Kuro5hin.org: technology and culture, from the trenches
create account | help/FAQ | contact | links | search | IRC | site news
[ Everything | Diaries | Technology | Science | Culture | Politics | Media | News | Internet | Op-Ed | Fiction | Meta | MLP ]
We need your support: buy an ad | premium membership

[P]
Digital Information Expiration Dates

By hatshepsut in Op-Ed
Wed May 15, 2002 at 07:28:58 AM EST
Tags: Internet (all tags)
Internet

Should personal information available on the Internet have an expiration date? This is a question I have been contemplating since I posted a comment to another story.

As more and more schools, companies, political/religious/social/professional associations come to realize the benefits and ease of keeping in touch with their membership via email and the internet, more and more information about specific individuals is being made publicly accessible. Information such as names, addresses, phone numbers, association memberships, email addresses, professional/social affiliations and such are not "sensitive" information, per se, but do leave a significant trail for a specific individual who may not want all that information available to the general public. So, the question I have is: should there be a moratorium on how long this information is kept on public web pages?


Out of curiosity, I dropped my name into Google to see what would come out. To my surprise, I was able to find, in the first few links offered, an incredible volume of data. This incidental search got me thinking about how long I would want some of this information to be available to anyone with a computer and an Internet connection.

Last week, an incident occurred which made the issue somewhat more immediate. I received word from my parents that someone claiming to be an old friend had called and left a name and number. It was an old friend, whom I haven't seen in 9 years, and spoken with in over 7 years. I called, and we started catching up on the last near-decade. How did he find me after all this time? ...The Internet. He typed in essentially the same search I did, but waded through more than just the first few links. He found:

  • graduations dates and details
  • publication and dissertation summaries
  • three different addresses (in three different provinces, spanning more than 5 years)
  • the address for my parents (and their phone number)
  • two employers (in different provinces), locations, email and work phone numbers

He was able to track my progress through my first graduation (which he knew about, we were friends in school) up to 14 months ago (my last move, followed by a job change). When that address and phone number didn't pan out, he followed my information to my parents, then called them.

Since he found all of this recently, I can only assume that all the online telephone directory entries, the employer websites, and the university and association "news" articles are still available, even after nearly ten years, in some cases. Some of this information I knew about (online telephone directories, for example) since I use the services myself. Of others (listings on employer websites, association articles), I was unaware.

So, I open it to the K5 community, who as a group are likely to be leaving an impressive "digital legacy" of old information: just how long should personal information from newsletters (minutes of meetings, professional association or other administrative non-data, archived information) stay online? Forever, in the name of the free flow of information? X-years (fill in your own value of X)?

I am uncertain how I feel about this. I am very glad that my old friend from school was able to find me, I look forward to meeting his family and getting to know him again. On the other hand, while doing a vanity search can be a harmless way to waste ten minutes of time, should it really be this easy to locate people, years later, through incidental means? If the information should be removed after X length of time, on whom should the onus be placed to make sure this happens, the body posting the information or the concerned individual?

Sponsors

Voxel dot net
o Managed Hosting
o VoxCAST Content Delivery
o Raw Infrastructure

Login

Poll
Personal information should:
o Fly, be free! 34%
o Be removed by the hosting group X length of time after it has been posted (post with your value of X, and your reasoning) 2%
o Be current, out of date information should be removed 0%
o Be removed at the request of the individual 57%
o Other (post with your comment) 6%

Votes: 49
Results | Other Polls

Related Links
o Google
o comment
o Google [2]
o Also by hatshepsut


Display: Sort:
Digital Information Expiration Dates | 31 comments (21 topical, 10 editorial, 0 hidden)
You know (2.30 / 10) (#1)
by medham on Tue May 14, 2002 at 05:50:56 PM EST

The old Santanyana saw? It's wrong. We should forget the past, at least parts of it. My take on this is that any part of history (and it's a lot of parts) involving the subjugation of peoples and their freedom should be eliminated from the world's libraries and emerging digital information media.

Counter-insurgency methods? Gone. War histories? Gone. The National Review Online and other hate-mongering journals? Gone.

We can remake human nature in new and glorious forms, and the pervasiveness of digital media can speed us towards that goal. The first step for he truly concerned with freedom is to begin burning libraries.

The real 'medham' has userid 6831.

robots.txt (none / 0) (#9)
by MathJMendl on Tue May 14, 2002 at 06:42:31 PM EST

If you write a robots.txt file on your own website, then the spiders stay away, and your personal site at least won't be archived at archive.org or spidered by most search engines (although I personally want mine to be at both).

I agree that the potential for information to exist forever could be bad in a few cases, but in many cases it can just make more information available.

Also, an expiration date would have to be respected by everyone. I doubt that it would be physically possible to prevent people from making copies of website or files online, and with large numbers of users this isn't possible.

So, once you put something out there, it can be there forever.

And if you didn't post the information yourself... (none / 0) (#24)
by hatshepsut on Wed May 15, 2002 at 12:12:31 PM EST

I am not trying to discuss information that has been freely provided (to websites or what-have-you) or posted on a personal website . The information that can turn up in web-searches can come from anywhere (in this particular case, from my employers, online telephone directories, universities and a society newsletter). Except in the case of online telephone directories, shouldn't there be some reasonable expectation of 1) not posting the information without informing the person to whom it relates, and/or 2) removing the information when it is no longer current?

I agree wholeheartedly that information willingly provided to websites cannot be expected to disappear any time soon, nor should it. But what about obsolete information posted by others?

[ Parent ]

interesting definition of "sensitive" (none / 0) (#10)
by tps12 on Tue May 14, 2002 at 06:53:42 PM EST

Information such as names, addresses, phone numbers, association memberships, email addresses, professional/social affiliations and such are not "sensitive" information, per se

That list seems to include everything but credit reports and police records. It is plenty of info to get people fired, get them in trouble with their spouses, or have their houses searched.

internet (3.00 / 1) (#11)
by dirvish on Tue May 14, 2002 at 07:26:28 PM EST

I think the fact that information hangs around is one of the beautiful things about the internet. Maybe you should be more careful about the information you pass out to websites.


Technical Certification Blog, Anti Spam Blog
Well, no. (2.37 / 16) (#13)
by qpt on Tue May 14, 2002 at 08:02:56 PM EST

Should personal information available on the Internet have an expiration date?
Although slightly controversial, like any other interesting deontic conclusion, it is generally accepted that normative constraints can coherently be applied only to agents. Information is clearly not an agent, either in the abstract or particular, so the question raised by your article initially appears unintelligible.

A meaningful reformulation of your initial question would perhaps be, "Should someone enforce an expiration date on personal information that is available on the Internet?" Revised, the question appears to have an answer, and perhaps depending on your view of deontic qualities, it may even have a objective, factual answer. However, the amended question is hopelessly vague, since who "someone" might be is entirely unspecified.

My suggestion is that your revise your article with this in mind and try to address who would be responsible for assuring that information expired and how this task might be accomplished. Alternately, rephrase the article without importing deontic term, asking instead merely if the readership would like personal information to expire.

Domine Deus, creator coeli et terrae respice humilitatem nostram.

My cat's breath . . . (4.00 / 2) (#20)
by Greyjack on Wed May 15, 2002 at 01:58:07 AM EST

Although slightly controversial, like any other interesting deontic conclusion, it is generally accepted that normative constraints can coherently be applied only to agents.

While I only have half an idea what you just said, my insomnia is cured!

--
Here is my philosophy: Everything changes (the word "everything" has just changed as the word "change" has: it now means "no change") --Ron Padgett


[ Parent ]
You'll feel better eventually... (5.00 / 1) (#16)
by gnovos on Tue May 14, 2002 at 08:25:31 PM EST

Eventually, this kind of thing will be so commonplace that nobody ever thinks twice about it.  Right now you are worried, maybe, that your employer will look you up and find your anti-corporation rant from 9th grade, or your girlfriend will find your misoganistic rant on usenet, but you think that your personality has changed so much that you don't want people judging you on these past actions.  Well, for the next few decades, it will become more and more of a problem, but soon it won't just be you who has all his information online, it will be everyone.  There will a whole slew of scandals, but eventually people will learn to ignore those.  People will relise that everybody makes mistakes or acts like a nut at some point in thier life.  Once you see that it isn't just you, that it's everyone, these things will cease to be so important.  Just give it time, you'll be ok.

A Haiku: "fuck you fuck you fuck/you fuck you fuck you fuck you/fuck you fuck you snow" - JChen
Searched for my name (5.00 / 1) (#17)
by Stereo on Tue May 14, 2002 at 08:43:08 PM EST

Your article made me curious so I did a quick search for my name. What came up? Linuxcounter's page for luxemburgish users, some mails about Mac OS X, VPNs and wireless networks I sent to security focus and two very scary pages related to my ICQ past which I quickly updated. No mention of my website though! *shrugrins*.

Overall, I thought these links gave a pretty good image of me. People who google for my name won't violate my privacy but just learn who I am and I'm not too worried about it.



--

God will forgive me. That's his job after all. -- Konrad Adenauer


I tried this too... (none / 0) (#19)
by Danse on Wed May 15, 2002 at 01:36:33 AM EST

I didn't come up with a whole lot. Just my comment to the DOJ regarding the MS settlement, and a few posts on some websites regarding the MS trial. That was about it.






An honest debate between Bush and Kerry
[ Parent ]
Common Name (none / 0) (#31)
by jonnyq on Fri May 17, 2002 at 01:03:35 AM EST

I guess in this case I am lucky to have an extremely common name, none of the first 100 of the nearly 20,000 pages had anything to do with me!

[ Parent ]
All of it, and forever (3.00 / 3) (#18)
by jabber on Tue May 14, 2002 at 09:14:11 PM EST

My digital footprint serves as a resume of sorts. If I fuck up along the way, well, that's my own fault, and I really can't in good conscience deny it. Better it be out there than having me volunteer it at a job interview. I tend not to disclose my name, and am fortunate to share it with some particle-physics kook. Oh well.

[TINK5C] |"Is K5 my kapusta intellectual teddy bear?"| "Yes"

Ehhm, yes... (5.00 / 1) (#21)
by joto on Wed May 15, 2002 at 07:50:09 AM EST

Unfortunately, I think that is very hard to do. How are you going to enforce it?

Will spammers care? Will no-longer maintained webpages, who just sit around untill the machines hosting them are disposed off, or put to other uses have to magically disappear? Will archives of historical information care? Would it be a good thing if they did?

How do you want to mark information as personal in order to help automate it?

While I agree that it's a good idea, it is obviously impossible to make it happen. But a good start would be to have stronger legislation on databases containing personal information(where by database, I mean a collection of data stored in records with similar layout, either electronically, on paper, or on other forms of media). And an expiration date, seems like a good idea there.

The amount of free-text with your name on it floating around on the net is impossible to do something with, unless we want to break all the good things about the Internet as well..

More about obsolete information than anything else (none / 0) (#23)
by hatshepsut on Wed May 15, 2002 at 10:36:44 AM EST

I am more concerned with 3rd party information, than anything else.

The information that my friend used to track me was not information I had posted anywhere, and had nothing to do with me giving my information to websites, potential spammers or the like. What he did use was old information left around on corporate websites where I *used* to work, obsolete listings on online phone directories, 5 year old "news" from university sites and that sort of thing. The guy actually ended up calling my last employer, since I was still listed on their corporate website. He also called my old phone number and, of course, got the person to whom the number is now assigned.

There don't seem to be many others who have had this sort of thing come up (or who have noticed, anyway) so maybe this isn't as general as I had thought. I would not suggest legislation as a way of "cleaning up" old data (I would prefer to see as little legislation as possible when it comes to regulating the internet), but practical suggestions about how old information may be managed, or ideas on what recourse people might have when it comes to requesting/demanding that this obsolete (and useless, I might add) information might be removed from databases would be of great interest.

To be honest, I hadn't really considered how such a process might be automated. How is it, for example, that when a phone number is reassigned, the old listing(s) aren't purged from the database? As for the corporate websites, that would seem to be a question of the website manager keeping the site up to date. With regards to the newsletters left around various university/corporate/etc. sites, maybe there is no solution there...I don't know.

[ Parent ]

one-way mapped disposable aliases (3.00 / 1) (#22)
by tps12 on Wed May 15, 2002 at 09:05:24 AM EST

The only way to really accomplish this is by adopting temporary aliases throughout one's 'net lifetime. By "alias" I mean a false identity that wraps up addresses, email addresses, phone numbers, &c.

Basically, you need to have a system whereby someone who knows your "real identity" can obtain your alias identity at any time, but at the same time there is no way to trace a false identity back to a real identity.

These need to be single-use; otherwise, once you've allowed a friend to map real identity R to alias A, there is nothing stopping her from posting up a website with "A = R" on it in <H1> type.

Implementation would be very much along the lines of that of digital cash. Some good essays about the hows and whys of digital cash are in the new edition of True Names.

Obviously, relying on the good will of others is never going to work. Simple mistakes or malicious disregard of things like robots.txt will be quickly propogated and made part of the permanent record of the Internet.

This sounds like an anonymizer (none / 0) (#25)
by juahonen on Wed May 15, 2002 at 01:03:03 PM EST

The current state of the Internet gives little room for such services. The only surviving anomymizer services I know of anonymize surfing (originating IP, for example) but no other services. This one-way identity mapping would require at least email-support since you probably cannot register an account if you do not provide an email address.

There have been attempts to make anonymizing remailer services, but they're not in operation any more. The systems were used for illegal activities and had to be closed. For further reading on such a case, go to penet.fi which run the famous anon.penet.fi remailer service.

If the alias system you suggest is one-way, single-use, then it makes it simple for criminals to abuse the system.

I don't believe people should be able to have easy anonymization. If they really need it, they can come up with it. Trying to implement Internet-wide anonymization which all parties would adhere to is impossible. Some want to sell the information to spammers, some gather it for their own marketing, some profile the users. And some do so even if there are laws against such activities.

If a site allows anonymous postings, then it is the responsibility of the webmaster to maintain the anonymity of the poster. For example by not keeping records on such posters. If a site requires all submissions to be from registered users, then there's no point in not keeping such records.



[ Parent ]
maybe so (4.00 / 1) (#26)
by tps12 on Wed May 15, 2002 at 01:26:26 PM EST

I don't believe people should be able to have easy anonymization. If they really need it, they can come up with it.

Of course. But once they come with it, they will have it, whether you want them to or not.

Trying to implement Internet-wide anonymization which all parties would adhere to is impossible.

Trying to implement Internet-wide * to which all parties would adhere is impossible, agreed. But each individual who wants to remain anonymous only needs to coordinate with whomever they wish to contact, not the whole Net.

If a site allows anonymous postings, then it is the responsibility of the webmaster to maintain the anonymity of the poster.

If a site allows truly anonymous postings, then the webmaster won't have to do anything, as he or she will not know who the poster is.

I can't get my mind around quite how it would all work, but I'm pretty certain it could be done. Obviously there is probably not enough demand for it right now.

[ Parent ]

Being anonymous (none / 0) (#27)
by juahonen on Wed May 15, 2002 at 02:13:58 PM EST

they will have it, whether you want them to or not

It's okay with me if people are anonymous. I don't have an issue with that.

individual ... only needs to coordinate with whomever they wish to contact, not the whole Net

That's true. But to achieve that they need to arrange their anonymity themselves, like I said. If you're going to have the kind of a system you suggested on your first post, then it requires a cooperative effort from everyone. You just can't build such a system on your own.

Obviously there is probably not enough demand for it right now.

This issue is related to the "I have nothing to hide" attititude people have about cryptography. If you haven't read it, check the story on digital reputation, there are some interesting comments. So obviously probably you're right :)



[ Parent ]
The obvious answer: a central repository (none / 0) (#28)
by nowan on Thu May 16, 2002 at 09:56:53 AM EST

The obvious way to do this would be to have a central repository of such information.  You keep it up to date yourself, perhaps, so you can make sure that even if out of date info is available somewher, someone looking for info about you can always find the real stuff.

The problem is, that opens up a whole 'nother can of worms itself.  My bet is that something like it will eventually happen, but I don't know what it will look like.  How much control will I have over what's in it?  And, related, how much will I be able to trust info found there?  Will some folks (law enforcement?) have special access?  I hope not, but I think that's it's likely.

It's already happening (none / 0) (#30)
by juahonen on Thu May 16, 2002 at 05:12:20 PM EST

This kind of central repository was designed and taken into production by Microsoft. The system is called Microsoft .NET Passport. A similar system, but not to the same extend is under development by the Liberty Alliance. Personal information management in Passport is centralized, in Liberty Alliances project it is decentralized.

Law enforcement will always have special access. The level of access depends on local and international legistlation. Is some countries enforcers can do pretty much what they will. In others they need a court order for the most basic inquiries.



[ Parent ]
Moratorium? (none / 0) (#29)
by Mr.Surly on Thu May 16, 2002 at 04:58:41 PM EST

So, the question I have is: should there be a moratorium on how long this information is kept on public web pages?

Is "moratorium" the right word? Specifically, '... moratorium on how long this information ...' Doesn't a moratorium usually postpone or suspend an activity for an amount of time (sometimes indefinitely) rather than require that it occur on or sooner than a particular time?

Or am I smoking too much crack?

Digital Information Expiration Dates | 31 comments (21 topical, 10 editorial, 0 hidden)
Display: Sort:

kuro5hin.org

[XML]
All trademarks and copyrights on this page are owned by their respective companies. The Rest 2000 - Present Kuro5hin.org Inc.
See our legalese page for copyright policies. Please also read our Privacy Policy.
Kuro5hin.org is powered by Free Software, including Apache, Perl, and Linux, The Scoop Engine that runs this site is freely available, under the terms of the GPL.
Need some help? Email help@kuro5hin.org.
My heart's the long stairs.

Powered by Scoop create account | help/FAQ | mission | links | search | IRC | YOU choose the stories!