Friday, 28 December 2012

Jo Swinson and Randi Zuckerberg – accelerating towards a digital meltdown

Mark Zuckerberg is the founder of Facebook. His sister Randi works in the marketing department. She used Facebook to circulate a family photograph to her friends. She was shocked to discover that the photograph was promptly published for all and sundry to see. The story is covered by Forbes magazine, 26 December 2012 @ 8:52 a.m., 904,546 views at the time of writing:
Oops. Mark Zuckerberg's Sister Has A Private Facebook Photo Go Public.

Being a member of the Facebook founder’s family won’t protect you from having your privacy breached on the social network. On Tuesday night, Randi Zuckerberg — older sister to Facebook’s CEO — posted a photo from a family gathering to Facebook (of course), showing her sisters using Facebook’s new Snapchat-esque ’Poke’ app on their phones, with Mark Zuckerberg watching with a confused look on his face. It popped up on the Facebook newsfeed of mediaite Callie Schweitzer who subscribes to Zuckerberg. Assuming the photo was a public one, Schweitzer tweeted it to her nearly 40,000 Twitter followers. Zuckerberg was not pleased.
Mr Zuckerberg may not be the only one with a confused look on his face – what does it all mean? Forbes explain the unfortunate incident thus:
The Facebook Privacy Setting That Tripped Up Randi Zuckerberg

... Callie Schweitzer ... thought the photo was a public one when she spotted it in her newsfeed. In fact, she saw it because she was friends with a person tagged in the photo, one of the Zuckerberg sisters. She was able to see the photo because of a privacy setting that you may or may not realize exists. When you post a photo, you have a range of options as to who gets to see it, from the generic ones — Public, Friends, Fill-In-Your-Schoo-Here, Fill-In-Your-Work-Here — to any lists you may have created — Creepers, Ex-Boyfriends, People I barely remember, Family, People I secretly hate, etc. You may choose “Friends,” as Randi Zuckerberg did, and think your photos can then only be seen by your friends… but you’d be wrong.
It looks as though Ms Zuckerberg made a mistake. As though she got her privacy settings wrong. That wouldn't be surprising. Designing the protocol even for fairly primitive social intercourse is hard work and it can take years of negotiation before the experts involved agree. Then you've got to educate people how to use the protocol. That takes time, too.

Facebook doesn't have years. More like months or even weeks. The company publishes dozens of pages of information about Facebook's privacy settings. People may or may not read them and/or understand them. Mistakes are bound to be made.

Some readers will remember 36 years ago when IBM came up with Resource Access Control Facility, RACF – a system to make sure that only properly authorised users could access any given network resources. It was hard work getting it right then. It still is. The difficulty is unavoidable. Wherever access control is required, wherever there are privacy settings to be made, wherever you need to grant or withhold permission, expect problems.

Wherever. That includes midata, the Department for Business Innovation and Skills (BIS) initiative which is meant to "empower" consumers.

BIS want us all to maintain Personal Data Stores (PDSs) on the web. They claim that we shall have control over the data in our PDSs. We shall be able, they say, to grant access to our data to some suppliers and withhold it from others. Some apps will have permission to use our data. Others won't.

BIS's favoured PDS supplier seems to be Mydex and according to their website:
Mydex gives individuals back control over their personal data
Really? Like Facebook? Storing all our data on the web with an unknown third party gives us control over it? How? What is there to stop us all ending up in the embarrassing situation of Randi Zuckerberg with all our personal data published for all to see?

If we agree to use PDSs, nothing.

These questions were put to Ed Davey a year ago when he was the first minister in charge of midata. How will midata put consumers in control? He didn't answer. Neither did his officials. The same questions have been recently put to Jo Swinson*, the latest minister in charge. Same response. And they have been put to Mydex several times over the past 18 months. Still no answer.

It's not just BIS promising to give us control over our own data. The UK's Government Digital Service (GDS) are doing the same, Digital public services: putting the citizen in charge, not the state. Seven so-called "identity providers" have been appointed to put us citizens in charge, Mydex being one of them.

Ex-Guardian man Mike Bracken is the chief executive of GDS and the senior responsible officer owner for the UK government's Identity Assurance Programme. The idea is to create a platform involving these identity providers from which we can all access public services. As Bracken says:
Accelerating towards a digital future

... We will look to improve user journeys across the platform, add more transactional services and offer richer functionality, especially social features ... Our design and creative teams will ensure a simple, consistent and beautiful experience for all users ...
No reason has ever been advanced to believe GDS's claim that accessing public services can be just as easy and fun as using Facebook and Google and Amazon and eBay – the rigours of RACF persist, however jauntily GDS pretend that we can all be put in charge. And as Randi Zuckerberg's experience makes clear, it isn't always easy and fun using Facebook.

----------

* Jo Swinson has now kindly promised to respond:

No comments:

Post a comment