There's no surprise in the passion and rapidity of the adoption of social networking technologies for teaching and learning. It's exciting, disruptive to the old school methods, and it's game changing; it opens new possibilities for teaching and learning; and it can advance the mission and competitive position of Penn State. And yet, it seems that it has the same scary feel of an investment bubble - everybody is giddy and feeling sexy, so why question its use in the educational institution?
I spend a lot of time thinking about integration of social networks and enabling user-generated content in web apps and sites. While at Internet2, I've seen some truly exciting examples of social and collaborative apps in use at colleges and universities including portals that share user data and content between popular social media apps.
But, when I saw a demonstration of new middleware that extracted user attributes from digital certificates, I almost fell out of my chair, because then it became obvious that with this innovation, personally identifiable data can be exposed - not necessarily by malice, but by simple misconfiguration of services. Consider this statement from a reviewer of Facebook's innovative (and potentially game-changing) Open Graph:
This new API turns Facebook into a read/write storage of users' tastes. And not just one user - all Facebook users.
ReadWriteWeb
No problems with introspective middleware, another presenter said. An innovative new piece of middleware that integrates with the OpenSocial API, a competitor of Social Graph, allows students an opt-in solution that requests permission before transferring personal data. But, do you see the problem here? Users inured to Facebook's social networks (not to mention their lax terms-of-service), have learned to be promiscuous with their personal data, or simply oblivious about the consequences.
I wonder: what are we setting ourselves up for? In a new world where my cats can create a website (they're really good and available for consulting), and where they can install the widgets to make their site an OpenSocial container full of personal data, what new compliance risks is the organization taking on?
So, what to do? We seem to be on a treadmill we can't jump off. Most of us underestimate the risks, and because we do, we won't put limits that we don't understand on the learning benefits. One the other hand, we can't afford to yield competitive market advantage.
One possible direction is development of automated tests for Social Apps, similar to tests for security vulnerabilities in database-driven dynamic applications already on the market. These tests would send data requests to their OpenSocial or Open Graph APIs to test for leakage of personal information. In any event, you can bet that compliance and audit requirements will evolve in lockstep with innovations in social networks.
0 comments:
Post a Comment