The NSA’s Massive Data Center

When Wired published their piece on the massive Utah Data Center (“The Matrix”) more than a year ago, designed to capture and process data from virtually every sort of phone and internet transmission imaginable, I thought the story would explode. It was a fascinating expose’ on a government project with immense implications for privacy. It got some retweets in the technosphere at the time, but never rose to public awareness. That baffled me.

The datacenter had been ten years in the making (so be careful about blaming it all on Obama):

“It is, in some measure, the realization of the “total information awareness” program created during the first term of the Bush administration”

… and was funded by the tens of billions of cash thrown at the NSA in post-9/11 budget awards.

The facility consists of four 25,000 sq ft buildings packed top-to-bottom with servers and data pipes, all kept chill by *60,000 tons of cooling equipment.* They’re not messing around.


Just read it. We can’t say we didn’t know this was coming.

(I Don’t Care About) Facebook and Privacy

I’m puzzling over the recent brouhaha regarding Facebook’s changes to their privacy policy. To be clear: I’m not puzzling over the changes (though they are confusing to the user who just wants to use the service instead of thinking about its internal minutia) – I’m puzzling over the concern about them.

computer-privacy.jpg Blogs are 100% public. Twitter is 100% public. Posting on newsgroups and forums is 100% public. The web in general is a public space. I’m wondering WHY there are such dramatically different expectations on Facebook than everywhere else. Fine-grained control over exactly who gets to see exactly what? All of this comes down to a single problem: Millions of people apparently want to have a web presence and yet be private at the same time. Everywhere else online, it’s one or the other.

For me, it’s simple: If what you have to say shouldn’t be said to the whole world, then don’t say it online. In other words, the basic assumption is wrong to begin with. Facebook is trying to give you the sense that you can post online and control your privacy at the same time. It doesn’t work.

Actually, this problem isn’t limited to the web. When you walk down the street, you’re on public display. You don’t pick your nose in public because… well, you just don’t. You don’t need to be told that that’s something you do in private. If you have something private to say to someone, you whisper in their ear, or you call them. Or you email them. Don’t post it where others can see it.

The idea that I should be able to play online but not have to worry that my thoughts are completely public just seems… unrealistic. How many stories have you read about people being fired or worse over comments they’ve made on Facebook? Did their privacy settings protect them? No – things get out. The problem is not Facebook’s new privacy settings, but an epidemic of oversharing. It’s a problem that should be solved the same way we solve it in the real world – by being discrete – not by adding more dials and levers to our interactions.


Then there’s the question of reach. In general, people want to be heard. They pay close attention to the number of Facebook Friends or Twitter followers they currently have. Bloggers watch their traffic logs obsessively. Why? Because they want their thoughts to be heard as widely as possible. Guess what gives your thoughts the widest possible reach? Completely open platforms with no concept of privacy, like Twitter, blogs, and forums. In those spaces, it’s up to the user not to broadcast things they don’t want the whole world to see.

I’m personally glad that Facebook is gradually nudging users to share more content publicly, putting the brakes on this expectation that people can post online but not be public. When was the last time a Facebook post showed up in your Google search results? OK granted, I wouldn’t want most Facebook posts polluting my search results (there’s a whole lot of noise out there), but there’s also a lot of great content locked away behind the “privacy” firewall that really should be part of the public web — which is built on concepts of openness and transparency.

The fact that only people who “friend” me can see my content on Facebook is an annoyance to me, not a feature I cherish and wring my hands over. My dream “privacy” preference for Facebook would be a simple checkbox option reading “I acknowledge that I’m writing stuff on the web. Treat my content as such.”

Update 01/04: In an interview in front of a live audience, Facebook founder Mark Zuckerberg says if he were starting all over again, he’d make everyone’s information public. Because that is the “social norm.”

You Got Beacon’d

Felt like I needed to do something different last Saturday. Didn’t want to work on the house, didn’t want to work on the computer, too cold for hiking… decided to make a double batch of beef stew. Decided to save it to my “recipe box,” which required setting up an Epicurious account. Little did I know that a few minutes later, half the people I know would know that I was a new Epicurious user, via Facebook.


Been hearing a lot about Facebook’s Beacon functionality over the past week, but it felt utterly yicky to get Beacon’d myself. Not that my chosen beef stew recipe was any great secret, but didn’t expect that a simple account signup was world news.

If I had known that Epicurious was one of Facebook’s 44 Beacon partners, I probably wouldn’t have done it. If there was an interface cue warning me about it, I probably looked past it. We’re so used to whipping quickly through such mundane tasks that we don’t exactly read our EULAs or every word on every page we visit. And Beacon is apparently even more insidious than it appears on the surface:

According to the researcher, Facebook’s Beacon tracked the activities of users even if they had logged off from Facebook and had declined the option of having their activities on other sites broadcast back to their friends.

Controversy over Beacon is swelling by the minute, but apparently Facebook isn’t alone in the practice. There may be a silver lining to the mess:

The controversy raised by the social networking site’s use of the Beacon technology has helped drag into the open the widespread but hitherto largely hidden problem of online consumer-tracking and information-sharing, according to privacy advocates. “This Facebook debacle is in one way very good, because it shows people just what is happening,” said Pam Dixon executive director of the World Privacy Forum. “There are other sites and other places where very similar data arrangements exist, but it is all happening under the radar and people simply don’t realize it.”

I feel gross all over. But the beef stew came out great.

Update: Facebook caves, will allow users to turn off Beacon.

Music: William Parker :: Long Hidden, Pt. 3

On Anonymity

In a comment the other day, I said:

I’m opposed to the concept of anonymity on the internet in general (the same reason I hate that people on IRC use handles rather than real names, or handles that don’t even resemble their real names). I make exception for political dissidents etc. of course.

Based on a couple of emailed comments, wanted to clarify my position on that: There seems to be an aspect of internet subculture which conflates anonymity with privacy. What I’m talking about here is standing by your name – accountability. I feel that what you write, and the domains (i.e. publications) you own should in most cases be attached to your real name. I feel that it is possible to be non-anonymous while still keeping private information private. I feel that attaching your name to your expressions is connected somehow to integrity.

When I enter an IRC channel or chat and everyone is using a handle rather than a real name, I feel suspicious. Do these same people configure their email clients to use false names as well? The predominance of nicknames in IRC doesn’t automatically mean everyone is “hiding” something, but it does mean people may be inclined to say things they wouldn’t if they were using their real names. It invites the saying of things that might not be said otherwise. Some call that a level of freedom we don’t have in meatspace. I’m not sure that exercising that freedom without good cause is necessarily beneficial.

I don’t begrudge anyone the right to be anonymous if they choose to be – I just don’t think it’s necessary most of the time. I also think that a lot more conversation on the internet would be civil if pseudonyms were removed from the picture. Again, I make exception for some political speech.

A friend pointed out that artists sometimes work under pseudonyms for artistic reasons that have nothing to do either with politics or actual anonymity — just pure art. Fair enough. But we also know — or can easily find — the real names of most artists working under pseudonyms. If an artist (or writer, or domain owner) is taking positive steps to thoroughly hide their real name, we assume they have political or other very good reasons to do so. If not, then we are suspicious of their reasons for seeking anonymity, and credibility is in question.

Then again, maybe I’m reading too much into it.

Music: Coot Grant & Kid Wesley Wilson :: Take Your Hand Off My Mojo

The Fuss About Gmail

Many well-articulated and legitimate criticisms of gmail’s implications for privacy are circulating, and 28 privacy groups have co-written a letter to Google asking them to reconsider the plan. In a brilliant rebuttal, always level-headed Tim O’Reilly writes The Fuss About Gmail and Privacy: Nine Reasons Why It’s Bogus.

There are already hundreds of millions of users of hosted mail services at AOL, Hotmail, MSN, and Yahoo! These services routinely scan all mail for viruses and spam. Despite the claims of critics, I don’t see that the kind of automated text scanning that Google would need to do to insert context-sensitive ads is all that different from the kind of automated text scanning that is used to detect spam. (And in fact, those oppressed by spam should look forward to having Google’s brilliant search experts tackle spam detection as part of their problem set!)

Music: The Three Suns :: Danny’s Inferno

Privacy Matters

Having an interesting discussion with a friend about issues surrounding online privacy and corporate tracking of customers. At issue is whether some forms of customer tracking are acceptable, or none. If a company you like and have done business with in the past sends you an email, do you expect that clicking links in that email will report that you, Jane Doe, responded to an email campaign, visited the such and such pages, and bought such and such products? (Keep in mind that this is not spam, but an email newsletter you really did sign up for). If you didn’t know you were being tracked, would it bother you to find out that you were? What about non-personal, generic stats tracking, which just gathers average results to see what people do and don’t like? What if you found out that the company’s services could become much more valuable to you if they could gather personal usage data on your surfing and buying habits? How valuable is your personal privacy? For which kinds of rewards would you be willing to give it up? How clear should a company be that they’re tracking you? Is the fine print in the EULA or TOS sufficient, or should tracking notices be posted in boldface on the page where you sign up? Can privacy lost ever be regained?

How do you feel about companies tracking your personal surfing/purchasing habits?

View Results

Music: Neil Young :: Loose Change

Telemarketing and the Categorical Imperative

My patience for telemarketing grows shorter with every call. Billboard advertising may ruin my view of the world, but calling me at home to sell me a product steals my time and invades my privacy. Realizing I’ve trapped an unsuspecting rat, I sometimes use the opportunity to engage the caller in a discussion of Kant’s Categorical Imperative.

Me: You know what would really work for me? How about you give me your home phone number and I’ll call you there at my convenience. I am, after all, the customer.

Them: Well sir, this will only take a minute, and…

Me: I wonder what it would be like if every business in the Yellow Pages called people in their homes to sell them their products. The home phone would become unusable. Do you really intend that every business should do what you’re doing right now? Do you understand that this form of marketing, if performed by all vendors, would literally make home life unlivable for the very customers you’re trying to reach?

Act so that the maxim [determining motive of the will] may be capable of becoming a universal law for all rational beings.

Them: [stone silence]

Me: Telemarketing is immoral.

And thereabouts the caller generally gives up on me. But this morning, as I took an unsolicited call from MCI with a towel wrapped around my waist, the telemarketer responded with this:

Them: Sir, it’s the American way.

I was dumbfounded. I should have responded by asking what part of “Life, liberty, and the pursuit of happiness” telemarketing came under. Instead I lost my head and just started yelling at him. I don’t know what. Something about how can he sleep at night, etc. It was kind of nuts. Amy got worried for me, wondered what I was doing to my blood pressure. I suppose she’s right, but damn it felt good. Cathartic.

Music: Spizzenergi :: 6000 Crazy