Principle 14 – Reputation and Context.
The transmission and accessing of information is more than the transmission of data. It is a communication event. Communication or the transfer of information is a social activity which requires both parties to know the reputation and characteristics of the other party and the context of the communication to be explicit and understood. When information is to be stored, the reputation and characteristics of those permitted to access it should be established and the reputation and characteristics of the person storing the data should be kept with the data and made accessible.
Reputation
Electronic Social Networks depend for their success on the ability of people to easily share information and ideas with others. The attractiveness of the networks comes from the ease with which people can join and leave groups, and from the ability to remain anonymous if desired. Unfortunately as they become more popular rogue elements take advantage of the openness and pollute the social environment. This pollution takes different forms. Some of these are:
- Bad manners – forums and blog comments can become very confrontational with some people seeming to delight in negative, often abusive comments, attacking others behind the shelter of anonymity.
- Stolen identities – celebrities are a favourite target for frivolous passing-off, but stolen identities can also take a more sinister form particularly amongst vulnerable groups such as those involving children or distressed people.
- Fake identities – these are especially concerning when people pretend to have qualifications or expertise that they do not possess.
- Slander and defamation – where, under the guise of anonymity, people slander or defame others.
- Misuse of the network – people use the network to promote products or services inappropriately.
- Multiple identities – Sometimes people have multiple identities in an attempt to gain an advantage.
- Ill-defined and unreliable information – Some people “spread” rumours, partial, false or incomplete information.
These problems can be addressed if we introduce the concept of responsibility with anonymity. That is, people can participate in some activities without publicly identifying themselves providing they first establish some level of identification with the system and they agree to abide by the rules of the network. The rules depend on the context of the interaction. The context also establish actions that will happen if rules are broken. Examples of possible actions are for the person to be excluded from further activity, an identity shown to an aggrieved party or revealed to the whole community, or it can be given to authorities for civil action to be taken. These actions impact on the reputation of the identity and are reflected in way reputation of the party is evaluated.
To achieve control, where it is required, we need simple ways for people to identify themselves to a level appropriate to the context of the communication. That level of identity could be displayed on the social network site so that people can see how trustworthy the person is – without revealing who they are – and how trustworthy is the information. The person need not reveal anything about themselves (not even their pseudonym) but there should be mechanisms to provide a visual indication of the trustworthiness of both the government officials and members of the public.
If we are going to permit the public to store information in government files, a person must first establish that their reputation is sufficient to allow the storage of the information. The most common case is where a personal data is stored about a person. The person providing the information must either be the person themselves or a person with sufficient reputation in the eyes of the person who is the subject of the information or a person of sufficient reputation as defined by the government. The reputation of the person storing the information, not the identity, should be kept with the data and made available to people accessing the information. For personal data only the person concerned, or those the person explicitly or implicitly approves, should be allowed to access persona data.
Context
Context is the circumstances in which a communication event occurs.
reason is determined by context. When it is decided that information is to be stored, the context of when and how it is to be released should also be established. This means that the characteristics (including reputation) of the person requesting access should be defined. Also the characteristics of any government official who can access or see the data should be defined.
If this is established at the time of storing data it means that if a person can prove they possess the appropriate characteristics access can be automated and there is no need to involve a government
official. The same access mechanism can equally apply for the public and for government officials.
In many circumstances a government official may be granted access to information that is not available to the general public. In those circumstances the public can ask the appropriate government official to access the information and the official may be able to provide an answer to a specific question without revealing any sensitive details. An example of this could be a researcher wishing to access information
that is of a personal nature but not needing to know the identity of the persons involved.