Categories
Web 2.0

Old media censorship on new media?

I’ve took part to that nice event called the “Twitter Developer Nest”, that is basically a meeting for people interested in developing applications over twitter.

There have been nice talks and presentation of old and new Twitter apps, including and amazingly funny presentation by @aszolty on his BakerTweet systems (which quite interestingly merges three things I’ve been looking at lately: Twitter, Arduino, and the idea of bringing pieces of technology to uncommon areas).

What I found very mind-stimulating was the talk by Ollie Parsley (@ollieparsley) about his FootyTweets service. Basically, this service sent out twits with live matches updates, using accounts related to football teams.

Having become hugely successful (>4K followers for the Manchester United), he received a “Cease and Desist” notice fromĀ Football DataCo (read here and here for some coverage), who are the “owner” of football fixtures updates.

Exception made for a couple of naif issues (e.g. Ollie used copyrighted club logos to represent the teams, which he promptly replaced with self-designed images), the C&D notice was focused on the service of live update itself. Which raises several interesting points.

I see Twitter (and many other people do) as a shout-from-your-window-and-see-who-listens service. That is, Ollie was basically telling everyone “look, Arsenal scored one minute ago“. No need to say he didn’t charge any money (but from the point of view of FootBall DataCo this does not matter as it’s lost profit anyway).

Legally speaking, it’s an interesting issue as some questions can be raised:
– what if I text a friend whilst I’m at the stadium telling him live that our team scored a goal?
– what if do the same using twitter?
– what if Ollie retweets me rather than running the service by his own? who’s infringing data ownership, me or him?
– are we sure that letting people know live fixture actually represents a threat to Football DataCo’s profits? what if it instead drives *more* people to be interested in getting live fixture, with better service levels, turning into more profits?

No answers by now, and Ollie had to stop the match update service.

What is evident to me, though, is that this is the quintessential legal case for the Web 2.0, which is by nature social/collaborative, real-time, and involving mash-ups. I honestly think that old media law about data ownership and copyright can be applied to Web 2.0 only by blocking all services. tout-court. In fact, if you focus on the example before, retweeting from other people – that is exactly the form of crowd sourcing that Ollie is thinking of – you will realize soon that you can identify who is committing infringement of what law. It’s the crowd, in a certain sense, but your acts alone are not against the law.
Being one of the fundamental principles of law the fact that the responsibility for a certain unlawful act personal, who should be sued?

I don’t have many hopes here, but I think that we need some form of Law 2.0, which does not mean – as web-opponents usually claim – that the Web doesn’t want rules.

Categories
security

Is socializing a security threat?

I’ve just come back home from a day at Infosec’09. What emerged from my visit at the exhibition held at Earl’s Court, London, is that security people are heading towards two goals:
– implementing security solutions using the Cloud Computing paradigm
– limiting internal risks by cutting employees’ access to personal e-mail or social networking websites.

I don’t know if you share this view, but I believe the two goals rely on two philosophies that are too far away from each other to co-exist. Namely, Cloud Computing brings globalization to the world of utility computing. Company are allowed to run their applications on servers that are, ultimately, shared with other companies. The basis for cloud computing is, I think, the trust in your provider and in the Internet itself. Every contract (or, simply, contact) of externalization relies on a web of trust.

I believe cloud computing to be the technical counter-part of Web 2.0, a mash-up of some extent, this time on a lower level of the TCP/IP stack (where Web 2.0 is at application/presentation level). Cloud computing is a really good thing because it allows companies of every size to personalize their technical solutions. The allocation of server resources can be effectively tuned according to the company needs and possibility of expense.

Social networking is actually based on the same philosophy, the globalization of user contacts and information. Surely this poses threats to privacy, but I’m not sure that these are to be tackled using a cut-every-service approach. Let’s be honest: companies want their employees to work and be productive. They see the time spent on social networking websites as time lost to productivity goals. But are things really this way?

My feeling about social networking is that the information sharing is actually able to improve performances. Let’s face reality: an unproductive employee will be unproductive no matter the possibility to connect to Facebook or Twitter. On the other hand, productive employees can effectively exploit social networks as a work tool. Which means you can use web 2.0 to learn to do task in a different way, or simply to explore what competitors are making.

Let’s take Twitter as an example: many companies are using it as a tool for corporate communication. Are we sure that preventing an employee from reading what his or her peers of a direct competitor are doing is a loss in performance?

Summarizing, I can’t see how social networking can be a security threat more than allowing employees to keep printed newspapers on their desks. Good employees will read the news and will make good use – for the company – of what they read; bad employees will keep on reading instead of working. Once again, it’s not IT security that can solve human-related problems. When companies will understand this, we will be finally able to move the debate on what can be best practice rules for exploiting web 2.0 in a corporate environment.