Wednesday, July 26, 2006

Is MySpace a Safer Place?

Back on June 20, I wrote about the Texas Attorney General's efforts to track down cyber predators who abuse popular social-networking websites such as MySpace. At last report, he had rounded up eighty alleged criminals who tried to meet cute under-age girls or boys for nefarious purposes, only to find themselves at the wrong end of a sting operation. The very next day, on June 21, announced a series of new restrictions to help fix the problem. I am certain that this blog played no role in MySpace's decision, but it is equally certain that publicity about the potential for abuse as well as the potential for lawsuits did have an effect.

According to an Associated Press report, the changes make it impossible for anyone registered as being over 18 to view the full profiles of members under 16, unless the older user knows the younger one's email address or full name. (MySpace has long had a lower age limit of 14.) While this is undoubtedly an improvement, the report also pointed out that MySpace simply takes a user's word about age. There is still nothing like the credit-card verification mechanism recommended by the Texas Attorney General to verify the user's age by independent means. So if I decided to masquerade as a 14-year-old boy in order to view the full profiles of 14-year-old girls, I could still do so.

The controversy over MySpace is just one battle in the larger war about privacy and technology. These days, "technology" usually means computers, networks, and the whole communications infrastructure of iPods, websites, and other hardware and software that makes us the most connected society in history. In examining a problem, engineers sometimes like to cook up a worst-case scenario in which everything that could conceivably go wrong does go wrong. If the system they are designing nevertheless withstands such a perfect storm of Murphy's Law ("whatever can go wrong will go wrong"), then the engineers can generally breathe a sigh of relief that the system will make it through more likely incidents in which only some things go wrong. Of course, this assumes that the system is simple enough, and the engineers are imaginative enough, to come up with a truly worst-case situation. But even if these conditions don't always apply, the technique is still a useful one.

What is a worst-case scenario in terms of privacy and technology? The answer may depend on what your own worst fears are.

Say you feel strongly that your financial matters are nobody else's business, and that you value your good credit rating. Your worst cyber-privacy nightmare might then be to have your identity stolen by a gang of hot-check-writing, heroin-using, credit-card-busting criminals who pay for a million-dollar orgy of consumer spending with your financial resources and then flee the country, leaving your credit rating in tatters that will take years to repair.

Say that you like to speak your mind about politics or anything else. Then your worst fears might be that a kind of super-Patriot Act would allow the government to spy on everything you email, blog, say, or see online. Imagine what Joseph Stalin would have done with a Communist version of the Internet. In the old days of manual telephone taps and flesh-and-blood spies, the ability of a government to spy on its citizens was limited by the fact that you could hire only so many spies, and there were never enough to keep tabs on all the citizens all the time. But new automated spyware has lifted that restriction and brought the blessings of increased productivity to the espionage business. My blog on "Engineering Censorship in China" shows how a totalitarian government can use technology to monitor or censor the online activities of over a billion people, with the help of companies like Microsoft.

Say that you have a rare genetic disorder that has a good, but not certain, chance of striking you as a young adult. It won't be fatal, but will require many thousands of dollars' worth of specialized health care over the rest of your lifetime. Do you want your prospective employers or health insurance companies to know this fact about you? Even if they say they will not let it influence their decisions about you, do you believe them? There are laws currently under consideration by the U. S. Congress that will mandate the electronic storage of medical data, which is now largely maintained in the form of paper files. This change does not guarantee that any Joe or Jane off the street will be able to access your medical records, but it is not clear that it will safeguard them perfectly, either.

In each of these cases, something that was at first intended to be a good, convenient, or more efficient way of doing things gets twisted around and used to harm. Systems designed to make it easier to buy things also make it easier to steal things. Those who built features into the Internet to encourage the small-d democratic exchange of ideas now find that some governments use it to repress ideas. Attempts to make medical records more accurate and accessible can also hurt someone with a costly medical problem if insurers or employers use their medical records against them. And a great idea about how to bring people closer together with technology-assisted social networking occasionally helps cyber predators carry out their evil intentions.

While there are many laws of physics that engineers must obey at their peril, there is also one principle of human behavior that is equally important. It goes by various names. In the Christian tradition, it is called "original sin," which means that everyone on Earth has an inherent tendency to do the wrong thing, even if they know the right thing. G. K. Chesterton called this doctrine "the only part of Christian theology which can really be proved." The proof, of course, is empirical. There has never been a technology that has actually been used, which has not ended up causing at least some harm as well as good. And it is foolish to design anything without taking this tried-and-true human factor into account.

Sources: The Associated Press report on MySpace's new restrictions is at One view of the issue of medical privacy rights (the patient-advocate view) can be found at The Chesterton quote is from Orthodoxy (New York: Doubleday, 1990, orig. published 1908), p. 15.

No comments:

Post a Comment