cybersoc.com

This morning I had the pleasure of interviewing Dominic Sparkes*, Managing Director of Tempero, one of the leading online content and community moderation providers. Other UK based moderation providers include ChatModerators and eModeration Ltd.

In the video, Dom provides insight into a rarely seen side of community moderation - what sorts of issues potential clients are worried about when they approach Tempero, the training provided to moderators, and things that site owners can do to make the lives of moderators easier:

*Disclaimer: Dom and Jasmine Malik, the co-founders of Tempero, were colleagues of mine at Granada (now ITV). I consider them, as well as several of their employees, to be friends. I've also had a professional relationship with Tempero as well as ChatModerators and am friends with several people at eModeration Ltd. It's a small world...

A couple of weeks ago, I wrote a post explaining my decision to take a lot of personal information off my facebook profile following a number of informal chats I'd had with various people about privacy, identity theft and the mining of my data for commercial gain.

One of the responses to that post came from Colin McKay, Director of Communications at the Office of the Privacy Commissioner, Canada. He said:

"We're in a period of real transition, where the youngest generation is blissfully comfortable exchanging information for services without really evaluating the real value - or cost - of the transaction."

To illustrate the point, the Canadian Privacy Commissioner's office has created the following video which they've made available on YouTube:

There's one line in the video that I find particularly chilling:

"every time you add information about yourself, it's like filling in a survey... all without your knowledge, consent, or having ever been asked..."

On the 5th I posted about my quest to use the data protection act, and some knowledge gleened from the internet, to claw back some of the bank charges I've paid over the years. I wrote "Data Subject Access Request" letters to my bank and two credit card companies, asking them to provide me with details of all penalty charges I've paid out over the last six years (the limit on claiming).

Two points to my bank who wrote back to me by the end of the week to confirm that they would supply the requested information without charge, returning my cheque for £10, the maximum amount they can charge for processing requests under the Data Protection Act. And on Friday I received three large envelopes from my bank with details of every transaction - approximately 200 pages worth - I'd made using my account with them. The charges total £680 and many of them were of the triple whammy variety where you go over your overdraft and then get charged £25 for each of the next three transactions for a total of £75 - often incurred in a matter of hours.

This evening I will be writing back to my bank detailing these charges and explaining that I don't feel the penalties were valid, using my own spruced up version of the template letter found here.

I'm still waiting to hear from the other two banks / credit card providers. I'll continue to update the process of claiming these unfair bank charges back here, so do bookmark this page if you're interested in following my progress.

Most journalists have heard about the Freedom of Information Act, a useful tool in gaining access to information held by government agencies. The Press Gazettes FOI campaign and the BBC's Open Secrets Blog are as good places as any to start learning about how journalists and media organisations are using this tool.

But many journalists don't realise that they have another powerful tool at their disposal - the Data Protection Act 1998.

I first discovered the usefulness of the Data Protection Act a few years ago when I used it to claim back thousands of pounds from an academic institution that, whilst very good at chasing me for tuition fees, hadn't provided the amount or level of tution I would have hoped to have received.

I argued the case that I'd been mistreated (well, more like not treated at all!) to no avail so I decided to use the UK's Data Protection Act to force the institution to reveal what, if any, records they held on me. The records revealed a catologue of issues and helped me make a much stronger, and ultimately successful, case for a full refund of tuition fees paid.

Towards the end of last year, I tried to use the Data Protection Act again, this time to get some records from Google after I was kicked out of their AdSense programme without explanation. Two letters later and I've still not heard back from them although some readers of this blog who have taken the same steps as I did had almost immediate results. Eventually get around to chasing that up again but, as no money is at stake, it's kind of fallen on the backburner for now.

This weekend, I decided to take a few minutes to go on another Data Protection Act adventure, this time in an attempt to reclaim bank and credit card charges. Anyone who has ever accidently gone over their overdraft limit, forgot to post a cheque to a credit card company in time, or had a cheque returned uncashed will know that banks charge as much as £75 each time this happens. Now I usually try to be good about keeping payments and such up to date but, over the past years, am sure I've paid a few hundred pounds in such fees.

So, inspired by letters in the pages of the Guardian's excellent Saturday Money supplement and the website of "Money Saving Expert" Martin Lewis, this weekend I sent Data Protection Subject Access requests to my bank and two credit card providers. I've asked for a full list of charges made against me, instead of statements per se (which aren't covered by the DPA), and enclosed a £10 cheque with each to cover the statutory maximum that the bank can charge to supply the information requested.

Once I get the information I've requested, I'll then write to each of the banks, explaining that the charges were disproprotionate to the cost actually incurred in sending them and, as such, they are penalty fees that would not hold up under UK contract law.

I'll let you know how I get on...

One of the things I finally got around to whilst I was on my recent extended holiday was getting a new pair of glasses. I went for a pair of quite geeky (but that's cool these days, honest!) black plastic ones.

At the exam, my opthamologist used something called an Panoramic200 Scanning Laser Ophthalmoscope to generate a high resolution digital scan of my retinas.

Today, about a month later, I've finally received an email with those images attached and they're really beautiful. Not just because they contain a view of my own eyes that I've never been able to see before or, indeed, because my eyes are in any way particularly lovely or different from the next person's. But from a "isn't biology wonderful" and "hey, check this out" perspective, I'd love the post the photos here and/or on flickr.

The question is, should I?

According to BiometricNewsPortal, retina scans have an error rate of one in 10 million in comparison to fingerprinting which can result in an error rate as bad as 1 in 500. The site also says that:

"retina biometrics systems are suited for environments requiring maximum security, such as Government, military and banking. Retina biometric systems have been in use for military applications since the early seventies..."

I don't want to get into the debate about whether governments should issue state, or in the case of the EU, supra-state ID cards or biometric passports, etc. But I'm thinking that, as cool as those retinal images might be, it could very well be a bad idea to post them online. In fact, I should probably be emailing the optician to request that they delete the images.

Regular readers of cybersoc.com will recall that back in August I got kicked out of Google Adsense.

I appealed to Google, asking for them to spefically disclose what, if any, evidence they had that I had broken their terms and conditions or had engaged in "click fraud". The email response I received following my appeal appeared to be automatically generated which got me thinking, perhaps the whole process of being banned had been an automated process based upon some data they'd gathered about me or my audience.

"Hey, that's kinda scary" I thought, "what data does google collect each time I search, each time I visit a page displaying a google ad, each time someone visits my pages displaying google ads? How are they using this data??".

By this stage in my thought process, having proof that I'd been unfairly kicked out of adsense actually became secondary - I really just wanted to know what information Google had about me and why...

So I sent Google's UK office a Subject Access Request which, under the provisions of the Data Protection Act 1998, a UK law that requires anyone gathering or storing data to disclose what information they hold and how that information is, has been, or will be used. Google can, if they wish, charge me a nominal fee (£10 I think is the upper limit) for photocopying, printing and posting of the data to me - and they have 40 days to reply.

It's now been 37 working days, 54 days in total, since I wrote to Google. I am now drafting them a letter explaining that, by not complying with my previous request, they may be in breach of the provisions of the Data Protection Act. My letter will give them a strict deadline of ten days for a response and, should they not respond, I will complain to the Information Commissioner.

More when there's more...

Last night I was out for a meal and drinks with some friends and started explaining how I'd recently installed some code on my blog that allows me to track visitors like I've never been able to before. A few days ago I spotted a friend of mine who is an online community consultant visiting because he's got his own server that he accesses the internet through. Yesterday there was a visit from someone at the Chicago Tribune, another from the Washington Post, several from a university in the north of England, and on most days there are at least a few from the BBC. And last week, my mom or one of her friends (she lives in a small place) visited too.

If you weren't aware of how powerful this is, let me make it absolutely clear: I can see that, right this very moment, someone at a specific university in Iran is looking at an individual post on my blog, having read three other pages, that they've been here 11 minutes, and that they arrived after doing a search for something on google, the query of which I can also see. Due to the fact that the content being looked at could get the person looking at it from Iran in trouble, I'm not going to share the minutae of detail that I can see with you. Nor will I tell you what operating system they are using, what browser, or what size screen they have. Yep, I've got access to that information too.

I use a free service from statcounter.com and have posted a badge on my blog so that visitors can see that I do have access to this info but it can also be done invisibly, without visitors even being alerted to it. I'm guessing that most visitors to websites don't realise that such a highly insightful - and personal - trail of information is left behind when they browse. Kinda spooky really.

Yesterday I received an email from Google Adsense telling me that I had been kicked out of the programme.

I've been using Adsense to monetize my blog and other websites for about a year now and have been pleased with the results. Not only did it pay for typepad, hosting of the old site, and my monthly broadband bill it also sometimes generated a little bit of a surplus which I was able to use to do things like give away a free flickr pro account and help pay for the wemedia fringe venue. I'd link to the posts but I can't currently find them on my own site because Google has deactivated my site search too.

I appealed by following a link in the original email from google and today I got back this response to my appeal:

...After receiving your response, we re-reviewed your account data thoroughly. We have reconfirmed that invalid clicks were generated on the ads on your site in violation of our Terms and Conditions and programme policies...

Fair enough - if they'd simply provide some evidence - but they haven't. Not one shred. Not a single indication of why I was kicked out of the adsense programme.

I've got a few ideas why I might have been kicked out. The first of which is unexplainable, at least by me:

• I had a look at my adsense revenue for the month of August the other day and it was indeed higher than for the previous month. I reckon there would have been, by the end of August, a 200% increase month on month from July to August. I didn't click ads on my own site at anytime but it is, of course, entirely possible that some idiot sat there clicking ads - nothing to do with me and google should be able to, if this happened, supply me with some IP address or something as evidence.

It's possible that I did, many months ago, violate the terms and conditions of the programme but it was a long time ago and I really don't think they'd come after me for it now:

• Around 9 months ago I posted the amount I'd made through google adsense for the month in an attempt to be transparent about this. I realised that this was a grey area of the terms and conditions (I didn't disclose the click through ratio) and stopped doing this.

I also recently made a slight change to the way my google search works although I figured this was fine - maybe mistakenly:

• I recently installed a thing called "blogbar" on my site. It's that nice looking search box in the top right corner. I installed this after I had noticed the increased ad revenue for the month so it didn't directly contribute to that. Within about two days of installing blogbar, my adsense account was closed. Blogbar has extensive information on integrating their blog widget with adsense so I assumed they'd taken the time to sort things out with Google, but had they and, if not, is this the reason I got kicked out of Adsense? I'm sending blogbar a link to this post so watch the commentspace below...

And finally, I might not have done anything wrong but, instead, have been the victim of a malicious attack:

• A couple of months ago I blogged about a spam blog that was republishing my content and my attempts to get it shut down by contacting it's ISP, domain name host and google adsense. I hate to sound paranoid - but maybe I should be.

That's all I can think of but, as I wrote above, I honestly don't know why I got kicked out of adsense because Google won't tell me. So can I force them to? I'm going to try to use the Data Protection Act (alternatively see this pdf on your rights under the DPA) to force Google to disclose what information they hold on me and how that information is used. I'll let you know how I get on with that. If anyone has other ideas as to how I can find out what, if any, evidence of wrong-doing google might have with regards to my adsense account, do get in touch.

In the meantime, I've switched over to Swicki for my site search and I'm looking for some other way to pay for typepad, and cover my hosting costs and broadband access. It's not a huge amount of money but I think it's worth trying to keep the blog paying for itself if at all possible. Let me know if you have some ideas (like this)...

Last week I spent a few hours browsing the shelves at the University of Hertfordshire's law library. Most of the books on Internet Law are heavy on copyright, contract law, malicious hacking and the data protection act. Very few give libel and other issues that arise within user generated content spaces more than a mention.

Then I came across McNae's Essential Law for Journalists, which has nearly 90 pages covering defamation law. There are also chapters on contempt of court, the publication of children's details, race relations, privacy, and the Data Protection Act.

Written for journalists rather than lawyers, it's easy to understand and provides helpful real life examples of each legal principle. McNae's is the single most useful law resource I've come across for community managers.

McNae's Essential Law for Journalists

Defamation law, which essentially protects people and companies from damage to their reputation caused by untrue statements (libel = publication/broadcast; slander = spoken) in the UK is often said to be more strict than in other countries. For more information on UK defamation law as it applies to the media see http://www.media-solicitors.co.uk/ and, if you are interested in UK law and blogging, see http://www.bigblogcompany.net/index.php/weblog/category/C20/

The main case sited by online community professionals in the UK is Godfrey v Demon Internet. The following two Guardian articles, both published on 18 December 2002, explain the case.

Report backs ISP libel law claims by Owen Gibson: http://media.guardian.co.uk/medialaw/story/0,11614,862227,00.html

Internet libel laws 'stifling freedom of expression'  by Clare Dyer: http://media.guardian.co.uk/medialaw/story/0,11614,862088,00.html

A more recent case in Scotland was settled out of court so doesn't set a legal precedent but is still informative:

Payout for newspaper online talkboard libel, by Claire Cozen, 9/9/04, The Guardian (see http://media.guardian.co.uk/medialaw/story/0,11614,1301056,00.html

It's not internet related, but the Times has been sued for libel by the Conservatives campaign director.

In what I originally (and mistakenly - thanks George for the correction and a few more links) blogged as an American case but which was, in fact, a UK case, the Motley Fool website was compelled by court order to reveal the registration details of a user who posted libellous comments on a UK message board at the site. According to Lucy Sherriff, in an article for The Register,

Benjamin was unmasked by a court order compelling Motley Fool to reveal the details it held on the poster known as "analyser71". The IP address associated with his postings was then traced back to a computer at his then employers, Kyte Fund Management.

The Motley Fool case, thought to be the first where a user posting anonymously has been successfully sued for damages in the UK, has also been covered by The Guardian and The Sunday Times. Motley Fool has published it's own press release about the case.

Apple, similarly, has compelled the US courts to force blog service providers to reveal the registration details of users and has used this information to force bloggers to reveal the sources of "insider" information at Apple.

In the UK we have the protection of the Data Protection Act which means, without a court order, ISP's and internet publishers CAN'T reveal personal registration information without a court order having been issued forcing them to do so. But it's likely (as was seen in the Motley Fool case) that the courts would supply such an order if a claimant in a civil libel case requested one. What seems unclear, based on the Demon Internet case, is whether ISP's and internet publishers who were notified of libellous message board posts, and who took expedient action to remove those posts (Demon didn't, and was criticised in the judgement for this), could still be found guilty under UK libel law.

In Reynolds v Times Newspapers Ltd (1999) . In the his judgement, Lord Nichols of Birkenhead outlines the current position of UK defamation law then proceeds to list ten considerations which might help publishers to form a defense. This has become known as the "Reynolds Defense". Lord Nichols writes:

Depending on the circumstances, the matters to be taken into account include the following. The comments are illustrative only.

1. The seriousness of the allegation. The more serious the charge, the more the public is misinformed and the individual harmed, if the allegation is not true.
2. The nature of the information, and the extent to which the subject-matter is a matter of public concern.
3. The source of the information. Some informants have no direct knowledge of the events. Some have their own axes to grind, or are being paid for their stories.
4. The steps taken to verify the information.
5. The status of the information. The allegation may have already been the subject of an investigation which commands respect.
6. The urgency of the matter. News is often a perishable commodity.
7. Whether comment was sought from the plaintiff. He may have information others do not possess or have not disclosed. An approach to the plaintiff will not always be necessary.
8. Whether the article contained the gist of the plaintiff's side of the story.
9. The tone of the article. A newspaper can raise queries or call for an investigation. It need not adopt allegations as statements of fact.
10. The circumstances of the publication, including the timing.

(PS. I'm not a lawyer. The information above is published to help readers understand the current issues within UK libel law, not to provide legal advice or advice which can be acted upon. Please consult a legal professional.)
 

31 March 2005: Miranda Mowbray has written an excellent paper discussing the "Philosphically Based Limitations to Freedom of Speech in Virtual Communities" that some readers might find to be useful background for this blog entry.