Technology and Organizations

Location aware tools and ubiquitous networks are enabling new activities… or are they just opening up old ones to a broader community? Regardless, all of us are now in positions to make decisions about our use of “big data” and how we control our own data.

• The new iPhone software has a Find my iPhone capability. Kevin, Ryan, and Mark used the tool to track down Kevin’s stolen iPhone, confront the fellow who’d walked off with it, and get it back. Read Kevin’s tale of Brickworld and intrigue here.
• Lancaster, PA has a civilian non-profit group monitoring its security cams. Members control the cameras and call police if they see something suspicious.

(Slashdot carried both these stories last week.)

The issue is control and self-determination — having the systems savvy to make effective decisions for ourselves — both at home and in our messages to our elected officials.

Simson Garfinkel provides an excellent analysis of modern privacy trade-offs in this month’s MIT Technology Review Privacy Requires Security, Not Abstinence: Protecting an inalienable right in the age of Facebook.

What happens if somebody impersonating you calls up a company and demands access to your data?

If Google or Yahoo were storefronts, they would ask to see a state-issued ID card….

It turns out that we essentially have the technology to solve this problem in the digital world as well. Yet the solutions that have been developed aren’t politically tenable–not only because of perceived costs but also, ironically, because of perceived privacy concerns.

I understand these fears, but I think they are misplaced. When someone can wreak havoc by misappropriating your personal data, privacy is threatened far more by the lack of a reliable online identification system than it would be by the introduction of one. And it is likely that it would cost society far more money to live with poor security than to address it.

I believe that we will be unable to protect online privacy without a strong electronic identity system that’s free to use and backed by the governments of the world–a true passport for online access….

Simson’s article raises both concerns and opportunities for control. The issues are complex, but they should become part of all of our general education requirements. We all need to understand the technology risks and opportunities, and make proactive decisions about the role we will play. These decisions relate to our personal lives and how we manage the data our organizations control. At each step we can either live with the defaults (often someone else’s proactive choice) or make educated decisions.

Yesterday’s Chronicle of Higher Education: Wired Campus reports, “Online Professors Pose as Students to Encourage Real Learning” (full version article). They provide examples of faculty posing with false identities in “online courses to kick-start discussions among students, keep them from dropping out, and spy on their communications.” While Peter Steiner’s 1993 New Yorker cartoon “On the Internet, nobody knows you’re a dog” triggered feelings of thoughtful reflection — these examples of false identity instead trigger embarrassment.

Yes, we know people have false identities on Facebook, but a non-disclosed false identity in a classroom setting is a breach of trust. The Leavey School of Business honor code (Santa Clara University — my institution) would not allow such behavior from students, and I expect the faculty handbook would give it a thumbs down as well. Highlights:

• Be honest
• Demonstrate self-respect and respect for others
• Demonstrate respect for the law and University policies, procedures, and standards

Why do I care? As a faculty member, I need my students to take my communication with them at face value. Our class management tools (Angel in my case) allow tracking of participation and all discussion boards are open to all in the class — including me. If I pose a question to generate comment, my name is attached and I generally set up the course site to not allow anonymous participation. Anonymity is honored when I do state that a quiz/poll will be anonymous. All faculty and class interaction will be affected if some faculty breach the faculty/student psychological contract by being deceptive.

There have been cases of using ringers/confederates in research on on-line collaboration (one example). These studies were vetted by the University’s Internal Review Board (peer committee tasked with monitoring the safe and ethical conduct of research) and the participants were fully debriefed in accordance with IRB guidelines. I am also not troubled by use of disclosed phantom students (from the Chronicle article: Joe Bag O’Donuts).

As I said in my last post, understanding the dimensions of privacy is part of developing our systems savvy. The use of false identity is a violation of privacy in that you are not being given true information on which to base the disclosures you decide to make. My expectation for class interaction is that I am dealing with the actual person unless notified otherwise. Note to my students: that’s our contract.

Business collaborators should be similarly clear with the identity contract. My understanding (I’m not a lawyer), is that your company owns the information transmitted on a company computer and/or over the company network and that you have no reasonable expectation of privacy. That said, companies are also covered by complex sets of privacy laws covering state, federal, and international boundaries. Some companies have specific policies covering impersonation (Marathon Consulting’s) — and all should. Build your systems savvy — be aware, be informed.

Rosabeth Moss Kanter shows her privacy systems savvy in her new post Don’t Read This, It’s Private to HarvardBusiness.org’s Voices section. (Thanks to Heledd Straker of Naked Generations for tweeting the link.) Prof. Kanter documents the reality of life and work in the Internet age: Many people know what you are doing and where you are. These are important issues for business and personal settings. In business we must manage privacy as regulated by law (e.g., HIPAA, FERPA). More personally, the issues of Internet privacy are becoming almost as important as the birds and the bees for many of my friend’s sit-down discussions with their kids.

Prof. Kanter notes:

Has the culture already changed so much that people don’t care about privacy any more? Has being on public display all the time made exhibitionism (teenage style) and self-directed exposure of personal information (social network website style) preferable to privacy?

I don’t think so, and I think personal privacy could become not just a problem but a business opportunity – a technology frontier. Clever innovators will find new ways to block access or screen contacts or make people invisible. Now that our pictures can be snapped by cell phones, someone will invent a way to beam the light back on that phone if you don’t want to be in a photo. Suddenly privacy could become as cool to the kids as lack of it is now. They will retreat behind their electronic invisibility shields to get out of fights or shun a blind date. They will use their pinkie ring scramblers to erase digital records of embarrassing photos on Facebook that they don’t want college admissions officers to see. And then they will understand why privacy is something to cherish and protect, even if everyone can know everything about anyone in the digital age.

In the U.S., we have a Federal holiday this Monday. How many of you are automatically updating your “friends” with your whereabouts? I’m looking for sailboat crew for Monday and could benefit from knowing who’s in town before sending an email. If I just broadcast asking for crew, I end up taking my friends’ time by their feeling obligated to tell me they are out of town, or apologizing for not replying promptly because they were out of town. Easier if I just contacted the subset of folks actually in the area.

But I don’t broadcast my whereabouts, so I can’t really expect my friends to broadcast theirs. I do use Loopt when I’m on the road, but only connected to two family members. I also use TripIt, though again, just with family members.

The number of travel related social tools like TripIt is growing. Rod of DigitalNomads provides a clear description of the value of TripIt and Dopplr for business and networking purposes. He focuses on the ideas of knowing who’s in what city.

Yesterday, Nick Wingfield gave us Sharing Where You Are When You Care to Share. His focus was on more micro location awareness and privacy as he reviewed another tool: Glympse.

There’s a tendency in the Twitter era for people to share copious details of their lives with online pals. One way to do that is through new mobile-phone services that let people share their physical locations using the tracking technology inside modern cellphones.

While these location-sharing services have some interesting possibilities, they also raise some disturbing implications for privacy — or maybe it just seems that way if, like me, you’re over 35 years old. Lately I’ve been testing a cellphone location-sharing service [Glymspe] that I found simple, useful and non-creepy enough that I can imagine people thirtysomething and older using it.

Nick’s perspective seems similar to Michael Calore’s Epicenter post Gmail’s New ‘Add Location’ Feature Is Too Honest. We need more and more expertise to maintain control of how our information is shared.

The good news for now is that Prof. Kanter is right, at least I still have a door to close and the need for privacy management should ultimately be addressed by the market. But if that’s the case, where do I get that pinkie ring scrambler she mentions?
——-

For more on location sharing, please also see Lew McCreary’s What was Privacy (cited in Prof. Kanter’s post) and my prior posts (under the Location category).

I continue in my quest to find peer-reviewed research on location awareness/privacy and modern technology. While “computer monitoring” was a hot topic in the 80s and early 90s, we seem to have given up our concern — at least as far as peer-reviewed research has yet to show (maybe these papers are in the publication pipeline and will break free soon).