Re-envisioning privacy and security online

The combination of our conference this week on digital identity, JZ’s paper and forthcoming book on Generativity and his OII inaugural lecture, this morning’s WSJ, and all manner of other things has convinced me that we need a new framework for thinking about privacy and security in the digital world.

On a plane this morning from SFO-PDX, I read found (at least) three articles that made this problem plain to me, again. One was the piece on the Consumer Privacy Legislative Forum’s day on the Hill yesterday (see the CDT et al. statement), in the context of which Meg Whitman of eBay and Nicole Wong of Google and others made the case for laying “a foundation for a long-term approach to privacy protection” (Whitman, as quoted in the WSJ). Wong wrote, correctly in my view, that “this matrix of [privacy/security] laws is complex, incomplete and sometimes contradictory.” She went on to say: “On an Internet beset with spyware, malware, phishing, identity-theft, and other privacy threats, enforcement of privacy protections has become an industry-wide challenge.” The WSJ story on MySpace and its advertiser relationships — in the wake of a $30 million lawsuit against the company related to online safety of a user — made the same point, implicitly. A nice Web2.0 story on Boston-based Tabblo didn’t have to make the point that anyone can post online photos about anyone, mash them up into a collage, and publish — to anyone else, and everyone else.

The creative opportunities of the web have never been more wonderful and should be embraced. But the privacy and security stakes are rising as we bring our digital identities come online, more and more, and as our digital native children start to experience the good and the bad of this brave new world. What’s the role of schools, and universities, and parents, and kids, and companies, and governments? As the wisdom of the crowd is relied upon to make more and more decisions, what’s the due process when your privacy and security is at stake, if things go wrong? JZ has some good ideas, and so do others. We need to get on with the planning and the building of this foundation, and fast.

(If you’re having trouble grasping the digital ID part of this equation, zip over to ZDNet, where David Berlind does his usual amazingly lucid job of putting it all in context in his review of the Higgins Trust Framework — and n.b. the “spectrum” that he describes, which is right on. Berlind writes: “By the end of the panel, I was visualizing a spectrum of attitudes about technological expression of identity that range from the very negative to the very positive. On one end are the warning signs about what could happen if the right checks, balances, and governance aren’t in place. On the other end is hope. Hope that idenitity could be tapped in a fashion that serves the greater social good.”)

Law + Economics of Cyberspace at University of St. Gallen

Today and tomorrow, I’m up on a hill in an eastern canton of Switzerland, teaching a two-day course on cyberlaw to graduate students at the University of St. Gallen with our friend and colleague Urs Gasser. The format is a good one: a framework for each of the eight, two-hour (!) classes by the prof, and then student papers presented for the balance of the time, plus discussion.

The first up is a student giving quite a nice paper on privacy-enhancing technologies and their relationship to e-commerce. She is emphasizing the broad lack of awareness of privacy-endangering aspects of life online; the series of technologies and legal remedies to which users have access; and the curious, or unfortunate, fact that Internet users have not widely adopted privacy-enhancing technologies, in Europe and elsewhere. So, should the state step in to ensure that we look after our own online data privacy, absent users helping themselves?

A social norm, separating Switzerland and the United States: at the end of a student presentation, I was the only one clapping. Everyone else: rapping on the table. A cool, maybe better, sound.

Computing and education

I’m in the computer room at a grand old hotel in New Paltz, NY, the Mohonk Mountain House, fretting about what to say to a group of school business managers gathered here under the banner of the NYSAIS. I’m here to talk about computing and education. (At the Berkman Center, this topic is one of our three core thematic areas of inquiry, along with Internet & content issues like IP and Internet & democracy. Charlie Nesson, JZ, and Colin Maclay do a much better job than I do in keeping this issue in the foreground of our work.)

The best part about attending a similar event last Fall was meeting several inspiring and insightful teachers. Some of them not only blog themselves, but think hard and well about computing and teaching. One of those teachers is Arvind Grover, whose blog I was scanning by way of research for some of those inspired thoughts I recall him having. For one, he thinks that “We need to be training our students to be problems solvers, not fact-repeaters. I advocate for computer science starting lower school and going all the way through college. The effect of technology on the world has been dramatic and it continues. … If your school does not have a computer science program, you must ask yourself why not? If your school does have a computer science program, you must ask yourself is it the right one?” He refers us to a ComputerWorld article on the future of computer science.

I agree. But I’m also puzzling over another, related question. If you are teaching today’s Digital Natives but not using technology to do so, why not? And if you are, what’s your purpose in doing so? You may well have a good reason NOT to use computing in any way in the teaching process. A professor at Harvard Law School, Elizabeth Warren, makes a compelling case about how she teaches using the Socratic method and the extent to which that method is about a highly focused, person-to-person exchange in the classroom (and associated benefits to onlookers who are not looking at IMs and smirking about what someone just sent them). Absent a specific pedagogical reason of this sort — and there are many — I think any educator, at any level, has to ask themselves if they are in fact engaging students in the digital environment in which a large percentage of their students immerse themselves. It does not mean everyone has to teach computing, or the law of computing, or some off-shoot of it. But I do think that it’s becoming increasingly important to join the issue in schools of all levels. What is your strategy for using computing as part of the teaching and learning process? If you ignore computing, are you effectively preparing your students for where they head next? Are you engaging them where they are right now? Are you, and your students, contributing to the emerging digital commons of shared knowledge? And are you making the most of your community’s digital identity? Charlie Nesson asks, “What’s your cyberstrategy?”  The answer might be no, or I don’t have one, or I don’t care, but failing to ask the questions strikes me as the big potential mistake.