I wrote a tweet last week that got a bit of unexpected (but welcome) attention;

Co-author and I are using @github to revise a conference paper after peer review. Creating 'issues' to track progress. #openscience

— Reuben Binns @RDBinns@someone.elses.computer (@RDBinns) February 10, 2014

I got a number of retweets and replies in response, including:

https://twitter.com/chadkoh/statuses/433012506097745920

@rdbinns @openscience Can you share more on using @github for reports etc?

— GIGAmacro (@giga_macro) February 12, 2014

https://twitter.com/n3siy/status/433462895116943360

@RDBinns is it a public repository?

— Craig B (@NeuroCraig) February 12, 2014

The answers are: Yes, yes, yes and yes. I thought I’d respond in more detail and pen some short reflections on github, collaboration and open research.

The backstory; I had submitted a short paper (co-authored with my colleague David Matthews from the Maths department) to a conference workshop (WWW2014: Social Machines). While the paper was accepted (yay!), the reviewers had suggested a number of substantial revisions. Since the whole thing had to be written in Latex, with various associated style, bibliography and other files, and version control was important, we decided to create a github repo for the revision process. I’d seen Github used for paper authoring before by another colleague and wanted to try it out.

Besides version control, we also decided to make use of other features of Github, including ‘issues’. I took the long list of reviewer comments and filed them as a new issue. We then separated these out into themes which were given their own sub-issues. From here, we could clearly see what needed changing, and discuss how we were going to do it. Finally, once we were satisfied with an issue, that could be closed.

At first I considered making the repository private – I was a little bit nervous to put all the reviewer comments up on a public repo, especially as some were fairly critical of our first draft (although, in hindsight, entirely fair). In the end, we opted for the open approach – that way, if anyone is interested they can see the process we went through. While I doubt anyone will be interested in such a level of detail for this paper, opening up the paper revision process as a matter of principle is probably a good idea.

With the movement to open up the ‘grey literature’ of science – preliminary data, unfinished papers, failed experiments – it seems logical to extend this to the post-peer-review revision process. For very popular and / or controversial papers, it would be interesting to see how authors have dealt with reviewer comments. It could help provide context for subsequent debates and responses, as well as demystify what can be a strange and scary process for early-career researchers like myself.

I’m sure there are plenty of people more steeped in the ways of open science who’ve given this a lot more thought. New services like FigShare, and open access publishers like PLoS and PeerJ, are experimenting with opening up all the whole process of academic publishing. There are also dedicated paper authoring tools that extend on git-like functionality – next time, I’d like to try one of the collaborative web-based Latex editors like ShareLatex or WriteLatex. Either way, I’d recommend adopting git or something git-like, for co-authoring papers and the post-peer-review revision process. The future of open peer review looks bright – and integrating this with an open, collaborative revision process is a no-brainer.

Next on my reading list for this topic is this book on the future of academic publishing by Kathleen FitzPatrick – Planned Obsolescence
— UPDATE: Chad Kohalyk just alerted me to a relevant new feature rolled out by Github yesterday – a better way to track diffs in rendered prose. Thanks!

In an ideal world, our collective medical records would be a public good, carefully stewarded by responsible institutions, used to derive medical insights and manage public health better. This is the basic premise of the care.data scheme, and construed as such it suggests a simple moral equation with an obvious answer; give up a little individual privacy for the greater public good. The problem is, our world is not ideal. We’re in the midst of multiple crises of trust in government, the private sector and the ability of our existing global digital infrastructure to adequately deal with the challenges of personal data.

The NHS conducted a privacy impact assessment for the care.data scheme, to identify and weigh its risks and benefits. In discussing why citizens might choose to opt-out of sharing their own data (as 40% of surveyed GP’s said they would), the final paragraph is both infuriating and revealing:

‘However, some people may believe that any use of patient identifiable data without explicit patient consent is unacceptable. These people are unlikely to be supportive of care.data whatever its potential benefits and may object to the use of personal confidential data for wider healthcare purposes.’

In other words, there are some people who will selfishly exercise their individual rights to privacy (for whatever misguided reasons), to the cost and detriment of the public good.

While the leaflet promoting the scheme encourages donating ones data as a contribution to the public health service, even left-wing Bevanites have reason to be sceptical. While many of us instinctively trust ‘our NHS’, the truth is large parts of it are no longer ‘ours’, and the care.data scheme is a perfect example. As expected, the contract to provide the ‘data extraction’ service was won by an unnaccountable private sector provider (Atos, who are also responsible for disability benefit assessments), while some of the main beneficiaries of all the data itself will be a plethora of commercial entities.

This is not to say that private sector use of health data is inherently bad. The trouble with the care.data scheme goes deeper than that; it is a microcosm of a much wider malaise about the future of personal data and the value of privacy.

The social contract governing the use of our health information was written for a different age, where ‘records’ meant paper, folders and filing cabinets rather than entries in giant, mine-able databases. This social contract (if it ever even existed) never granted a mandate for the new kinds of purposes HSCIC proposes.

Such a mandate would have to be based on a realistic and robust assessment of the long-term risks and a stronger regulatory framework for downstream users. Crucially, it would need to proactively engage citizens, enabling them to make informed choices about their personal data and its role in our national information infrastructure. Rather than seizing this opportunity to negotiate a new deal around data sharing, the architects of this scheme have attempted to hush it in through the backdoor.

Thankfully, there are alternative ways to reap the benefits of aggregated health data. One example is Swiss initiative HealthBank.ch, a patient data co-operative, owned and run by its members. By giving patients themselves a stake and a say in the governance of their data, the project aims to harness that data to ‘benefit the individual citizen and society without discrimination and invasion into privacy’.

Personal data collected unethically is like bad debt. You can aggregate it into complex derivatives, but in the end it’s still toxic. If the NHS start out on the wrong foot with health data, no amount of beneficial re-use will shore up public trust when things go wrong.

The dust from whistleblower Edward Snowden’s revelations has still not settled, and his whistle looks set to carry on blowing into this new year. Enough time has elapsed since the initial furore to allow us to reflect on its broader implications. One interesting consequence of the Snowden story is the way it has changed the debate about Silicon Valley and the ‘internet freedom’ lobby. In the past, some commentators have (rightly or wrongly) accused this lobby of cosying up to Silicon Valley companies and preaching a naive kind of cyberutopianism.

The classic proponent of this view is the astute (though unecessarily confrontational) journalist Evgeny Morozov, but variations on his theme can be found in the work of BBC documentarian-in-residence Adam Curtis (whose series ‘All Watched Over by Machines of Loving Grace‘ wove together an intellectual narrative from 60’s era hippies, through Ayn Randian libertarianism to modern Silicon Valley ideology). According to these storytellers, big technology companies and non-profit groups have made faustian bargains based on their perceived mutual interest in keeping the web ‘free from government interference’. In fact, they say, this pact only served to increase the power of both the state and the tech industry, at the expense of democracy.

Whilst I agree (as Snowden has made clear) that modern technology has facilitated a something of a digital land grab, the so-called ‘internet freedom lobby’ are not to blame. One thing that was irksome about these critiques was the lack of distinction between parts of this ‘lobby’. Who exactly are they talking about?

Sure, there are a few powerful ideological libertarians and profiteering social media pundits in the Valley, but there has long been a political movement arguing for digital rights which has had very little to do with that ilk. Morozov’s critique always jarred with me whenever I came across one of the many the principled, privacy-conscious technophiles who could hardly have been accused of Randian individualism or cosying up to powerful elites.

If there is any truth in the claim, it is this; on occasion, the interests of internet users have coincided with the interests of technology companies. For instance, when a web platform is forced to police behaviour on behalf of the Hollywood lobby, both the platform and its users lose. More broadly, much of the free/libre/open source world is funded directly or indirectly from the profits of tech companies.

But the Snowden revelations have driven a rhetorical wedge further between those interests. Before Snowden, people like Morozov could paint digital rights activists as naive cheerleaders of tech companies – and in some cases they may have been right. But they ignored the many voices in those movements who stood both for emancipatory power of the web as a communications medium, and against its dangers as a surveillance platform. After Snowden, the privacy wing of the digital rights community has taken centre stage and can no longer be ignored.

At a dialectical level, Silicon Valley sceptics like Morozov should be pleased. If any of his targets in the digital rights debate have indeed been guilty of naivety about the dangers of digital surveillance, the Snowden revelations have shown them the cold light of day and proved Morozov right. But in another sense, Snowden proved him wrong. Snowden is a long-term supporter of the Electronic Frontier Foundation, whose founders and supporters Morozov has previously mocked. Snowden’s revelations, and their reception by digital rights advocates, shows that they were never soft on digital surveillance, by state or industry.

Of course, one might say Snowden’s revelations were the evidence that Morozov needed to finally silence any remaining Silicon Valley cheerleaders. As he said in a recent Columbia Journalism Review interview: “I’m destroying the internet-centric world that has produced me. If I’m truly successful, I should become irrelevant.”

The term ‘cloud computing’ refers to the idea that programs, processing and data storage can be run on a connected remote server rather than happening on your personal computer device. It was coined in the 1990’s by Irish entrepreneur Sean O’Sullivan, but didn’t achieve true buzzword ubiquity until the late 2000’s.

The term is still vague, despite attempts by the European Union to give it a concrete definition. To me, it simply means that the code I’m using and interacting with is happening on a computer that isn’t in my nearby physical space. But this lack of proximity to the physical location of the code can be worrying. Usually it means it’s happening on a server thousands of miles away that you have no control over. Can you trust that the code is safe, and not working against you? Who else might see your data when it’s stored in the cloud?

Despite these fears, most of us have embraced the cloud, using cloud storage providers like Google and Dropbox and installing mobile apps which store our data and process it remotely. But what is the alternative? One option is to store all your files and run applications on your own hardware. But many applications are cloud-only, and it is hard to make backups and integrate multiple devices (laptop, tablet, phone) without syncing via a cloud. Another is to encrypt all your data before you upload it to the cloud, but this can limit its use (the data needs to be decrypted before you can do anything with it).

A better alternative might be for each of us to have our own personal clouds which we can connect to via our personal devices. Personal clouds would be under our control, running on hardware that we own or trust. They could be hosted on lightweight, internet-connected devices kept in safe, private places – perhaps in a safety deposit box in your home. Or they might be hosted somewhere else – by a hosting provider you trust – and be easily packaged up and taken elsewhere if you change your mind.

Over the last few weeks, I’ve been trying to migrate away from my existing cloud storage providers (including Google Drive, Dropbox and Ubuntu One), and experimenting with running my own personal cloud. I’m trying out various free and open-source personal cloud systems, hosted on my own hardware (an old laptop), or on a hosting provider I trust.

Sceptics may say that this option is beyond the technical capability of the vast majority of users. I’d agree – without experience as a system administrator, it wasn’t simple to set up and maintain. But despite a few teething problems, it’s not as hard as I thought. With a bit of help and some improvements in user experience, running your own server could be within the reach of the average user. Just like the motor car and the personal computer, personal clouds don’t need to be fully understood by their owners.

One day, owning your own cloud might be as common as owning your own home (it would certainly be more affordable). And as personal data plays an increasingly important role in our lives, trusting the hardware it’s housed in might be as important as trusting the roof over your head.

I hope to blog further about my journey towards a personal cloud in the coming weeks and months…

This post was originally published on the Ctrl-Shift website.

A few weeks ago I attended the Creative Commons global summit, as a member of the CC-UK affiliate team, and came away thinking about lessons for the growing personal data ecosystem.

Creative Commons is a non-profit organisation founded in 2003 to create and promote a set of alternative copyright licenses which allow creative works to be legally shared, remixed and built upon by others. Creators can communicate which rights they want to keep, and which they would like to waive. These licenses are now used in education, cultural archives, science, as well as in commercial contexts. By creating a set of legally robust, standardised and easy-to-use licenses, the organisation has turned a complicated and costly legal headache into an usable piece of public infrastructure fit for the digital age.

What lessons does this movement have for the management and use of personal data? In one sense, managing content is radically different to managing personal data. Consumers generally want to be able to restrict the publication of their personal information, while creative content is generally made for public consumption from the outset. But despite the differences, there are some striking parallels – parallels which point to possible innovations in personal data.

Just as for creative works, personal data bridges technical, legal and human challenges. Personal data is stored, transferred and transformed by technology, in ways that are not always captured by the legal terminology. In turn, the law is usually too complex for humans – whether they be data controllers or individual data subjects themselves – to understand. Creative commons licenses translate a complex legal tool into something that both humans and machines can understand. There are easy tools to help creators choose the right license for their work, and a simple set of visual icons help users understand what they can do with the work. By attaching metadata to content, search engines and aggregators can automatically find and organise content according to the licenses applied.

There are already pioneering initiatives which attempt to apply aspects of this approach to personal data. One promising area is privacy policies. Much like copyright licenses, these painfully obscure documents are usually written in legalese, and can’t be understood by humans or parsed by computers. Various projects are working to make them machine-readable, and to develop user-friendly icons to represent important clauses – for instance, whether data is shared with third parties. Conversely, if individuals want to create and share data about themselves, under certain conditions, they may need an equivalent easy-to-use license-chooser.

The personal data ecosystem is in need of public, user-friendly, and standardised tools for managing data. The Creative Commons approach shows this can be done for creative works. Can a similar approach work for personal data?

Last week I was sent a link to commodify.us – a new web application where you can upload your data from Facebook, and choose whether to license it directly to marketers or make it available as open data. It’s a neat idea which has been explored by a number of other startups (e.g. Personal.com, YesProfile, Teckler).

Obviously, uploading all of your Facebook data to a random website raises a whole host of privacy concerns – exactly what you’d expect a rock-solid privacy policy / terms-of-service to address. Unfortunately, there doesn’t seem to be any such terms for commodify.us. If you click the Terms of Service button on the registration page it takes you nowhere.

Looking at the page source, the html anchor points to an empty ‘#’ id, which suggests that there is not some problem with the link, but that there was nowhere to link to in the first place; suspicious! If I was serious about starting a service like this, the very first thing I’d do is draft a terms-of-service and privacy policy. Then before launching the website, I’d triple-check to make sure it appears prominently on the registration form.

Looking at the ‘Browse Open Data’ part of the website, you can look at the supposedly de-identified Facebook profiles that other users have submitted. These include detailed data and metadata like number of friends, hometown, logins, etc. The problem is, despite the removal of names, the information on these profiles is almost certainly enough to re-identify the individual in the majority of cases.

These two glaring privacy issues and technical problems make me think this whole thing might just be an elaborate hoax. In which case, Ha ha. Well, done, you got me. After digging a little deeper, it looks like the website is a project from Commodify, Inc., an artist-run startup, and Moddr, who describe themselves as;

Rotterdam-based media/hacker/co-working space and DIY/FOSS/OSHW fablab for artgeeks, part of the venue WORM: Institute for Avantgardistic Recreation‘

They’re behind a few other projects in a similar vein, such as ‘Give Me My Data‘. I remembered seeing a very amusing presentation on the Web 2.0 Suicide Machine project by Walter Langelaar a year or two ago.

So I registered using a temporary dummy email addresses, to have a look around, but I didn’t get to upload my (fake) data because the data upload page says it’s currently being updated. I tried sending an email to the mailing address moderator ( listed as tim@moddr.net ) but it bounced.

If this is intended as a real service, then it’s pretty awful as far as privacy is concerned. If it’s intended as a humorous art project, then that’s fine – as long as as there are no real users who have been duped into participating.