For everyone attending, please find below details on how to get there:

Bus: 21 or 60

• Bus 21 from Amsterdam Central Station, get off at ‘ Van Hallstraat’ (15-20 minutes) and walk towards the drawbridge that is the entrance to the park
• Bus 60 from Amsterdam Sloterdijk station, get off at ‘Van Hallstraat’ (10-15 minutes) and walk towards the drawbridge that is the entrance to the park

Tram: 10

• Tram 10 does not stop at any trainstation, but you can take it and get off at ‘Van Hallstraat’. Again,  walk towards the drawbridge that is the entrance to the park

Parking

Parking is always a little more difficult and expensive in Amsterdam. However, best spots to park are:

• Parking lot of old municipal building at Haarlemmerweg 8a. It is very small though and rates are 3 EUR / hour
• If there is no space at the parking lot, you can try street parking at the Haarlemmerweg or the levy at the Tasmanstraat, still at 3 EUR / hour
• Park and Ride from Amsterdam Sloterdijk is a cheaper option at 8 EUR / day
• And here is a map of all parking rates in Amsterdam, it might even be an option to park in Noord and then take the ferry to our house and walk from there to Westerpark

My thesis on ‘Privacy Risks for Users of Social Network Sites’ is almost finished. I am very happy with the research results and the founded insights that Social Network Sites do cause privacy risks for users, but that it is possible to identify these risks and design preventive measures. I did not want to withhold the summary of my thesis to you, so find it below.

Social Network Sites (SNS) are websites that allow users to upload information to a public profile, create a list of online friends, and browse the profiles of other users of the SNS. The websites have membership rules and community standards. Users disclose identity-relevant information via their profile to others. This information is either referential, directly referring to a person, or attributive, describing attributes to the data subject. Although most laws and regulations restrict the access to referential information, attributive information is not protected as such. However, the aggregation of large amounts of attributive information on SNS profiles poses new privacy risks.

Information spreads faster through a Social Network Sites than through a real-life network. Information might be disclosed to a group of people unexpectedly, because the digital information is easy copyable, can be stored indefinitely and is searchable.  It especially  harms users when information travels through different spheres, and ends up with people whom it was not intended for. 

Furthermore, Social Network Sites have financial incentives to generate revenues from the information users upload. The usage of most of these websites is free, and SNS have to make up for the incurred costs by generating revenues from the identity-relevant information of their users. The most common way to achieve this is to create marketing profiles of users and serve them with targeted ads. As SNS and their marketing partners obtain more information about their users, informational inequality arises. Because the SNS have more information about their users and users are not in a position to bargain about the terms at which they disclose their information, an architecture of control surfaces, leaving the users vulnerable to harms.

Indeed, digital files of users are maintained that try to resemble the real person as closely as possible. Other users can contribute to this profile by uploading photos or text about the users, often without the user’s informed consent. This raises serious questions about the user’s control over his own identity-relevant information and his ability to construct his own moral identity within a SNS. Because SNS also collect information from other websites, with or without the user’s consent, the user is restricted in his moral autonomy. 

A fourth reason to restrict access to the information is the prevention of information-based harm. Some activities that harm users need specific information on the data subject before they can be executed, such as a Social Security Number to obtain credit. Indeed, your address and current employer can be used to determine when you are not home and this increases the possibility of criminals breaking into your house.

The activities that harm users are grouped into information collection, information processing and information dissemination. This classification helps in identifying the specific activities that cause harm to users, and design measures to prevent these activities and the damage they cause.

The survey shows that there are three main privacy risks for users of Social Network Sites: Total Information Awareness, dissemination to wrongdoers and no control over your identity-relevant information.

Social Network Sites track the activity of their users on their own websites and those of their marketing partners. They are able to gather unprecedented amounts of secondary personal information on their users, sometimes even without the informed consent of the users. An architecture of vulnerability emerges when the government collects this information and uses it to control its citizens. A Dutch judge found the private profile of a SNS user public, because people can be added to the friends list easily. Studies for the United States government have shown that it is easy to collect data from public Internet sources as SNS and connect them to existing government databases. This could lead to the chilling of free speech with respect to political dissidents.

Because of the great amount of identity-relevant information, which disseminates easily through a Social Network Sites, this could end up easily with wrongdoers. Stalkers, bullies and predators use the attributive information on SNS to identify with their victim and use the referential data to contact them. The profiles of users combined with the ease of contacting a user make SNS a useful platform for wrongdoers. The information on the websites can also easily be used to damage someone’s reputation, and with the large amount of attributive data on SNS, it is not difficult to reverse engineer information needed to steal someone’s identity. Although there is no proof that these things are affecting all users of SNS, experts agree that they affect a significant amount of users and can cause great damage to the users.

Social Network Sites interpret the consent that users give when signing up for their services as a broad informed consent, which can be stretched to secondary usage. In reality, users have minimal information and no control over secondary use of their information, the selling of their information or the disclosure of their information to groups unwanted, by the SNS. Above all, others can post information about the user, which can only be deleted after the fact, if possible at all. Information is posted about non-users, but they can not delete this, unless they become members.

Conventional laws and regulations do not address these issues. Of the American tort laws, only the publication of private facts tort and the appropriation tort seem to address the problems mentioned above. However, it is hard to proof that the facts are private when a user posts them on a SNS profile and the monetary damage is in both cases difficult to measure. Social Network Sites violate many of the Fair Information Practices as set forth by the OECD and recognized by many countries. The usage of the information is not limited to the specified purpose and the processing of the information is  very covert. The privacy watchdogs in various countries do not have the right means to sanction SNS for violating the Fair Information Practices.

A more colloquial approach is needed. Harmful activities should be grouped into information collection, processing and dissemination and harm should  be defined by the four moral reasons to restrict access to identity-relevant information: information-based harm, informational inequality, information injustice and the inability to define one’s own moral identity. The activities that cause specific harms can be identified and constrained. It is recommended to design and start a policy development process in which relevant actors jointly identify preventive measures to minimize privacy risks for users of Social Network Sites.

With pride, I am announcing that Delft University of Technology will be hosting the conference on ‘Privacy in Social Network Sites’. This conference, which originated from a brainstorm I had with Jolien Ubacht from the ICT department at the faculty of Technology, Policy and Management at Delft University of Technology, long before I even went to the USA, will bring together scholars activists on Privacy in Social Network Sites. Speakers from the Netherlands, the United States of America and Germany will participate in this two-day event. Keynote speakers are Ronald Leenes, Jeroen van den Hoven and Milton Mueller.

Important Information:

Thursday October 23 and Friday October 24, room Alpha, Faculty of TPM.

Program: www.privacyinsocialnetworksites.nl 

Facebook event page: http://www.facebook.com/event.php?eid=22799667125

Register here, it is free: http://www.ethicsandtechnology.eu/index.php/forms/registration_privacy_in_social_network_site

Many scholars, media and bloggers have written about the case of Megan Meier.

As a preview of my graduate thesis, below you will find the analysis that I provide of the case in my report.

An example that shocked the United States of America and could be having severe implications for privacy in Social Network Sites, is the Megan Meier case. Megan Meier, a 13-year-old girl from St. Louis, Missouri, committed suicide just after a 16-year-old handsome MySpace friend told her “the world is a better place without you in it”. However, the 16-year-old boy was in fact a group of people who lived next door, and had created a fake profile. Lori Drew, the mother of a classmate of Megan, participated in this hoax. She got indicted for a violation of the Computer Fraud and Abuse Act (CFAA) on charge of conspiracy and three counts of computer breach, namely creating fictitious profiles, sending abusive messages and soliciting personal information from minors. Experts on Internet and privacy, that I have surveyed for my graduation thesis, agree that the damage from stalkers / predators and bullies on SNS could be very large for users.
Daniel Solove has a great collection of web logs about this case (2007d, 2007e, 2007f, 2007g, 2008c, 2008d), that specifically question the decision of the prosecutors to charge Lori Drew with computer breach and violating MySpace’s terms of use. If violating terms of use of a Social Network Site is considered a crime, many  people are criminals. Solove agrees with Orin Kerr that the CFAA is stretched too far by applying it to not abiding terms of service’s of a Social Network Site. Specifically, he mentions that Drew’s acts might be immoral, but not illegal.

If I analyze this case with the help of the framework that I have developed in my thesis, the exact cause of the harm and the omissions in the law become much clearer. It must be said that this analysis is not a legal analysis, but uses an ethical framework to identify the specific activities and harms. It is initially a descriptive framework, but it has normative implications when I identify the specific harms. In this case, three specific activities lead to harm, see table 1.

1. The disclosure of Megan’s profile ID made it possible to contact her. Without this information, it would have been impossible for the group around Lori Drew to contact Megan Meier and harass her. However, the difficulty in describing this as information-based harm, is that although this information was in this case used to harm the girl, it could also have been used in a benign way. Van den Hoven (2007) is quite clear about this: if identity-relevant information is insufficiently protected, it could  harm people. According to him, “[I]n information societies, identity relevant information resembles guns and ammunition.” I argue that because the contact via Megan’s profile took place on a very intimate and emotional level, this contact could have led to severe harms.
2. The information of Megan’s profile traversed from a youth sphere to an adult sphere, which contained Lori Drew. The involvement of Drew in the harassment is what most people find appalling. Megan’s contact information was now used not by a youngster from her age to contact her for benign purposes. This adult with malign pruposes could, considering her age, have harmed Megan more easily. But Solove asks in one of his posts: would people feel different about posting the personal information about the creators of the profile, if  these were also teenagers? I argue they would, because the transfer of information to the adult sphere and the involvement of a more mature person in harassing, especially appeals to our feelings of morality.
3. Finally, the woman and girl posted harmful remarks towards Megan on her MySpace profile. The information was uploaded by the group and collected by MySpace. This information, and especially the final remark, was posted with the intent to harm Megan. Solove states that it is hard to proof that these remarks lead directly to the suicide. However, it is very clear that the remarks were made to harm Megan and  therefore subject to information-based harm.

Table 1: Framework applied to Megan Meier case

With this analysis, I have showed that the specific harms in the Megan Meier case derive from the possibilities created by the easy availability of identity-relevant information and by the transgression of this information through different spheres.

In my thesis report, I will analyze 11 of such cases, which correspond with the privacy harms that the experts I have surveyed, identified.

References

On the second day of the conference ‘Privacy in Social Network Sites’, there is a round-table discussion with several scholars, privacy activists and people from the industry about Privacy Enhancing Technologies (PETs) in Social Network Sites.Tavani and Moor (2001) call this the ‘management of privacy’, unlike the ‘concept or privacy’ and the ‘justification of privacy’.  In an earlier blog post, I mentioned that the SNS industry seems to be catching up a little more with privacy, most notably in the announcement of SNS Genome to implement different privacy settings for various types of friends. This separation between social spheres could help user to disseminate information about the books they buy to their bookclub only, and not to their fellow employers.

However, there is a long history of Privacy Enhancing Tools that turned out to be Privacy Invading Tools. I argue that the group of Privacy Enhancing Tools is just a convenient name for all kinds of tools or instruments that supposedly give users better control over their privacy. But such a broad and vague definition does not make it easier to distinguish tools that really empower users from tools that are just proxies for data collection. Many privacy controls on Social Network Sites are presented as giving the user more control over their data, as if this is a great service by the SNS and really helps users get more control.  In reality, users gave all their identity-relevant information away to marketers, and are given a few controls to exercise some authority over the information they just gave up. They have given up most control, and in return, get a little bit back.

If we do not define what the activities exactly are that PETs specifically constrain, talking about Privacy Enhancing Tools does not help  us. To define those activities, the information streams in Social Network Sites need to be clear. If I opt-out of Facebook’s Beacon, my friends will not get information about my buying behavior on Facebook websites. But does Facebook still collect this information? Yes, they do, although they mention they discard it.

If information streams in Social Network Sites stay this unclear, the debate about users’ privacy and privacy controls is moot.

Resources

Today, I got quoted in the Dutch National Newspaper NRC Handelsblad. Read the Dutch article as you scroll down this post, but also, let me give you a short English summary:

A Dutch woman is convicted for libel because she called her ex-husband a pedophile on a profile on Dutch SNS Hyves. The profile was, and this makes the case interesting, set to private. The Dutch judge stated that even this private profile, only visible for friends, was public, because anyone who was a friend of the woman could see it. And anyone could become here friend, by adding her to their friends list.

In the article, I mention that in the USA, prosecutors and lawyers already use SNS in court cases. Earlier, I blogged about the case of Joshua Lipton, who was charged with driving under influence, see my earlier post. The journalist, Marie-José Klaver (check her blog in Dutch), also mentions the Electronic Privacy Information Center as my American host for my graduation research.

Then the CEO of Hyves says that the police can not copy information from Hyves, because that is in conflict with his Terms-of-Use. (This is a very awkward statement to make, as if Hyves’ Term-of-Use is not subject to laws that allow criminal investigations). He also mentions the new privacy controls they are publishing next week.

In response, I reply that although I do think that Hyves is working seriously on  these privacy controls, they still (like Facebook) allow third parties to access data of friends without their consent.

The article ends with Remco Pijpers, from the Dutch organization Stichting Kind Online (translated as: child online), saying that we in he Netherlands have smaller SNS such as Sugababes.nl and Superdudes.nl, which have 1,4 million members and even more lacking privacy policies.

Please follow the Privacy in Social Network Sites weblog on both the quote of the Hyves CEO that the police can not collect information from his website under the Hyves Terms of Use and a more in-depth analysis of the judgement that a private profile on a SNS is public in terms of libel and slander.

Acknowledgments:

Many thanks to Marie-José Klaver for approving the full post of the article on this weblog.

Currently, I am writing my research thesis on Privacy in Social Network Sites (SNS). I propose a framework for structuring the analysis of SNS and especially the privacy harms that could occur through the use of users’ information.

Two of the most influential papers in my respect are Daniel Solove’s ‘A Taxonomy of Privacy’ and Jeroen van den Hoven’s ‘Privacy and the Varieties of Moral Wrong-doing in an Information Age’ (need login).

Solove (2006) gives a good classification of the various activities that could harm the privacy of users in the information age. His classification is broader than the privacy torts identified in American law. He distinguishes between Information Collection, Information Processing, Information Dissemination and Invasions.

Also, read Solove’s new book ‘Understanding Privacy’, for his newer work on privacy.

Van den Hoven examines the concept of privacy from a different perspective. I find his work very fundamental. He deals with the specific reasons why we want to restrain access to the information that we disseminate to others. Van den Hoven identifies four reasons to restrain access to this information: information-based harm, informational inequality, informational injustice and moral autonomy and moral identification.

Please check Van den Hoven’s website for new work of his hand.

In my research paper I use the following example to describe how Solove’s taxonomy and Van den Hoven’s moral reasons combined give a very clear analysis of why people feel there privacy is invaded and exactly how they have been harmed. Following Van den Hoven, I’d rather speak of restricting the access to people’s identity-relevant information, a term coined by Van den Hoven and Manders-Huits, see my earlier post. Read the example, from my research paper, below.

The example of the embarrassing photo taken at the disgraceful party is striking.

First, the photo is taken at the party (Solove’s information collection), and not many people would judge this as immoral.
The picture is posted online (Solove’s information processing), and as long as this would happen on a website that allows restricted access in addition to the subject’s consent, this also is not very objectionable.

The problems start when the photo is disseminated (Solove’s information dissemination) to people without the subject’s consent. The picture might be disclosed to persons belonging to a social sphere within which the subject does not want the photo to be disclosed (Van den Hoven’s informational injustice).

Furthermore, by tagging the photo with the subject’s real name, the photo can become the basis for scrutiny by future employers (Van den Hoven’s information-based harm). Because the users cannot unbundle the services from the SNS, he cannot ex ante prevent the dissemination from happening (Van den Hoven’s informational inequality).

Finally, if the photo is disclosed to people that the subject does not know, he does not have the freedom to present his moral self to the people as he wants, as those people already have an image of him (Van den Hoven’s moral autonomy and moral identification).

This example clearly illustrates which activities (Solove’s taxonomy) are harming the user for which reasons (Van den Hoven’s moral reasons). I had the pleasure to conduct interviews with both gentlemen and this has really helped me in understanding the various harmful activities that are happening on SNS and understanding how we could prevent this from happening.

References:

Prosecutors and lawyers are using Social Network Sites to argue their cases. However, for prosecutors it is much easier to access information from these sites than it is for defense lawyers to get their clients to delete sensitive information.
The case of Joshua Lipton, a college junior who was charged in a drunken driving crash, has recently become a center point of attention. Read this bit from AP:

The Associated Press: Web networking photos come back to bite defendants

[T]he 20-year-old college junior attended a Halloween party dressed as a prisoner. Pictures from the party showed him in a black-and-white striped shirt and an orange jumpsuit labeled “Jail Bird.”

In the age of the Internet, it might not be hard to guess what happened to those pictures: Someone posted them on the social networking site Facebook. And that offered remarkable evidence for Jay Sullivan, the prosecutor handling Lipton’s drunken-driving case.

Sullivan used the pictures to paint Lipton as an unrepentant partier who lived it up while his victim recovered in the hospital. A judge agreed, calling the pictures depraved when sentencing Lipton to two years in prison.

This seems part of a larger trend, where prosecutors and lawyers use Social Network Sites (SNS) to find (primary or secondary) evidence and information to discredit the counter party.
Consider this quote from redOrbit:
Social Networks Help Detectives Solve Crimes – Technology – redOrbit

During the sentencing, prosecutors show the pictures, not only to embarrass defendants but to make it harder for them to convince a judge that they’re remorseful or that their drunken behavior was an accident.

Prosecutors do not always immediately turn to networking sites while preparing for sentencing, despite embarrassing photos of criminal defendants that are sometimes available in plain sight and accessible under a person’s real name.

However, in circumstances where they’ve had reason to suspect incriminating pictures online, or have been tipped off to a particular person’s MySpace or Facebook page, the sites have produced critical character evidence.

Darryl Perlin, a senior prosecutor in Santa Barbara County, California said, “It’s not possible to do it in every case.”

He said, “But certain cases, it does become relevant.”

Defense lawyers are aware of these techniques, and as long as both parties have equal opportunities to collect and delete the information from SNS, this looks like a fair equilibrium. Also from redOrbit:

Social Networks Help Detectives Solve Crimes – Technology – redOrbit

Santa Barbara defense lawyer Steve Balash said the day he met his client Jessica Binkerd, he automatically asked if she had a MySpace page. Binkerd was a recent college graduate charged with a fatal drunken driving crash. When she said yes, he told her to remove it, because he figured it might have pictures that cast her in a bad light.

But, Binkerd failed to remove the page, and right before she was sentenced in January 2007, the attorney was “blindsided” by a prosecutors report that featured photos posted on MySpace after the crash.

However, the effort to access the information is not proportional to the effort needed to delete information from a SNS. The NY Times ran a series of articles on how to delete your Facebook profile:

How Sticky Is Membership on Facebook? Just Try Breaking Free – New York Times

Some users have discovered that it is nearly impossible to remove themselves entirely from Facebook, setting off a fresh round of concern over the popular social network’s use of personal data.

Furthermore, it is unknown if and how SNS store information on their profiles on their servers for own use. This information could be requested by warrants, subpoenas or any legal equivalent. This raises grave concerns about how to protect your identity relevant information and questions about if and how SNS retain data that can haunt you later. I plan on a follow-up post.

Update:

Identity Relevant Information is a conceptualization of information relating to an individual that is broader than the commonly used ‘Personal Identifiable Information’. I find this term more appropriate for use with Social Network Sites. Noëmi Manders-Huits and Jeroen van den Hoven coined this term in their excellent paper ‘Moral Identification in Identity Management Systems’.

Reference:

Manders-Huits, N.L.J.L. & van den Hoven. J (2008), “Moral identification in Identity Management Systems”, in Fisher-Hübner et al. (eds.), The Future of Identity in the Information Society, Springer Boston, pp 77-91.

Update 2:
An American investigator and his partner have started a business in educating law enforcement officers how to use Social Network Sites to investigate crimes.

Area police training to patrol Web sites | Lynchburg News Advance

Their business, Cyber Associates Training Seminars, held its first training seminar for investigators last week, teaching officers from the Lynchburg Police Depart- ment, the Liberty University Police Department, the Mecklenburg County Sheriff’s Office, and the FBI.

Although the article focuses on finding murderers and pedophiles, my post shows that law enforcement officers can also use SNS to track down less obviously malign behavior.

An interesting case that has been prominently in the news quite a while ago, has gained renewed attention. In May 2008, British newspapers, as well as bloggers, mentioned that a party in Spain was thrashed because the organizer, a 15-year-old girl, posted the event on Facebook. The story was that the event spread quickly through the Social Network Sites and uninvited guests ruined the party and even stole objects.
Recall this paragraph:

VVIDE: Facebook Party Trashed

What started off as an innocent 16th birthday party turned in to a huge free for all[,] as 400 [gatecrashers] turned up drunk and started throwing TV’s, tables and other household goods in to the swimming pool, breaking doors and destroying carpets.[…..] How did this happen[,] I hear you ask, well[,] Jodie posted details of the party on Facebook and Bebo[,] two social networking sites and unfortunately included a full address of where the party was. In the details Jodie called it “party of the year” and said “Theres gone be a lot of alcohol, an amazing DJ.”

After the fact, the girl posted details of the party trashing on her profiles on the respective Social Network Sites. However, the mother of the girl claims that the posts on Facebook and Bebo are all lies. The Independent writes:

Mother sues over tale of ‘drunken party’ lifted from Bebo – Home News, UK – The Independent

But Jodie Hudson’s lurid description of the party on the social networking website Bebo, subsequently carried in a number of national newspapers, turned out to be fantasy.

So what recourse do people take when media spread false information about them? They sue the media for defamation. The accusation would be based on libel or, because it concerns private facts, public disclosure of private facts. This is exactly what happened:

Mother sues over tale of ‘drunken party’ lifted from Bebo – Home News, UK – The Independent

Jodie’s mother, Amanda Hudson, is suing six national newspapers for defamation and breach of privacy after they ran stories based on her daughter’s exaggerated claims about her party, [..] The case is expected to have far-reaching consequences for third parties who use or publish information from social networking sites. Lawyers say it could place a duty on all second-hand users to establish the truth of everything they want to republish from such sites.

And this is were it also gets interesting from a moral perspective. Knowingly disclosing untrue information with the intention to harm people is obviously morally wrong. The reporters in this case could have verified any of the facts by calling the police or asking for police records. The website posts mention involvement of the cops, so there must have been records of this.
This was just sloppy work from journalists, but what if you don’t know or don’t expect that the information is untrue? Prohibiting people to publish because they can’t verify the facts could chill free speech. Unknowingly spreading untrue information about people could still harm them. Even if there is no specific harm inflicted (such as lies about one’s reputation), this prohibits the person to engage in shaping his own moral personality.
The question here is really: when can a person be expected to unknowingly disclose untrue information about someone else? Should there be a reasonable attempt of the discloser to verify the information? And here, we have the problem with defining ‘reasonable’, and this will always happen on a case-by-case basis.

Consider the criteria for verifying the truthfulness of information, mentioned in the article:

Mother sues over tale of ‘drunken party’ lifted from Bebo – Home News, UK – The Independent

[In this case, there was] no legitimate public interest in publishing material from the site. [..] Mrs Hudson says that, because the information was inaccurate, the papers cannot rely on the [defense] of fair comment.[…]. [Also,] Mrs Hudson said her daughter has also suffered greatly because of the breach of her privacy

Also, mention the defense of fair comment. This comes again down to the question whether or not the media could reasonably easy verify the information. One could argue that the journalists should have been more careful, as it is well known that Social Network Sites contain fake information. See the Friendster case about fake profiles (Fakesters).

The claim of breach of privacy also is a difficult one. Social Network Sites are seen as not fully private spaces and the subjects on these website engage in self-disclosure of information. They disclose the information to a network that is surely not totally private. I have always wondered why people disclose sensitive information so easily, perhaps because the contextual cues are less present. This has been a topic of one of my earlier Dutch weblogs.
Take the example of the Facebook Group for girls that post pictures of themselves in a drunk state onlin:

Young women drink, party, post – CNN.com

What you won’t find on this page — called “Thirty Reasons Girls Should Call it a Night” — is humiliation and embarrassment.

The lack of understanding of the risks for this behavior on a long term are evident:

Young women drink, party, post – CNN.com

Many photos on the site are accompanied by full names and the colleges the women attend, apparently without much concern that parents, or potential employers, will take a look.

I will follow this case closely, as the results are very relevant for how we deal with information on Social Network Sites.
I recommend reading Daniel Solove’s book ‘The Future of Reputation. Gossip, rumor and privacy on the Internet‘ for more dilemmas concerning self-disclosure of information.