I was making a follow up appointment at my dermatologist’s office today (Rosedale Dermatology, who, for the record, have some amazing doctors, however…) On the reception desk right in front of me, in plain view, was a print out of a patient call list. Certainly, this was a minor violation of patient confidentiality in itself. But what caused me real concern was what was written in the column labeled ‘comments’ next to one of the patients’ names: bitch. I couldn’t believe what I was seeing. Since the term is a gendered, hate word used to disempower uppity women, I consider bitch to be as offensive as any racial slur (and am surprised it’s still socially acceptable to use, while racial slurs are not). So, not only was this patient’s privacy being violated in a most unprofessional way, she had officially been labeled as a bitch in a document at her doctor’s office.

What was even more concerning was that this list was a print out, meaning there was also an electronic copy on the office computer. Anyone who uses the internet knows how easily information can move around, accidentally or consciously being repurposed for uses other than the one originally intended (see David Lyon’s concept of leaky containers). Anyone standing at the desk could see this list, but the potential audience of an electronic document is much wider and perhaps even more of a threat. Who knows if that description is in her medical records, or if it will follow her to future doctors. It has the potential to compromise her medical care, for example her doctor might be less open or accommodating given that she is apparently ‘a bitch.’

Yet another reason why paper-based heath records are better for protecting privacy.

PS I’m still trying to figure out what to do about this discovery as it is in violation of Ontario/Canadian privacy law, and I’m certain whatever ethics/codes govern Ontario doctors. I wanted to tell my doctor, but my next appointment isn’t for another year and there is no way to get to her unless I go through a receptionist.

Edit (July 21, 2011): Based on some of the feedback I’ve been getting, I’d like to further clarify that my main point was to highlight the unprofessionalism of what I saw at my dermatologist’s office. My point about e-health records was secondary, but seems to be getting more attention, so I’ll support/clarify that argument a bit more with a few other examples (below) of why digital records pose more of a threat than paper. And no, I am not saying paper is 100% safe and private, rather that it is more private than digital records. Furthermore, arguments that I should trust doctors to be professional and keep my info safe with digital records because they will follow the strict protocols are pretty much invalidated by what was written in that patient call list. Indeed, it is human error/unprofessionalism that is the main problem here, but the properties if digital databases/ICT magnify these issues.

1.) Digital records threaten privacy through obscurity – see the Facebook newsfeed example

2.) Digital records allow for function creep and leaky containers – see the reuse of a digital database of photos taken for driver licensing being used to identify potential criminals

—

Playstation sent me an email on April 27 to tell me that my information had probably been stolen in the hack, but couldn’t confirm anything. But it became pretty obvious when I started receiving way more spam than usual, including the following elaborate, targeted phishing email, playing on the fact that people have probably been calling Sony to get information about the hack. Not really a surprise, though:

Sony Computer Entertainment America:

Customer Satisfaction and Product Service Survey

***Please do not reply to this message. This is a system-generated email and your message will not be read.***

Dear KATE RAYNES-GOLDIE,

Thank you for your recent contact to Sony Computer Entertainment America Consumer Services Department for support with your PlayStation® system. We are very interested to hear about the service you received and would appreciate your feedback regarding your support experience.

We continually strive to provide you with high quality support and service and your comments and suggestions enable us to better serve your future needs. Please take a moment to complete this brief survey. (Completion time is five minutes or less). You will need either your 9-11 digit Service Request number (e.g. SR Number 1-xxxxxxxxx or W-xxxxxxxxx), or the phone number and area code you provided when you contacted us. To begin, please click the link below.

Click here to take this survey

We are unable to respond to replies sent to this survey email account, nor are we able to contact you directly if requested us to do so via your survey response. If you are in need of additional assistance regarding your PlayStation® system, please contact us at:

Email Consumer Services

Phone: 1-800-345-7669

Hours of Operation:

Monday through Saturday 6:00am – 8:00pm

Sunday 7:00am through 6:30pm

We appreciate the time taken to give us your thoughts and suggestions.

Sincerely,

PlayStation Consumer Services

Sony Computer Entertainment America

DON’T KNOW THE SENDER?

======================

You are receiving this email because you contacted SCEA for assistance with your PlayStation® system. If you believe you received this email in error, please contact Sony Computer Entertainment America Consumer Services Department at http://www.us.playstation.com/Corporate/ContactUs/ConsumerServices.

To unsubscribe from future PlayStation® surveys please click here.

Information provided will only be used to enhance customer experience and is not used to sell any products or services. To view our Privacy Policy, please visit http://www.us.playstation.com/support.aspx?id=privacypolicy.

Sony Computer Entertainment America 919 E. Hillsdale Blvd. Foster City, CA 94404

[download full annotated bibliography]

citation: Raynes-Goldie, K. (2011) Annotated bibliography: Digitally mediated surveillance, privacy and social network sites. Cybersurveillance and Everyday Life: An International Workshop. University of Toronto, Canada. Retrieved from http://www.digitallymediatedsurveillance.ca/wp-content/uploads/2011/04/Raynes-Goldie-Digitally_mediated_surveillance_privacy_and_social_network_sites.pdf

Included citations:

Acquisti, A., & Gross, R. (2006). Imagined Communities: Awareness, Information Sharing, and Privacy on the Facebook. Proceedings from Privacy Enhancing Technologies Workshop, Cambridge, UK.

Albrechtslund, A. (2008). Online Social Networking as Participatory Surveillance. First Monday, 13(3). Retrieved from http://www.uic.edu/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/2142/1949

Andrejevic, M. (2005). The work of watching one another: Lateral surveillance, risk, and governance. Surveillance & Society, 2(4), 479-497. Retrieved from http://www.surveillance-and-society.org/articles2(4)/lateral.pdf

Barnes, S. B. (2006). A privacy paradox: Social networking in the United States. First Monday, 11(9). Retrieved from http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/1394/1312

Beer, D. D. (2008). Social network (ing) sites… revisiting the story so far: A response to danah boyd & Nicole Ellison. Journal of Computer‐Mediated Communication, 13(2), 516-529.

Bigge, R. (2006). The cost of (anti-)social networks: Identity, agency and neo-luddites. First Monday, 11(12). Retrieved from http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/view/1421/1339

boyd, d., & Ellison, N. B. (2008). Social network sites: Definition, history, and scholarship. Journal of Computer‐Mediated Communication, 13(1), 210-230. Retrieved from http://jcmc.indiana.edu/vol13/issue1/boyd.ellison.html

Brandtzæg, P. B., Lüders, M., & Skjetne, J. H. (2010). Too Many Facebook “Friends”? Content Sharing and Sociability Versus the Need for Privacy in Social Network Sites. Journal of Human-Computer Interaction, 26(11-12), 1006-1030.

Dourish, P., & Anderson, K. (2006). Collective information practice: exploring privacy and security as social and cultural phenomena. Human-computer interaction, 21(3), 319-342. Retrieved from http://www.dourish.com/publications/2006/DourishAnderson-InfoPractices-HCIJ.pdf

Krishnamurthy, B., & Wills, C. E. (2008). Characterizing privacy in online social networks. Proceedings from Proceedings of the first workshop on Online social networks.

Lenhart, A. (2009). Adults and Social Network Websites. Retrieved from http://www.pewinternet.org/Reports/2009/Adults-and-Social-Network-Websites.aspx

Nissenbaum, H. (2010). Privacy in Context: Technology, Policy, and the Integrity of Social Life. Stanford: Stanford University Press.

Palen, L., & Dourish, P. (2003). Unpacking “privacy” for a Networked World. Proceedings from CHI 2003, Fort Lauderdale, Florida.

Raynes-Goldie, K. (2010). Aliases, creeping, and wall cleaning: Understanding privacy in the age of Facebook. First Monday, 15(1-4). Retrieved from http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/viewArticle/2775/2432

Solove, D. J. (2007). Privacy in an Overexposed World. In The Future of Reputation. Yale University Press. Retrieved from http://docs.law.gwu.edu/facweb/dsolove/Future-of-Reputation/text/futureofreputation-ch7.pdf

Stumpel, M. (2010). The Politics of Social Media: Facebook: Control and Resistance. Master’s thesis. University of Amsterdam, Netherlands.

Tufekci, Z. (2008). Can You See Me Now? Audience and Disclosure Regulation in Online Social Network Sites. Bulletin of Science, Technology & Society, 28(1), 20-36.

Utz, S., & Krämer, N. (2009). The privacy paradox on social network sites revisited: the role of individual characteristics and group norms. Cyberpsychology: Journal of Psychosocial Research on Cyberspace, 3(2). Retrieved from http://www.cyberpsychology.eu/view.php?cisloclanku=2009111001&article=1

Zimmer, M. (2008). The externalities of Search 2.0: The emerging privacy threats when the drive for the perfect search engine meets Web 2.0. First Monday, 13(3), 2008. Retrieved from http://firstmonday.org/htbin/cgiwrap/bin/ojs/index.php/fm/article/viewArticle/2136/1944

Additional Resources
danah boyd’s Bibliography of Research on Social Network Sites

Alice Marwick’s Online Identity Bibliography

While it may seem that they are one and the same, there is an important distinction between an ethnography of users versus an ethnography of a social media site. The latter is an ethnography of a system (or culture, or space, or context) which can be deployed to expose and examine the ideologies and philosophies embedded in a system, such as Facebook (as is the case in my research). I would argue that this type of ethnography is the most useful for internet researchers. As Christine Hine argues in her Virtual Ethnography, one of the strengths of ethnography is rendering problematic the things we take for granted (again, like Facebook), thus opening them up for enquiry.

From an educational perspective, we can say that an ethnography of a system can expose the hidden curriculum (thanks to Jason Nolan and Melanie McBride for this connection). Or, from semiotics, it exposes hidden codes of behavior (as one of my undergraduate profs, Bart Testa noted, drawing on Barthes, we all know not to go into a restaurant and order just sauce. Why? Because we all implicitly know the code and syntax of food.)

Indeed, my reason for choosing this ethnographic mode stemmed from my frustration with the majority of social media research implicitly treating sites like Facebook as neutral and free of ideology (as you can see in my previous post on the Philosophy of Facebook, this just isn’t the case). As an ethnography of Facebook, my research aim is not to create an exhaustive list the specific and different ways in which people use and understand Facebook with respect to privacy, or to make general statements about how most people behave on Facebook, but rather to push it further and look at the meanings behind those behaviours. In other words, I’m using those specifics to see and understand context/culture/hidden curriculum (or philosophy) of Facebook and what that does to privacy. The generality, then, is not in behaviours, but in what those behaviours reveal about the design of Facebook, the ideologies within that design, and privacy. As C. Wright Mills pointed out in The Sociological Imagination, personal problems can often reflect on larger public issues and help us to understand them. Put simply, the personal is the political.

In Phil Moore’s eloquent phrasing: Words are not culture. They are manifestations of culture. But we can only get to the culture through the words. The important question is ‘What sort of world (or system) makes these words possible?’ Like the code and syntax of the restaurant, the hidden curriculum is not written down (hence the term hidden).

So, the point and power of an ethnography of a system is to bring out the hidden world. It allows us to see how meaning is embedded, how ideologies run through systems like Facebook and how meaning plays out. It acknowledges that the world is not found in our words, it is found in between our words and within our practice. It recognizes the human disposition towards knowing, without knowing we know it. But most of all, it provides a holistic and excellent way for poking (at) the why, how and what of Facebook and privacy.

My main argument is that MMOs for kids (especially those exclusively for girls, such as Barbie Girls which Sara Grimes has done some fascinating work on) present themselves as safe spaces where kids can play online and parents don’t have to worry about sexual predators or online bullying. However, MMOs for kids reinforce fear and the rhetoric of stranger danger (despite the fact that studies have shown that children are more likely to be harmed by people known to them) while obfuscating other very the real dangers that are actually created by the design of the MMOs themselves, especially in terms of reinscribing disempowering gender roles for girls and exposing them to endless marketing messages. For example, the objectives and activities in Barbie Girls, Club Penguin and Webkinz are all based around passive consumption of digital goods rather than creativity. And, more alarmingly, MMOs propose to keep kids safe by only allowing conversations through predetermined pull down menus of phrases, many of which limit a child’s expression to disempowering gender roles or advertising for the MMO itself (eg “Someone made fun of my outfit!” “I looked like a dork in gym class!”, “My crush found out I like him!” (Barbie Girls) or “I like to answer surveys to earn KinzCash.” (Webkinz)) The thought is that by preventing kids from sharing information about themselves online, they will be protected from stranger danger. The irony of all this is while youth are blamed for oversharing, 84% of Canadian children under the age of 2 have a digital footprint created by their parents.

A more broad and less obvious concern is the connection between autonomy, privacy and critical thinking (I thank Jason Nolan for this insanely brilliant insight). There is a huge body of research in early childhood education and developmental psychology that links privacy as a requirement for the development of autonomy and vice versa, as well as a host of other skills, such as making judgements, trust and analytical thinking (see Marx & Steeves, 2010; McKinney, 1998; Coleman & Hagell, 2007; and Davis, 2001). In the context of this research, the design of MMOs for kids tends to:

• Discourage creativity, autonomy, critical thinking
• Hider development of skills needed for privacy and trust
• Normalize covert surveillance
• Encourage self worth derived from consumption, economic buying power and appearance

To see the whole talk, check out the video. Jason Nolan, Melanie McBride and I have a paper forthcoming on all this.

But, as a woman, I am very aware of the safety issues inherent in sharing where you are and the places you frequent. When I was teen, I received death threats from some dick on IRC by who had managed to find my home address. I’ve spoken to other women who are Foursquare users and they, too, were concerned about stalking and were surprised how many guys check in to their homes on Foursquare. But, regardless of your gender, there are of course all sorts of potentials for misuse of this information by governments, law enforcement, businesses, marketing agencies and so on. This is why I used a fake name and profile photo on Foursquare (By default, a user’s profile URL is a number with a dash in front of it. The name used on the site is a user’s first name and last initial.)

The other day, I decided I wanted to twiddle with my settings and link my Foursquare account with my Twitter account. There were clear (or so I thought) options for deciding what this would mean. I could check or uncheck boxes saying what information I wanted to be shared on Twitter. What I did not realise was that linking my Twitter account would also mean that Twitter username would get pulled to Foursquare and become my new profile url. Sure, at first glance this seems totally harmless. But like may other internet users, I’ve consistently used the same nick for years, across many services. So, it’s pretty easy to link my ‘real’ identity with my online self through my nick. So, to put it simply, this was a pretty big privacy violation which comes with all the issues associated with outing. I no longer feel comfortable checking in as my activity is no longer anonymous. I’m not the only one with this issue.

But there’s nothing we can do about it. There’s no option to undo it (just like there was option to do it in the first place, it was just done without my permission. Foursquare hasn’t replied to any of my Twitter messages to them or my post on Get Satisfaction. What is so infuriating to me is that Foursquare provides no way to contact them about this sort of issue, except by posting on Get Satisfaction. Which is ridiculous, given 1.) the sensitive nature of the information gathered and shared on the site and the potential safety issues that could result and 2.) how much value I, like most users, have added to the site.

The situation also calls to mind a recent privacy issue with Google Buzz, where ‘feature’ aimed at making the service more intuitive resulted in a woman’s information being automatically shared with her abusive ex-husband. I think the same thing is going on here. The designers at Foursquare probably thought everyone would want to have the same username on Twitter as they did on Foursquare, so, of course, there was no reason to give the user a choice in the matter. A the Google Buzz incident shows, design choices online have real life implications, which is why designers need to start thinking beyond their own life experience and situations. They need to start designing for the rest of us.

But for now, if I don’t hear back from Foursquare soon, I’m going to cancel my account.

Update March 15, 2010: Finally heard back from a Foursquare employee named Chrysanthe on Get Satisfaction who contributed this nugget: “If you link your foursquare account to twitter, then your foursquare user URL will correspond to your twitter handle.” Really? You don’t say. Now how about warning people AND telling me how to undo it, like I was asking (pretty please)? And, not leaving it for three days would also be nice (timeliness is kinda important when privacy is an issue).

Update April 12, 2010: Still nothing back from Foursquare. But David Fono had the smart idea of unlinking my Twitter and Foursquare accounts, which worked like a charm. This was counter intuitive to me – usually moving from a random number to a nice username is seen as ‘upgrading.’ Plus the person designing it obviously thought it having a nice username was feature users would want, so why would they want it to go back to the ugly random number again? But Fono’s a coder (so he has better insight into that kind of thinking than I), and he said it made sense that it would work from his perspective. This again speaks to my observation that the people making social media think differently than most of the people using it, which is why we get ourselves in such situations.

So, what’s the big takeaway? If someone at Foursquare had just TOLD me this solution (like I had requested) none of this would be a problem! You gotta be responsive to privacy concerns when you’re playing with such sensitive data, guys.

PS if you’re in Toronto on June 19th, this incident was a big motivator in my decision to put together a Privacy Unconference on these very issues – PrivacyCampTO: Privacy for everyone!

I’ve been toying with the idea of deleting my account for a while now. There’s a bunch of reasons. A lot of it has to do with privacy and IP issues (did you know Facebook owns everything you upload?) I’ve also had an account since 2004 and convinced a lot of my friends to join, so I have a pretty good idea of what it’s like to be on Facebook. I was curious about what it’s like for everyone else (or at least that’s my excuse for being a Facebook researcher with no Facebook account… heh). But, mainly, it was my growing weariness with the increasingly performative nature of personal conversations that are carried on on the wall, for everyone to see and know how popular you are. I’m totally complicit in this, and I’m very aware that I’m writing for an audience when I’m leaving wall messages, even though we all pretend we aren’t.* I’m beginning to notice this personal/public audience split is decreasing the amount of genuine, meaningful and intimate exchanges I have with friends. When you are writing for a public audience, you aren’t writing everything you’d want to say to a friend in private.

I’m not sure when Facebook added this feature, but what really made me want to run away was when I started noticing that random snippets from other people’s wall conversations were appearing in my minifeed. So now these public conversations are even more public, and are randomly broadcast out to your friends. The weird thing is, there’s no “earlier” or “archive” on the minifeed, and the stuff that appears there seems to be based on constantly filling the page with new items, rather than actually representing what happened and when. So, unlike LiveJournal’s friends list (my all time favourite web app), you don’t actually get a reliable or meaningful stream of what your friends are up to, and you can’t be sure they are seeing what you’re doing either. It seems that the minifeed isn’t actually about keeping up to date with your friends, but something else. The design of the minifeed gives me the sense that we’re taking on elements of blogjects, feeding the Facebook zeitgeist and creating this huge mass of depersonalized random data, which is feed back to us on the minifeed and becomes our means of interaction with one another. We interact with the depersonalized mass, rather than each other as individuals. That’s why the feed is random and has no archive. All that matters is a consistent stream of newness, rather than the actual content.

Gosh, I sound like a luddite or one of those old school internet researchers who, as my technology-journalist-friend Nicolas said so hilariously, thinks he understands the entire philosophical implication of the internet, but still takes 5 seconds to click a dialogue box. But, despite all my concerns (theoretical or otherwise), it was actually my discovery of the difficulty in actually getting off Facebook that sealed the deal in my decision to delete my account. As I’ll write about in my next post, the huge amount of work involved in actually deleting your Facebook account is something I’m sure we can all agree is worth worrying about.

*Or maybe we’re all in denial. A surprising finding in Alessandro Acquisti and Ralph Gross’ 2006 survey of Facebook users was that people reported their own use as socially acceptable (finding classmates, keeping in touch etc.) but reported everyone else’s use in negative terms, such as using Facebook for self-promotion or attention whoring.

basically, you collect internet access points, and it plots it on a map and you can show your friends and have it automatically update to your msn or skype name. part of the fun is getting ones that no one else has yet. i wish i had this when i was traveling (esp in nigeria). i wouldve levelled up for sure.