Sunday, 3 May 2015

Devising a Policy for Managing Photos in the Online Age


This past week my handling of the photos I maintain online in my Flickr account was challenged. I see no point in discussing the specifics of the complaint, but I will say that in the grand scheme of things I do welcome such challenges. I have been posting photos online for more than a decade now, and during that time the way I approach the matter - things like what photos I post and who is allowed access to my photos - changed. It is challenges such as this week's that help me rethink and thus improve. 
It seems to me as if the development of the way I have been posting photos online mirrors the development of the Internet in general. I started, very naively, with an approach that had all of my photos posted online for everyone to see. Following some incidents that made it clear several photos of mine were attracting attention of the wrong kind, and then the process of becoming a father and seeking to protect my child, I started restricting access to the photos I post online. And then, years later, came Mr Snowden to teach us a lesson or two about what really goes on with the Internet.
There is, therefore, a point in conducting an exercise to elicit all the considerations involved with posting and maintaining photos and then coming up with a strategy with which to devise the optimal approach. At hand is the privacy and security of yours truly, my immediate family, and the rest of the people in my photos to whom I refer as friends or family.
The exercise is thus that of risk management exercise, and its purpose is to find the best place on the continuum of usability and security/privacy for me to be at. We all do this very same exercise when we post photos online or, for that matter, deal with any of our friends information that is at our disposal: think allowing Facebook to access the contacts information on your smartphone so as to allow you to chat with people on WhatsApp. It may well be that most of the time most of us do not think of the implications of such acts, but that only serves to further enhance the running of this particular exercise and the existence of this post.
The tension caused to me by the complaint I have received is therefore not coincidental. If anything, I would urge for such challenges to take place more often, in order to reduce and prevent the frequency of occasions in which our privacy is harmed by people who simply wish to use some online service.
With that in mind, let us start with the exercise.

Considerations

The following are things to think about when deciding on how to best deal with our collections of digital photographs:
  • Privacy: Are the photos I’m uploading going to be viewed by the people I approve of, and only by the people I approve of? Facebook, for example, would very much like to have all your photos public and occasionally stretches things in order to pull its users down that path.
    What other things is the service planning for my photos? For example, this week Microsoft opened a service to the public where the public uploads photos to a Microsoft algorithm trying its best to guess the age of the person in the photo. Millions of people have uploaded their photos to play this game. However, is Microsoft going to use these photos for purposes other than guessing their subjects' age? Did the people who uploaded their photos think to ask this question before they uploaded their photos?
    Yet another question, to which the answer is almost universally sad, is what other information is gathered about me and passed on to third parties when I use a photo service?
  • Security: Is there adequate security in place to prevent my photos from falling into the wrong place?
  • Cost: How much should I invest in local and cloud facilities enabling me to store and access my photos?
  • Commercialisation: It’s not a consideration on its own, but the answer to the question “who is making money out of me storing my photos in a certain way” can be.
  • Control: Do I have control over my photos? I warmly recommend you read the terms & conditions of your cloud providers of choice, as well as their privacy policies. If you do so, you will find that with both Facebook and Google, uploading a photo gives them rights over it; what was once yours is no longer so. They own them now. In a way, they own you.
    Yahoo’s Flickr is the exception there, with one of its core promises being that your photos are always yours. While it’s doubtful either Facebook or Google will abuse your photos to the extreme, Facebook does use them to present advertisements to your friends; who knows what they’ll do next. Also consider what really happens when you think you delete a photo; given the photo is no longer yours, it is no longer yours to delete. And don’t get me started on Snapchat; by now even they admit they never really delete your photos.
    Closely following on the same subject of control is the question of what's going to happen when your cloud service of choice retires to cloud 9. Facebook and Google may seem immortal, but it is clear some cloud providers will not make it to immortality; it is therefore wise to choose a provider from which you can retrieve your photos, eventually.
  • Picture quality: Once upon a time, storage space was expensive so we tended to cut calories from our locally stored photos. On the cloud this is still often the case: the likes of Facebook and Evernote reduce the quality of the photos you store with them. Flickr does not, but it does impose limits (fairly generous ones) on the size of photos you can store with them.
  • Backup: Disasters happen; thinking about backup options is of paramount importance, particularly when the answer most people would give to “what non-living thing you’d rescue first from your burning house” is their photos.
  • Distribution: Does your storage solution of choice allow you to distribute your photos as per your preferences? More specifically, do you have control over the confidentiality of your photos - who is allowed to watch what?
  • Availability/accessibility: By now we live in a world where anything other than 24/7 access to our photos, on whatever platform we can think of, is inconceivable. As it happens, cloud services tend to be significantly more reliable in this department than your hard drive at home.
  • Search and retrieval: The invention of digital photography means that nowadays we all take photos in numbers previously inconceivable. Having the ability to later find a specific photo is therefore important. Luckily, there are software tools at our disposal to help us arrange our local collection (the recently replaced iPhoto comes into mind first). On the cloud side of things, different services offer different grade facilities with which to organise and index your photo collection.
  • Non flattering photos: I’m showing my age when I say this consideration is new to me, but for the Facebook generation the ability to handle photos deemed unflattering to certain people seems to be of extreme importance.
  • Creative commons: I am a major advocate for the culture of sharing. Once upon a time, before I got burnt and before Snowden, I used to have all my photos available to the public under a Creative Commons licence that allowed people to do pretty much what they like with those photos. Nowadays I limit people’s access to photos I consider private, but I still allow Creative Commons access to all the rest. I am happy to report that my otherwise very ordinary photos have thus been used on thousands of occasions and by some prestigious websites (glad to be of help!).
    I will use this opportunity to clarify a misconception: applying copyrights on your photos, as opposed to Creative Commons licences, does not grant you the legal mandate to prevent others from using your photos altogether; most countries have some fair use clauses in their copyright legislation that will give people the right to use your copyrighted photos in certain limited ways. In other words, copyright is no privacy guarantee; your only foolproof way of preventing people from abusing your photos is to prevent them from being able to access your photos in the first place.

Threats

Following is a summary of the threats facing our photos in an online world:
  • Cloud providers:
    Any cloud provider storing my photos can be hacked, with my photos taken away as prize. The exception to this rule is if my photos were encrypted before I uploaded them to the cloud, which is rarely the case – both because the cloud provider relies on unencrypted contents to make its money and because they can’t provide the photo management services they do provide on encrypted content (not as easily, at least).
    Regardless, people are constantly trying to hack their way into cloud providers. We’ve seen it with celebrity photos getting pulled out of Apple’s iCloud. More than that, there is the risk of people working for the cloud providers abusing the treasure trove of contents I put under their hands; that has happened before. There is also the risk of accidents: I recall a case where a user (or was it users?) lost the contents of their Flickr account because of a Yahoo mistake. To use professional terms, there were cases of where the integrity of the photos held by cloud providers was compromised. With all their powers, cloud services are just another word for a “computer located elsewhere”, and computers (as well as their operators) fail. That said, we can probably safely assume that the likes of Google have somewhat better backup facilities than we have at home.
    When assessing the risks from cloud providers, we need to assume a rational position. For example, I have been asked before to remove a certain photo from the web in order to prevent that photo from falling into the wrong hands. That’s fine; yet such requests have me held up to standards that almost no one stands up to. Those same people that complain at me are almost certainly happy to send their photos via email, an inherently insecure communications method, while using the cloud email services of the very same providers they wanted me to avoid in the first place. No, there is no sense in that.
    One danger coming from cloud providers and, for that matter, from hardware providers is that of tracking and privacy robbing. Actually, this is not a danger in the regular sense of the word: it’s not theoretical, it is actually happening. As things are, we do not really know what our cloud providers do with all the data we give them (photos) and all the data they collect on us in the process. The same might apply, say, when we store our photos on our hard drives at home: what confidence do we have that this drive does not do something we would not approve of with our data (especially when the drive is some part of a server or NAS)?
    With companies such as Google, Facebook and Yahoo we can rest assured there is malice about; that’s how these companies make their money. Think of the pressure that Facebook applies on you to conform and share stuff through its facilities: it is there, this pressure, because there’s tons of money at stake. The numbers clearly indicate this approach is working very well for Facebook, thank you very much.
    With Facebook we know that not only does it collect our photos, it also measures how long we look at each photo and what we do before and after looking at the photo. In addition, the majority of websites share insight they gather about us with third party trackers. Most of us know this is taking place but still prefer to live in denial: hand up if you bothered to install countermeasures, such as Ghostery?
  • Hackers:
    This one is self explanatory. There are people out there whose aim is to put me in a compromised position for the improvement of their financial situation or their status. These people make their living out of hacking. Our best protection from this scum is to keep our systems up to date, maintain healthy Internetting habits, and make ourselves as least attractive as possible to pick on through using unique, complicated passwords and multiple authentication techniques.
  • NSA/GCHQ/ASD (insert your local spy agency):
    If there is one certainty in life, is that the information we share online through PRISM providers is copied by the NSA. That includes the photos you upload to Facebook, Google, Apple, Microsoft, Dropbox (not a PRISM partner, but I doubt this bothers the NSA) and Yahoo. By all means – object to it and apply pressure to change the way of things on your political representative. In the mean time, deal with that.
    It is also safe to say the NSA will not, does not, rest as long as it puts its hands on all other online data sources. Your only saving grace there is end to end encryption, which – as mentioned – does not apply to cloud photo services.
    Let’s also be clear about the safety of the photos you hold locally. If the NSA, GCHQ or any other of our tax payer funded so called security services want to, they will break into your local storage and take your photos on the way with or without your knowledge. Only the extremely careful application of encryption, to a level unachievable by most people whose last name is not Snowden, can save you there.
    Luckily for us, I doubt the NSA has the resources to run such focused attacks at massive scale. Thus I presume that the readers of this blog are, almost by definition (given presumed background), immune to such intrusion. Unless, of course, the NSA has associated you to me by virtue of you reading this sentence. You're doomed.
  • Friends:
    To put it eloquently, your friends are dicks.
    Once they have access to your photos, or – even worse – once they take a photo of you, there is no telling what they will do with it. Malicious intent is not required here, given the abundance of ignorance at hand. You might be an infosec expert, but statistically speaking your friends and family are highly unlikely to realise what happens behind the scenes on their smartphone, set as it is to its default settings, when they take a photo. They have no idea what happens when they share a photo online through one service or another. They do not think twice before they email your photos around.
    Then comes their negligence. Statistically speaking, your friends are likely to have shit passwords “protecting” their cloud accounts or, for that matter, their hardware. Your friends are likely to run computer equipment riddled with malware and viruses while being completely oblivious to the fact.
    Then there is the malicious. I hope your friends are nice people; but at least in the corporate world, it is no big secret that the biggest threat to security comes from the inside through disgruntled employees. Given that we all lost some friends along the way, the threat of a friend gone rogue is one of the major cataclysmic events that can happen to your photos. Case in point: former boyfriends publishing compromising photos of their exes. As I said, dicks.
  • Me (and you):
    Everything I said about friends applies to me, as well, and just the same. I like to think I’m on top of the latest when it comes to information security, but was I taken by surprise through the Snowden revelations? I was. Can I guarantee my hardware is never compromised? Nope.
    So yes, I’m a dick.
  • Disasters:
    Fires, burglary and even power failures - acts of the goddess, if you will - can all come between us and our photos, either permanently or intermediately. Backups are one way to address the problem, but a local backup kept on a hard drive next to your main computer would do little to help in case of a fire.
  • Physical loss:
    If you were to lose the physical copy of your photos, nowadays in the form of a hard drive or a USB stick / memory card, you would probably want whoever has that drive to not be able to access your photos. In other words, you’d probably want that drive adequately encrypted.

Target State

As I said, ours is an optimisation exercise. What we are looking to find is the optimal point of usability, protection, security and cost when it comes to storing and distributing a personal collection of digital images.

My Policy

Given the above lists of considerations and threats, the aspirational target state, and experience gathered through years of managing my photos both online and offline, I have arrived at the following policy highlights:
  • Maintain local copies of all my photos on local hard drives with RAID redundancy. All the photos are encrypted (with a very complex key) to prevent unauthorised use in case the hard drives fall into the wrong hands.
  • Maintain an online photo album on the cloud using a Flickr account protected by a very complex password and two way authentication. Flickr’s most notable advantages over other cloud providers are its generous storage, fidelity to the original photos, good photo organisation facilities, facilities to manage Creative Commons photos, facilities to control access to my photos, and policies that leave me as the sole legal owner of my photos.
  • Define private photos as photos that provide identifying information on their subjects when those subjects happen to be more than just random people out there in public when I happened to take the photos. Identifying information may include faces, but also things like car licence plates or location information.
  • Limit my posting of private photos online to my Flickr account. Exceptions to this rule (e.g., providing copies of my photos for printing purposes) require ensuring the provider's privacy policy makes it clear the photos will not be used for anything other than the purpose I post them for.
  • Maintain strict confidentiality on all private photos. Only a very limited number of friends and family are allowed to access my private photos. As I type, we are talking about 6 people (plus my dear friends at the NSA), although that number is limited more by lack of interest than my refusal to grant access to my photos.
  • Regular reviewing of the list of friends allowed to access personal photos. I do not agree with Facebook’s policy of hoarding friends; people that used to be my friends 10 years ago may not be friends of mine anymore, and that’s fine. It’s called life.
  • Limit the tagging of my photos so as to prevent people who shouldn’t do so from associating my photos with specific people. For example, I will not describe a photo, even a public photo, as “this is where my friend John Doe had breakfast”, instead settling for “this is where my friend John had breakfast”. Given the abundance of Johns in this world, good luck to those trying to find info about John Doe. For the record, the professional term for such privacy measures is privacy through obscurity.
    The same policy applies to the EXIF data that our digital cameras add to our photos. Most of that information is harmless, but in most cases I do not want photos location to be made public. Most of the better photo processing tools allow their users to control what EXIF information passes through the photos they handle.
  • Do not take objectively compromising photos. I have been told off for holding on to photos other people consider unflattering, but what I do not do is take unequivocally compromising photos. You will find no dick photos or, for that matter, no nudity in my collection. Not because I do not allow access to these photos, but rather because I do not take them in the first place.

Some final thoughts.
Is my policy perfect? No, it clearly isn’t. It has its weak spots, mostly (in my opinion) through its reliance on Yahoo for security and on my friends for decency and respect. However, as I have already stated, anyone claiming to have the perfect solution is either ignorant or foolish. The world is a complex place; the trick is to find the optimal point in this complex world, the point that offers the best balance of usability and privacy. I consider my policy to offer a good balance as well as to be evidence based and devoid of prejudices. In other words, I consider my policy to be good.
That said, my risk averse nature is clearly mirrored by my policy's very conservative nature, given we are living in an age where finding someone's photo is generally a Google search away. An age where having no online presence can actually harm one's brand.
I do admit there is plenty of room for ignorance in my behalf. If you disagree with my analysis or if you think you can offer improvements to my policy, do feel free to challenge me. On my part, I promise to publish the photos of successful challengers.


Image by Kurtis Garbutt, Creative Commons (CC BY 2.0) licence

No comments: