The Value of Personal Transparency By: Stephanie Pakrul INFO203 May 12th, 2009 School of Information, UC Berkeley

Introduction Much is discussed today of issues surrounding privacy. More than ever before, individuals' personal information is collected, aggregated, and analyzed, usually in service of one party to gain greater control or understanding of, or extract larger profits from another. Most of this attention is directed at ownership or reductionist views of privacy, protecting the notion of a fundamental human right to privacy, or to avoid potential negative consequences. Correspondingly, the focus has also been on the value to the individual of keeping that information private, often from larger, more powerful organizations. However, less has been done to examine the actual personal, social, and economic value of privacy, and the possible benefits of increasing transparency of the individual. The potential opportunity costs and negative consequences of greater privacy controls are also not weighed in these analyses.

Without a closer look, how are we to know the value of what it is that we are hiding? Further exploration is necessary in order to accurately assess the costs of information opacity, so that we may evaluate appropriate protection and disclosure incentives for individuals and social groups.

In this paper I will argue that there are unrealized benefits to the individual of increased transparency of personal data. This will require a more nuanced definition of privacy and identity, and a rational examination of personal information within the context of the larger information sphere. Building on this, we can arrive at an approach that balances the actual value of privacy with the overlooked benefits of collecting and exposing more personal information.

Becoming our selves: turning digital "Small details that were once captured in dim memories or fading scraps of paper are now. . . preserved forever in vast, fertile fields of data. The minutiae of our everyday comings and goings, of

our likes and dislikes, of who we are and what we own. . . They are our digital selves." (Solove 2006, 3)

Availability of information about the individuals that make up our society has grown more in the past twenty years than since the invention of the printing press. However, common descriptions of the effect of new technologies on information access and privacy operate under a "more of the same" philosophy that data processing, speed, and storage capacities have dramatically increased the quantity of data that can be collected and manipulated. Much like television was initially treated as "radio with pictures", we have a tendency to view new inventions and integration of technology in our lives as an evolutionary step in the same direction as before. But these digital technologies are not just a digitized phone book with more detailed listings, they are a fundamental change to the landscape of personal information and privacy (Floridi 2005).

A recent report from the Pew Internet & American Life Project distinguishes two types of information, or digital footprints, created by individuals passive and active. The former is information created "as a matter of course" with "no deliberate intervention from an individual", such as home sales, newspaper articles, and political donations (Madden et al. 2007, 3). The more recently growing trend is of one's active digital footprint, information that is being intentionally published in public or semipublic spheres, such as blog comments, family photos, and resumes.

As the digital world continues to expand, we are increasingly intertwined with our streams of data. Individuals are now informational agents, embedded in an informational environment. The gap between "me" and "my information" has been closed. Given this convergence, it is imperative that we take greater steps to reclaim our passively generated data and become more deliberate in generating our own active data.

Owning our selves: reclaiming control and coherence of our digital data Currently the majority of our information is owned by organizations, which are motivated by economics and ruled by bureaucracy. By their very nature, these entities are several degrees away from concern for any particular individual's welfare (Solove 2006). This unintentional outsourcing of our digital personae has stripped control and autonomy from the individual, leaving the ontology of personal identity at the mercy of the metrics valuable to those we transact with. Unfortunately, we are all the more willing to give up that information in exchange for economic gain or convenience1 (Acquisti and Grossklags 2005).

Our own ignorance of what data is being collected and storedand by whomis a major hurdle for chasing coherence and privacy in the information age. Lack of knowledge about data systems being used, overconfidence in the accuracy and intentions of the organizations doing the collecting, and simplified mental models of information systems contribute to incorrect assumptions about our digital selves (Acquisti and Grossklags 2005).

With this data out of our minds and our control, we are unable to perform either audits or updates, or reap any benefits of access to the information. With incomplete knowledge of our distributed bits of data, it is difficult to assess the risks or benefits of its existence. What if a company changes their privacy policy, goes bankrupt, or the individual simply changes his or her mind about who should have access to this data? (O'Hara, Tuffield, and Shadbolt 2009)

We are currently at a turning point. We can continue to allow governments and corporate entities to colonize our digital selves and export the natural resource of our personal information. Or we can take takes steps to reclaim our informational sovereignty. We stake this claim by taking responsibility as the source of information about our selves, by repossessing the information generated incidentally
1 In their study, 21.8% admitted to having revealed their social security numbers in exchange for "discounts, better services, or recommendations" (Acquisti and Grossklags 2005, 29)

through interactions with external agencies, and by intentionally generating our own self-directed stream of data.

By taking control and tracking our own information, the doors open for many benefits. Steve Mann, an early pioneer of wearable computing and "lifelong cyborg logging", is a strong proponent of continuous personal recording, of the self (for augmented memory) and others (sousveillance) (Mann 2004). In addition to these, new opportunities become available for self reflection and self improvement. Reclaiming the individual as the canonical source of data by enabling them to create their own information stores is the first step towards a consolidated self, and individual empowerment.

Characteristics of a personal information store What does a comprehensive personal information store look like? Generally speaking, this database, or life log, is "a form of pervasive computing consisting of a unified digital record of the totality of an individual's experiences, captured multimodally through digital sensors and stored permanently as a personal multimedia archive." (Dodge and Kitchin 2007)

Best practices principles for personal information storage can be drawn from existing literature on various forms of data storage. Historically, flat tagging or full text search is common for personal information, but it is predicted that an increasing number of professional organizations will offer data feeds, so that manual processing or artificial intelligence will no longer be needed to add metadata to information, as these formats become standard (J. Gemmell, Bell, and Lueder 2006). Standardization is crucial as data sources become more varied. For example, when tracking communication patterns, the information store must know that the Maria you're chatting with on an instant messaging client is the same as the one you email at gmail.com and the one who left a voice message on your cell phone. The MyLifeBits project takes representation of these parties seriously, with the "contacts" database table consisting of 62 additional attributes for each person (J. Gemmell, Bell, and Lueder

2006).

Data portability is a major attribute for externally managed data. For example, online health records2 should be able to provide a "portable and secure lifelong record that will be available regardless of a persons employer, insurance plan, or physician" (Steinbrook 2008, 1654). Some efforts in recent years, such as OpenID and OPML, have been working on consolidation and portability of data across services, to assist users who want the ability to carry their identities and personal data across sites (O'Hara, Tuffield, and Shadbolt 2009). However, data portability philosophies often contradict economic considerations for organizations who wish to maintain a hold on their users.

The future of semantic web also brings the promise of more structured data to the internet, allowing for greater consistency across distributed, heterogeneous sources. As this becomes more prevalent, non-personalized external sources can also be used to supplement the individual's life log by providing additional context (O'Hara, Tuffield, and Shadbolt 2009). For example, generic data sources such as a local weather forecast, traffic map, or encyclopedic information on a relevant topic could be integrated as needed into a personal data stream3.

These large personal databases must also remain quick and easy for the end user. Too many selforganizational systems implemented with the best of intentions end up ignored because they were not optimized for the common use case. For example, the MyLifeBits application addresses this by focusing on returning the first page of results for any query as quickly as possible (J. Gemmell, Bell, and Lueder 2006).
2 Also see an excellent post on this subject and Kaiser Permanente's KP Connect by Gary Wolf, contributing editor of Wired, via the Quantified Self blog at http://www.kk.org/quantifiedself/2008/12/dead-ends-andwalled-gardens.php 3 Recently, science fiction author Cory Doctorow commissioned a writing versioning system called "Flashbake" that adds weather and other generic data along with each version, in order to provide retrospective context to his writing. See http://lifestreamblog.com/cory-doctorow-on-lifestreaming-contextual-snapshots-using-newtool-flashbake/

Characteristics of personal information Simply approaching the personal information store in such a way that any metric is a potentially viable one does not help much for evaluating the metric against optimal criteria. Narrowing the field down from "everything", proposed below are a series of key attributes for ideal personal metrics:

Consistent. Collection and storage of the information must be consistent, recorded at a known rate and on a steady scale for data points. Gaps in the information store can cause mistrust of the system, incomplete information, and even personal distress4.

Timely. The need for information recall can occur even moments later, requiring a near realtime system to store and process data. Also, particularly when a life log is to be used for selfimprovement, feedback is best delivered in a timely manner (Ilgen and Moore 1987).

Quantifiable. Both for storage and retrieval optimization, information is most easily manipulated as structured, quantified data. While this quality is necessarily flexible when dealing with some data forms such as multimedia, in general, reducing an information source to quantified data will yield more efficient results.

Automatic. When data collection and archival is automatic, the system is not relying on the ability of the individual to actively and consistently perform some kind of action. Much like putting a savings plan on automatic withdrawal, the data logging then becomes a background processes. This also improves accuracy, rather than relying on manual data entry.

Objective. With the other characteristics in place, a system is created which can be objective, not relying on historically poor self-reporting and false memory.

With a system implemented which follows the preceding characteristics, personal transparency via this

4 After having used the MyLifeBits system for years, Gordon Bell once suffered a hard drive failure and irrecoverably lost four months of recorded data. It is described as "a severe emotional blowperhaps like having one's memories taken away," while future information searched for and not found always carries the unease of possibly having been in that four month period (J. Gemmell, Bell, and Lueder 2006, 93).

large information store becomes a vast source for self analysis and improvement. Describing MyLifeBits in Communications of the ACM, Czerwinski et al (2006, 46) narrate what this reality might look like: "The next morning, Gordons body sensor alerts him he has a fever of 101.3o Fahrenheit. His trend-analysis software notes that he has been coming down with colds after business trips lately, so he forwards the analysis to his doctor, requesting advice on how to avoid a recurrence. He feels well enough to go to work, however, but now cant find his hat. The last time he recalls wearing it was when he last did his laundry. He accesses the log of his clothes dryers embedded server to report the last time it was used. Scanning photos taken immediately after he took the clothes out of the dryer by wall-mounted cameras, Gordon notices one of himself tossing the hat onto his bedside table. A look behind the table reveals the missing hat."

What was recently the distant dreams of science fiction is drawing nearer. While this level of integration and polish is not yet available, current implementations are approaching this kind of sci-filike quality of efficiency.

Pulling in external sources But not everyone has the necessary hardware and software running to create their own personal data stores. The invention of RSS feeds and structured data on the web enabled online services to offer portions of their (your) information available through queryable means. As discussed previously, our informational identities have been losing coherence as different bits are scattered amongst sites photos on Flickr, bookmarks on Delicious, software usage on Wakoopa, and music preferences on Last.fm. But as these sites offered feeds and APIs, this meant that information could be re-combined in a central location, usually the individual's own web site. Most commonly referred to as lifestreaming or lifelogging, this new trend has been once again consolidating the self.

Adding further private data sources makes the informational identity richer, providing even more points for cross-referencing. The range of possible sources is huge, but the top candidates for logging will be those which are related to personal interests, and what is cheap and/or simplest to collect (O'Hara, Tuffield, and Shadbolt 2009). With increasing availability of connected consumer gadgets, sensors, or self-reporting websites, you can easily track sleep5, physical activity6, weight and blood pressure7, location of you8 or your belongings9, phone calls and SMS10, weather11, energy consumption12, menstrual cycle13, financial data14, vehicle information15, indoor sensors16, and entertainment media purchases17. Even using external sources and consumer devices such as these, one could construct a data pool arguably even richer than MyLifeBits', where remembering that it was a day that you SMSed your sister while stopped at a red light could help you to recall where you lost that book.

It's easy to see that many of these devices could become mainstream, just as voice-over-IP, cell phones, home alarm systems, and computer-based home entertainment centers have grown in popularity. With this widening landscape of data collecting devices, a more complete, aggregated information store will soon exist.

5 6 7 8 9 10 11 12 13 14 15 16 17

Sleeptracker watch monitors sleep phases, with USB link to download data, http://www.sleeptracker.com/ Fitbit wearable device tracks all physical activity and uploads to web service wirelessly, http://www.fitbit.com/ Lifesource offers a wireless scale and blood pressure monitor, http://www.lifesourceonline.com/ Via numerous inexpensive GPS units or location-enabled phones and dozens of web services, such as Yahoo!'s FireEagle Various RFID-based products, such as mir:ror (http://www.violet.net/_mirror-give-powers-to-your-objects.html) or touchatag (http://www.touchatag.com) Skydeck (http://skydeck.com/) offers tracking and analysis of cell phone activity, and various VOIP providers facilitate access to phone call data Various connected weather devices, comparison at http://www.windfinder.com/wind/weatherstation.htm USB-enabled home electricity monitor, http://www.theenergydetective.com/ Several sites offer this service for the purposes of tracking for medical conditions or fertility, such as http://www.cyclespage.com/ Financial aggregation and tagging services, such as http://mint.com/ Car Chip monitors data from any modern car's on-board computer, for USB download, http://www.thinkgeek.com/gadgets/car/aa31/ Vera monitors energy usage as well as wireless home automation sensors and devices, http://micasaverde.com/ Delicious Library and other services track your personal media library, http://www.delicious-monster.com/

Personal Information Management (PIM) Aside from experimental researchers such as Steve Mann, MyLifeBits' Gordon Bell and Jim Gemmell, and DARPA's LifeLog, extended forms of personal transparency have been undertaken by some casual enthusiasts. These are usually more within the realm of creative, intentionally crafted works, such as online journals and photo blogs. However, the potential for vastly improving personal information management is a motivation for many to take a closer look at the practice.

At the individual level, a movement focused on more automated, quantified personal data storage has only emerged in the past few years. As much of 80% of digital information is stored in unstructured data on hard drives (Geer 2007). In response, starting in late 2004 a flurry of multipurpose desktop search engines have been released (Boutin 2004). These and other tools have focused on improving personal information management (PIM), through cross-application indexing and retrieval. With free applications now available, no longer would you have to remember which instant messaging platform you were on when you had a particular conversation, which program you had used to tag a certain photo, or be looking for a now-unavailable web page you visited only to realize that information was on your laptop instead these tools consolidate your data into one searchable, synchronized database (Jones and Teevan 2007).

Admittedly, these tools are not nearly as pervasive or inclusive as the SenseCam, a wearable camera and array of sensors, coupled with the Memex-inspired MyLifeBits software, to manage this image and sensor data alongside the user's entire document repository, calendar, personal communications, web browsing, and their related metadata (J. Gemmell, Bell, and Lueder 2006). But with these tools, the number of data points available for filtering, sorting, and pivoting is greatly increased, vastly improving personal productivity and digital memory (J. Gemmell et al. 2004).

In addition to the practical benefits of having access to more of one's own data, there are also

emotional benefits. On living with the MyLifeBits system, Gemmel et al (2006) proclaim, "having a surrogate memory creates a freeing, uplifting, and secure feelingsimilar to having an assistant with a perfect memory". From finding lost objects to reviewing research to recalling names of acquaintances, an augmented memory is the primary appeal to many pursuing this technology (Czerwinski et al. 2006).

These philosophies of data collection, storage, and retrieval are beginning to filter down to a wider audience. The mid-2000s saw the release of two breakthrough books, Ambient Findability (Morville 2005) and Everything is Miscellaneous (Weinberger 2007), putting a popular spin on what researchers such as Bell and Mann have been touting for years keep everything, and use our improved processing power and indexing to find what you need later.

Self improvement Beyond simply a perfect memory coupled with a search engine and efficient calendar system, the instant availability of a personal information store makes it possible to engage in more comprehensive reflection for the purpose of self improvement. One only needs to look at the $9.6 billion self-help market in the United States alone18 to see our continued pursuit of self improvement. The Bay Area and New York City hold regular meetings of a group called The Quantified Self, which also collects resources for "self-tracking data to better understand ourselves, in body and mind" (The Quantified Self Wiki 2009). While academic researchers and industry members are present, a large portion of this group's membership is simply individuals who are interested in greater self-awareness, personal health improvement, and data tracking in general.

Total Recall, an early experimental personal information management system, stated goals of
18 A 2006 market research report indicated that the total self-improvement market in the US in 2005 was $9.59 billion, with 11.4% yearly growth, for more info see http://www.prwebdirect.com/releases/2006/9/prweb440011.php

10

improving quality of life, enhancing memories and diminished abilities, prolonged longevity, and improved education (Golubchik). A personal information store would be the ultimate answer to the data we didn't know was relevant until we needed it, improving decision making, increasing personal accountability, and improving quality of life.

Weight loss and fitness is a common entre into the realm of self tracking, a natural extension since numerous studies have proven the success of food diaries (Kaiser Permanente 2008). Diaries or other written tracking methods are a long supported means of therapy and treatment for various mental and physiological conditions (Hyland et al. 1993). Through aggregation and longitudinal data, a rich personal database would be able to reveal patterns and provide an accurate and objective assessment previously unavailable to the individual. In his discussion on the world of sensors and pervasive computing, Bohn et al (2004) affirmed that "the ability to combine different information sources, especially large, innocuous ones such as walking patterns or eating habits, is the backbone of any 'smart' system".

O'Hara et al (2009) discuss numerous additional benefits to the life log, including: Recommendations, using existing stored data to provide suggestions for future purchases, media, or other forms of entertainment; Automated metadata tagging, freeing oneself from tedious tasks such as tagging photographs; An interactive, virtual avatar which could act as an intermediary for social interaction; Health records, via sensors or tracking diet, to monitor a medical condition or improve overall health.

11

Identity & Self-reflection As important as the everyday benefits of reclaiming our digital selves may be, there are othermore existentialadvantages that accrue directly to our identities. This store of information can serve as an overwhelmingly objective source of our identity for others. But more profoundly, it can serve as an irrefutably objective source of our identity to ourselves.

By its sheer volume and automated operation, a personal information store can become the de facto authoritative source of an individual's identity. When done well, as described above, it rises above other possible sources of individual identity and "outweighs the others simply by weight of evidence, complexity and comprehensiveness" (O'Hara, Tuffield, and Shadbolt 2009, 4). Through the mass and consistency of evidence, this personal database demands that the individual be considered the canonical source of data.

In becoming the source of one's own informational identity, it acts as a counterbalance to the efforts of others to define one's identity. Mann refers to this approach as "reflectionism," using the tools of surveillance against those doing the oppressing (Mann 1998), thus increasing our ability to defend ourselves against misrepresentation. The personal information store, "to the extent that it allows him or her to provide information", then serves as a reliable witness against false "competing accounts" (O'Hara, Tuffield, and Shadbolt 2009, 25).

Moreover, knowing that we have a reliable and objective source of information about our selves should reduce anxiety about the risk of incorrect data being used to inadvertently or intentionally spoil our identity. In 2002, Hasan Elahi was placed on the US government's terrorist watch list, and was detained at a Detroit airport. With the hassle that this caused with his frequent travel schedule, Elahi decided to call FBI agents before each trip, so their field offices could be alerted. This evolved to extended transparency, posting a constant visual account of his whereabouts, meals, and purchases

12

to his website, TrackingTransience.net. His approach is to "put Big Brother out of business", and while his web site logs regular visits from government agencies, he hasn't been detained since (Thompson 2007).

As important as it is to be able to defend our identity and its intentions to others, it is even more important to be able to defend it to ourselves. A personal information store gives the individual an unprecedented tool for personal accountability; learning from our behaviour and reflecting who we really are.

When we have a constant, comprehensive, and objective stream of information about our selves, we have greater opportunities to reflect on the congruity or incongruity of our observable behaviours with our sense of identity. We gain the ability to engage in a kind of constant reality therapy that encourages us to see our actions as they are, rather than as we might imagine them. With this ability comes the chance to consciously bring our identities more in line with reality, making them more accurate, more effective, more resilient, and more authentic.

Hiding our selves: privacy considerations With any proposition of vast amounts of information being collected and stored, privacy is central to the discussion. While there are different takes on the definition of privacy, it is still commonly held as a "fundamental requirement of any modern democracy" (Bohn et al. 2004). Some may argue that creating a massive central repository of data is a privacy disaster waiting to happen. While an indepth legal examination is out of scope for this paper, it is important to look at privacy in the appropriate context. In the US, legal concepts of privacy have evolved from non-intrusion, to noninterference, to restricted information access (Moor 1997). However, privacy is more constructively defined not as simply the absence of information about individuals, but the control one has over information about oneself. This is a desirable quality which is not in opposition to a large-scale

13

information store, in which people have "the power to control the publication and distribution of information about themselves" (Bohn et al. 2004).

In fact, the privacy that we have now may not be as prevalent as we think. Rights of informational privacy are overruled in matters of national security or public safety (Floridi 2005) since the US government has "access to virtually all means of communications and data storage" (A. L. Allen 2007, 20), one can be de-anonymized through aggregation and statistical processing of public information19, and our data is particularly exposed through voluntary sharing when the details are buried deep within a web site's privacy policy (or perhaps one you don't even know exists, but your friend agreed to20).

Establishing a vocabulary and continuum of personal information is crucial so that the wide ranging characteristics of data are not conflated. Different forms of personal data have intuitive levels of privacy attached. For example, one does not guard one's ZIP code or movie rental membership ID with the same care as a Social Security number.

Moreover, the value of information varies, depending on the information and its potential audience. Whether you're sleeping in or not on any given day is of little use to the general public, but highly relevant to a friend in the neighbourhood who might want to stop by. Your family vacation photos or links you bookmark have little intrinsic value aside from those who already know you or are interested in the same things that you are, and carry little risk of harm when shared. Conversely, your driver's license or credit card numbers are irrelevant to your social circle, but uniquely identifiable and a gold
19 See the de-anonymization of individuals in the Netflix Prize data set (Narayanan and Shmatikov 2008), the Prop 8 Maps mashup of public donation data opposing same sex marriage (http://www.eightmaps.com/), and that using 1990 US Census summary data, 87% of the population could be uniquely identified based on just the 5-digit zip code, gender, and date of birth (Sweeney 2000) (however, a repeat with 2000 census data found that percentage to be lower, 63% (Golle 2006)) 20 For example, the Facebook API gives anyone who signs up as a developer access to a surprising amount of information, with its restrictions on use enforced on a voluntary basis. When a Facebook member adds a third party application, that application can access all that user's friends' profile information without needing further authorization. See discussion at http://lanako.wordpress.com/2009/05/01/facebook-applicationsdeceivably-unsafe/

14

mine for an identity thief, and thus a high risk of harm through their exposure. Most information being addressed in this paper falls somewhere in the middle. Your grocery shopping history and media consumption habits have undeniable value to certain third parties, mainly for the purpose of targeted advertising and profiling, but aren't particularly identifiable, and arguably, carry a low risk of exploitation and harm.

Looking at the table below, there is a complementary relationship between the value of information to one's social group versus the risk of harm through its exposure or its value to strangers.

Characteristics of common personal data Type of personal data Uniqueness of identifier 5 4 2 3 2 1 4 1 Intrinsic value (economic, to strangers) 4 5 3 1 3 1 2 3 Value to social group 1 1 3 5 5 3 5 5 Risk of harm

Driver's license Credit card number Grocery shopping history Family vacation photos Current location Sleep patterns Cell phone number Media consumption habits

4 5 1 2 3 1 2 1

Legal protections for this nuanced variety of information have not kept in line with technological developments (Steinbrook 2008). In response, Floridi's 'ontological' viewpoint defines the individual as fundamentally constituted by his or her information (Floridi 2005). He argues that this provides a more appropriate context in which to examine factors in privacy considerations, rather than simply that of restricting access. Traditional reductionist or ownership-based interpretations of privacy focus on avoiding undesirable consequences, or on the rights of bodily security and privacy, rather than taking into account the full equation and value of personal transparency.

15

Sharing our selves: providing our information to others The small village of hundreds of years ago in one sense was the epitome of information transparency. Your neighbour would notice if you had lost a few chickens, your daughter's amorous intentions would be widely known as soon as she batted an eyelash at the stable boy down the road, and raised voices would be carried through the thin walls. In this village, transparency was a simple fact of life, and this sharing of information was not something that could be easily prevented (Floridi 2005). However, as we once moved from aural story traditions to the written word, the information sphere has now migrated to digital.

This digital information age increases "border crossings," or perceived privacy violations which transcend existing boundaries in one of several ways (Marx 2001). These boundaries of the natural physical senses, spatial/temporal, and the ephemeral and transient nature of information provide individuals with a blurry but, until recently, a relatively effective buffer within which one operates under assumptions of personal opacity. While there is no reason why your conversation in a restaurant couldn't be recorded, or your trash examined for purposes of cataloguing your diet, one generally assumes, statistically, that they are not. This and the fragile memories of humans are privacy's greatest supporters.

However, norms of transparency and accuracy of information are spreading (Madden et al. 2007). This shared information may be in silos related to a specific domain interest21, or more general22. Nevertheless, a recent Pew Internet & American Life survey found that 60% of internet users said they weren't worried about how much of their personal information was available online (Madden et al. 2007). This is information being given off in the course of normal social gatherings and in public places. In other words, here we are discussing information that is already likely to be known amongst
21 For example, topic-specific communities around an individual's concert-going schedule, book collection, or a certain health condition 22 Generic information sharing, publishing, and social networking sites, such as Facebook, Twitter, etc.

16

a social or family group, irrespective of a "system to compile a profile of their communication partner" (Bohn et al. 2004). Somewhat surprisingly, of those who performed searches for their own name online, 87% said that most of what they found was accurate, which is up significantly from five years ago, where 74% indicated the same (Madden et al. 2007).

Yet, as O'Hara et al point out, the line between social networking sites and full-blown lifestreaming is increasingly blurry, as users of the former are more readily sharing personal information on sites such as Facebook (O'Hara, Tuffield, and Shadbolt 2009). Facebook's 'Beacon' is a service within which a user's activities with participating merchants or entities are added to the user's news feed, announcing one's latest travel bookings or shoe purchase23. Originally a feature which could not be opted-out of, it became opt-in after backlash from users24, and perhaps more persuasively25, partnered organizations.

Facebook is no stranger to controversial expositions of user information, having in 2006 introduced the "News Feed" feature, which actively broadcast users' status updates and profile changes to friends, rather than access to that same information requiring a visit to the user's profile page26. At its peak the protest group for this on Facebook's site hit over 700,000 members (boyd 2008), 7% of Facebook's users. While this pressure quickly caused an opt-out mechanism to be introduced, this News Feed is now the home page for logged in users, and is arguably one of, if not the most defining feature of Facebook today. Facebook is still one of the most cited sources for privacy issues and social information sharing, but the News Feed which was so vilified at its inception now seems to be a commonly accepted information flow (boyd 2008).

23 See Facebook's original press release about Beacon at http://www.facebook.com/press/releases.php? p=9166 24 Facebook founder Mark Zuckerberg's commentary on the change to opt-in, http://blog.facebook.com/blog.php?post=7584397130 25 Coca-Cola pulled out of Beacon integration, responding that it was pitched as an explicitly opt-in program to them, see http://bits.blogs.nytimes.com/2007/11/30/coke-is-holding-off-on-sipping-facebooks-beacon/ 26 "Facebook's Makeover," a discussion of the dramatic changes in late 2006, http://www.forbes.com/2006/09/01/facebook-myspace-internet_cx_rr_0905facebook.html

17

Many regular web users are already enthusiastically publishing non-sensitive information through these third party services and online stores, such as music listening habits and book ratings. The internet has served as an ideal conduit for our desires to create and share. Many popular third party Facebook applications add the ability to track elements of a user's life, such as travel or academic progress. These activities are also beginning to bring in relevant information created by other individuals, such as through a friend's calendar or via distributed tagging of photos. For the most part, these services seek to open the transparent self up to a select group of trusted individuals, such as a site like Facebook's friends-only sphere.

Bridging the gap between supplementing real life for one's friends and providing information for a disassociated and anonymous audience will be a major challenge for the goal of sharing one's personal informational identity. While much has been assumed about online diarists' non-normative willingness to publicly share intimate details, in fact it is often the case that he or she prefers these to be read by strangers, not those known in real life (Sorapure 2003). This and other problematic assumptions about the transitivity of personal information sharing are a substantial hurdle for an explicit, yet largely automated system of sharing.

A similar inverted trust model has also been shown as applicable to malicious behaviour (hostile comments, etc.), which is more commonly demonstrated by offline friends and acquaintances, rather than unknown strangers (Sorapure 2003). A model of assuming, rather than inferring trust has been explored since Luhmann in the late 1960s, but more recently it has been examined as it relates to online interaction (de Laat 2008). In "Online Diaries", de Laat describes how the members of a blogger's audience will fall into one of two main categories. They may be engaged with these writings, and thus continue to read and/or interact with the author sympathetically, or if disinterested or in opposition, will simply ignore the website, rather than take active offensive action or misuse the information (O'Hara, Tuffield, and Shadbolt 2009).

18

Compounded benefits of sharing By sharing this informational self with others, the effects of many of the aforementioned internal, personal benefits can be multiplied. With widely available information about a friend's interests, whereabouts, and activities, one could, for instance, streamline interaction by avoiding irrelevant or redundant communication. Several services exist for sharing one's real-time physical location with friends or the public, with companies such as Yahoo! and Google getting on board with similar services recently27. These location platforms facilitate meetings between members of a social circle. With best-practices characteristics of life logs in place, standardized and consistent storage of these data points also could also promote sharing between individuals and across communities (O'Hara, Tuffield, and Shadbolt 2009).

Organizations encourage their patrons to express their relationship by facilitating signals of the relationship, be it a logo on a Pepsi can, an "I donated blood" sticker, or a Facebook application. These expressions signal identity and group membership for the individual. Recently, the Obama campaign employed not-so-subtle forms of peer pressure by providing their supporters with a widget that displayed their personal fundraising goal with a progress thermometer (Libert and Faulk 2009).

These shared identity broadcasts supplement inward self-reflection by providing external validation and reaffirmation of the informational self. With increased automation and consistency of personal information, the signaling balance shifts towards more socially reliable data. While wearing a button to support the SPCA or telling friends about your love for animals provides a conventional signal to others (Donath 1999), the weekly volunteering appointment at the animal shelter on your public calendar, or even GPS signal indicating your presence there becomes much more difficult to falsify, both through detail and sheer volume. O'Hara et al agree that this kind of socially-shared information sharing adds objectivity to an account, and that a richer base of evidence increases trust (O'Hara,
27 See Yahoo!'s Fire Eagle (http://fireeagle.yahoo.net/) and Google Latitude (http://www.google.com/latitude/intro.html)

19

Tuffield, and Shadbolt 2009).

One's social circle could be further harnessed for self improvement. Charities and advocacy groups have long encouraged social signals as a means for furthering their cause and recruiting new members. For example, Facebook applications have been created so that the individual can track (and broadcast to friends) their CO2 output28 or progress with a running training program29. Through social pressure, particularly as more applications introduce competitive or comparative elements ("I read 23% more books than you do!"), this published data would facilitate socially supported self improvement. Via a shared lifelog, "the picture of oneself that emerges will be more socially-based, and less inwardly-directed" (O'Hara, Tuffield, and Shadbolt 2009, 12).

It may seem that all this additional information could contribute to information overload. But the reality is that with a published information stream, one could leverage the social network for distributed information surveillance, and perform much more accurate sorting and filtering based on enhanced preferences. Keeping with a similar principle, clarifying group membership and through more explicit relationships, the social notification process could be improved (Ryan 2006).

The very characteristic of being findable is also an emergent goal. Most people who searched for others online were seeking information (usually contact details) about someone from their past, with some also searching for existing colleagues, potential hires, or romantic partners (Madden et al. 2007). In fact, 'Googleability' is starting to affect baby names, where parents with common last names are concerned about their child relegated 'just another John Smith', and assessing a name's likely uniqueness in a search query as a desirable trait (Delaney 2007).

28 'Greenbook' Facebook application, info at http://www.wikinomics.com/blog/index.php/2008/02/08/greenbooksaving-the-planet-one-user-at-a-time/ 29 Nike's Facebook application, at http://www.facebook.com/apps/application.php?id=5970018084&b&ref=pd_r

20

Using the strength of weak ties argument, it is not simply one's name or contact information that one desires to be findable, but the professional attributes and personal character traits that make these loosely coupled relationships valuable (Granovetter 1973). With a more transparent self, the network of weak ties is expanded and more efficient. This, in turn, also leads to exposure to a greater pool of potentially compatible partners, professionally and personally.

Finally, there are also the effects on existing relationships to consider, with several motivations for seeking information about an individual you already know. Perceived authenticity is vital for trust in interpersonal relationships, and life log data can be used as independent verification of personal information. This shared self opens new communication channels, in particular via passive information availability, which can increase closeness and satisfaction in intimate relationships.

The transparent self in society One only needs to look as far as prominent public figures and celebrities to see that humans are actually quite resilient to extremely high levels of personal information flow (Floridi 2005). As bodily individuals are becoming digital, informational individuals, we have the opportunity for more points of contact with others than the purely physical medium allowed.

As greater information transparency proliferates to a larger percentage of society, these persistent, verifiable identities lead to increased overall quality. Life logs contribute to increased community welfare (O'Hara, Tuffield, and Shadbolt 2009). By reducing information asymmetry in personal interactions and transactions, a greater balance in society is reached. Economically speaking, a pervasively intelligent world reduces risk and increases accuracy of transactions, opening the doors for entirely new business models and increased fairness (Bohn et al. 2004).

Far from reducing real privacy and increasing risk, personal information transparency actually

21

increases control over one's information and reduces overall risk. As de Laat (2008, 67) puts it, "Those who plead for total transparency, ipso facto have nothing to lose. They do not feel vulnerable when exposing intimate details of their lives to the public gaze. Without vulnerability there is no perception of risk."

Conclusion In generating our own data stream, we begin to redress the imbalance cause by the proliferation of externally generated data. We declare our selves as the ontological source of our epistemology. In becoming the canonical source of our selves as data, we gain control over how that information can be constructed and presented. We can ensure the authenticity of our own representation. As a result, instead of being an omnipresent external factor with the potential for loss of face and spoiled identity, our data can serve a positive and corroborating in defining our selves.

Steve Mann (2004) proposes this as a solution to the imbalance being created by increased government and other surveillance efforts. He also claims that while sousveillance has gained in acceptance amongst peers, its tolerance by organizations is decreasing particularly by those doing their own surveillance.

Radical personal transparency challenges regimes which support order and shame through power and control. Koskela (2004) defines the notion of "empowering exhibitionism", in which individuals challenge convention by exposing control and tensions in society, reclaiming power by revealing intimate details. This rebellion of visibility then renders traditional structures of power and surveillance irrelevant. As he so eloquently concludes (2004, 208): "Conceptually, when you show everything you become free: no one can capture you any more, since there is nothing left to capture."

22

References Acquisti, A., and J. Grossklags. 2005. Privacy and rationality in individual decision making. IEEE Security & Privacy 3, no. 1: 26-33. Allen, A. L. 2007. Dredging-up the Past: Lifelogging, Memory and Surveillance. Bohn, J., V. Coroama, M. Langheinrich, F. Mattern, and M. Rohs. 2004. Living in a world of smart everyday objectsSocial, economic, and ethical implications. Human and Ecological Risk Assessment 10, no. 5: 763-785. Boutin, Paul. 2004. Search your hard drive without having a seizure. - By Paul Boutin - Slate Magazine. December 31. http://www.slate.com/id/2111643/. boyd, danah. 2008. Facebook's Privacy Trainwreck. CONVERGENCE 14, no. 1. Czerwinski, Mary, Douglas W. Gage, Jim Gemmell, Catherine C. Marshall, Manuel A. PrezQuiones, Meredith M. Skeels, and Tiziana Catarci. 2006. Digital memories in an era of ubiquitous computing and abundant storage. Commun. ACM 49, no. 1: 44-50. doi:10.1145/1107458.1107489. Delaney, Kevin J. 2007. You're a Nobody Unless Your Name Googles Well - WSJ.com. May 8. http://online.wsj.com/public/article/SB117856222924394753qdWU6gT1sr_DvqeUqW2Agj2QiZM_20080507.html?mod=tff_main_tff_top. Dodge, M., and R. Kitchin. 2007. Outlines of a world coming into existence': pervasive computing and the ethics of forgetting. ENVIRONMENT AND PLANNING B PLANNING AND DESIGN 34, no. 3: 431. Donath, J. S. 1999. Identity and deception in the virtual community. Communities in cyberspace: 29 59. Floridi, L. 2005. The ontological interpretation of informational privacy. Ethics and Information Technology 7, no. 4: 185-200. Geer, D. 2007. Improving Data Accessibility with File Area Networks. COMPUTER-IEEE COMPUTER SOCIETY- 40, no. 11: 14. Gemmell, J., G. Bell, and R. Lueder. 2006. MyLifeBits: A personal database for everything. Communications of the ACM 49, no. 1: 88-95. Gemmell, J., L. Williams, K. Wood, R. Lueder, and G. Bell. 2004. Passive capture and ensuing issues for a personal lifetime store. 2004. Golle, P. 2006. Revisiting the uniqueness of simple demographics in the US population. In Proceedings of the 5th ACM workshop on Privacy in electronic society, 77-80. ACM New York, NY, USA. Golubchik, Leana. Total Recall: a Personal Information Management System. Total Recall. http://bourbon.usc.edu/iml/recall/. Granovetter, Mark S. 1973. The Strength of Weak Ties. American Journal of Sociology 78, no. 6 (May 1): 1360. doi:10.1086/225469. Hyland, M. E., C. A. Kenyon, R. Allen, and P. Howarth. 1993. Diary keeping in asthma: comparison of written and electronic methods. British Medical Journal 306, no. 6876: 487. Ilgen, D. R., and C. F. Moore. 1987. Types and choices of performance feedback. Journal of Applied Psychology 72, no. 3: 401-406. Jones, William, and Jaime Teevan. 2007. Personal Information Management. University of Washington Press, October 30. Kaiser Permanente. 2008. Keeping A Food Diary Doubles Diet Weight Loss, Study Suggests. ScienceDaily. July 8. http://www.sciencedaily.com/releases/2008/07/080708080738.htm. Koskela, H. 2004. Webcams, TV shows and mobile phones: Empowering exhibitionism. Surveillance & Society 2, no. 2/3: 199-215. de Laat, P. B. 2008. Online diaries: Reflections on trust, privacy, and exhibitionism. Ethics and Information Technology 10, no. 1: 57-69. Libert, Barry, and Rick Faulk. 2009. Barack, Inc.: Winning Business Lessons of the Obama Campaign.

23

1st ed. FT Press, January 15. Madden, M., S. Fox, A. Smith, J. Vitak, and Pew Internet & American Life Project. 2007. Digital footprints: Online identity management and search in the age of transparency. Pew Internet & American Life Project. Google Scholar. Mann, S. 1998. " Reflectionism" and" Diffusionism": New Tactics for Deconstructing the Video Surveillance Superhighway. Leonardo: 93-102. ---. 2004. Continuous lifelong capture of personal experience with EyeTap. In Proceedings of the the 1st ACM workshop on Continuous archival and retrieval of personal experiences, 1-21. ACM New York, NY, USA. Marx, Gary T. 2001. Murky conceptual waters: The public and the private. Ethics and Information Technology 3, no. 3: 157-169. doi:10.1023/A:1012456832336. Moor, J. H. 1997. Towards a theory of privacy in the information age. ACM SIGCAS Computers and Society 27, no. 3: 27-32. Morville, Peter. 2005. Ambient findability. Narayanan, A., and V. Shmatikov. 2008. Robust de-anonymization of large datasets (how to break anonymity of the Netflix prize dataset). University of Texas at Austin. O'Hara, K., M. Tuffield, and N. Shadbolt. 2009. Lifelogging: Privacy and Empowerment with Memories for Life. Identity in the Information Society 1, no. 2. Ryan, D. 2006. Getting the word out: Notes on the social organization of notification. Sociological Theory: 228-254. Solove, D. 2006. The digital person and the future of privacy. Privacy and technologies of identitya cross-disciplinary conversation. New York: Springer. Sorapure, Madeleine. 2003. Screening Moments, Scrolling Lives: Diary Writing on the Web. Biography 26, no. 1: 1-23. Steinbrook, Robert. 2008. Personally Controlled Online Health Data -- The Next Big Thing in Medical Care? N Engl J Med 358, no. 16 (April 17): 1653-1656. doi:10.1056/NEJMp0801736. Sweeney, L. 2000. Uniqueness of simple demographics in the US population. LIDAP-WP4. Carnegie Mellon University, Laboratory for International Data Privacy, Pittsburgh, PA. The Quantified Self Wiki. 2009. The Quantified Self Wiki - QuantifiedSelf Wiki. http://quantifiedself.wik.is/. Thompson, Clive. 2007. The Visible Man: An FBI Target Puts His Whole Life Online. May 22. http://www.wired.com/techbiz/people/magazine/15-06/ps_transparency/. Weinberger, David. 2007. Everything is miscellaneous : the power of the new digital disorder. 1st ed. New York: Times Books.

24