Micro-blogging and Personal Self-Surveillance
Micro-blogging is all the rage. Social networking sites including Twitter, Facebook, MySpace, LinkedIn, and numerous others encourage us to share details about our daily lives with all those we know, even passing acquaintances. While this can be entertaining, there are numerous hazards from widely sharing unfiltered information about our lives, whether personal or professional.
In 1995, I observed that the Internet had greatly reduced the cost of accessing and correlating data. This gives rise to what I referred to as a collation hazard. In the past, data was often public, but difficult to access. The most well known example of this problem was the stalking murder of actress Rebecca Shaefer.
Archiving micro-blogging information, combined with the propensity to report all details of our lives, produces more data, and more intimate data, than all but the most intrusive of surveillance operations.
Yet for all its potential to be invasive, as self-reported data it has inherently low accuracy. Micro-blogging, like any self-reporting system can be inaccurate or accurate at the reporter's whim. Using a micro-blog as a vehicle, one can create whatever persona one wants, and broadcast the persona to the ends of the earth. For public relations it is both boon and bane, and a security nightmare.
It is well worth remembering that archiving a stream of postings is not a technically difficult task. At that point, the information can be used for whatever purpose is desired. One can appear to establish ones presence on the other side of the planet, or the converse. This is nothing but a reprise of classic electronic warfare techniques, where units interchange call signs to fool direction finding or transmit false traffic to deceive listeners.
Conversely, one can micro-blogging to implement a classic electronic warfare technique: giving someone the impression that one is where one is not. The history of World War II has many examples of such dis-information techniques. One well known case of a electronic warfare disinformation operation was done by the USS Salt Lake City (CA-25) in May 1942 prior to the Battle of Midway. The Salt Lake City was tasked with the mission of simulating a carrier task force in the South Pacific. This was accomplished by the straightforward expedient of making radio transmissions characteristic of aircraft carriers conducting flight operations. The goal of this operation was to convince Imperial Japanese Navy communications monitors that the fleet aircraft carriers USS Enterprise and USS Hornet were conducting operations in the South Pacific. In reality, the Enterprise, Hornet, and Yorktown were waiting in ambush a short distance from Midway under strict radio silence.
Disinformation is not limited to the military sphere. Such active disinformation by the staff of Governor Mark Sanford (R-SC) was noted in today's New York Times by columnist Gail Collins. In “The Love Party”, Collins noted that the Governor's Twitter log was updated with inaccurate information while he traveled to Argentina.
The precedent is clear. Information direct from the source is highly useful, but without verification it must always be subject to verification. Coincidentally, this phenomenon is happening in real-time in the dispute over the results of the election in the Islamic Republic of Iran. Recently, a CNN article Iranians dodging government's Internet crackdown noted that there are questions about the accuracy and authenticity of some of the information appearing through social networking sites. My friend and fellow Computer Security Handbook contributor Mich Kabay will shortly be publishing a column in Network World on this precise question, noting that dis-intermediated electronic communications have become a critical battleground in political disputes, particularly in those countries where accuracy of elections is in dispute.
From another angle, such self reported information, whether accurate or fictional, is also a hazard to the reporter. The aggregation of this information over time presents a highly detailed picture of one's life. Our society has never dealt with the mass availability of recorded detailed information long into the future. This has become a problem, even without the involvement of Twitter and similar distribution services. Job hunting college students have discovered that personal pages on Facebook and MySpace are at least potentially public and archived. Since they are public and archived, the information is available to potential employers. Public information is also generally considered outside of anti-discrimination laws.
The detail of sub-daily micro-blogging raises this hazard to an entirely new level of danger. What seems reasonable to a high school or college student may not be appropriate to a professional in a responsible position. It is reported that colleges are receiving requests to expunge pictures and articles from online archives of student newspapers. Information that seemed innocent at the time is turning out to be a liability in a world where frictionless accessibility to information is a reality.
|||“Security on the Internet”, Computer Security Handbook, Third Edition23.4(a), pp 236|
|||Axthelm, Pete “An Innocent Life, a Heartbreaking Death”, People, Volume 32, Number 5, July 31, 1989.|
|||Edwin Layton, etal. And I Was There, pp 433|
|||“Including, perhaps, his beleaguered staff, which spent the last week fending off calls from the lieutenant governor and diligently filing Sanford's daily Twitter” from “The Love Party”, Gail Collins, The New York Times, June 25, 2009|
|||Doug Graves “Iranians dodging government’s Internet crackdown”, CNN, June 18, 2009|