10 December 2009

Facebook users beware...

Another day, another Facebook story in the news. Today Facebook has finally rolled out its new privacy settings for all its users. Before the global roll out of the privacy settings, Mark Zuckenberg of Facebook, introduced and explained the new privacy settings to its user via an open letter. According to Zuckenberg, the aim of the new privacy settings is to simplify the latter to users, no doubt, with a view to making them more accessible and less confusing to its users following many complaints including the one from the Canadian Privacy Commissioner.

Hence the new privacy settings are supposed to be clearer, easier to use and more effective at protecting the personal data of Facebook users. However, as rightly pointed out by the EFF, the new settings push users to share their information further. For more on this, see the illuminating article from the EFF which has links to further information.

9 December 2009

If you thought that only your friends/network could read your status updates, then you will soon be wrong!

It has been reported today that both MySpace and Facebook have signed a deal with Google which will allow its users` publicly available status updates to be fully searchable on the search engine. Google has a similar agreement with Twitter and it is reported that the new agreement with Facebook and MySpace will go live in a few days.

This is a very worrying development for MySpace and Facebook users who have had no say in this matter and will now have their status updates fully searchable and visible on Google to all and sundry if they have not changed their default privacy settings. Past research has shown that most Facebook users use default privacy settings (rather than higher ones) which means that their accounts are fully visible to the rest of Facebook users in their networks. This new deal will also mean now that their updates will be fully indexed and searchable via Google. Cyber Panda thinks that in the new few days, Facebook/MySpace users as well as privacy bodies will raise the alarm bell which will force the companies to either rethink this deal or provide more protection for users` data.

i2015 or the New EU Digital Strategy

The New EU Digital Strategy which is currently being shaped by the EU will put consumers at the core of i2015, the EU`s action plan for digital economy. In effect, this means creating a consumer-friendly single market for online services.

Relatedly, the new incoming Spanish EU President is also shaping his digital agenda which is rumoured to make the use of VoIP mandatory on mobile handsets. If this does happen, it will no doubt have a significant impact on traditional telecom service providers as well as on principles of net neutrality. i2015 should be delivered in spring 2010 so not long to go now before we can ascertain its detailed contents.

26 November 2009

Wikipedia`s spiral of death?

Dear All
Yet again, the doctorate has taken over my whole life leaving with not much time to blog anymore!! However, now that things have slightly calmed down, I will try to blog more frequently. The operative word being try!!

An interesting research has been carried out by Ortega on the fall of the number of editors of Wikipedia and the reasons for such fall. He also predicts that this worrying trend is likely to continue. The Times also reports some infighting between Wikipedia writers which may also explain the downward spiral in the number of editors (alongside lack of time and reaching saturation point in terms of articles). It will be interesting to see how Wikipedia fares for the next year and the implications if the downward trend continues. It could also be that this research provides an added bonus for either more volunteer editors or for existing ones to contribute more if the main reason for the downward spiral is lack of time.

23 June 2009

A new blog is born: FBHive!!

CyberPanda is loving the new blog FBHive which deals with all things related to Facebook: the news, the rumours, and the controversies!! And this new blog has started with a bang as it has disclosed a major security flaw which enables any user to access the basic information of other users even when such information has been protected by its owner (via privacy settings). Amazingly, the blog reports that it took Facebook 15 days to deal with this issue!!!

The flaw has now been fixed but you can still see how it could have been done in the past by checking out the FBHive blog. Amazing footage!!! As a security expert from Sophos has noted, what is worrying is that such a flaw existed and that users` data have been at risk for an unknown period until the flaw was fixed. In addition, users do not whether their data have been 'hacked' into by any other user in this manner. So many privacy issues are raised by this latest Facebook related issue.

22 June 2009

From Digital Britain to Twitter.

It has been a long time since CyberPanda has written a post but she has been trying to put together a massive chapter and hence the prolongued absence.

However these past few weeks have been full of technology-legal news: where does one start? The UK Digital Report has been published last week attracted some criticisms regarding its proposals which many view as just not being enough.

The world has not been the same since the Iranian elections and the elections have rocked the world of Twitter as the latter has become a very important forum of exchange of information and views on what is currently taking place in Iran. Many Iranians are able to tell the world what is happening via Twitter and this is becoming even more important with news today that the BBC`s correspondent in Tehran has been asked to leave Iran and other alleged reporting restrictions.

Finally and on different note, the alleged cybersquatting of Facebook`s newly launched username option where third parties are alleged registering the names of well-known persons with a possible view to reselling those at a later stage.

CyberPanda will definitely try to post more often in the future!!

25 March 2009

Proposals for monitoring social networking sites

There is an outcry today by privacy activists about the government`s proposal to monitor social networking sites such as Facebook and Bebo. Under the proposal, the details of users of such sites will be kept in a central database which is operated by a private company.

The Government is quick to point out that it is not interested by the content of the exchanges passing between users. However, it is not clear what safeguards it will put in place to ensure that the content per se is protected from such monitoring. However, and perhaps more crucially, it still does not deal with the objections related to the use/storage of personal and sensitive data by the Government. The Government justifies this proposal on the grounds of enabling the police and security services to keep up-to-date with the technological advances. However, it seems that the proposal does not contemplate imposing conditions for monitoring such sites (e.g. a minimum threshold before the details of a user are deemed to qualify for monitoring). Under the current proposals, the Government seems to be asking for a 'blank cheque' liberty to monitor all the data of all users of social networking sites which is not commensurate with the alleged security interests.

22 March 2009

Of blurring technologies and mapping technologies

The launch of Street View in the United Kingdom was never going to be a quiet affair. Beyond the usual fanfare of publicity and the slogans presenting it as the thing we need most, Street View was also going to attract a lot of issues related to protection of privacy of the individuals who are captured on the displayed images.

Hence it does not surprise CyberPanda in the least that Street View had to pull some of the displayed images after receiving a number of complaints from the individuals who were shown in those images. The images captured a lot of moments deemed to be private as an individual entering his home or individuals being arrested. Street View acted promptly and removed the offending pictures as soon as the complaints were received.


However the real issue is why such pictures were deemed fit to appear on the website in the first place. It is surely obvious to any data controller that such pictures will infringe the expectations of privacy of those captured in the images. To be fair to Street View, this situation is not entirely its fault. Other equally important actors are involved, namely, the Information Commissioner and legislators. The Information Commissioner gave the go ahead earlier in 2008 for such web sites to used images deemed to be private as long as identifying features as faces or registration plates were blurred. However, what the IC has failed to recognise is that the use of blurring technology is not sufficient on its own to displace the expectations of privacy of captured individual who can still be easily identified by his/her attire, location and other seemingly innocent but yet incriminating information. Finally, the notion of reasonable expectation of privacy is not easily protected in the UK when it comes to such websites as the legislators and policy-makers are yet to decide on when virtual spaces are private or public. The challenge of course is to determine the boundaries of such a divide which is not an easy task in cyberspace in any event.

Disclaimer: The image used above is subject to the intellectual property rights of third parties. Click here to view the image in its original context.

3 March 2009

Another week where Facebook is in the press for the wrong reasons...

Another week and Facebook is yet again in the news for all the wrong reasons. It has been reported by BBC News that Facebook has been hit by five different security attacks in the past 7 days. The aim of these attacks have been to access the personal information of millions of Facebook users and resale them to third parties as commodities for various purposes including fraud and identity theft.

The attacks were concealed in what are commonly known as 'rogue applications.' This brings to light yet again Facebook`s worrying practice of not vetoing third party applications before they are published on the site. As a matter of fact, any individual can create an application and publish it on the site. S/he, then, has access to all the personal data of all the users of Facebook, irrespective of whether or not the users have subscribed to the application. Facebook justifies this practice on the grounds on 'open source,' namely, any user should be able to participate in the Facebook both as a user and as a developer of applications. However, this only serves to highlight the problem of the concept of open source or creative commons. The unfettered and unchecked proliferation of code by net users in such websites not only threatens the fundamental rights of other net users but also, and more importantly, yet again highlight the increasing risk posed by a regulatory framework which is based on technological determinism.
Disclaimer: The rights to the image used above belongs to a third party. The original image can be accessed here.

22 February 2009

Another Facebook row...

The Facebook row this week has been a very well documented one. Facebook changed its terms of service earlier this week. The new terms in essence gave to Facebook wider control over its use, storage and dissemination of the personal data of its users. The change was met with a general outcry from its users (who formed a group on Facebook called "People against the new terms of service" which had over 90, 000 members within a day) and privacy watchdogs (e.g. Electronic Private Information Centre). Facebook initially resisted the complaints but eventually reverted to its old terms of service, whislt considering the nature of the complaints raised.

The danger with online communities being regulated by such contractual arrangements as terms of service is that such system of governance does not have the usual checks (e.g. fairness, proportionality, transparency etc) which are present in centralised governance system (e.g. law). However, most online communities are regulated by such contracts to which the user has to agree before being able to become a member of the community. In most cases, the user agrees to these terms without being aware of the nature of the terms they are agreeing to. The rapid upsurge in such systems of decentralised governance in online communities raises significant issues of legality (e.g. unfair terms, lack of notice etc) and privacy (e.g. user agreeing terms authorising data processors to process their personal data in any way they see fit). It is vital for the survival of online communities for such concerns to be addressed by a system of governance which follows the principle of the rule of law and due process.

20 February 2009

A case against Google Street Map? Or a case of DIY?

Many avid followers and readers of CyberPanda have complained about the lack of posts recently. So after a period of (unwanted and involuntary!) silence due to having only 12 hours in a day (how is a doctoral student suppose to stumble on a good idea with only 12 hours in a day!!), CyberPanda is back and will try to maintain more regular posts!

Some breaking news all the way from the Silicon Valley, where the US Courts have dismissed a case against Google Street View. The Plaintiffs sued Google Street View on various grounds including breach privacy and tresspass, following the publication of photos of their home by the mapping program. The Courts took the view that the Plaintiffs did not successfully prove their case in this instance. A factor that weighed heavily against the Plaintiffs was the fact that they did not take advantage of the self-help remedy that was available to them, namely, removing the photos from Google Street View. This is an interesting ruling which seems to judicial endorse the use of technological measures (as removal tools) as self-help measures for the protection of privacy interests in cyberspace. Hence it may be the case that net users will not have actionable causes of actions if they fail to use available self-help remedies. It would be interesting to see what the position would have been, had the Claimants availed themselves of the self-help remedy and still claimed damages for invasion of privacy.