Privacy

Privacy is an important part of social interaction, and
security.
In this post, I discuss what privacy is, privacy in
GroupServer,
and laws about privacy.

I should be able to define privacy, as
I am the Privacy Officer for
OnlineGroups.Net
— but I find privacy hard to define.
Thankfully, I am not alone: the New Zealand Law Commision’s paper,
A
Conceptual Approach to Privacy
,
spends many pages discussing how hard privacy is to define.

The paper’s author, Mark Hickford, concludes
that privacy is a sub-category of two interconnected values: autonomy
and respect.
These values apply to aspects of your life (both social and
information) that you expect to have control.
This definition is nice, but not useful when you are trying to write
software.

However, it is easy to know when privacy has been breached.
I quite like Solove’s taxonomy of privacy breaches, which I quote from
Hickford.

  • Collection,
  • Processing,
  • Dissemination, and
  • Invasion.

We constantly think about privacy when coding GroupServer.
For example, GroupServer requires that the user authorises the creation
of an account — otherwise a collection breach could occur.
When presenting aggregate information about a group (such as
posting
statistics
)
we have to ensure that individuals cannot be identified, and that
the data is only used for the purpose that it was intended —
to avoid a processing breach.
(Preventing
processing breaches

is not easy.)
Security is important to prevent dissemination breaches, and for that
we rely heavily on Zope.
Finally, we have to ensure that a user controls the
email addresses he or she claims to, so we do not invade the privacy
of others.
(Email address verification in GroupServer is not right yet, but
we are in the
process of improving it
.)

Ensuring privacy can put us (mostly me) into conflict
with administrators.
The conflict usually comes from good intentions, such as administrators
who want to add users to groups without the annoying verification step.
If the user does not consent to joining a group, a collection breach
can occur.
To gain consent, and prevent a breach, GroupServer sends out a
verification email that the user responds to.
Unfortunately, messages get caught by spam filters, or the
user simply ignores the message.
This normally leads to unhappy administrators, and users.
We cannot sacrifice privacy, so we work on
making
GroupServer more usable,

so these sorts of problems do not occur.

There is hope that privacy laws will become standardised.
OnlineGroups.Net must follow the
New
Zealand Privacy Act (1993)
,
which is based on
The OECD
Guidelines on the Protection of Privacy and Transborder Flows of
Personal Data
.
Other countries, such as
United Kingdom,
Australia,
and
Canada,
also follow the principals in the OECD document.
Even the United States of America has the
Safe Harbour
system, which follows the same privacy principals.

Privacy is not just a good idea, it’s the law; I pledge to constantly
uphold the user’s right to privacy.


Making a Group Work

For a group to be successful, the members must receive a benefit.
One way that a group can benefit the members is to allow users to
find out answers, and gain prestige.
Alternatively, a group can be used as a news source, where the members
find out information.
Finally, while there is some idea of what makes large technical groups
successful, I have seen less research on small groups.

In most large online groups that I have observed, especially the
technical
groups,
novices frequently ask questions, while experts gain prestige
(gravitas, mana) by providing answers.
This is a nice win-win situation, which has has received
some worthwhile
attention.

Tim Erickson, who helps run
the political forums on
e-Democracy.org
,
outlines two reasons to participate in the issue forums:

  1. Voice concerns (which may or may not be political), and
  2. Learn what is happening.

e-Democracy.org conducted a survey, in 2005, of members of their
forums in the United Kingdom.
Of the 50 self-selected responses to the question
How do you intend to use the Issues Forum now or in the future?
22 mentioned raising issues, while 20 mentioned keeping abreast of local
issues.
Effectively, the members stated that they use the forum like a cross
between a news-site and letters to the editor!
I would love to find out more about how effective the forums are at these
two tasks — but I doubt that I will have time, in the near future.

While I may not get a chance to study an online issues forum, I am
currently studying an online-group that supports an integrated science
programme.
There is a well-defined sense of community in the group, and from what
I have seen, there are few question-and-answer sessions (in the
traditional sense) and the group is not political.
It will be fascinating to find out what makes the group tick.

I participate in many groups because I am paid to: it is part of my job.
I belong to fifteen email groups, which have dedicated
addresses, membership criteria, and archives.
Of those, ten are closed groups, with 3–7 members, that focus on
a particular project; there are probably more ad-hoc groups that are
created using multiple email recipients.
These groups have questions and answers, such as
why has … stopped working? but they mostly consist of
people discussing the implementation of a system.
Members regularly post, and communicate effectively.
Are these groups successful because they are small, or the members are
paid to work on the system?
I do not know.


OnlineGroups.Net Blog

A self-evident truth:
OnlineGroups.Net now has a blog!
All the employees of OnlineGroups.Net — Dan Randow, Richard Waid,
Alice Murphy, and me (Michael JasonSmith) —
will post about
the issues that occur in writing
GroupServer,
running OnlineGroups.Net,
and being part of the wider open source and
it
communities.
Alice has done amazing work in making the blog look like the rest of
the rest of the site, and put up with me cursing the default
WordPress entry editor!

We would love to use our own GroupServer software to run this blog,
rather than WordPress.
Unfortunately, GroupServer does not support blogs yet, and we had too
much to say!