Image by Surian Soosay

Automattic  has a poor record of respecting its users’ privacy, insofar as the company has gradually added additional surveillance mechanisms into their products without effectively notifying users. Several months ago when I updated the WordPress Stats plugin I discovered that Automattic had, without warning, integrated Quantcast tracking into their Stats plugin. Specifically, there was no notice in the update, no clear statement that data would be sent to Quantcast, nor any justification for the additional tracking other than in a web forum where their CEO stated it would let Automattic “provide some cool features around uniques and people counting.” This constituted a reprehensible decision, but one that can fortunately be mediated with a great third-party plugin.

In this post, I’m going to do a few things. First, I’m going to recount why Automattic is not respecting user privacy by including Quantcast in its Stats plugin. This will include a discussion about why reasonable users are unlikely to realize that third-party tracking is appended to the Stats plugin. I’ll conclude by discussing how you can protect your web visitors’ own privacy and security by installing a terrific plugin developed by Frank Goossens.

WordPress and Quantcast

In early 2011, after a major redesign of my website, I activated the Ghostery plugin in my web browser and navigated to my site. The tool “tracks the trackers and gives you a roll-call of the ad networks, behavioral data providers, web publishers, and other companies interested in your activity.” Visually, the plugin causes a small notification box to appear in the upper right hand corner of websites that you browse to. Contained in this box are a list of the parties that are monitoring your movements across that particular website. When navigating to my own site I had expected to see WordPress Stats and perhaps some social sharing services listed. I did not expect to see Quantcast.

Quantcast’s cookies are used to monitor individuals who visit websites, and the company uses the information they collect to provide “audience composition reports.” Such reports are meant to help target online advertising and content development, but is predicated on the notion that the website owner is responsible for integrating the tracking system for the same owner’s benefit. Prior iterations of WordPress Stats did not include Quantcast tracking, and there was no notification or warning that updating the Stats plugin meant you were also forced to accept third-party tracking. Since the initial inclusion of Quantcast, the plugin’s description in the WordPress repository has been amended to include a small notice that reads “[a]s we are considering adding great new features, this plugin also puts a Quantcast tracking script on your page.”

While Automattic’s disclaimer may count as ‘notice’, it does not clarify what the additional tracking is actually meant for. Descriptions and notices around privacy policies and statements must be clear to be meaningful, and Automattic has had over a year to ascertain what “great new features” warrant transmitting website visitors’ information to Quantcast. To date, as far as I can tell, the company has not disclosed to its user base what precisely warrants sending information to Quantcast.

While there is a warning about Quantcast if you download the plugin from the repository, the support document for WordPress Stats that was updated December 21, 2011 – over a year after public complaints over Automattic’s failure to notify plugin users about the inclusion of Quantcast – still lacks any mention that a condition of using Stats is sending your site visitors’ information to a third-party. Perhaps most significantly, Automattic has recently introduced its Jetpack service. Jetpack is a bridge between self-hosted WordPress installs and Automattic’s cloud offerings, offerings that include WordPress Stats. To use WordPress Stats today you must use Jetpack. Unfortunately, Automattic has failed to notify Jetpack users of the third-party tracking accompanying the Stats plugin, as demonstrated in the lack of information about Quantcast in the following screenshot.

No mention of Quantcast tracking

It is utterly unreasonable to expect that users of the Stats plugin will hunt for a single sentence of text that discloses the inclusion of third-party surveillance with the Stats plugin. Moreover, if an enterprising user clicks on Automattic’s privacy policy linked at the bottom of the Jetpack screen they are unlikely to divine that Quantcast is associated with Automattic or the Stats plugin.

Automattic’s Privacy Policy #Fail

Let’s briefly look into Automattic’s privacy policy to determine whether a reasonable individual could ascertain Quantcast’s involvement with self-hosted versions of the Stats plugin. First, we see that Automattic

discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Automattic’s behalf or to provide services available at Automattic’s websites, and (ii) that have agreed not to disclose it to others.

Why, exactly, is Quantcast receiving any of my visitors’ personal information? We might assume that this happens so information can be processed “on Automattic’s behalf or to provide services available at Automattic’s websites.” Unfortunately, Automattic has not publicly clarified why they need this information processed. Instead, we are left with vague statements of providing “great new features.” From the privacy policy, we see that potentially personally-identifying and definitively personally-identifying information is also disclosed “in response to a subpoena, court order or other governmental request, or when Automattic believes in good faith that disclosure is reasonably necessary to protect the property or rights of Automattic, third parties or the public at large.” No subpoena, court order, or other government request is presumably requiring the link between WordPress Stats and Quantcast, nor do the tracking systems clearly “protect the property or rights of Automattic, third parties or the public at large.”

In the ‘Cookies’ section of the privacy policy, we find that “Automattic uses cookies to help Automattic identify and track visitors, their usage of Automattic website, and their website access preferences.” A reasonable person might believe that self-hosted installations of WordPress were not considered part of the Automattic website itself. Such a person might be quite wrong, however, based on Matt Mullenweg’s (Automattic’s CEO) comment about Automattic’s network, where he stated that “the bump you see in November is when we started tracking Polldaddy, ID, Gravatar, and WordPress.com Stats users in addition to WordPress.com visitors.” His comment suggests that Automattic considers self-hosted blogs as being part of the company’s network, though I doubt that this view is shared amongst self-hosted users. I should add that I have never received notice from Automattic informing me that this site is part of their network. No reasonable person is likely to come to this conclusion unless they’ve been watching the Automattic/Quantcast issue like a hawk.

Arguably the only section of the privacy policy that is suggestive of third-party tracking taking place is in the ‘Ads’ section. It reads:

Ads appearing on any of our websites may be delivered to users by advertising partners, who may set cookies. These cookies allow the ad server to recognize your computer each time they send you an online advertisement to compile information about you or others who use your computer. This information allows ad networks to, among other things, deliver targeted advertisements that they believe will be of most interest to you.

From reading this, it initially seems to be addressing advertisements that appear on Automattic’s own web properties. It is utterly unclear that the ads that are shown online are going to be tied to Quantcast cookies linked to the Stats plugin.

Overall, the Automattic privacy policy is absolutely insufficient in notifying users of third-party surveillance. Those who install the stats program – website owners and developers – cannot be reasonably expected to know of Quantcast’s inclusion. This is important because if those same users have privacy policies on their websites – perhaps assuring visitors that only WordPress Stats is used to collect information and no other tracking party or system is used – then those users may be violating local laws by establishing a false contractual privacy agreement between themselves and their website visitors.

WP DoNotTrack to the Rescue

Frank Goossens has stepped up to fix the problems that Automattic is responsible for. Last December he released his donottrack plugin in response to Automattic’s unwillingness to either remove or make optional Quantcast tracking. Months after he released his plugin Automatic modified their Quantcast code, mandating a new release of his plugin. In response Frank has released an updated version of his plugin, now titled WP DoNotTrack, and made it available in the WordPress.org repository.

Frank outlines several reasons for installing the plugin:

• make your WordPress blog/ site honour visitors who request not to be tracked, even if the 3rd parties you include do not (conditional privacy)
• stop any tracking by 3rd parties (absolute privacy)
• protect your blog from rogue plugins that dynamically add malicious external javascript to your wp-admin pages (security)
• limit the number of external servers that are called from your blog (performance)

There are full configuration instructions on his website and information in the FAQ that can help you determine what options you want to flag. If you decide to just use the default settings you’ll successfully block Quantcast tracking. I cannot recommend this plugin highly enough. Not only will it improve the privacy, security, and performance of your website, but it will also ensure that you’re not making false privacy claims to your website visitors.

Other posts you might be interested in:

1. The Geek, Restraining Orders, and Theories of Privacy
2. Weebly, Analytics, and Privacy Violations (Updated II)
3. Privacy Advocates and Deep Packet Inspection: Vendors, ISPs, and Third-Parties

I tend to (almost exclusively) access key websites related to my research and personal interests through RSS feeds. As a result of using Google Reader to collate new content, I rarely actually see the blogrolls and suggested links that are provided by those key websites that I grab content from on a daily basis. Given that I’m sure many people read this site almost exclusively through RSS, I wanted to prepare a short piece that highlights just some of the key blogs and websites that I turn to on a regular basis in the hopes that readers might find some cool and interesting new sources of information they’d otherwise never come across. As a hat tip, this post is largely inspired by Rebecca Bollwitt‘s “The Missing Link” that considers (as of 2008) the changing characters of link lists and blogrolls.

AR.m-ato.me

Aya Walraven is a digital media and internet enthusiast who primarily works in video, web, and emerging technologies. A self-appointed internet-culture historian and archivist, she studies and documents mobile technologies and online behavior, particularly in Japanese youth and anonymous communities.

Her blog name is a combination of AR (Augmented Reality) and Matome, the latter being a romanization of the Japanese term まとめ which means round-up, collect, mass, or summary. Her blog is a round up of news, findings, commentary and links related to Augmented Reality and the technological, economic and social landscape in which it develops.

Ars Technica

Ars is the tech site that you need to be visiting if you (a) speak English; (b) have diverse tech-related interests; (c) like actual, critical, reporting. Ars’ writers regularly break new ground with the work they produce – Nate Anderson’s work on DPI inspired me to dedicate a fair chunk of time to the privacy and surveillance implications of Deep Packet Inspection – and write in accessible formats that makes their articles useful to the geeks and non-geeks alike.

Bruce Schneier’s blog

Bruce is often heralded as the ‘rockstar of security’, and it’s a well deserved title. He writes in a very accessible format, while striking to the heart of security and security technology issues. If you’re doing work in the security field, he’s required reading, even if you disagree with him.

Geeks and Global Justice

Kate recently received her PhD from SFU, and worked with Andrew Feenberg during her studies into how activists in the global justice movement appropriate technology to achieve their social justice goals. She sees tech activism as having (at least) three simultaneous outcomes: it democratizes technology, it develops democratic practice and it produces an alternative vision of society.

Her blog is meant to be a space for documenting the history and accomplishments of tech activism. In the spirit of the free software movement, it is an experiment in open scholarship, and all tech activists are encouraged to participate through contributing to the project, as well as questioning, editing and correcting information found here.

iPoque Executive Blog

While there are several DPI vendors who’s work I follow, I’ve often found iPoque’s to be the most transparent. While their executive blog isn’t updated terribly often, when updates are released they tend to be very interesting for those of us focused on DPI, network neutrality, and copyright. Given that there is a lot of attention on the North American DPI vendors, I think that it’s important to pay attention to those that operate a bit differently across the Atlantic – iPoque is one of the largest vendors in the EU and Africa, and thus justly deserves consideration by North American and European scholars alike.

Lawrence Lessig

While Lessig is often the target of popular and academic criticism (if not outright derision) one is forced to admit that his work has been seminal in the network neutrality, copyright, and free culture debates. His blog is on a hiatus at the moment, but the archives are filled with incredibly thought-provoking content. Love or hate him, he’s effectively required reading (if only so you know WHY you love or hate him *grin*) when studying contemporary digital issues.

Light Blue Touchpaper

A group of computer and security researchers at Cambridge University regularly contribute content to their Light Blue Touchpaper blog. I tend to follow Richard Clayton, in particular, but the researchers’ contributions in general are delightfully accessible and technically oriented. It’s rare that you run into security researchers who can communicate with the public, but it would seem that Cambridge houses a whole lot of them!

Perceptric

The Perceptric Blog is where business partners in Perceptric Pty Limited, Chris Gilbey and Tom Koltai post thoughts, ideas, and links to stimulate thought and accelerate the transfer of ideas with a particular focus on P2P. Tom, in particular, has a strong background in running ISPs, and so his writings about P2P technologies and their disruptive impacts is commonly insightful. This said, while the Cambridge scholars are almost always accessible reads, it might take some background to catch many of the nuances in Tom’s and Chris’ work. Good reading if you’re interested in P2P and its impact on ISPs’ core services.

Privacy Lives

Privacy lives is ‘monitors the pulse of privacy’. It regularly engages with privacy matters that arise from technology, government, corporate, and academic fields. Melissa Ngo, the site’s author, is a Privacy and Information Policy Consultant and has testified about privacy and civil liberties before legislators and government agencies, and she discusses such issues at academic, policy, and trade conferences. Prior to publishing Privacy Lives, Ngo was Senior Counsel and Director of the Identification and Surveillance Project at the Electronic Privacy Information Center, a non-profit research education center in Washington, DC.

Melissa is often at the forefront of the critical commentators who engage with contemporary privacy-related matters. Highly related if privacy is foregrounded in your research/reading interests.

Ralf Bendrath

Ralf’s blog is self-described as presenting ‘thoughts and observations of a privacy, security, and Internet researcher and activist.’ While his schedule prevents him from updating regularly, his posts constitute ‘deep content’ – it’s well thought out, researched, and immediately useful. He’s presented some good work on DPI, and is well regarded amongst the circle of privacy academics I increasingly find myself amongst.

Search Engine

Jesse Brown is one of the very few competent, critical, technology-oriented journalists in Canada. Search Engine was previously with the CBC, but is now with TVO. He has weekly podcasts that touch on all things social and tech – don’t read him expecting updates on the latest iPod, but instead on how DRM, copyright, and the Canadian government intersect (as an example). He’s one of the most public (and loudest!) voices speaking about copyright in Canada. I wait up most Monday nights to listen to his podcast fresh off iTunes, and so should you!

Short Packet

Likely abandoned, Kriss Andsten’s blog on DPI was great because it gave actual insights into the technology from a person inside the industry. His work comes across as authentic and is helpful for trying to figure out how ‘the industry’ might talk about DPI in a bar, as opposed to on a PR stage.

Slight Paranoia

Christopher Soghoian has been described as an activist, muckraker, and general pain in the ass. I like to think of him as a model of what academics can, and should, become; he rigorously pursues his research interests while drawing on them to try and transform the social landscape he operates within. Christopher does great work investigating the modes of surveillance that are deployed by corporate and government agents alike, and has regularly embarrassed both sets of actors in publishing information they’d rather just stayed private.

Susan Crawford Blog

Susan does amazing work at the forefront of American telecommunciations and network policy. If ICANN, network neutrality, ISP competition, and related issues spark your interest, then start reading her work if you’re not already.

Telecom Trends

Mark Goldberg is a key figure in the Canadian telecommunication community. A noted consultant and key organizer for the Canadian Telecommunications Summit, his work is widely read and his opinions often drawn on to form public and private opinion on various telecom-related matters. If you’re interested in Canadian telecommunications, then his work is required reading.

Tuesday Night

Ian Glazer et al. write some really provocative thoughts on social networking and social media. If you are doing anything related to Facebook and privacy, you are required to know and think about Glazer’s Privacy Mirror application, which renders transparent the actual capacities of Facebook’s privacy settings.

The Future of the Internet

Jonathan Zittrain’s blog is intended to accompany the concepts and principles found in ‘The Future of the Internet – And How To Stop It’ and apply them to the issues of the day. While updates are somewhat sporatic, and seemingly produced (largely) by his assistants/RAs with comments from Zittrain, the issues that are raised and modes of engaging with them are often provocative. If you liked his book, or were at least interested in elements of it, his website may be of use for your ongoing engagement with the text.

Notes from the Ubiquitous Surveillance Society

A blog maintained by David Murakami Wood, Canada Research Chair in Surveillance Studies at Queen’s University and Managing Editor of Surveillance and Society, readers will regularly be delighted by critical, engaging, of often sarcastic comments about pressing surveillance and privacy-related matters. David will likely be cutting back on his almost-daily publishing schedule with a recent addition to his family, but we can nevertheless continue to expect the same high-quality, attention grabbing, information and commentary that we’ve come to expect over the past several years.

Given that many of you know that my research interests surround DPI, copyright, network policy, privacy, surveillance, and technology, what less-known blogs and websites would you recommend I start reading for the new year?

No related posts.

Restraining orders are commonly issued to prevent recurrences of abuse (physical or verbal) and stalking. While most people who have a website are unable to track who is visiting their webspace, what happens when you compulsively check your server logs (as many good geeks do) and can roughly correlate traffic to particular geo-locations. As a loose example, let’s say that you were in a small town, ‘gained’ an estranged spouse, and then notice that there are regular hits to your website from that small town after you’ve been away from it for years. Let’s go further and say that you have few/no friends in that town, and that you do have a restraining order that is meant to prevent your ex-spouse from being anywhere near you. Does surfing to your online presence (we’ll assume, for this posting, that they aren’t commenting or engaging with the site) normatively constitute a breach of an order?

Privacy can be considered in many lights because it’s a multifaceted concept – depending on the situation at hand, people have differing expectations of privacy. Nissenbaum and Solove alike are presently engaged in trying to tease out what this contextually means in the the development of norms of privacy. In both cases, they tend to favor conservative legal understandings of the reasonable expectations of privacy, on the basis that alternate bases risk undermining the stability of privacy-related law. In Nissenbaum’s case, she argues that we need to evaluate the particularities of the situation in an effort to understand what the contextual privacy norms are, and adopts a micro-analysis of the situation to develop privacy norms contingent to that situation. Solove offers us a beautiful taxonomy, from which we can understand the harms and non-harms associated with infringements on our privacy.

If we adopt a reading from Nissenbaum, and we consider the context of a restraining order and the personalities involved (i.e. a person who is told to avoid another, and the other that is server-log savvy), then it would seem that the ‘stalking’ of someone’s blog would be a violation of the order. Further, in an instance where the person attempts to infiltrate the other’s social networking spaces (e.g friending my friend on Facebook to gain access to my personal information) you would also register a privacy infringement. In Solove’s case, we also register an infringement because surveillance is actively taking place. In addition, should information processing of any type take place (e.g. aggregating, developing correlations between data sets, insecurely holding that data, using for secondary purposes) a breach of privacy may be taking place. Now, in the latter example in particular it might seem strange to suggest that processing could take place, given that Solove states that “[i]nformation processing does not involve the collection of data; rather, it concerns how already-collected data is handled.” Should the person the order is issued against have already saved data during their surveillance efforts (say on their hard drives) and then subsequently work with that data then they could (arguably) be seen and engaging in information processing with their victim’s consent. As such, per Solove’s model there are two potential classes of privacy violation taking place: Information Collection and Information Processing.

Whereas in Nissembaum the ‘tech savvy geek’ is a (likely) required element of the privacy violation, in Solove’s this isn’t true. While a non-savvy website owner/blogger might not realize what is going on, Solove’s model registers a breach whether or not anyone realized what is happening. What is the basis for this difference? Officially, I would suggest that it really comes down to a difference in the underlying commitment to legal standards as the dominant basis for their models. Solove’s is very much grounded in legal norms, whereas legal norms form the outskirts of Nissembaum’s model (to prevent radical shifts in privacy law) while the model itself is founded on her principles of appropriateness and distribution.

My own take, however, is that Nissembaum is implicitly more aware of the complexities of ontological security in her article than Solove. Her model is cognizant of the various factors that influence the psychological and physical well-being of the individuals and the subsequent privacy norms that are thus necessarily implicated in a ‘healthy’ Western sense of Being. Efforts to shake the security in one’s environment and psychological well-being, for the purposes of disruption and snooping, are necessarily bad because of the consequences on the individual and, taken more broadly, on the impacts of such actions were they committed across society. Appropriateness and distribution can be linked to the ontological insecurity generated by breaches of privacy norms. Solove’s emphasis, in contrast, is on the impacts of certain actions on the more nuanced social norms that operate around a spectrum of people. In his words,”individual liberties should be justified in terms of their social contribution” rather than based on their contribution to a unique individuals’ well-being. He is more concerned that norms are acceptable to the community, and thus less concerned with the specificity of reasonable expectations of privacy in hyper-particular situation.

To understand this difference, it is helpful to consider Solove’s and Nissembaum’s respective projects. Solove, as I tend to read him, is trying to sort through the mess that is (American) privacy law and struggling (in many ways, successfully) to develop a legal-normative reading of privacy, whereas Nissembaum is playing the role of the philosopher and trying to develop a more nuanced understanding of privacy than is necessarily practical in a large legal context. Under her approach, I think that questions of damages can likely range more broadly than the victim in Solove’s world, but helpfully both would likely recognize a privacy violation should someone with a restraining order track or follow their victim throughout digital spaces.

This said, I’ve chosen to focus on Nissembaum and Solove because I think that they are the cutting edge of privacy discourse in the West. Were we to adopt a Brandeis and Warren approach – privacy is the right to the be left alone – then it might be somewhat more challenging to assert that where no visible harm is evidenced that a privacy violation is registered when a person with a restraining order ‘follows’ me online.

Other posts you might be interested in:

1. Context, Privacy, and (Attempted) Blogger Anonymity
2. Draft – Who Gives a ‘Tweet’ About Privacy?
3. IPv6 and the Future of Privacy

I’ve been blogging in various forms for a long time now – about a decade (!) – and in every blog I’ve ever had I use my name. This has been done, in part, because when I write under my name I’m far more accountable than when I write under an alias (or, at least I think this is the case). This said, I recognize that my stance to is slightly different than that of many bloggers out there – many avoid closely associating their published content with their names, and often for exceedingly good reasons. Sometimes a blogger wants to just vent, and doesn’t want to deal with related social challenges that arise as people know that Tommy is angry. Others do so for personal safety reasons (angry/dangerous ex-spouses), some for career reasons (not permitted to blog/worried about effects of blogging for future job prospects), some to avoid ‘-ist’ related comments (sexist, racist, ageist, etc.).

I have several friends who blog anonymously, for some of the aforementioned good reasons. At least one has gone to the lengths of ascribing ‘blog names’ for the people who they write about; George might become ‘Happy Camper’, and Dallas the cat ‘Nail Biter’, and so on. While locations may be noted, times are often vague. In essence, there is a clear effort to limit the likelihood that other people will be able to associate what is written in these spaces with the individual doing the writing.

What, then, do I do when *I* move to comment on a post; do I adopt my own pseudonym for the purposes of posting? Does the context of the writing provide a normative expectation that those knowing the blogger will hide their own name? Should the commenter still use their own name, but avoid making it known that there is an already existing relationship that might link the blogger and the commenter (and thus establish a line to discover who the blogger is)? In effect, what am I expected to do in these situations, and how do I know what to do?

Clearly there is a particular context that is in play here, and the question becomes how to navigate that context. Norms/expectations can be provided through a clearly marked ‘about’ page (which many anonymous bloggers maintain) that note how they expect individuals to behave. Norms can also be communicated through actually talking with the bloggers in question; they can often provide clear direction on how to proceed. Alternately, it might mean that you just stay away from that particular space/find non-blog comment ways of communicating back and forth. I’ll admit that it’s this latter method that I tend to adopt, on the basis that I would rather be conservative in determining how to engage with an anonymous blog than risk either blowing their cover or providing inroads to uncovering their identity.

While this might seem to be a relatively minor point (i.e. this is just an issue for Chris), I think that it extends to other areas of discourse; we manage conversations and networks depending on the contextual expectations of privacy/intimacy in the real world in addition to digital spaces. The questions surrounding commenting are relatively easily extrapolated to ‘meat space’, but in meat interactions there are a wide set of ‘cues’ about expected methods of behavior. With the continuing abstraction from the ways of identifying conversational norms that have developed over the past millennium, we are increasingly in a situation where identifying norms is more challenging. Further, the extension and mutual penetration of social and cultural expectations of privacy (which are often in variance from one another) leads to additional challenges for identifying privacy norms online.

While ‘privacy online’ is commonly something that is seen through the eyes of business privacy policies, how should be think about maintaining privacy online, and realizing privacy norms, in ‘personal’ spaces such as blogs where the bloggers are anonymous? While some movement is being made on something like a Creative Commons for privacy, such a movement doesn’t seem to also indicate the privacy that content owners expect to be accorded – just because someone publishes something online, they clearly don’t expect their lives to become an open book. Perhaps a Privacy Commons statement should then be extensible enough to capture not only the obligations of business/content owners to web visitors, but also the expected obligations of visitors themselves. This would reverse the present norms online (where visitors generally have few normative expectations), and would be unlikely to undo damage once done, though may open clear(er) lines of accountability for actions.

Ultimately, however, this kind of ‘rights’ or ‘license-based’ establishment of privacy norms, in the context of anonymous blogging, doesn’t seem to ‘fit’ – it’s too legalistic for what is perceived as a relatively minor, personal set of actions. At the same time, I wonder if this latter perception of excessive legality is an indication that my own perceptions of norms of privacy are still caught in ‘meat space’ understandings, and I just haven’t caught up to the speed and global nature of ‘personal’ discourse online. Perhaps there genuinely is a need for a globally explicit set of semi-legal norms that visitors of personal sites are hit with, and that such norms are what are actually appropriate for the current web environment. I admit that I hope that it isn’t a case of my being ‘out of touch’ with digital expectations, but if I am behind the times I hope that there is someone out there who can develop an extensible, workable, system for anonymous bloggers and those of us who know said bloggers.

Other posts you might be interested in:

1. Twitter and Privacy in Social Context
2. Data Privacy Day and Anonymity
3. The Geek, Restraining Orders, and Theories of Privacy

One of my colleagues recently linked me to a statement that David Simon presented to Congress about the life or death of newspapers. His argument is (roughly) that bloggers and other ‘amateurs’ cannot be expected or trusted to perform the high quality journalism that these ‘amateurs’ then talk about online (Note from Chris: clear case in point, the critical analysis by journalists of the Bush administration and Iraq compared to bloggers. Oh…wait…). You need dedicated professionals who are professionally trained to generate consistently high quality and accurate content. At the same time, the for-profit model of newspapers has led them to cannibalize their operations for profit. Newspapers will perish if capitalism and the market are seen as ‘solutions’ to the demise of newspapers, just as amateur culture and their appropriation of media will destroy content producers. Something must be done.

The thing is: I don’t think that ‘newsmen’ (as Simon uses the term), actually have a clue what they mean by ‘high quality’ news. At the very least they don’t have a regular definition of the term. There are some examples of what would constitute ‘high quality’ reporting,  but many tech journalism (just as an example)  amounts to no more than an advertisement. It’s pretty rare that you actually see the ‘indepth reporting’ that Simon is referring to, in part because good critical reporting might risk advertisers. Maybe regular ‘high quality’ reporting existed before the 90s, when I started reading the paper on an occasional basis, but I have my doubts.

I also don’t think that newspapers can put a genie back in the lamp. There is a lot of talk that papers need to lock up their content and charge online visitors (this is Simon’s suggestion). Rupert Murdoch is on record saying that his organizations will start locking up information within the next twelve months – “The current days of the internet will soon be over” (Source). I have my doubts that this is true (that the ‘net as we know it will change), or that his stratagem will be successful. I actively avoid sites that requires me to register, let alone pay, to read news. Don’t offer it at a fair (i.e. free) rate, then I don’t read. Papers have long survived on advertising, and the current ‘predicament’ facing most papers seems to be one of monetizing their content while at the same time their back-end costs should be plumetting. You don’t monetize content by hiding it away from the public, you do it by finding interesting revenue streams that surround and reinforce your content model. Why not work with an ereader company to sell a piece of hardware to subscribers that automatically downloads your paper plus related content on a daily basis, and then mine that data for better advertising to the individual?! Get rid of pulp costs, and replace it with digital hardware!

Search engines live and die by their ability to both index information and deliver it within an advertising laden search space. Search companies are, really, advertising companies. The ‘newsman’ stance that search means that individuals don’t read a whole paper, and thus lower the value of newspaper advertising is only true to a point. Are you selling a paper or are you selling stories. While your paper might be made more valuable as a result of publishing a host of very good stories, Search Engine Optimization (SEO) should be integrated into the very writing of the stories themselves. Aim for high SEO ratings, effective contextual advertising, and individual stories become more profitable given that they rise to the top of searches. Produce enough good stories and make it easy to subscribe using RSS, and you can rope in a customer for some time. This is what profitable blogs do – why, exactly, can’t newspapers do it too?

Oh, right. Because newspapers only hire ‘professionals’. Whenever I hear this phrase I’m thrown back to a president’s dialogue that the University of Guelph hosted a few years ago (link, though looks like video isn’t hosted anymore). In it, a regular theme between it and the subsequent dialogue was that good journalists are nosy, analytically bright, and liberally educated individuals. Pamela Wallin, now the Chancellor of the University of Guelph, actually commented that journalists emerging from journalism programs are rarely the Pulitzer winning journalists newspapers love to have. (At the same time, if journalists are taught to love search, learn SEO like no one’s business, they might become the lifeblood that gets enough attention to your paper that your Pulitzer pieces get seen by the public before they win the prize…)

Nosy. Analytically sharp. Liberally educated. Toss in a bit of ‘obsessive compulsive disorder’ and you’ve got the recipe that motivates many of the top-tier bloggers, and these individuals have made their media ecosystems work. Look at Ars Technica (I’m a techy – they’re a regular point of reference), Life Hacker, or Gizmodo. While each cover different facets of issues (and arguably Ars is the closest thing to a ‘real’ newspaper) the reason that they thrive is because they do a very narrow range of things very, very well. Gizmodo doesn’t often cover anything that doesn’t relate to gadgets or could produce a nerdgasm. Life Hacker doesn’t run political stories. These sites sit right between ‘mass media’ (i.e. needing to independently cover everything everywhere) and ‘the long tail’. It’s interesting to note that, very often, they will link out to sites (even competitors!) when those sites have produced particularly good work – they are actually better referenced than most ‘professional’ journalism’ pieces. I can only imagine what would happen if journalists had to link to their sources – I imagine that their ‘professionalism’ in many cases would melt away.

We live in a world where there is really no need to have 150 journalists tracking the same bloody story. One or three? Sure, I guess. But with the rising costs of travel combined with the decreases in revenue streams it is incredibly important to recognize that a strong newspaper depends not just on content but also on its community. By locking up information you are effectively throwing out a copyright gauntlet – ‘amateurs’ can’t use content without paying, and if they do use it without paying they’re likely to face DMCA and copyright infringement charges. This approach was tested by Big Media conglomerates in Hollywood, and has effectively alienated their consumers (who like the RIAA and MPAA, and by extension the companies who are associated with them?). I expect that similarly locking content away will sour people’s attitudes towards papers. Where will people turn when they feel slighted by ‘the professionals’?

Yeah, they’ll go to the amateurs. And you know what? This isn’t new. Jump back a century, and there were a lot of very cheap, very ‘amateur’ papers that would thrive for a short while and then vanish. Bloggers and sites like the Huffington Post will love the locking up of ‘professional content’ because it will drive people away from ‘professional site’ to ‘amateur sites’. About the only case where this won’t be the case is where you actually have real journalism being evidenced in almost every story (Economist, I’m looking at you). Most papers are not the Economist, or even approach its standards and caliber.

I do have to admit that I’m curious to know just how many ‘professional journalists’ these ‘amateur’ sites will pick up as they grow in the face of a content lockup, and whether these journalists will subsequently lose their ‘professional’ status and become mere ‘amateurs’.  It is, after all, where you work, as opposed to the caliber of your work, that indicates ‘professional’ or ‘amateur’ status, right?

Update/note: Nate Anderson has a great piece on the AP’s threat to sue those who simply ‘reproduce’ the news – note the distinction between facts and copyright in the dissenting views of the 1918 ruling.

Other posts you might be interested in:

1. Follow-up: Newspapers and Business Models
2. The Business of Infringing Content
3. Study: Stolen Web Content Sees More Traffic Than The Original

Federal Journalists and Professional Bloggers Shielded

The US has had a long history of journalistic freedoms, but in the face of recent technological advances they have refused to extend those freedoms to users of new journalistic mediums. Bloggers, in particular, are becoming a more and more important source of information in the US – some dedicate their lives to blogging and use it for professional gain. Until recently they have (typically) been refused the same status as traditional journalists, which has made it risky for bloggers to refuse to disclose their sources if hauled into courts of law.

This stance might shift with the coming of the Free Flow of Information Act , which would “offer protection of sources and documents to journalists (including professional bloggers) caught up in federal investigations, and could put an end to images of reporters led from court in handcuffs after refusing to testify.” (Source) Despite the fact that it has cleared the House President Bush may refuse to sign it, citing concerns that it would limit or preclude investigations of criminal events because authorities could not effectively gather facts needed for prosecution.

I think (optimistically) what this shows is that it is possible for law to ‘catch up’ to technology – laws can be developed that recognize new digital mediums are oftentimes extensions of past activities. That said, simple extensions are oftentimes not enough; the decentralized nature of digital communications creates a raft of difficulties in asserting these laws, should law enforcement try to evade the spirit of the law when pursuing suspects. That said, I don’t know how hard law enforcement really has to try to evade the spirit of the law given NSA spy activities . . .

Shielding the Telecoms

If you hadn’t heard, the NSA ran and continues to run some reasonably invasive covert surveillance right now . They’re (effectively) piping into major American telecommunications hubs and recording and/or analyzing all traffic that is not purely American traffic. As a massive amount of the world’s digital traffic passes through American hubs, this is scary – your communications are likely being monitored, and it’s uncertain as to what, exactly, is being done with the data collected.

In response to this activity, Congress has begun looking into the NSA spy operation. (As a note: Congress is concerned because Americans are being surveyed – they aren’t terribly worried about the surveillance of non-Americans.) After repeated discussions on the Hill, Congress has effectively given up on their hopes to learn anything from the telecommunications companies that are expected to be involved – AT&T in particular has refused on the basis that sharing their information of the project, were the project to exist, would be in violation of state secrets privilege – and has just turned to the executive branch to extract information.

While I can’t be *certain*, I’ll bet that Congress gets about as much from the executive as from the American corporations they have been pressuring; the NSA wiretaps will continue, and God knows what will be done with the information. It’s this fear or uncertainty of what will be done with the information that is the real issue – it creates an environment where peoples’ personal concerns and shames threaten to limit their free speech, the lifeblood of a democracy. While I hope that the next president would abolish the program, I honestly have to wonder if the current American candidates would, if they weren’t be forced to do so.

Other posts you might be interested in:

1. Deep Packet Inspection and the Confluence of Privacy Regimes
2. Twitter and Statutory Notions of Privacy
3. Twitter and Privacy in Social Context

Generally, Lewis’s argument can be summed up in his line “thanks to weblogs, any civic-minded citizen with a computer, a modem and the moxie to express their opinions can contribute to the media and the public dialogue.” Blogs provide a way for citizens to break through the increasing corporate control of media outlets – only 1% of newspapers are independently owned today,and in this environment blogs offer a way to expand the number of news sources because its low cost of entry. Free services such as Blogger and Livejournal, where all of the hard work is done by a company behind the scenes, are perfect for citizen-journalists to quickly begin publishing.

The benefits of blogs are numerous, and Lewis strikes on several of them. In particular, the anonymity that individuals (falsely) believe they have when writing and commenting on blogs lowers their inhibitions about speaking about sensitive issues in public – genuine ‘town hall’ style meetings can take place online without needing to arrange for a set place, time, and agenda for political discourse to take place. Thoughts and ideas can be transmitted across the blogosphere without worrying about the factors that traditionally limit community meetings. The increased speech is, defacto, a good thing – Lewis notes that any “media development that encourages greater self-expression can only be seen as a positive for democracy.” Moreover, “blogs can bring back issue based politics and help substance triumph over image. Blogs’ interactive nature helps facilitate debate over political policy, and helps avoid the automatic acceptance of catchy bumper sticker slogans.”

Beyond the local benefits of blogging (local meaning national) blogging is useful because it lets citizens in authoritarian regimes express their opinions to their fellow. Hossein Derakhshan, for example, is instrumental in assisting Iranians create Persian blogs from which they voice opinions , and criticize their government and religious figures. Similar blogs encourage civil disobedience and assist Iranian, Egyptian, and Chinese citizens to set up webspaces to engage in unauthorized sharings of ideas and participation in amoral social networking.

In defending blogs from their critics Lewis notes that they do not exist in a vacuum – other bloggers can comment on and work to correct erroneous ideas, thoughts, and arguments. Beyond this, the possibility of more information means that consumers will have access to more and more news outlets – the consumers “can become intensely involved in editing, discussing and debating with the very people providing their news.” This lets consumers make news sources accountable by enabling consumers to question the validity of information that is presented to them. The ‘media elite’ can no longer assume that they are delivering news to passive consumers – consumers now demand to be involved in the process itself. “Blogs” Lewis notes, “have provided the equalizing platform to make demands and satisfy [the need to have their voices heard].” Rather than naively assuming that blogging will replace traditional media, Lewis envisions that it will revitalize mass media by developing an increasingly interactive relationship between the press and readership – profits will not be challenged.

While Lewis’ thoughts on blogging are interesting, his essay looses its critical edge by (a) deluding itself about the capacity for blogs to shape media decisions, (b) not recognizing the coercive power of the nation-state, (c) avoiding the issue of gaining readership, and (d) focusing on consumer rather than citizen action. While true that media outlets are increasingly adopting blogs, their webpostings betray corporate leanings when staff are hired to post on behalf of more prominent editors. More importantly, by not addressing the issue of the digital divide or the ease of censoring ‘inappropriate’ ideas by nation-state’s expressing their sovereign wills, he suggests that blogging is some kind of emancipatory mode of communication. It is not. Blogging is a poor way of enacting significant changes in the media – each individual acts as an individual in the blogosphere, with only a few gaining enough prominence to have an effect outside a few dozen readers. When individuals use blogs to try and express points, and are subsequently unheard, they come to realize that blogging is not a particularly effective way of reshaping the media landscape. Instead of using blogging as a way of making the new media conglomerates honest, citizens (rather than consumers) should use blogging to unite and work with one another to reverse the hold that mega-conglomerates that have taken over the mass media.

Ultimately Lewis’ arguments are a good start towards looking that the benefits of blogging but his failure (or unwillingness given the award this essay was written for) to genuinely examine the conglomeration of mass media institutions, compression of citizen and consumer, and perception of blogs as just a new way of keeping news organizations honest, fails to identify or suggest solutions to the larger issues surrounding the mass media as it exists today.

Other posts you might be interested in:

1. Brief Thoughts on Blogging and Education