Meta tidbit: Going meta, briefly, on the emerging art of conference blogging. I’ve been wondering: What’s the optimal amount of blogging of a conference, in terms of frequency, length, and topic? JZ says the goal should not be coverage, but to exposure worthy tidbits. That’s to say, as many as a few posts a day if there are worthy things to say, or no posts if the conference totally stinks. (JZ is blogging a key aspect of Hal Abelson’s provocation so we can see what he means by a “tidbit” when that’s up.)

Process/experimentation tidbit: there are three breakout groups, each using MindManager in the breakout rooms. From a mission-control, a few of us have a view across the three MindMaps through a networking tool called MindJet. It works great for viewing all the conversations as they emerge in real-time. It also lets one intervene from the center — but that is not necessarily welcome, it seems, as the MindManager scribes have enough to do to keep track of the conversation, and chatting with the curators doesn’t seem to help their focus much. It’s cool to be able to intervene and to ask clarifying questions, but not necessarily productive to the whole, it seems. It’s great to be trying this out in real-time, though.

Substantive tidbit: from the first session, part of MIT prof Hal Abelson’s provocation. In the end, the way to go is to build accountable information systems, says Hal. He cited a letter he (and many of us) got from Bank of America which said that data about some customers had escaped from a third-party location and that B of A is tracking our accounts to see if anything is going wrong as a result. Hal says that this may be lawful, but it’s not accountable. He wants to know more: who had the data, why they had it, what it was, what happened in the breach, what risks he is running as a result, and so forth. He also says not to worry so much about the collection or mining of the data, but rather about decisions made about you based on these data. (I have a sense already that this is not a consensus view among other attendees — to be tested out!)

A final Bostonian’s tidbit, off to the side: In the command-central room for IAPP, there’s a side conversation about the MBTA’s Charlie Tickets v. Charlie Cards. These are the cards you buy to go on the Boston-area subway system. If you use an Charlie Ticket, rather than a Charlie Card, you pay more per ride, but there’s little chance your movements could be tracked, so one way to see it is that there’s a explicit premium per ride for your privacy. Richard Stallman has an alternate approach, apparently: swapping zero-value CharlieCards to frustrate any user tracking while not having to pay the privacy premium.

Privacy turned out to be a major part of our research into how young people use new technologies differently from their parents and grandparents. In our book, Born Digital (coming out in the next few weeks; and now the book’s website from the publisher is up), we started with a single chapter on Privacy and ended up with three: Identity, Dossiers, and Privacy. (Berkman summer intern Kanu Tewari made a video rendition of our Dossiers chapter; and the project’s wiki has a section on Privacy.) I look forward to testing those ideas with a bunch of privacy pros who will no doubt help to refine them.

As a special bonus: They’ve partnered with the MindJet people — makers of MindManager, which I love — to document the event and to extract key themes in an organized digital format. I’m looking forward to learning some MindManager tricks.

Before I picked up “The Future of Reputation,” Solove had already played an important part in my own thinking about online privacy. The term that he coined in a previous book, “digital dossiers,” is a key building-block for the chapter of the same topic in Born Digital, which Urs Gasser and I have just finished (coming out in August). Solove advanced the ball in a helpful way, building on and refining previous scholarship of his own and that of Jonathan Zittrain, Paul Schwartz, Simson Garfinkel and others.

This book has the great virtue of being accessible to a reader who is not a privacy expert as well as being informative to those who know a good bit about it to begin with. Solove repeats a lot of lines that one has heard many times before (for instance, at the outset of Chapter 5, Scott McNealy’s line: “You already have zero privacy. Get over it.”), but also introduces some new ideas to the mix. It’s good on the theory, but it also offers practical policy guidance. He also poses good questions that could help anyone who wants to think more seriously about how to manage their reputation in a digital age.

One other thing I appreciated in particular: Solove is clearly a voracious reader and does an excellent job of situating his own thoughts in within the works and thought of others (variously Henry James and Beecher; Burr and Hamilton; Warren and Brandeis; Brin, Johnson & Post, and Gates) and in historical context, which I much enjoyed.

As for the Kindle itself: it’s fine. I don’t love it, but I also have found myself bringing it on planes with me lately, loaded up with a bunch of books that I’ve been meaning to read. So far, the battery life has been poor (might be my poor re-charging practices), so that the technology of the Kindle is sometimes less good than the technology of the classic book (which cannot run out of batteries in the middle of a long-haul flight, as my Kindle always seems to). The eInk is soft on the eyes; no problem there. The next and previous page functionality is fine, and the bookmark works pretty well. And FWIW, I’ve now got Mark Bauerlein’s “The Dumbest Generation: How the Digital Age Stupefies Young Americans and Jeopardizes Our Future (Or, Don’t Trust Anyone Under 30)” on there, which is up next for a review — as its premise cuts against the grain of Born Digital.  One advantage of the Kindle is cost, once you have device: the Solove and Bauerlein books cost a mere $9.99 each.

1) The software does not fully, accurately, clearly, and conspicuously disclose the principal and significant features and functionality of the application prior to installation.

The My SHC Community application’s only mention of the software’s functionality outside of the privacy policy and user license agreement (ULA) prior to installation is in a sentence of the fourth paragraph of a six paragraph introduction to the community. It states that “this research software will confidentially track your online browsing.” It does not make clear outside the privacy policy and ULA that this includes sending extensive personal data to Sears (see below) or that it monitors all internet traffic, not just browsing.

2) Information is collected and transmitted without disclosure in the privacy policy.

There are two privacy policies available to users of My SHC Community and the accompanying software application. All of the behaviors noted in this report are disclosed in one version, which is shown to and accepted by users during installation. However, when viewing the privacy policy on the website or from the link included in a registration confirmation e-mail, a different version of the privacy policy, which does not include any information about the software or its behavior, appears, unless the user is currently logged into the My SHC Community site. This means, for example, that a user checking the privacy policy from a different PC may not see the privacy policy that s/he originally agreed to.

3) The software does not clearly identify itself.

While running, the My SHC Community application gives no indication to the user that it is active. It is also difficult to tell that the application is installed, as there are no Start menu or desktop shortcuts or other icons to indicate its presence.

4) The software transmits data to unknown parties.

According to SHC and comScore, the parent company of the software developer, VoiceFive, the My SHC Community application collects and transmits to Sears Holdings’s servers (hosted by comScore) extensive data, including websites visited, e-mails sent and received (headers only, not the text of the messages), items purchased, and other records of one’s internet use. This is not made clear to the user separate from the privacy policy or ULA, as required by StopBadware guidelines. Sears Holdings Corp. commits in its privacy policy “to make commercially viable efforts to automatically filter confidential personally identifiable information,” but is unable to guarantee that none of this information will be sent or stored.

We’ve spent time on the phone with the team at Sears Holding Corporation (SHC) about their app. SHC has informed StopBadware that they are significantly improving the My SHC Community application disclosure and privacy policy language and adding a Start menu icon in an effort to comply with our guidelines and address privacy concerns. They expect these changes to be implemented within 48 hours. At StopBadware, we have not evaluated these planned changes at this time. SHC has also informed us that they have suspended invitations to new users to install the application until these changes are implemented.

Our news release on this report is here.

The Berkman Center, StopBadware, Google, Medium, and EDVentures present Cookie Crumbles. It’s a fun contest for people who like to make short, humorous (yet meaningful) videos and posting them to YouTube (there’s a Cookie Crumbles group set up for contest purposes). We are looking for short YouTube videos that address these questions as accurately and as creatively as possible:

Most people know cookies as a treat best enjoyed with milk. When it comes to web cookies, however, many users want to know more:

* What is a cookie?
* How do cookies work?
* How can cookies be used?
* How is the data from cookies used with data collected in other ways, including from third parties?
* How can cookies be misused?
* What options does a user have to manage cookies and their use?

The top few submissions, as determined by a combination of YouTube viewers and Berkman Center staff, will earn their creators a trip to Washington, D.C., where their videos will be aired and discussed at the United States Federal Trade Commission’s November 1-2 Town Hall workshop entitled “Ehavioral Advertising: Tracking, Targeting, and Technology.” Several prizes will be awarded by a panel of judges and discussants including Jeff Chester, Esther Dyson (who blogged the contest here and here), and others, moderated by the Berkman Center, and including one grand prize of $5,000. Submission guidelines and more can be found here.

Ira Rubinstein is here with us at the Berkman Center today to talk about Microsoft’s corporate policies on privacy. Ira was joined yesterday here by Brad Smith, Microsoft’s General Counsel, who spoke last night on the topic of innovation, interoperability and IP, and Annmarie Levin, like Ira an Associate General Counsel and with whom we’ve been working on interop and innovation.

Ira’s lunch talk is on the company’s privacy guidelines, which have been posted online, in a 49-page document, since last October. Ira’s testimony to a US Senate committee on privacy in 2001 is also posted here.

As his slides and the policy document states, the core commitment is that “Microsoft customers will be empowered to control the collection, use, and distribution of their personal information.” This commitment drives through to a set of detailed definitions, and then to guidelines for privacy protections when developing software.

Microsoft has gone to a “layered” approach to privacy statements. There’s a basic document with a lot of links to privacy statements by type of application or topical area. One discussion topic: can a layered approach result in greater disclosure and clarity to users?

Microsoft has stated its support for comprehensive privacy legislation in the United States. My comment, not Ira’s: as an idea for comprehensive privacy legislation: what about a format regulation promulgated by the US FTC that ensures that consumers can know where to look for information about how personal information is handled?

The nature of what kind of personally identifiable information that the policies need to cover is changing as the company continues to grow and add business lines. Microsoft announced six months or so ago a new initiative into the health care domain, covering electronic medical records and so forth. All of a sudden, the type of information that Microsoft might collect about you has changed (expanded) radically.

Much of the conversation, prompted by JZ and Ben Adida, revolved around a lawyer’s problem: what happens after a subpoena arrives seeking personally identifiable information. Ira: “I agree that Data minimization is a desirable goal” from a privacy perspective. The hard question buried here is the role of technology intermediaries in retaining information that might help law enforcement v. protecting the privacy of customers.

Should Microsoft, and other companies wishing to be leaders in the security space, let people be idiots? With the “Stop Phishing Filter,” Microsoft gives you a series of choices: set the phishing filter to automatic, set it to manual, or ask me later — but not “no thanks” for this phishing filter. Is “no thanks” a choice they should offer, even if that’s a very poor choice for a user to make?

JZ is the semi-formal respondent: He keys in initially to the notion of making affirmative choices to design privacy protection into software. JZ wants an interface where a consumer could check in on the conversations going on in the background as clients connect back to servers. Or a periodic audit, where you’re prompted to go back in to check periodically on all the pinging that’s gone back and forth. He’s also keyed in on the possibilities for government surveillance in a world of software-as-service instead of products.

I was resetting my Bloglines account this morning, adding some new feeds, taking out some that I don’t read, and so forth. I searched on a friend’s web moniker (”Whirlycott”) to find whatever feeds he might be offering. Up popped a feed related to a web-based invoicing service he uses entitled (”[His Name] Invoices”) to which I could subscribe in Bloglines. I am not sure what it would have rendered — I did not subscribe! — but I thought it worth mentioning to him. It turns out he has been mad about this privacy problem for months. His initial post, worth reading and reviving as an issue of public discussion, is here.

I credit the fact that this may not be (just) a “Bloglines issue” but rather an “RSS industry” issue. But it’s a real problem if we are to continue to express ourselves via these citizen-generated media tools that offer RSS feeds, and moreso if we move into the promising realm of using RSS feeds to support other productivity-type tools. The privacy problems that already exist in cyberspace are enough to tackle; we need to get in front of an RSS privacy problem before it grows into yet widespread issue. After this morning’s experience, it’s clear to me it’s already a problem.

(Following the thread a bit, there’s another post in the series, including, some months ago, a note from someone appearing to be with Bloglines saying that they know it’s a serious problem.  How can we fix it, gang?  If it’s not a Bloglines-only issue and it’s a community issue, what has to get done?)

On a plane this morning from SFO-PDX, I read found (at least) three articles that made this problem plain to me, again. One was the piece on the Consumer Privacy Legislative Forum’s day on the Hill yesterday (see the CDT et al. statement), in the context of which Meg Whitman of eBay and Nicole Wong of Google and others made the case for laying “a foundation for a long-term approach to privacy protection” (Whitman, as quoted in the WSJ). Wong wrote, correctly in my view, that “this matrix of [privacy/security] laws is complex, incomplete and sometimes contradictory.” She went on to say: “On an Internet beset with spyware, malware, phishing, identity-theft, and other privacy threats, enforcement of privacy protections has become an industry-wide challenge.” The WSJ story on MySpace and its advertiser relationships — in the wake of a $30 million lawsuit against the company related to online safety of a user — made the same point, implicitly. A nice Web2.0 story on Boston-based Tabblo didn’t have to make the point that anyone can post online photos about anyone, mash them up into a collage, and publish — to anyone else, and everyone else.

The creative opportunities of the web have never been more wonderful and should be embraced. But the privacy and security stakes are rising as we bring our digital identities come online, more and more, and as our digital native children start to experience the good and the bad of this brave new world. What’s the role of schools, and universities, and parents, and kids, and companies, and governments? As the wisdom of the crowd is relied upon to make more and more decisions, what’s the due process when your privacy and security is at stake, if things go wrong? JZ has some good ideas, and so do others. We need to get on with the planning and the building of this foundation, and fast.

(If you’re having trouble grasping the digital ID part of this equation, zip over to ZDNet, where David Berlind does his usual amazingly lucid job of putting it all in context in his review of the Higgins Trust Framework — and n.b. the “spectrum” that he describes, which is right on. Berlind writes: “By the end of the panel, I was visualizing a spectrum of attitudes about technological expression of identity that range from the very negative to the very positive. On one end are the warning signs about what could happen if the right checks, balances, and governance aren’t in place. On the other end is hope. Hope that idenitity could be tapped in a fashion that serves the greater social good.”)