Earlier this year, Facebook suffered withering criticism for changing the default privacy settings for customer data.
As some have in the past, companies in the future will continue to change their minds about the privacy of user data, but can they do this legally? Generally, companies need to keep the promises they make, including the promises they make in privacy policies. Quite often, however, many companies write flexible policies, reserving the right to change the rules as they see fit.
Q.A few years ago, I lost my house through a foreclosure and subsequently filed for bankruptcy. There was a long and protracted trial, at the end of which the judge wrote a decision in favor of the lender. The moment I Google my name or my wife’s, it shows up. What can I do to remove this from the Web? — ko
Mr. Fertik: Removing government records from the Internet is extremely difficult. Many local governments think that if financial records have always been available in an arcane courthouse filing system, then those records should be online and searchable through Google. And other governments have not yet realized that Google’s “Web spider” is capable of finding many seemingly obscure documents and making them available to the world.
Slowly, courts are realizing that personal proceedings (like divorces and foreclosures) don’t need to be available through a Google search. Technologically advanced courts are making documents available online through an interface that requires the user to verify that they will not misuse or resell the information. These controls are not perfect, but they introduce friction back into the system and make it less likely for Google searchers to stumble upon personal information.
In your case, you should do two things: First, encourage your local court to join the privacy movement. Second, build a positive online presence that will push your private financial information off the first page of Google search. The majority of Web searchers don’t look past the first page of Google, so if you can control the first page, then you can limit how many people see your foreclosure. Start by building personal profiles on sites like LinkedIn, Twitter and other popular communities. You may also consider building a personal blog. Arrange to have your name in the URL of each Web property to maximize its “Google juice.” Maybe join a site that lists people in your industry or profession. By carefully linking these sites to one another, you can often make these positive profiles come up at the top of a search for your name.
Q.I am a rising college senior and am concerned that my Facebook photos (which chronicle my life since the prom) will come back to haunt me as I begin to seek employment. I have my privacy settings set so that only friends can see personal information and photos. How then can future employers uncover these pictures?
— Class of 2011
Mr. Ohm: If you’re using Facebook’s privacy settings properly (a big if, given the bewildering complexity of Facebook’s privacy controls) and if you remember to restrict access not only to the photos you post but also the photos posted by others in which you’ve been tagged, you’re probably not likely to be found by someone conducting a casual search.
As time goes by, however, keep up with the latest privacy protection techniques, as Facebook has a track record for changing the way it handles privacy. And even if you’ve mastered Facebook’s privacy controls, don’t forget that your friends can repost your photos onto the broader, more searchable web. Might the media be partly to blame for this blurring of private and public, and if so, might they also be part of the solution to the problem of the web’s forgetting? If journalists (both mainstream reporters and bloggers) agreed not to publish stories about non-public Facebook status updates and photos, they could help establish a new norm of privacy. This small step could meaningfully improve privacy because the easiest way for a secret to slip from Facebook to Google is when someone republishes it on the web.
Alas, the trend seems to be heading in the opposite direction. It is becoming common to read reports about the “news” coming out of non-public Facebook status updates. Why is a Facebook status update news? And given how the simple act of republication carries private information into the public sphere, shouldn’t the media think about curtailing the practice?
July 27, 2010, 3:46 pm
Part II: Answers to Questions About Internet Privacy
By THE NEW YORK TIMES
http://bits.blogs.nytimes.com/2010/07/27/part-ii-answers-to-questions-about-internet-privacy/?scp=10&sq=ReputationDefender&st=cse
Paul Ohm, left, and Michael Fertik. Michael Fertik, founder of ReputationDefender, and Paul Ohm, a law professor at the University of Colorado, agreed to respond to questions from readers in connection with The New York Times Magazine article “The Web Means the End of Forgetting.”
Below is their second and final batch of answers. In some cases, we shortened the questions and fixed typographical errors. Part I is posted here.
Q.Is there any legal recourse one can take if one mentions during an interview that they do have an existing social network page such as Facebook but states that it is private? Yet said potential employer violates that request, and does not hire the person. — MtV6
Mr. Ohm: I assume you mean that the interviewee tells the interviewer that the page is private but does not use Facebook’s privacy settings to restrict access to photos and status updates. In that case, the law probably wouldn’t protect the interviewee’s privacy, because his or her actions (or inaction) would speak louder than words. Saying that you want privacy is probably not enough if at the same time you fail to take simple steps to protect privacy.
This is only one reason traditional tort law (quick law aside: a tort is a private cause of action for harm. Personal-injury suits, for example, are often tort suits) can’t remedy most privacy violations. Privacy torts often draw a line between public and private, with private meaning secret. Anything said on Facebook probably falls on the public side of this line because users intentionally share their Facebook profiles with many other people.
Several legal scholars have argued that tort law’s secret/public line doesn’t make much sense on social networks. For law mavens who can’t get enough of this, I recommended three very readable articles by Lior Strahilevitz, James Grimmelmann and Lauren Gelman.
Q.What are some guidelines for acceptable tweets and status updates to prevent them being used against you? Obviously, sexual, racial (even comedy) and political comments might be used against, but what are lesser-known employer red flags? — Jake Miller
Mr. Fertik: As far as exercising good judgment in posting on Twitter, always ask yourself if this is something your mother would mind seeing on the front page of The New York Times. In addition to your excellent suggestions, I’d recommend that people be especially careful with commentary about alcohol and drug use if they work in a highly regulated industry, perform commercial driving or handle cash at work. And try to be positive and respectful online; an employer is far more likely to hire a positive candidate than one who uses Twitter to complain about everything or to insult other companies.
Q.How concerned do we need to be about comments we make to others’ blogs, particularly when we use unverified e-mail addresses, made-up names and locations? — HollyP
Mr. Ohm: It depends on who you worry might link your comments to you. The owner of a blog (in this case, The New York Times) almost always records your IP address, which sometimes can be linked to your identity. If the blog has previously given your browser a cookie, the blog owner can associate your comment to other comments you have made and, often, to other blog posts and articles you have merely read.
On the other hand, people other than the blog owner will probably never know that you are the author of a particular blog comment, unless they can persuade (or force, for example with a subpoena) the blog owner to share the tracking information. To use Jeffery Rosen’s example in his article “The End of Forgetting,” prospective employers searching the Web for information about job candidates are unlikely to unearth pseudonymous blog comments.
Q.Why is it legal, for instance, that AnyWho.com is allowed to provide links where people can pay the private phone company to learn more about me and see all of my public records? — ReaderX
Mr. Fertik: Under U.S. law, we’ve all been opted into a data-collection regime whether we like it or not. Current law has been interpreted (I think in some ways incorrectly) to allow nearly any use of data once it has been collected. This extends to uses that seem like security and privacy threats; like a site that lists your name, address, phone number and even your credit information and family background. Some data sites allow users to opt out, but it takes hours to find each site, follow their procedures and verify that the opt-out was processed correctly. Some sites also automatically repopulate their databases, so users need to continually recheck to make sure that they stay out of these databases.
This trend of instant access to all our most intimate details pertains not just to government records but also to online media businesses, too. It is fundamentally impossible to run a media company in the digital age and care deeply about your users’ privacy. Why? Because the only thing you have to sell are details about your users! The more you collect, the more detailed the profile you can sell to advertisers and others.
Before anyone concludes that the online privacy issue is just about digital advertising, believe me that it’s not. Some bits of data may appear to be innocuous on their own, but can be revealing when combined: one group of researchers was able to identify people’s names (and sexual orientations!) based on their Netflix movie rental history, and another was able to guess more than 10 percent of United States Social Security Numbers based only on a volunteer’s date and place of birth.
The European Union has more powerful data-privacy laws that could serve as a model for reform. Residents have the right to view and correct any personal information that companies have collected. It also prevents the transfer or sale of personal information to third parties unless the resident is informed and given the opportunity to block the transaction.
Q.My motto is if I don’t want it on the front page on The New York Times I don’t post it. How can we educate children and teenagers to be more cautious? — DrummingDiva
Mr. Ohm: Although I agree we should all think twice before posting anything online, I don’t like relying on self-censorship alone to solve the Web’s memory problem for at least three reasons. First, part of what makes the Internet the dynamic, dizzying, interesting communications medium it is, is the way it lets us try on masks and personas, to act differently than we do offline. It would be a shame if the fear of losing a job forced us to make “a subtle yet fundamental shift in the content of our character, a blunting and blurring of rough edges and sharp lines,” to quote a Georgetown law professor, Julie Cohen.
Second, the example of Stacy Snyder, who was denied a teaching degree because of a MySpace photo, demonstrates that even things we say online that don’t seem terribly outrageous may come back to bite us in ways we don’t expect, particularly given the way the Internet removes the things we say and do from their surrounding contexts.
Third, as I have written, even seemingly benign, uninteresting facts about ourselves can be used to expose our deep, dark secrets. For example, a motivated, tech-savvy enemy who knew a little bit about my movie-watching habits might be able to study the movie ratings posted at Amazon.com or IMDB.com to unearth the pseudonym I use online. Because people tend to reuse their pseudonyms, my enemy would be able to learn things I had said or done on other Web sites, perhaps including things I wanted to remain secret. It isn’t just the embarrassing or sensitive things you say that can cause you to lose your privacy online.
Q.How secure are privacy settings on Facebook? For instance, if my information is blocked to all who are not friends, is it possible for those whom I am not friends with to get at that information? — Chrissy
Mr. Fertik: It is important to remember that none of your settings control what information other people post about you. If a friend posts a picture of you using drugs or exercising poor judgment, then that photo will be distributed as far as your friend’s privacy settings allow. If your friend has her privacy set to “friends of friends,” then photos could be visible to hundreds of thousands of people. And, if your friend has her privacy set to “everybody,” then the whole world can see it. The same goes for status updates, videos, applications and more.
Even if your settings are secure today, Facebook has been heavily criticized for changing its privacy options with little advance warning to users. Simply put, it is unwise to assume that any social media company really has its users’ privacy interests at heart. Each of the most recent rounds of “updates” to the company’s privacy options has tried to set the default privacy option as sharing more information than most users shared under older privacy settings. There is no reason to assume that trend will stop.
Q.I am an attorney. Someone with my exact same name is an actor. That actor has apparently offended someone who regularly posts attack videos and statements against my namesake. What, if anything, can I do about it? — Same Name
Mr. Fertik: I hear stories like this all the time: people have worked hard to build their reputations, only to find that somebody else with the same name (a “doppelnamer,” if you will) has ruined their shared name.
This is a case for which you want to make it as clear as possible that you and the actor are different people. You need to build positive online content about you that explains who you are and makes clear that you are not the person who has been attacked. One simple trick is to start using your middle initial (or even full name) in as many places as possible, assuming you and the actor don’t share the same middle name, too. Your chief goal should be to own as much of Page 1 of Google as possible so that the confusion doesn’t even occur in the first place.
If the attacks are mild to moderate, you may be able to make a difference just by creating several positive profiles about yourself that make clear that you are an attorney and that you live in Cherry Hill. Sites like LinkedIn are great for attorneys since they are perceived as professional, show up well in search results and allow you the chance to describe your background.
If the attacks are severe, you may need to confront them head on and add a disclaimer to your profiles that says you are not an actor and have never lived wherever your doppelnamer has achieved notoriety. You may also want to consider starting a Web site at a domain that contains your name in the URL (like John-Smith.com or Jane-Smith.com) that displays positive information about you but also includes a small clarification that “if you want to reach the actor by the same name, we are separate people; visit his Web site at www. …” This is a subtle and polite way to emphasize the distinction.
Q.How can I make a negative article about me disappear from search results? The article was published by a well-known magazine eight years ago and still shows up at the top of search results. I sued a former employer.
— Concerned
Mr. Fertik: This is a perfect example of how the permanent memory of the Internet has chilled legitimate behavior. Whistle-blowing is a good thing that might become endangered because of the Internet.
Short of changing the law (which I’m in favor of), the best thing you can do is to stand up for yourself in this situation. Build positive content about yourself that will highlight all your career achievements over the last decade. Because you are competing against a popular magazine, it will take particularly powerful content to displace it from the top of search results. It’s a long, hard slog to try to move this kind of link. But it is not impossible. Make sure you create a personal Web site with your name in the domain, and then try to link to it from as many other sites as possible. You will also want to create profiles on popular sites like LinkedIn that often appear high in search results.
Q.How do you see the context of our sharing changing over the next five years? — heady
Mr. Fertik: The short answer is that more and more will be shared unknowingly, unwittingly and unwillingly. Google and Facebook are racing to be the first to offer truly “personalized” search that is tailored to exactly fit your interests and your peers’. This will highlight information you engage with. For example, if you are very pro- or anti- on some position, the technology will continue to feed information with the same perspective. Many scholars have discussed the impact of digital confirmation bias on politics, but the impact on reputation will also be huge: it will become harder and harder for victims of falsehoods and smears to present a contrary rebuttal.
Social search will also worsen other problems. These sites will need to collect a tremendous amount of information to personalize your search, even to the level of tracking every search term you enter and every link you click. Also, increased search personalization will create a greater appearance of reliability. I use the term “Google Truth” to describe the way that people view Google results as reliable or authoritative.
Facial recognition is also going to change everything. Google and other search engines will piece together isolated observations to make a complete picture of your life. Imagine a world where anybody could place a camera outside a store (or a strip club, abortion clinic, gay bar or anywhere else) and instantly get the name of every person who walks in? The results are frightening if you add cheap digital storage, instant digital distribution and powerful digital search. Imagine Googling your name and finding a list of your most recent nights out? The power of facial recognition and the resulting reaction will be a huge fight in the next half decade.
vBulletin® v3.8.4, Copyright ©2000-2012, Jelsoft Enterprises Ltd.