Difficult Problems in Cyberlaw

In the final days of class before presentations and papers were due, we dove into our cross-cutting themes and discussed takedown procedures and other processees, potential “rights” and interactions between individuals and entities. We talked about the platforms and sites that enable cooperation and trust and potential problems that arise out of situations like this. In these final few sessions we didn’t solve the difficult problems, but got to ask questions and learn from the answers.

The solutions proposed by the class for:

• Global Network Initiative
• Ubiquitous Human Computing
• Future of Wikipedia
• Cybersecurity

will be posted here in the coming days.

Last Tuesday night’s class was a smorgasbord of Cybersecurity and privacy cross-cutting-themes, fittingly on the day that Google announced it will begin to withdraw censorship from China.

We met with Michael Fertik, CIO of Reputation Defender and Ebele Okobi-Harris, Yahoo! Director of Business and Human Rights–we talked with Mark Surman, Aza Raskin and Julie Martin general counsel, all from Mozilla. We also heard from Ryan Calo, a SLS Fellow at CIS and Lauren Gelman, also with CIS and teaching next quarter. We were also joined by Carl Malamoud, who was present for the law.gov workshop happening at Stanford earlier in the day.

The first issue we tackled was information users voluntarily give out to websites. Are these users aware of where their data is going? How long it stays there? Where else it could be allocated to?

Mozilla seeks to undermine the current obfuscation of privacy messages towards users. Their Privacy Icons project is in very nascent stages and is actively seeking feedback from the public. They seek to inform users about the information they’re giving out online, via icons that allow users to comprehend the most significant pieces of privacy statements and terms of service (ToS). As a browser with hundreds of millions of users, Mozilla’s Firefox is situated in a unique but significant standpoint to attack the obscurity of privacy and ToS statements. Mozilla aims for these standards to be normative.

What types of icons would you implement? What type of icons would you have? Would you use a feature like this? What is the best way to foster a relationship between companies and a project like this going forward?

These problems have been addressed before, in projects like the Platform for Privacy Preferences, but solutions have not met widespread usage.

The class members pointed out the perceived disconnect between anonymity and privacy. On the first day of class, students had posted predictions for the day’s “difficult problems” but many felt that it was an invasive and surprising behavior when Professor Zittrain opened up the wiki with the day’s predictions submitted, by name, by members of the course. Though the information was “public” many were surprised when the supposedly buried and obscure information became the central point of conversation.

How can a user interface be changed to make users more aware of their actions and repercussions?

We discussed privacy from the standpoint of a schism in the Creative Commons (CC) community: is the point of CC to offer authors choice about how they want to license their stuff, ranging anywhere from all rights reserved (at which point you don’t need CC, it’s effectively copyright) to attribution only necessary, or is it more about representing a certain normative view of the world and encouraging the world to adopt this view?

The outlook on privacy rights can be viewed the same way–is it about choice for the user or is it about an ideology represented by a certain standard of norms?

We also heard from Ebele Okobi-Harris of Yahoo! who spoke about the Global Network Initiative (GNI) as an excellent vehicle for crisis situations and direct action. She also described how it is appropriate that GNI offers a roadmap for comapnies to make decisions but at the same time is not GNI’s place to make decisions for the companies. Each company in GNI has a different approach. Yahoo! unlike many other companies has its own department that heads up human rights for the company (of which Okobi-Harris is in charge). One of the specific issues she spoke about was an ongoing lawsuit in Belgium wherein law enforcement officials requested that Yahoo! hand over information (more details here) which is a human rights concern.

Do you agree with Yahoo!’s decision to withhold information? Do you feel that other companies of similar stature and influence should maintain a human rights department? What are other potential and effective approaches? What are advantages to having a department dedicated to this issue?

We finally landed on Reputation Defender, a fix for the other side of the ‘privacy and information ownership’ spectrum. Michael Fertik, CEO of the company explained that a vast amount of content about a person is not necessarily created nor controlled by that person themselves. The company will not erase records of a person (everything ranging from news stories to sex offender data cannot be erased) but can deal with writable areas of content such as discussion boards. Fertik explained that less than 1/3 of 1% of all revenue comes from this destroy feature of the website–fascinating since so much media attention to the company relates directly to this feature.

Users of his site can sign up for an internet version of the “do not call” list for telemarketers to not call particular phone numbers. Fertik sees privacy in three steps or areas online, first, virus protection then E-commerce (for example, credit card security features) and the third stage emerges as more and more aspects of life move online there arises the need to protect the privacy of web users themselves. In this third realm, users can become aware of and mitigate the ability of other actors to intercept and analyze information created both by users themselves and by others about them.

Is Reputation Defender a service that you would use? Is your online reputation something you worry about? Do you feel that your privacy is ever or could ever be infringed by companies or people accessing information about you online?

DisputeFinder is a Firefox extension, that is a collaboration between Intel Research and UC Berkeley. Its basic premise is to allow readers of web content to understand the broader context of claims made on websites. If a claim about a controversial topic (think global warming, gun control or a “healthy” new diet) is made on a site, users of this plugin will be immediately notified by colored text that there are conflicting viewpoints on that particular topic. Users can submit topics on specific sites as controversial, and support the opposing viewpoint with evidence from another site. Users also have the ability to vote this content up or down, in terms of how useful/accurate they find the new data.

Our class got to have a long talk with John Mark Agosta and Rob Ennals the project lead. We discussed the benefits of citizens (or “webizens” if you will) with good intentions, who spread accurate information online, and the ways that DisputeFinder leverages these intentions to forward the goals of information dissemination.

DisputeFinder sits at an interesting point–rather than between the web browser and the server, it sits between the user and the page, (albeit connecting with lists of disputed claims) not altering the site content at all. Currently DisputeFinder achieves all of its content via avid activists and dedicated citizens, but hopes to create a large enough collection of disputed claims and a precise and smart enough detector of these phrases to implement the functionality of the plugin without the need for individual clicks on every site.

DisputeFinder doesn’t aim to provide conclusions on disputed claims, but rather, hopes to give citizens well-rounded information about topics that are controversial.

How could a browser plugin be leveraged even further to meet these goals? What problems or concerns could a browser-level source of information bring about? How are the struggles of a plugin like this one similar or different to the struggles of Wikipedia?

Another similar service is Turkopticon, which is both a community of Amazon Mechanical Turk users, and with them a Firefox plugin. The plugin allows users to see reviews and ratings for those requesting work on the site. In this way, Turkers (or users of Amazon Mechanical Turk) can decide who to work for based on community standards and also can view the status of their pay for previous jobs.

One of the critical questions about browser plug-ins is how to achieve a large user base. Many services like DisputeFinder in its current iteration depend on crowdsourced information to make their plugin useful.

How do applications like this get critical acclaim, enough to get a vast following like Wikipedia or Yelp? How does a project facilitate activists in ways that form community?

Editor’s note: unlike the rest of this site’s content that is directly related to class, I’ve cross posted this entry on the Center for Future Civic Media blog.

Today Google announced that they will slowly withdraw their search functionality from a censored China, or in their words:

We have decided we are no longer willing to continue censoring our results on Google.cn, and so over the next few weeks we will be discussing with the Chinese government the basis on which we could operate an unfiltered search engine within the law, if at all. We recognize that this may well mean having to shut down Google.cn, and potentially our offices in China.

I’ve decided to amass together a collection of the most relevant and interesting points of view and facts coming out of today’s news.

A first point of interest is the actual bit.ly link itself, as bit.ly posts click statistics for links on their site. When I tweeted it today the clickthroughs were around 13,000, but I have no doubts that the number will reach 130,000 by tomorrow morning.

CNBC also has an interview with David Drummond, SVP, Corporate Development and Chief Legal Officer discussing the details of today’s blogpost. Drummond explains that a number of gmail accounts were being accessed by third parties, Google suspects that these were not the result of hacking, but rather phishing scams or computer viruses. He encourages users to have the most updated operating systems and browsers.

Jonathan Zittrain argues

But [Google] drawing [the] line is both the right move and a brilliant one.  It helps realign Google’s business with its ethos, and masterfully recasts the firm in a place it will feel more comfortable: supporting the free and open dissemination of information rather than metering it out according to undesirable (and capricious) government standards.

Rebecca MacKinnon, who is currently an Open Society Fellow and co-founder of Global Voices and was previously CNN’s Beijing correspondent and Bureau Chief from 1998-2001 writes about reactions from people in China, including the censoring of Google’s announcement when translated to Chinese. She links to the Chinese Digital Times that is translating Chinese tweets to English. She reports that many are happy or are already able to circumvent censorship to use services such as Twitter in the first place, while others are disappointed and even mourning the loss of Google.

James Fallows, writes a blog for The Atlantic, explaining his support for China’s economic growth insofar as he does not see this as a threat to other countries,

but its government is on a path at the moment that courts resistance around the world. To [him], that is what Google’s decision signifies.

Tech Crunch’s Sarah Lacy brings up three advantages for Google leaving China:

1. Google’s business was not doing well in China

2. Google is ready to burn bridges

3. This is only going to be a trickier issue in the next decade.

She advocates that Yahoo, in leaving the country years ago facilitated a smarter business move.

The Wall Street Journal likens the anti-censorship movement to the GOOG’s “Don’t be evil” policy.

And Business Insider’s Silicon Valley Insider states that

In a note this evening, JPMorgan analyst Imran Khan estimates Google’s China revenue at around $600 million this year, with segment margins around 15% to 20%,

and in another post

Baidu shares are up 6.99% after hours to $413.52, while Google shares are down 1.13% to $583.80.

And as of September 2009, according to Softpedia, Baidu had 77% of the search market in China while Google.cn was at 12.7%. With both these facts, I find no surprise that searching “Baidu stock” will land you things like this:

@NewspaperGrl Bad news: Google may pull out of China – Good News: I have Baidu stock: http://bit.ly/4MAjhJ /cc via @zittrain @chrismessina

Imagethief explains

Google has taken the China corporate communications playbook, wrapped it in oily rags, doused it in gasoline and dropped a lit match on it. In China, foreign companies tend to be deferential to the authorities to the point of obsequiousness, in a way that you would almost certainly never encounter in the United States or Europe. Scan any foreign company’s China press releases and count the number of times you see the phrase, “commitment to China”.

Issac Mao, who has been a blogger in China since 2002 writes an open letter to Google’s founders, advocating for Google to stay in China and lauding anti-censorship practices. The post outlines three ideas for Google’s China relationship, to start a venture fund for cutting-edge tech sites and companies in China, to develop anti-censorship tools and to increase the appeal for Chinese Google Adsense users. What’s most interesting is that the post is dated “2007-02-09,” meaning that the post was written years before today.

This Friday our class met with Stuart West, Wikimedia Foundation Board Member, Mike Godwin, Wikimedia General Counsel and Phoebe Ayers, Wikimedia volunteer to discuss the future of Wikipedia.

Wiki markup was one of the first impediments to participation that came up. There is a huge dichotomy between users who participate and the general public that sees wikipedia as a read-only medium. Though intuitive to Wikipedians and users accustomed to searching online for answers to complex questions, the markup can be confusing and alienating to those unfamiliar with its syntax. A solution must come from the standpoint of social norms as well as a technical issues.

How can Wiki markup itself and the help pages not be a barrier to entry for participation? How can social norms around Wiki editing be changed?

West was curious why communities on Wikipedia have grown in certian areas and not others. One of the hopes of Ayers, an avid Wikipedia contributor herself was that more users feel comfortable with the Wiki platform.

How can participation be facilitated for all communities? When Wikipedia is able to solicit more contributors what complications will arise?

Godwin surprised the course (but perhaps not any fellow Wikipedians) by responding directly to students’ predictions on the course wiki.

Victoria: My prediction is that the speakers are going to be extolling the virtues of Wikipedia and explaining that although the site has gone under some transformations it is still a vibrant force. I would concede that I think it is. Most people I know still immediately turn to Wikipedia for a quick run down of a topic or an answer to a quick question. However, as time moves on the site is becoming less innovative and more standard. I would like to ask them about their understanding and personal experiences in trying to keep Wikipedia young.

It was refreshing to have a guest that looked at our course predictions and was able to interact with the class. Godwin responded knowingly that solutions to these problems were not only needed, but also being actively discussed within Wikimedia.

What are your thoughts on the future of Wikipedia? Do you contribute to it? How much do you use it in your daily life? What would cause you to participate in creating content?

Follow along here: http://freegovinfo.info/node/2877

and use the #lawgov hashtag on Twitter.

At the forefront of the security on the Internet, there lies the security problem of identity. How can internet users maintain their right to privacy while at the same time securing identity information when necessary?

IP addresses are the means by which information is passed from one destination to another online, and play a role in identity online. Given the number of IP addresses available in its current iteration IPv4 and the increasing number of devices that utilize IP addresses, the urgency for a new solution is becoming apparent.

IPv6 is a new protocol that will consist of longer IP addresses (128-bit rather than 32 to be exact). IPv6 has many advantages, including increased address space, larger data packets, the potential for individual devices to have their own IP addresses. The ability for individual IPs will simplify network design and allow more specific connectivity. (For those of you about to search for IPv5, here’s your answer, and also the Internet Society or ISOC has a good Q and A on the details of IPv6 )

The International Telecommunications Union (ITU), a United Nations agency is working to improve international technological infrastructure and seeks to aide connecting the world via technology. The ITU settles long-distance international dialing country codes, so many hope that they can provide an impartial source of distribution for IPv6 addresses, as compared to the ad-hoc distribution of IPv4, whose irregularities have be seen as unfair.

Their work spans government and industry and are currently working towards online child protection, addressing cyberthreats and also creating the cybersecurity gateway with links to resources such as conferences and papers.

Who should have the control over IP distribution? What is the best way to implement a new protocol? What types of problems arise when individual devices no longer have to share IPs?

Another solution to the identity question are platforms like Oauth and the communities such as Kantara that support such technologies. Oauth is an open protocl giving users the power distribute varrying degrees of access to content on a particular site or platform.

Would this type of implementation be ideal? What risks are involved? What potential downsides (if any) are there to so much customization?

To deal with the issue of identity, many have suggested having a government issued online identity, much like a drivers license ID.

Will people online trust and warmly receive a government issued ID? How would the government deal with the problem of online identity theift? How could this ID be misused to track people? What are commercial and interpersonal situations where it would prove beneficial to have an online identity (ie: receiving a phone call or buying an app)? How would this change the relationship between people and corporations for the identity of each of them?

Another government impelmented approach is outlined in the White House’s Cyberspace Policy Review. This document outlines near-term and mid-term action plans, including short term goals that raise many relevant questions.

(excerpts from p. 37 of the report)

Appoint a cybersecurity policy official responsible for coordinating the Nation’s cybersecurity policies and activities; establish a strong NSC directorate, under the direction of the cybersecurity policy official dual-hatted to the NSC and the NEC, to coordinate interagency development of cybersecurity-related strategy and policy.

Designate a privacy and civil liberties official to the NSC cybersecurity directorate.

Initiate a national public awareness and education campaign to promote cybersecurity.

Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.

Prepare a cybersecurity incident response plan; initiate a dialog to enhance public-private partnerships with an eye toward streamlining, aligning, and providing resources to optimize their contribution and engagement

In collaboration with other EOP entities, develop a framework for research and development strategies that focus on game-changing technologies that have the potential to enhance the security, reliability, resilience, and trustworthiness of digital infrastructure; provide the research community access to event data to facilitate developing tools, testing theories, and identifying workable solutions.

How can the government implement these plans while serving privacy and civil liberties? What are best practices for an incident response plan? What is an appropriate and effective way to educate about cybersecurity? What does a strong cybersecurity policy look like?

Yesterday we had a conversation about Human Ubiquitous Computing (Human UbiComp) with Lukas Biewald founder of CrowdFlower, Bjoern Hartman creator of the Mechanical Turk Cats Book and Aaron Koblin a conceptual artist who works with Amazon Mechanical Turk (AMT) to create art such as Ten Thousand Cents and The Sheep Market.

Human UbiComp has been described by Professor Zittrain as “fungible networked brainpower, ” or the ability for strangers to pay other strangers small amounts of money to complete menial tasks on the internet. The concept and the potential problems are described in a video by Professor Zittrain and more academically, in a paper.

One of the first things we discussed were the quality control metrics of Crowdflower that are absent on other Human UbiComp sites such as Amazon Mechanical Turk. This allows for quality control and also offers higher reliability of work as an incentive for cost of use of the platform.

CrowdFlower sends tasks specifically to African refugee camps, in areas where data plans are a low expense and work is difficult to come by. There is an app that works in conjunction with this program called Give Work, that allows users to complete the same tasks sent to these refugee camps for quality matching, to determine subjective factors such as cultural idioms or understandings that make certain tasks difficult for international communities to complete.

In CrowdFlower, just like in all successful UbiComp platforms, successful tasks must be clear enough that they almost have a “pass/fail” nature to them, said Biewald. But at the same time, these tasks inherently contain some degree of ambiguity,

Bjoern Hartman, after completing a book completely created with content from Mechanical Turk, amazing cat stories to be exact, began wondering what the opinion of the Turkers (as they’re called amongst those in the know) was of his use of their paid content for a book. He did the obvious, and asked them for their opinion of the book, on the site itself, for a small amount of pay, just like any other job on the site. He found that there was more criticism in the comments of a Boing-Boing entry about his work than he found from posting within the community.

We repeated this protocol, but about all of Human UbiComp for our course, and the results can be found here.

Aaron Koblin, used Mechanical Turk to solicit 10, 000 individual sheep drawings. He received 662 non-sheep total and only one of these drawings asked him, the creator of the task “why are you doing this?” He also received numerous emails after the project from people also wanting to draw and submit sheep, for free. He found that some people would spend up to 45 minutes on a particular sheep drawing, while others would complete their drawing in one minute or less.

Are these types of work legitimate labor? What types of concerns does it raise for the workers, the employers and the websites that facilitate these types of actions? We’ve divided up the three most tangible, pressing problems into three separate posts so that you can leave your comments on each accordingly:

Is government use of UbiComp ethical?

Should political and civic action be crowdsourced?

Is UbiComp denying workers’ rights?

Workers on Amazon Mechanical Turk were asked

What are the biggest challenges for crowdsourced work?

What are the biggest challenges or problems facing mechanical turk
workers like you today? What don’t you like about working on tasks?
What problems have you run into?

Write at least one sentence, at most one paragraph.

by Bjoern Hartmann, the creator of the crowdsourced book Amazing But True Cat Stories during our course discussion. He received many interesting responses quite quickly. Responses are below, in chronological order.

The biggest challenge is there is not enough credible work loaded into the system on a regular basis. I find the tasks that require me to sign-up for any form of service to be quite annoying. I wish there was more work for higher pay and that there was also more data entry tasks. The only problem I have is the lack of communication between
the requestor and the worker.

It is difficult to find tasks that pay enough to be worth the effort.

What irritates me the most is getting work rejected for no good reason. I shouldn’t complain as, overall, I have a high acceptance rate. But when I can’t determine what I might have done wrong, it makes me wonder if I’m being cheated. I often stay away from HITs where the “right” answer is determined by the level of agreement among those who answer the question. The “crowd” isn’t always well informed. Finally, I wish the people who post HITs would allow a generous amount of time to complete them, unless there is a reason for keeping completion time short. There have been too many occasions when I’ve been working away and time ran out unexpectedly. I try to remember to check the countdown, but don’t always succeed.

It is sometimes difficult to become qualified for working the tasks after submitting the test.

I had a bad experience with the Mechanical Turk system. I had a HIT rate of 98 %, but once a client rejected 40 HITS of mine by mistake. He realized this mistake and tried to rollback the rejects, but the system would not allow him to do so. As a result my HIT acceptance rate came down to 80 % and I was not able to perform many HITS which I could have easily done. I took it up with Amazon support team, but they were very callous and just said that they are sorry but they can’t do anything about it.

Lack of ability to communicate with requestors is the biggest source of frustration.  Also, it is discouraging to find so few research/academic tasks, with most work related to SEO.  Being banned/blocked by requestors because of a misunderstanding of the task is a real danger, since we don’t have a means of getting clarification before we submit the work.

Sometimes a task application doesn’t work the way the requester intended and you’re unable to submit your work.  Sometimes a task depends on you running a certain operating system.  Tasks almost never pay enough, at least for US workers.  It would be nice to earn a part time income doing HITs but it’s really nothing more than a hobby.

THAT WAS GOOD AND CHALLENGES TO LIFE.

The biggest challenge for me is balancing the reward, the time it will take to complete a task and the trust I put into the requester. In other words, will the time I will put in this request worth the reward and is there a chance the requester is going to rip me off ?

The biggest challenge of crowd-sourced work is finding HIT’s that are easy to do in a reasonable amount of time that pay a reasonable sum of money. I rarely find anything that isn’t spam or unreasonably demanding to complete.

The mechanical turk workers are facing the problem or rather the biggest challenge is that they are not so quality conscious as is being expected of from them.  There is not much problem except that sometimes very little is being offered for a work which demands more in this age of inflationary pressures.

The biggest challenge is needing money in today’s economy and having to accept pennies at times, when the work deserves a lot more compensation. To be fair, some requesters are very generous, but they are the minority. But, one does what one needs to do to pay the bills.

A government seeks to identify its dissidents. This government has a pre-existing cache of photos linked to names and addresses, for the national identity card system. They also have reasonably high quality images and video footage from a recent protest. The government, theoretically, could ask participants in UbiComp sites to determine gender and age-range features of the identification photographs, and then ask users to match faces with high accuracy, speed and low cost. This would, of course, help the government investigate and track down their dissenters.

Does this change your opinion on Human Ubiquitous Computing? How so? What might companies do to guard against this type of action while maintaining their full functionality? Should the participants in UbiComp platforms be required to understand the end goals of their jobs?