Wednesday, September 30, 2009

New Investigators 2: Privacy and Social Software

By the time we were ready to start, the session was full, with people sitting on the floor and clustered at the back, and more people still trying to get in the door. As a researcher, I've got to say I was thrilled to see so much interest! Although maybe they knew something about the presenters: every one of the women presenting in this session was enthusiastic and passionate about her research, and it made for a fantastic set of talks.

People sat on the floor and stood at the back when we ran out of chairs.
People sat on the floor and stood at the back when we ran out of chairs.



Julia Grace: Enterprise Social Networking: History, Current Practices, Research Challenges



Julia Grace
Julia Grace
Julia warmed up the crowd by asking about how many people use facebook, and nearly everyone put up their hand. She about how at IBM research, she gets to work with colleagues all around the world, which can sometimes present challenges. Not so long ago, if you wanted to talk to someone at work, you either walked into their office or picked up a phone, but as technology changes, we've gotten so many new ways to communicate. Students often adopt these tools before enterprises do, but that doesn't mean they don't have uses within the corporate world!

The new channels of communication have changed not only the technical way we send information, but also the way we use the information and the way interact. Julia talked about how increased information transparency -- such as conversations on internal microblogs that can be read by the whole company -- helps people form new connections because they can see information that used to private. This is true both inside and outside the enterprise, but she noted some things are different. For example, you actually want employees to connect with "strangers" in the form of work colleagues, while most people only want facebook friends who they actually know in some way.

One thing Julia noted which I've had to explain time and time again is that you don't know how valuable social networking can be until you try it. This is just as true within the enterprise as it is within people's out-of-work lives. The gains are "soft" in that sometimes these tools can be a time suck, but sometimes they're essential for work: microblogging can help let people know if one office is having network issues, allow people to get quick feedback on questions, and do a lot of things that are important for business. The challenge, of course, is dealing with information overload, and Julia talked a bit about ways to filter information and make things more manageable.

Julia joked that her manager didn't want to see "we get paid to spend time on facebook" on her slides, but it's clear that she does a lot more than that -- she's been really thinking about ways that these tools can be useful, and how we can make them more useful.

Clare J. Hooper: Tugging at the Seams: Understanding the Fabric of Social Sites



Clare J. Hooper
Clare J. Hooper
Clare started by talking a bit about the digital divide, and how, to really understand why it happens, we have to have a better understanding of the experience of using social tech. The attitudes, behaviour, and how it is more of an ambient awareness: you don't only log in to facebook to do one task, you log in to learn about what's going on. This is a very new phenomenon.

One thing that has been useful in explaining social networking has been the "Dix deconstruction" which talks about "pulling apart" an experience and finding the essence. Clare used the example of the shared experience of christmas crackers -- when making a digital version, it was important to make it so no one could see the contents until both people had "pulled" the digital cracker. It's not just the visual experience that matters!

So how does Clare think we can use this as software engineers? She says the important part is to look not only at "pulling apart" but also at "putting together" -- deconstruction and reconstruction. She gave the example of microblogging: we can list the surface stuff about there being X number of characters, a share button, and a list of previous updates. You can look at the abstract ideas, about status updates giving you a presence within your social network community, or about the uncertainty about whether your friends will read that update. She suggests that the best way to summarize the key effects is with one simple, neutral sentence. So those status updates are about small messages broadcast to a community, although they may not be received. Note that messages don't have to be text -- they could be pictures, etc. That's why the "neutral" description, to capture the essence without getting too fixated on the specific technology.

Clare suggested that one might try reconstructing the status update experience using a t-shirt with a scrolling, updateable message. Similarly, you'd be broadcasting a message, to a small community around you, some of whom might not be paying attention. But it's a big step from microblogging to t-shirt displays.

She's looking forwards to helping provide broad access to online social tools, and to do this you need to understand those core experiences. She'll be working on evaluating these ideas both at her university and at IBM.

Katie A. Siek: The Knot or the Noose? Analysis of Privacy on a Wedding Planning Website



Katie A. Siek
Katie A. Siek
Katie introduced her talk by talking a little bit about herself and how this study fit into her career scheme. She had been working on helping people track health information, including work with records-handling at hospitals, and was starting to wonder how to encourage people to keep these records updated. There's a groan from the crowd as she talks about letting people keep health data on facebook.

She then said something I loved, "Another great thing about research is that research is everywhere!" -- so she while planning her wedding, she found the sites she visited could be part of her work. The Knot is a wedding website with plenty of users, where people can go to brag about their weddings. The site encourages people to share as much information as possible by providing incentives like choosing great profiles to be part of a magazine. But unfortunately, this can lead to privacy concerns... Katie pointed out one person who she was able to quickly track down by phone just from the information in the profile, and says that it's generally pretty easy.

But why is that scary? I was appalled (if not surprised as a security researcher) by the stories she had to tell about bad stuff that's happened to people. There's enough information there for mean people to cancel weddings! "Oh, I'm the wedding planner for so-and-so, getting married on this date, and something really bad has come up..." It sounds like a plot device from a wedding chick flick, but apparently this has actually happened to people! As well as phishing scams, where people were sent legitimate sounding invoices that they paid and they money went to scammers, identity theft, and even robbery when a thief knows when you'll be away on your honeymoon, what your house looks like and where the more valuable things are inside.

But meanwhile, The Knot website itself really wants people to share as much information as possible. More content means more sponsors, more money for them. It can be hard to balance corporate desires against privacy issues.

I was really thrilled to hear that Katie's research had an immediate effect: when they started asking survey questions which made people aware about how much information they were sharing and how dangerous that could be, people started changing their bios! And she's looking at further ways to educate people so they don't get caught, as well as how to tie these information sharing issues back into her other work with health records.




I'm sorry not everyone could get in to the room to hear these great talks, but hopefully I've given you a taste of what you missed! If you want to hear more, all three women are happy to hear from you -- just look them up.

Edit: The photos are now posted as promised.

2 comments:

Brenda Liu said...
This comment has been removed by the author.
Brenda Liu said...

I also have a short writeup on the first presentation in my blog!