Skip to content

Facebook, Social Networks and the Need for RIPA Authorisations

This is an excellent summary of the connection between the Data Protection Act and RIPA (Regulatory Investigative Powers Act).
Note that I, and many like me believe RIPA should be repealed as a piece of legislation that fundamentally undermines our human rights. However at least there are some positive elements that can be taken out as seen here. A lot is to do with interpretation and emphasis which this article highlights.

Blog Now

canstockphoto12584745Increasingly local authorities are turning to the online world, especially social media, when conducting investigations. There is some confusion as to whether the viewing of suspects’ Facebook accounts and other social networks requires an authorisation under Part 2 of the Regulation of Investigatory Powers Act 2000 (RIPA). In his latest annual report the Chief Surveillance Commissioner states (paragraph 5.42):

“Perhaps more than ever, public authorities now make use of the wide availability of details about individuals, groups or locations that are provided on social networking sites and a myriad of other means of open communication between people using the Internet and their mobile communication devices. I repeat my view that just because this material is out in the open, does not render it fair game. The Surveillance Commissioners have provided guidance that certain activities will require authorisation under RIPA or RIP(S)A and this includes repetitive viewing of what are…

View original post 1,108 more words

The Connection between Trust and Privacy in Social Networking

At Krowdthink we have spent a long time trying to determine the answer to this question.  The answer is that no-one should really trust any online service completely because no-one can guarantee security of your data.  However that does not undermine the value in building a company and product that aspires to being trusted.  Trust is the missing component in our online engagements today – especially in social networking.  Is our social network persona who we are in real life?  Of course not – in the same way who I present myself as down the pub having a beer differs to whom I present myself as at work.  But social networks in particular are building profiles of us that go deeper than what we present and are capable of determining our psyche over time, really determining who we are – empowering the commercial entity behind the social network with valuable insights to sell on – usually via advertising – except as soon as we click an advert we have confirmed that we meet that profile.  That’s scary….especially as we don’t know who received that insight about us nor how they plan to use it.  Lets not also forget those profiling us cannot guarantee the security of the data being held on us either. There is good reason why a hacked Facebook account sells for between 3 and 6 times more than a hacked bank account.

So what’s the role of privacy in achieving a potentially trustworthy (note not trusted) social network?  To answer that you have to get into how privacy is managed in our daily lives, online or offline.  It is ultimately about control.  Control of what information I share with whom, when and where. Its an understanding that those with whom I share information can in turn be trusted and to what extent – and its also about knowing I can visit a recourse (tell them off, dismiss them as a friend etc) upon someone who violates those implicit bounds of trust that were given when information was shared, with both parties knowing this and consequence for both then motivation is in place to ensure appropriate use of information shared.  In social networking terms – the right to delete is that power of recourse, or in other words a mean to remedy when data shared is used inappropriately by the social network service provider (data = profit for the social network business models du jour), or that I wish to change that information posted because it no longer reflects who I am.

But there are other issues – the issue of meta-data is the main one – when engaging online I leave clues as to who I am that have little to do with the content I post.  When I connect, with whom, how often, who else is involved in the conversation etc etc.  All this provides insights if its recorded, insights we are somewhat unaware are being collected.  So a trustworthy social network would minimise this information.  In fact in general data minimisation is the only defence against the hacker – store the least data needed to deliver the service to the end user. Make other social networks more interesting targets. Basically make the security walls high and the value of whats on the other side as low as possible.

In taking our social network into locations, we push the boundaries of what people will entrust to the social network service provider.  In places the digital connection is more real – and because of that more private than the virtual cloud world most social networks live in.  It is thus incumbent on any localised social networking service provider to balance the equation of trust though greater efforts to be worthy of that trust.

There is more to this trust model though – see our Trust Pyramid here http://krowdthink.com/privacy.php . For more insight listen to the Privacy Piracy Interview with myself on KUCI radio (www.kuci.org) 20th April 8am PDT (USA), 4pm BST (UK) and 5pm CET (Europe).  KUCI will also make the interview available as a podcast after the event.

The Dirty Little Secret of Event Apps

No one uses them.

Ok not quite true. But no-one has cracked the code of regularly getting more than 50% of event attendees to download and populate their apps for use over just one day. Doesn’t that statement itself not highlight the issue though? Really, do we think attendees or delegates will do that? Clearly a whole events industry does – there are literally hundreds of event app companies.

Here was our insight. These event app companies were targeting the event organisers as their customers. No wonder we don’t end up with something attendees are delighted with. You cannot serve two masters with an app – an app has to be simple and deliver immediate utility.

So what’s the common ground between what an attendee wants at an event and what an event organiser wants? In simple terms any event is successful if it achieves two things for its attendees:

1. Great content – whether that’s awesome conference speakers or a perfect set of high profile competing exhibitors.

2. Great Networking – Attendees want to meet other attendees with shared interests or representatives of companies that can solve their issues.

Maybe an app can signpost the great content. But unless you have a very large event such active signposting is limited in value in an app. A website does that perfectly well – just make your website mobile friendly. (We can talk iBeacons etc another time).

However, no matter the size of the event, attendees always expect to find other people who add value in attending the event. Its why even at the smallest event we have name badges with our company name and sometimes a printed list of names and companies at the event. For me, I learned early – networking at events was THE reason for attending…I can get great content online so easily. You cannot beat the face to face meeting for validating the early start and the long day out.

Now this is the sort of thing an app can do – it can make the event networking a breeze. So how should it do that?

Well first and foremost – lets deal with the very first issue we raised – it should be one app for any event or location, so that I, as an attendee, only have to learn one app. This also means that as I invest in content in the app it goes with me to the next event and the next. So it should contain a means to document my interests and share them with those around me. It should enable a event/location based discussion forum – no more Twitter hash tagging for which I have no way of knowing whose tweets are from people here now that I can network with, and whose are from some commentator half way round the world. If they have something to say about whats happening right here right now, then it might be the spark that makes me want to network with them…to meet them. This also means I need a private way to message them, to initiate personal contact.

But of all these things, perhaps its discovery thats most important – the ability to discover who is here right now, what they are currently interested in and why I may want to meet them.

This is the Krowd – one app, any event – Discovery, event/location forum, personalisation of content to present who I am, and private one to one messaging. A tool to do one job – enable networking and introduce professionals to each other.

Even better when the app sets new standards for privacy and security. No location tracking, no profiling, no intrusion into my privacy at all. It puts the attendee in control because its a product for them. But the event organiser benefits because his/her attendees have a great networking experience, they all engage in the mobile app, again and again, event after event, bringing more and more personal value to event after event. Even better – its free. And no admin setup – we use clever co-location software to auto-discover who is on your event Wi-Fi (so the Wi-Fi access becomes the event organisers management tool), so no need to register for the event in order to network – just turn up and login to the Wi-Fi. Exhibitors and conference speakers can prepare event specific profile updates to ensure attendees gain immediate value too. And those exhibitors and speakers take that investment to the next event and the next – promoting where they have been before. And if they make connections at one event – they’ll get flagged when those same people are at the next.

An event app for attendees that makes your events amazing.

Why pseudonymity is important for the Krowd

When we are in a crowd, most people around us are strangers, in effect they are anonymous to us in terms of their name and who they are.  Yet we already know things about them, simple things like the fact that they are co-located with us, and because we are in the same place, perhaps we have similar interests (the band we are watching, or perhaps we work for the same business).  When we see them across a crowded room we may know their sex, physical description, maybe their ethnicity and, from their clothes, maybe even a bit about their background.

The Krowd seeks to duplicate this sort of anonymity in a crowd, but in a digital and mobile phone context.  So you can expose a part of your profile consistent with the place you are in (your business profile, sports profile etc) and in effect create a digital perspective of who you are in a crowd. While in large crowds this enables digital introductions whilst preserving your anonymity.  It enables you to use the phone in your pocket to look around you and potentially find more people of like mind, similar interests or goals, rather than just those that through happenstance you meet because you stood close by.

This is why we believe in pseudonymity – the use of a false name to provide anonymity.

You can of course use your real name as a Krowd handle, but we advise against it.  We’d also advise having a unique Krowd handle, in other words don’t use your Twitter handle unless you really want others to have the potential to link information about you.  Remember in the Krowd we seek to give you the privacy and control of your data that the vast majority of other apps and social networks seek to collate in order to profile you.

Delete should mean Delete!

The reasonably tech savvy amongst us have learnt that on our PC delete does not mean delete, it means the file is in the trash and is not deleted until the trash is emptied.  However the really tech savvy know that even then the data is not deleted. Instead the pointer to the file data is removed and so that data looks like its deleted.  The computer then marks the file area on the disk as unused, and eventually it may get overwritten and thus destroyed and thus really deleted.  This is why tools like undelete can recover files you thought you had lost – especially if you undelete soon after you deleted them and emptied the trash.

But the world has moved on – now most of our data is in the cloud.  In theory we’d expect that delete in the cloud works the same as delete on a PC.  WRONG.  It seems that our legal friends allow delete to be used an app function when in fact it does not delete the data at all, not even like on a PC.  Instead, in many cloud systems, all delete means is that the data is no longer visible to you or the other people it was previously visible to.  In fact the data is often a very active part of the cloud system; its in use by the app or service provider still, often so they can use it for analytics, marketing or other money making services.  In short, once the data is shared it effectively belongs to the person you shared it with.  Only those savvy enough to read and understand the legal documents can usually discover this.

So why is this?  The key is ‘ownership’ – while the legal guys often use terms that imply you own data, or even copyright in some cases, what you may not know is that you have also signed up an agreement that states the company whose service you use has an irrevocable agreement with you to use all that data – forever.  What they don’t say in clear terms, which kind of shows their dishonesty – is that you can NEVER delete the data you shared, explicitly or implicitly (the meta-data about how and when you used their service).

This is why we at Krowdthink are striving to give our users true effective ownership of all their data in our social network.

 

Why the Right to Delete is so important Online

We all instinctively know that when we connect to websites and use online apps that some data is being collected about us.  Sometimes we explicitly know what that data is from forms we filled in, but in reality it’s what we do online that tells the most interesting tale of who we are.

What we spend time reading, what we skip past, what we click on, what we respond to – all this information adds to a profile about us and it can be extremely detailed – see this 60 Minutes TV story: The Data Brokers: Selling your personal information – http://cbsn.ws/1lLp5Zh 

Most people think that this information is just used to target adverts, so what’s the problem?  Unfortunately they are wrong, as the 60 Minutes documentary highlights, in the US in particular, huge corporates collect more and more data about your online activities and analyse it to create a view on who you are, your interests, habits, who your friends are etc, they then sell this data on to anyone willing to pay, which includes insurance companies for example, who want to know more and more about how much of a risk you are.  The trouble is, this profile collation is unregulated, cannot be tracked and you cannot review it for accuracy.  So a bit like a gossip who gets a bit of a story wrong because they only hear one side of the story, these data brokers don’t really know how accurate their profile of you is.  It only takes one inaccurate bit of data to end up costing you dearly.

Now of course this business will eventually be regulated….but as 60 Minutes highlights, governments love this Big Data too.  They are a customer as much as commercial entities, and as such it’s very empowering for them, so they are not exactly highly motivated to give you the consumer the right to control this data.

Even if you take care about reading privacy policies on websites and apps (I do), you’ll find that the business model du jour is build it, collate as much user profiles as possible then decide what the business model for making money is later on. In short you do not know how the data you share will be used when you engage with a company – and by the time they decide, you are committed.  Even if you make a choice to stop using that service or use a more privacy conscious  competitor service, the business still owns all the data they collated about you and can sell it on, usually years worth, by which time you may feel it’s too late, you are hooked in so you may as well continue.  This is the pernicious culture the business model of the internet today cultivates.

So what to do?  In our opinion at Krowdthink, the most empowering thing that can be delivered to consumers is the right to delete.  Specifically you should have the right to delete any specific piece of information about you, or indeed all the information collated by a business or service.  This requires transparency of what information is held by a business or service.  Its your data so why can’t you see it?  Except of course it isn’t your data – the legal structures of companies like Facebook make it clear, every bit of data you share with them, every interaction, is owned by them to use commercially. This is why at Krowdthink we are creating an innovative legal structure to  guarantee that your data belongs to you.  As soon as you make that step in your business process, the right to delete follows as a natural consequence.

If we can set an example in social networks about how data can be used to deliver a service and still empower the end user with complete control, we can reverse the  data collection and ownership culture of Big Data businesses. Empowering consumers with the right to delete is the only way we can reverse the current pernicious Internet business culture that so disempowers us as consumers and users.

The EU has been seeking to add the right to delete to the Data Protection act, it’s being strongly fought by Google, Facebook and others because it undermines the core of their business.  We suspect if the right to delete is ever legislated it’ll be so watered down as to be meaningless.  But this does not stop innovative companies delivering this empowering capability to end users.  It’s Krowdthink’s mission and when we launch the Krowd you’ll see it in action.  It’s time to take back control of our data online!

A Day in the life of ManInTheKrowd

It’s a bright crisp autumnal morning and ManInTheKrowd leaves for work at 6am to catch his train. It’s packed as normal and it’s a job to get a seat, but he eventually gets settled for the hour-long journey.  He sets his Krowd persona to Social and connects to the Krowd in the train using their onboard Wi-Fi service. The journey to Birmingham passes quickly as he browses the persona’s of people in the Krowd, chats with a few regular early morning travelers like himself, people he follows who he can see are on the same train as usual. He picks up their persona updates about what’s been happening with them recently and comments on KarenKool’s Krowd Blog (Klog) entry about a local restaurant she went to last night, asking if the service was as good as the food.  JoeB broadcasts that he’s starting a new job today at Big Corp and he gets a load of congratulations and a couple of introductions from people who work at the same office, although someone called Madfly says something unpleasant. A quick review of their profile indicates a lot of people ignore Madfly, and ManInTheKrowd adds Madfly to his ignore list too.

ManInTheKrowd needs to get his wife a birthday present in a couple of days time, she has raved about a couple of fashion designers recently and he noted them down in his retail persona. While on the train he updates his retail persona search tag and Klog (Krowd blog) with a couple of ideas of what he’s looking for.

Upon leaving the train station in Birmingham city centre he sets his Krowd persona to retail. As he walks through the shopping centre a few of the shop assistants take the opportunity of the early morning quiet time to browse the Krowd, thanks to Digital Birmingham’s deployment of free WiFi throughout the city centre. One sees ManInTheKrowd’s retail search tag about fashion accessories and his latest retail Klog entry stating he’s looking for a birthday present for his wife.  She sends him a comment that her shop has a beautiful Orla Kiely handbag at a knockdown price.

ManInTheKrowd enters the 10 story office block where he works for a small company of a dozen or so people in a shared office facility.  He sets his persona to business as he enters the building.  No one here needs to know he’s looking for a birthday gift for his wife or what she likes.

The office management company uses the Krowd as an easy and secure way to connect all the people in their office building socially, both workers and official visitors. GreatOfficeAdmin has updated his business Klog to let everyone know that they are trialing a new sandwich supplier in the cafeteria this week and encourages everyone to try them out.

ManInTheKrowd can see everyone in his company has arrived for work except LaidBackLarry, he’s not in the local Krowd list.  That’s par for the course, but he sends him a personal message just to see if he’ll be in the office in time for the 9.30 sales meeting. He responds to say he’s stuck on the motorway…again, but won’t be more than 10 minutes late.

GreatOfficeAdmin , as efficient as ever, broadcasts a reminder message about the sandwiches several times leading up to lunch. So at lunchtime ManInTheKrowd goes to try them out and while in the café he checks his retail Klog and sees the new highlighted comment about the handbag.  That’s useful, he can nip down there straight away, and he messages them to check its still there and gets a confirmation. The handbag is perfect and at just the right price.  After he has bought it he deletes his Klog entry and changes his search tag.  He does not want to be contacted now he’s got what he was looking for.

In the shared office it’s always nice to meet someone new, especially from another company.  So when SandraD joins Acme LLC on the next floor, she introduces herself via the Krowd and Klogs about her business interests.  It just so happens she’s there to add consulting services on PR to Acme, just what ManInTheKrowd needs to help him launch his new product next year. He checks her business Klog and can see she worked for a competitor previously, that could be useful.

After work, ManInTheKrowd meets up with his friends to watch a basketball match, so he sets his persona to sport.  They decide to meet up in the stadium entrance hall. Except its packed, and hard to move, so getting together is hard.  Using the Krowd ManInTheKrowd can immediately see his friends are nearby, so they just message each other and decide to just get to their seats, but that Fred will get 6 pints of beer as he’s closest to the bar.

BasketCase is a sports statistics geek, and he continuously updates his stats in the Krowd via his sport Klog, highlighting to all in the stadium when Big Jock scores his record breaking one thousandth basket halfway through the match….and to add value, as he knows its coming, he snaps a great pic of that basket and shares it in his sports Klog with all those people who were there to experience that special moment, many of whom copy it to their Klogs to show their friends and family when they get home.

On the way home, on the late night train he rarely takes, ManInTheKrowd looks to see whom he knows in the local Krowd.  He still has his sports persona set, so CloudMan, someone he has often Krowd chatted with on the early morning commuter train, contacts him after seeing his Big Jock’s one thousandth basket pic.  It seems he’s a huge fan too but missed the game, so he copies the pic into his Klog. They get on well in the Krowd chat, and as the train is half empty, decide to meet up. The real-life CloudMan is a nice as his Krowd persona, so he is invited to ManInTheKrowd’s regular basketball group and a new friendship is made.

Sometimes it’s those instances of shared interest or experience that bring people together.  This is what the Social in Social Networks should be about, helping make real life connections with real people.