November 16, 2010
A Balance Between Sharing and Privacy
Computer Scientist Defines the 'Privacy Line'
By Mary-Russell Roberson
This story originally appeared in Gist From the Mill, the newsletter of the Social Science Research Institute.
Like most people, Landon Cox uses online social networking sites such as Facebook, MySpace, and Flickr. He has a Facebook account and he regularly posts pictures of his two young daughters on Flickr. In fact, he said, sites like these are central to his life: “It’s the main way I communicate with other people.”
Also like most people, Cox has concerns about his privacy while using these online sites. But unlike most people, he’s actually in a position to do something about it. Cox is an assistant professor in Duke’s computer science department, and he investigates ways to ensure privacy in the context of online social networks.
Cox, whose expertise is experimental software systems, has a specific concern about “inadvertent oversharing.” This can happen when a naïve user does not monitor his or her privacy settings closely enough, or when a social network provider rolls out a new feature that reduces privacy for everyone. A couple of years ago, Facebook introduced a new feature that automatically broadcast users’ online purchases to their Facebook friends. This did not go over well, especially with the man who had just bought a diamond ring online as a surprise gift for his wife. Facebook eventually recalled the feature, but the privacy of users had already been violated.
Online social networks want their users to share as much information as possible because the more people share, the more time everyone spends on the site, and the easier it is to sell ads. These ads are the way online social networks pay for the enormous infrastructure needed to store all the words and photographs that hundreds of millions of people post every day.
The companies that provide the online social networks own the rights to all information stored in their data centers (users agree to that when they sign up). Companies use the data to target ads and to encourage more sharing. Providers are constantly trying out new ways of exploiting users’ data; if they go too far, users protest. Via this push-and-pull process, providers and users are working out where the privacy line is.
“Privacy is a really fundamental issue,” Cox said. “Most of what the online social networks are designed to do is to allow people to share information with each other. Privacy is the exact opposite: not wanting to share. I find that tension to be a really interesting thing to look at.”
One solution for inadvertent oversharing would be to allow users to choose to store sensitive information somewhere else instead of the social network’s data centers. This decentralized storage would keep the sensitive data private even if the provider rolled out an unexpected feature, or if the user accidentally clicked the wrong privacy settings.
Implementing this idea requires new software that can work at the intersection of online social networks, web browsers and the entity where the sensitive data is stored—all in a way that appears seamless to the user. It’s just the kind of challenge that appeals to Cox, who earned a bachelor’s degree in computer science at Duke in 1999. “It’s thinking about how software should be structured, especially in distributive settings where you have a lot of stakeholders,” he said.
In 2009, Cox won a three-year, $498,000 grant from the National Science Foundation to investigate the idea with his graduate students Amre Shakimov and Dongtao Liu, and with Ramon Caceres at AT&T Labs in Florham Park, N.J., which is also funding the project. The group is exploring three different strategies, all of which use “virtual individual servers” to store sensitive information, such as the photos from that crazy party last Saturday. The location of the virtual individual server is what differs among the three strategies.
The first strategy is for users to keep sensitive information on an online utility, which is a data-storing service offered by various companies, including Amazon. Cox and his colleagues have designed software that enables users to store information on a utility in such a way that it’s viewable by people approved by you but safe from, say, potential employers in the event of a privacy breach at the online social network.
Unfortunately, storing data with an online utility costs money. “The good thing is you still own your data. In the licensing agreement, utilities like Amazon make no claims on your data,” Cox said. “The downside is it costs $75 per month.”
A second strategy is for users to store sensitive information on their own desktop computers. But personal computers are not always on, so Cox and his collaborators propose that users store information on several desktops—their own and backup computers belonging to very trusted friends and family members. These people would need to be folks with whom you’d feel comfortable sharing those Saturday night party pictures. You and your friends would install software that would allow your web browser to retrieve the sensitive data from your desktop or the desktop of a friend when an approved person wanted to view it.
“The nice thing about this is that it’s free,” Cox said. “The downside is that you are required to find these 10 most trusted friends.”
The third strategy is a hybrid of the first two. The user would store sensitive information on a personal computer. If the computer was down, the information would automatically go to a secure utility.
Cox and his colleagues have prototyped the first two strategies and have found that both work well, although some wrinkles remain to be ironed out. “I think today the desktop version is most practical because it doesn’t cost people anything,” Cox said.
All of the strategies are designed to integrate with existing social networking sites, not replace them. Cox expects users would continue to keep most of their data with the social networking site, and use the virtual individual servers only for a small subset of information.
“We love Facebook and we want to share our stuff,” Cox said, “but we want more control over our data. We want to be able to say, ‘This shouldn’t be shared,’ and know that it won’t be shared behind our back.”