The Nexus of 2024

Open for Questions at change.gov: What about privacy?

by

jon
in , ,

The Obama transition team’s Open for Questions pilot last week went extremely well for a first attempt.  Combined with all the other promising things Micah Sifry discusses in Kudos to the Change.gov New Media Team, it seems to me that the Obama administration is on track for some effective ways of leveraging cognitive diversity and “wisdom of the crowds” effects, cutting past the gatekeepers in the media, and getting Obama direct feedback from Americans.

At least for those Americans who are willing to give away their privacy as the price for interacting with their government.

Bob Fertik’s Americans Want Real Change from Obama – Not Media Garbage on Democrats.org is a good summary of Open for Questions first week from the perspective of a participant.  People from across the country submitted a wide range of questions.  The ones that were voted to the top were excellent: cleanly worded and on topics that need more attention.  Here’s one on civil rights, from Kari in Seattle, which finished #2 overall:

“What will you do as President to restore the Constitutional protections that have been subverted by the Bush Administration and how will you ensure that our system of checks and balances is renewed?”

Yeah, really.  There’s a lot that Obama can do here (the Liberty and Security coalition’s recommendations are a good summary).  Will he?  I’m all ears!

So it’s great stuff, especially for a pilot.  At least until you pull back the covers …

Change.gov’s privacy policy reassuringly says “It is our general policy not to make Personal Information available to anyone other than our employees, staff, and agents.”  However, as James Grimmelmann just pointed out in Total Information Awarness in TNR in describing the similar “mealy-mouthed” privacy policy on my.barackobama.com, courts have repeatedly found that statements about “general policy” have no legal force.

And in fact the reality is very different.  Open for Questions’ functionality is provided by Google Moderator, and seeing the “Sign in” link on a .gov site route through Google* is downright creepy.  Scroogled! As Christopher Dorobek points out on DorobekInsider, this means the information isn’t covered by the Privacy Act.  And that’s just the tip of the iceberg.

Dan Goodin in The Register and Chris Soghoian on CNet’s Surveillance State have already described the issues with change.gov’s usage of Google Analytics and YouTube giving a private corporation the ability to track people as they interact with a government site; this is more of the same and even worse.  The precise information about people’s opinions from Open For Questions adds a whole new level of concern.

Mike Stark made a really interesting point to me in email that I haven’t seen expressed so crisply elsewhere:

Google could (conceivably – and especially for those of us with gmail addresses) use a record of this data to really get involved in people’s personal political predilections.

Indeed.  They wouldn’t do it to be evil, of course, they’d just think of it in terms of “efficiency”, “user convenience”, and “monetization” … but still, it starts to look a lot like selling democracy.  I wonder if anything in change.gov’s contract with Google prohibits this?

Not according to the privacy policies.  A quick glance at the relatively-short Google Moderator on change.gov privacy policy gives the impression that the only way Google will this information is internally, “to deliver the best possible service to you. ” If you click through a couple more links,** though, you get to the Google Privacy overview and privacy policy and there are a bunch of other uses.  Like for example

We may share with third parties certain pieces of aggregated, non-personal information, such as the number of users who searched for a particular term …. Such information does not identify you individually.

Even giving everybody involved the benefit of the doubt that this information can’t be disaggregated and used to identify individuals, I don’t much care for our government giving Google control over which third parties it “shares” this information with.  About that selling democracy …

And then there’s this:

Google processes personal information on our servers in the United States of America and in other countries. In some cases, we process personal information on a server outside your own country.

Um, isn’t this something people might want to know before using change.gov, instead of having to chase down three levels of links?   Shouldn’t there be something in big red letters on the main page of Open for Questions along the lines of

Warning: this site whose URL looks like part of the US government may send your personal information to another country where it is governed by local laws.

Or hey, even better, why not provide this functionality in a way that doesn’t put people’s personal information at risk in this and a zillion other ways?

To be fair, Open for Questions is a pilot.   If things like this start to get addressed now, they’ll be seen in retrospect part of the growing pains of change.gov – it’s far from the first V1 product that ignored privacy early on.  But will they?

There’s a broader pattern of the Obama transition ignoring privacy concerns, discussed in posts by Sarah Lai Stirland on Wired’s Threat Level, Nancy Scola on techPresident, and me in Some early disquieting signs.  There’s no way to know if this is an intentional decision by the transition team not to prioritize this — or just lack of attention to it or understanding of the issues — but in any case it’s a bad sign.

The risk is that if nobody’s paying attention to it, this kind of privacy-invasive behavior get institutionalized and the participative democracy of the future is also a panopticon.  And if it’s a lack of understanding, that also bodes ill for the discussions coming up about behavioral advertising, the PATRIOT Act, and other privacy-related issues.***

It sure would be great to hear the Obama team’s thinking on this.  Their technology policy commits to “safeguard our right to privacy” but their actions certainly don’t match the words.

Maybe I’ll ask about it in next week’s Open for Questions 🙂

jon

* yea, really: the Sign In button routes you to a URL that starts with https://www.google.com/a/change.gov/ServiceLogin?service=

** to get there from Open for Questions, scroll down to the fine-print Disclaimer and click on the privacy policy.  Then ignore all the big and bolded headlines and instead click on the Google Privacy Policy link which takes you to a page with the headline “At Google, we’re committed to transparency and choice”.  Then you can click on either the Privacy overview and privacy policy.  Studies consistently show that most people don’t read privacy policies … when you have to go through hoops like this, is it any surprise?

*** like FISA, for example, where Obama’s actions similarly haven’t matched his rhetoric.

Comments

11 responses to “Open for Questions at change.gov: What about privacy?”

  1. jon Avatar
    jon

    I don’t mean to give the impression that privacy is the only issue that needs to be addressed by change.gov. Shaun Dakin’s Who is asking the Questions at Change.gov makes a vital point

    While it may be “cool” to open up the debate, there is no indication that the Transition team is looking to get input on the website from ALL Americans.

    Indeed. It’s a similar challenge to the one I discussed in Techville and Reality City, now on much larger and more important stage: unless there’s a lot of attention paid to access (to technology, to knowledge), any internet-based system is likely to marginalize a lot of people. A few examples: the many Americans who don’t have the computers or network connection to get to this site, people with disabilities, non-native English speakers, seniors, overseas military … the list goes on.

    change.gov’s accessibility page discusses how the Obama Administration’s commitment to accessibility for all “begins with this site and our efforts to ensure all functionality and all content is accessible to all Americans.” As with the privacy policy, it sounds great. What’s the reality behind it?

    What’s needed is a detailed plan to allow everybody to participate on an equal footing on change.gov and government sites in general, dealing with the hard problems. What about people who don’t have computers or network connections at home? What about students in schools where the ratio is one computer to 50 students? What about Americans more comfortable in languages other than English?

    Unless the transition team starts prioritizing this, and gets the plan out for broad review, these lofty goals will soon ring hollow.

    Reply
  2. Posts about Google as of December 14, 2008 | The Lessnau Lounge

    […] […]

    Reply
  3. James Grimmelmann Avatar
    James Grimmelmann

    The Google/YouTube privacy issues underscore how important it is that materials like this be released under Creative Commons license (or public domain) and without technological controls. That way, anyone can mirror the videos or distribute them, and access isn’t channeled through any one provider’s privacy regime.

    Reply
  4. Greg Elin Avatar
    Greg Elin

    Thanks for a great post getting to the hard issues of using third party tools on a government-website rather than the hand-wringing about comments getting removed.

    Last week I wrote a post indicating government agencies policing user generated content was fine by me to make a point that we have government specifically to trust with certain tasks—with oversight.

    But a hard issue is understanding and managing the consequences of third-parties potentially using an exclusive view of government information for unfair market gain and privacy issues. Your post begins to get to the heart of the issues that we do need to figure out and establish new safeguards.

    I’m not suggesting Google is (currently) doing anything bad. (I trust Google more than many other corporations.) But it is true—Google’s management could change, or change its mind, and the information in my email being at Google’s disposal would be a real problem.

    But so could all the tax information information Intuit sees, and the transactions credit rating companies see.

    These are the real challenges for which we need new policies and institutions to address. Our society does not have adequate institutional models for the shared ownership of data, or restriction of certain types of data by private parties. Our institutions and paradigm are claim-based and tend to recognize single owners. That’s why credit rating companies can gather so much information about individuals while making individuals pay to see their own information (more than once a year).

    Reply
  5. Chicago’s Favorite Podcast .:. VIKING YOUTH POWER HOUR .:. Chicago Podcasters With Nuts Like Mothballs

    […] best find I’ve come across today is an informed and sane plea to knock out some of these very serious privacy dents in the Change.gov pr… of snuggling up with […]

    Reply
  6. Silona Avatar
    Silona

    I have always argued that govt and businesses need to be as transparent as we are forced to be as citizens.

    Just started change.wikia.com where we put change.gov into a 3rd party versioning site by placing it in a mediawiki install. This way changes can be tracked. But people should realize that when they do participate on a CC licensed site. We can do cross publication of information like this.

    Obviously I think this is a larger gain than loss in the privacy arena. But it is something to ponder because it will always exist here… publicly.

    Reply
  7. jon Avatar
    jon

    Thanks for the comments, all …

    Agreed about the value of the CC license and the ability to republish this information — and it’s great to see the League of Technical Voters moving so quickly with change.wikia.com … I don’t see transparency and privacy as inherently in conflict in this case, as long as change.gov is very clear that all the information posted there will also be published elsewhere in all kinds of different ways. The copyright page currently says “Visitors to this website agree to grant a non-exclusive, irrevocable, royalty-free license to the rest of the world for their submissions to Change.gov under the Creative Commons Attribution 3.0 License” and while that’s very clear to somebody who’s familiar with CC, it’s not so clear to me that most people understand the implications. Similarly their privacy policy currently states “We treat your name, city, state, and any comments you provide as public information,” but again I don’t know if most people realize that this means it’ll get republished elsewhere. Hopefully the wording and user experience will continue to evolve so that most users, not just legal experts, know what they’re signing up for.

    I’m not suggesting Google is (currently) doing anything bad. (I trust Google more than many other corporations.)

    Do you trust them because of the holes in their software security, such as the bug in gmail that exposed the real name behind gmail addresses? Or because of their inconsistent legal stance on whether users have a privacy interest in IP addresses, nicely summarized by Ryan Singel here:

    Google, for one, has had its own issues with whether users have a privacy interest in the IP addresses it services store. They argued to the government that they were in order to keep from having to turn over user logs, but then told European regulators that IP addresses weren’t really personal, when those officials were seeking limits on how long search engines could store data.

    Don’t get me wrong, Google is certainly to be commended for standing up to the US governments fishing expedition (unlike Microsoft or AOL), and its public discussion of its China policy. However going from that to trusting them is a pretty big leap …

    But so could all the tax information information Intuit sees, and the transactions credit rating companies see.

    Credit rating companies are regulated under the Fair Credit Reporting Act. There is no comparable legislation controlling what Google (or Intuit, etc.) can do.

    Reply
  8. Liminal states » Once again Open for Questions: the pilot continues

    […] there hasn’t been any improvement on the privacy front.  The change.gov front page still points off to Google’s misleadingly benign Google […]

    Reply
  9. Tell Obama: Make Middle East peace a priority | Orthodox Anarchist

    […] folks from supporting this action, because I support it: Change.gov’s privacy policy is extremely problematic. The site is, on the one hand, a heartening attempt at government transparency and accountability, […]

    Reply
  10. Launching “Ask The President” on Twitter (DRAFT) « Liminal states

    […] The basic idea seems to be a followup to Change.gov’s short-lived Open for Questions series [1, 2]: people submit potential questions and vote on what they think the best ones are.  It’s […]

    Reply
  11. What would we like to ask President Obama? « Get FISA Right

    […] basic idea is to provide a followon to Change.gov’s short-lived Open for Questions series [1, 2]: a way for people to submit potential questions and vote on what they think the best ones […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *