Facebook’s loosening sense of privacy

I am quoted in this weekend’s Financial Times, in Tim Bradshaw‘s article about Facebook’s new privacy settings [registration may be required]:

Chris Applegate […] was dismayed to discover that applications installed by his friends could see his data unless he chose to opt out, an option not given in Facebook’s latest reminder. “I’ve always kept a tight rein on the apps I install. But it only takes one friend to install a malicious app and . . . my information is compromised,” he said. “There is a great potential for leakage.”

Tim & I had quite a long chat and obviously he couldn’t include it all, so here’s a bit more information about the situation. It all came about from a chat on Twitter I had with Kathryn Corrick; a few days ago I had seen a popup dialog on Facebook asking me to update my privacy settings; I could keep the old ones or (as suggested) I could make more of my Facebook details public.

I’ve taken care to keep much of the private data on my Facebook account properly private; my public profile is quite limited and only friends can see anything I want to keep personal. Seeing no reason to change this, I kept the settings as they were and left it that. But then a few days later, in our conversation Kathryn warned that there were new privacy settings added in, so I checked it out. And lo and behold, there’s a section I hadn’t seen before, in the “Applications and websites” section, called “What your friends can share about you through applications and websites”:

Facebook's friend's applications and website privacy settings

I am nearly certain this page did not exist before (this comment on Mashable remarking on its newness seems to agree). I try out a lot of Facebook apps and then ditch them, so I periodically check my settings to make sure they’re not still enjoying privileges on my data (Facebook apps retain permission to access your data even after they are uninstalled, presumably in case you want to install them again). I don’t recall seeing it then, and I definitely was not asked about these new privacy settings in the migration process, during which I just asked to stick to my old settings – as this how-to or indeed Facebook’s own tutorial video bear out.

Allowing my friends to look at my status updates & interests via the web or mobile interface is fine by me – else Facebook is pretty useless to them. But allowing apps or websites they have installed or allowed to access this data is another level entirely; all it would have taken would have been one friend who is not so tech-savvy to install a malware-infected app and my data would have been at risk, regardless of how careful I am with what I install. Even more alarmingly, the default options are to be very open about this information; Facebook assumes you want to share nearly all of this data with your friends’ applications by default – as you can see above, only two of these (Family/relationship & religious/political views) are excluded from being ticked.

So my advice? Re-review your privacy settings, especially the applications and websites section; pay special attention to the applications you have installed – the ‘Learn more’ button is a misleading link which eventually leads to the page that allows you to check these; pay extra-special attention to the ‘what your friends can share about you’ page and uncheck all the boxes you are not comfortable sharing with applications your friends may install (depending on how tech-savvy your friends are and how much you trust them to not install anything malicious) – I strongly recommend doing this part especially.

To round off, it’s worth remembering that Facebook is not a charity; it is a commercial venture that has always existed to take the userdata it has acquired and sell advertising based on it, a very old-school way of making money on the web. Whereas on the other hand, for years the more enlightened have been talking of open web services and APIs and the ability to mash up data from a variety of sources, and creating value from that. In many ways the Facebook application platform is fast becoming a combination of the worst elements of these two differing attitudes – the craving to make money no matter whether it might endanger their long-term interests, and the craving to share data without any respect as to what that data is or who it is meant for. Facebook are not being evil or stupid, but they are being remarkably casual with user privacy; they ought to remember that no-one running a site that relies on the goodwill of its users can afford to take them for granted for too long before their users find somewhere else to go.

“Piracy” and “anti-piracy”: A brief history from the Dark Ages to the Early Modern era

A second blog post in a week? Blimey.

The pejorative term ‘pirate’ is often used for those who infringe on copyright, and I’d assumed (for some reason) it was a modern term; maybe stemming from the pirate radio of the 60s, made popular in the Home Taping Is Killing Music era, etc. Turns out I was wrong by nearly 400 years.

In English, the word ‘pirate’ dates from at least the late 14th century, but the first recorded use of the word to mean an intellectual property infringer rather than marauding sea bandit, is by Elizabethan author Thomas Dekker; in his The Wonderful yeare (1603), among the excessively flowery prose in the introduction, he fulminates:

Banish these Word-pirates, (you sacred mistresses of learning) into the gulfe of Barbarisme: doome them euerlastingly to liue among dunces: let them not once lick their lips at the Thespian bowle, but onely be glad (and thanke Apollo for it too) if hereafter (as hitherto they haue alwayes) they may quench their poeticall thirst with small beere.

However – admittedly I’m not great on my Elizabethan English – it appears the aim of his ire are plagiarists and derivative poets, rather than people reproducing his works word-for-word; nevertheless the word gradually came to mean the latter; the OED’s first use of the word in this sense is Daniel Defoe in 1703, discussing in the introduction to an edition of The True-Born Englishman :

Had I wrote it for the Gain of the Press, I should have been concern’d at its being Printed again and again, by Pyrates, as they call them, and Paragraph-Men:

Interestingly, Defoe wasn’t that displeased; he goes on to say:

But would they but do it Justice, and print it True, according to the Copy, they are welcome to sell it for a Penny, if they please.

Ironically, use of the word ‘piracy’ to denote what we would call copyright infringement predates the first copyright law, the Statute of Anne 1709, to which we turn to now. That’s not to say, however, there were measures before that, and sometimes the context of how copyright came about gets forgotten; so it’s worth taking a look.

The practice of copying others’ works was rare – although not non-existent – before the invention of the printing press; the natural constraints of writing and scribing out whole texts made it impossible to mass-produce copies; a rare and incredibly early example of accused copying comes from the 560s, with King Dermot of Ireland mediating a dispute between Fennian of Moville and St. Columba – the former accusing the latter of copying out one of his Psalters (the king ruled in favour of Fennian). But then this was not just historical accident – by making reading & writing the preserve of the clerical class, and making it a deliberately laborious process (think of all that gorgeous blackletter), the Church could control production and distribution of knowledge much more strictly. With no mass readership and no profit motive, unauthorised copying was not a concern; preventing ‘piracy’ wasn’t even a side-benefit, as it did not figure on their radar.

The advent of the printing press certainly meant there were more cases of infringement (an early case cited is that of Wynken de Worde, whose work was copied without authorisation in 1533). Printing patents were an early attempt to regulate the industry, allowing an individual a right to publish works – either a specific work, or more importantly, all of those within a certain subject, often in perpetuity. This was the first attempt to regulate copying – as much out of rewarding favourites and acolytes as to protect markets. But patents had their flaws – by creating a monopoly on subjects they priced many works out of the market, encouraging unauthorised books. And they were only additive – the right had to be granted, so new patents had to be issued for new fields of study; and they did nothing on preventing seditious or undesirable material.

The Stationers’ Company, the guild of printers, opposed the patent system, with its restrictions on general publishing being an extreme barrier to trade. Additionally, with the country increasingly in religious turmoil, clamping down on rebellion and sedition was essntial. With this in mind, in 1557 Queen Mary I granted the Stationers Company an exclusive licence to print and publish, with a register of all published books. Rather than grant additional rights to individuals on an ad hoc basis, this formalised a system covering all publication; monopolies on particular subjects were eschewed in favour of rights linked to individual works, and the rights were entirely the publisher’s – it did not matter if the author was living, or long dead (so it covered ancient works as well as contemporary). You could not publish without being a member of the Company, and members were restricted on what could be published enforced by the notorious Star Chamber. As William Patry details:

After the chartering of the Stationers Company, Star Chamber decrees regulating printing were issued in 1566, 1586 (a particularly important one, drafted by Archbishop of Canterbury John Whitgift), 1623, and 1637. This final decree represented an impressive codification of all the Star Chamber’s printing ordinances. Consisting of 33 clauses, the topics covered in the 1637 decree included prohibitions on the printing of books and pamphlets not licensed by or entered upon the register books of the Stationers Company, and a requirement that licensees ensure that the books they printed did not contain material contrary to the Christian faith and doctrine, or to the discipline of the Church or State. Perhaps this last requirement explains the expansion of the Star Chamber’s authority to include ballads, charts, and portraiture, in addition to books.

Regulations and censorship by Church and State continued up until the turn of the 18th century, although clandestine and illegal publishing still flourished underground. Gradually, the hold of the Stationers Company ebbed away; the Star Chamber was abolished in 1640. The rise of the Enlightenment in the late 17th century brought with it the concepts of enduring literature, personal liberty and individual genius, as did the influence of philosophers such as Locke and authors such as Milton, and growing resentment about the monopoly held by the Stationers. Censorship and control of every book published in England was no longer Parliament’s priority, and in 1694 the Stationers’ monopoly was not renewed.

The Stationers were not, as you can imagine, very happy. For over 100 years they had enjoyed a collective monopoly, which itself had been a way for them to break individual’s monopolies, with the support of an oppressive government anxious to maintain order. With the old political conflicts crumbling away, the main reason for their continued monopoly was economic; however they failed to convince Parliament of the need to secure perpetual publishers’ rights, with a series of proposed bills in the early 1700s that never made it. As a dissenting notes from eleven members of the House of Lords put it, they opposed such bills:

…because it subjects all learning and true information to the arbitrary will and pleasure of a mercenary, and perhaps ignorant, licenser; destroys the property of authors in their copies; and sets up many monopolies.

Facing losing everything, the publishers changed tack; previously having emphasised the hurt to their own industry (and those that depended on it), they started to side with the author and the damage to their livelihood, as well as the negative impact on learning and education in the country. The focus shifted from protecting a valuable industry to safeguarding the nation’s intellect. When, finally, the Statute of Anne was passed in 1710, giving a limited, not perpetual, copyright term to authors, not publishers, it was tellingly entitled: “An Act for the Encouragement of Learning, by vesting the Copies of Printed Books in the Authors or purchasers of such Copies, during the Times therein mentioned” [emphasis mine].

The first fully-fledged modern copyright law in the world, it was the result not just of its time but the culmination of a series of legal measures that had their roots in another era entirely; in that time the economics, politics and philosophy of English society had shifted enormously; the bill both reflected that change but had its roots in a tradition of monopoly and entitlement stretching back centuries.

Postscript: Comparisons of the Stationers’ attempts to reframe the debate from their economic position to the wellbeing of the national culture, to those of the record companies using the state of music as a rhetorical position to defend their economic interests, are left as an exercise for the reader.

Sources William Patry’s Copyright Law and Practice was excellent stuff, as is An Historical Sketch of the Law of Copyright by John James Lowndes, as well as Monopoly Defeating Mechanisms: Will they Function in The Digital World? by Hasina Haque, all proved invaluable.

Information Insecurity: how the web is fighting itself to death

Shhh, no-one mention this is the first post here in six months…

The proposed Digital Economy Bill has, perhaps unsurprisingly, garnered a lot of attention in the blogosphere and occasionally beyond.

It had all started so differently; Lord Carter’s Digital Britain report was by no means perfect, but the discussion was broad – on universal broadband provision, opening up the wireless spectrum and looking at reforming traditional media, as well as the inevitable protections against copyright infringement.

Digital Britain’s proposals were criticised at the time, but nevertheless there were careful safeguards – the burden of proof was on rights holders, repeated infringers’ identities could only be disclosed by court order, and the final resort – after all other avenues had been explored – would be capping of bandwidth. Disliked as this aspect of Digital Britain was, it was at least balanced within a wider context: just thirty-one pages (pp 105-135) of the two hundred or so of the report were devoted to ‘Protecting and Rewarding Creativity’, as the euphemism went, and even then, some of that was on reforming fair use and reviving orphan works, rather than punishing infringers.

And there were concessions to hear the public’s point of view, with the public consultations; the Digital Britain Unconferences even got a fuller mention in the final report, with praise for “what is possible for Digital Britain when these tools are combined with channelling existing loosely connected networks and motivations.” Digital Britain at least appreciated the potential of the digital economy, rather than treating it as a threat.

And then… Lord Carter quit on the eve of the report, Lord Mandelson swooped in and all that hard work was for naught. A quick chat with David Geffen and Lucien Grainge, and the Digital Economy Bill put before the houses of Parliament is distinctly heavy on suspected infringement and light on all the other bits in the report. It is not so much one to boost the digital economy, but to protect what is left of the analogue one.

Measures include the threat of cutting off a user’s connection without due process, just on the copyright holders’ say-so, with secondary legislation allowing for “pirate finders” and forcing ISPs to snoop on traffic. This may breach European law, as Glyn Moody notes, and given the government is also committed to providing more public services online, this contradictory policy only works to effectively deprive people of access to public services without a fair hearing.

There is plenty of very good writing on the matter – two pieces by Charlie Stross, as well as Cory Doctorow and Don Tapscott, coiner of the phrase “digital economy”. And it is not just the usual suspects – this Guardian leader captures the point succinctly.

You can sign the petition, join the Open Rights Group and lobby your MP. All of these I urge you to do.

But that is not the sole point of this blog post. The fight over the Digital Economy Bill and “digital Britain” is part of a much, much, larger battle over the control of information, one that goes far beyond copyright infringement. The demands of the bill – registering copyright holders, forcing ISPs to log traffic, registering people blocked from online access – will all require enormous infrastructures and data gathering capability. Just like ID cards, or the proposed communications register, or the national DNA database.

All of these vast, vast systems are backed a political system utterly infatuated with acquiring and controlling information, in the confused and vain hope that merely by collecting it, it becomes knowledge or wisdom. So much information is gathered that the authorities have become notoriously irresponsible with it – remember, even two years on, those lost child benefit discs still haven’t turned up.

This is not to say that the governments is an evil Big Brother (never confuse bumbling desparation with malice), and it is definitely not the sole player in this game. Just look at how Google and Facebook both strive to control as much data as possible to further their business ends, while in other corner, crumbling news media empires are resorting to proposing redefining copyright in an attempt to maintain control over the information so valuable to their business and venal law firms fail in their attempts to superinjunct just about everyone.

And caught between all of them is the ordinary user – often the kind of person who’ll freely download music and movies yet complain simultaneously about the greed of the record companies; moan about our privacy being taken away from us while we Tweet every last moment of our existence; form online mobs proclaiming hate against a hatemonger; rally blog campaigns but then don’t do very much ourselves about it. We’re a funny lot, when it comes down to it.

And connecting us and them all is this big thing called the Internet. All technologies have their politics but the Internet’s are curiously contradictory; open standards and licences with their roots in counterculture, libertarianism and communitarianism abound, yet if it weren’t for the governmental, academic and corporate worlds backing and building the infrastructure, it would never have taken root in the first place.

Perhaps then it is not surprising that as the digital age has entered its adolescence, we ourselves find ourselves in conflicting times. The traditional information economy has been pulled down yet we haven’t yet worked out what to replace it with. The libertarian view is that information would set us all free; the authoritarian view is that perfect information would lead to perfect governance, but instead we have neither – we’re mired in confusion, ignorance and conflict. We’re only just realising the power in the tools we possess, but everywhere we look we see people, governments and corporations become increasingly insecure. We’re losing sense of what the web should be for, and are taking it out on each other instead.

I hope I’m not taking too much of a bellicose line here; I don’t like using conflict as a metaphor and I’m not a bloodthirsty cheerleader for all this. But there is something dark about the state of cyberspace which the rosier pictures painted in the likes of Here Comes Everybody or Groundswell (fine books they may be) do not convey. If Mandelson’s bill goes through, or if all our emails are snooped on, or if net neutrality is abolished, then it will not just be another step to destroying the open, collaborative nature of the net that has created so much already, but will only deepen the divisions and destroy all hope for a peaceful, mature and secure adulthood for the digital era.

Postscript: As far as I know yet, no-one has written that lengthily on this – the best I’ve seen being Tim O’Reilly’s “The War for the Web“. But that is just a here and now, when what is as interesting is the why; what were the social and political forces that not just shaped the net but modern politics and business, that explains why netheads tend to be libertarian (in some respects), or why governments think they need all this information. Which is a shame – there are a wealth of interesting stories on the forces that shaped these technologies and systems, some of which I used in my Master’s dissertation on the sociology of open source communities, long ago. I have no idea if there is enough for a book, or at least coherent long narrative, but I will start cobbling some blog posts together to see where it takes me.