Invisible and Public: Image Embedded Metadata and Contextual Visibility

Nathalie Casemajor (2016) “Invisible and Public: Image Embedded Metadata and Contextual Visibility”, Conference paper, Association of Internet Researchers Annual Conference, Panel “Internet research ethics”, Humboldt-Universität, Berlin, October 5 2016.

Invisible and Public Image Embedded Metadata and Contextual Visibility

This paper deals with visual methods in Web research projects, and more specifically with a type of metadata that is embedded within image files. An example of this is a geotag encoded in a photograph published on Flickr. This data can be used for various purposes. Jose Van Dijck (2010), among others, analysed the role of image metadata to understand how photographers classify their pictures on Flickr. But the same data can also be exploited through forensic techniques for prosecution or intelligence purposes. Many users are not aware of the presence of such information within images, and this data raises questions with regards to research ethics. I will briefly situate how I came across this issue in my own work, as well as the risks associated with this type of “grey data” (Ess, 2016). I will then propose the notion of contextual visibility to describe the status of embedded metadata online, and its potential relation with informed consent.

1. Assessing the risks in mobile micro-archives 1.1 Case study: Maple Spring protests in Quebec I came across ethical issues around metadata a couple of years ago, when I was conducting a case study on the Maple Spring. This student strike took place in 2012 in Quebec. It led to historically



1

large protests, and many arrests and clashes with the police. The goal of my case study was to investigate the relationship between the urban space where protests took place and the Web where images were shared. I used embedded metadata to study how images are republished and shared on the Web, and how they drift from Flickr, to a blog, to Facebook, in order to ultimately try and understand patterns of image production and circulation (Casemajor, forthcoming).

MOBILE MICRO-ARCHIVES!

XMP!

Figure 1: Example of embedded metadata fields extracted from a JPEG image with Phil Harvey’s ExifTool (fotoforensic.com). So what exactly is embedded metadata? It is a set of descriptive, technical and administrative information that is stored within the image file. Not as a separate file, not stored in a remote repository that belongs to a website, but actually inside of the code segments that compose the image itself. What makes embedded metadata particularly interesting as a source of research data is



2

that it operates as a micro-archive, travelling along with the image and documenting its context of creation, use and circulation. While I was collecting images and analysing some their metadata, I came across a photograph (figure 2) on Flickr that raised questions. It showed the process of cutting out red squares—the symbol of the student strike that protesters wore on their clothes. The picture seemed to have been taken inside of a house, and attached to it was a geotag pointing to a street corner in a residential neighbourhood of Montreal. The geotag may have been created by the camera, when the picture was taken, or it may have been manually added by the user when he or she uploaded the picture to Flickr. Perhaps the geotag was inaccurate and did not point to his or her actual house. In the context of social movements and political activity, however, such risks of disclosing personal information, even if low1, cannot be ignored. This picture made me uncomfortable because my method consisted in digging through image metadata, without a clear ethical framework to work around these issues. I wished I had included a set of rules earlier on in the method design, so that in some cases, I would not even collect and store metadata containing personal or potentially sensitive information.

1 According



to Friedland and Sommer (2010), only 4.3% of images and videos in Flickr are geotagged.

3

XMP!

Figure 2: photograph of red squares published by Photomaxmtl on his or her Flickr account (montage of screen shots). 1.2 Personal and sensitive information Besides geotags, other types of embedded metadata are automatically generated by cameras and software. Some of them can also be problematic, such as the unique ID number of a camera, the history of file modifications that can indicate when and how an image was manipulated, and thumbnails which are smaller versions of the same image embedded into the file to facilitate the management of large images. Thumbnails raise serious issues in terms of privacy because they may give access to the original version of an image before it was manipulated. For example, as Murdoch and Dornseif showed (2004), a thumbnail may reveal the identity of someone who

4

cropped an image to protect their anonymity, before posting it online (figure 3). In the dataset they used for their study, they found that about 9% of the thumbnails showed differences with the displayed image.

THUMBNAIL (before manipula8on)

Figure 3: Left: JPEG image posted online, cropped to anonymize the portrait. Right: embedded thumbnail extracted from the JPEG file, revealing the original image before manipulation. Based on Murdoch and Dornseif (2004).

More generally, the chances of finding compromising metadata in a photograph depend on the file format and on the platform where it was published. JPEG, the most common image standard on the Web, often contains multiple kinds of metadata, but PNG and GIF files typically contain very little. Furthermore, if the image was posted on Facebook or Instagram (or various other social media platforms) most of the metadata would have been stripped off by the image



5

managing system of these platforms. The most risky environments are forums, blogs and news websites, as shown in the example that follows. In 2012, Vice magazine published a story about finding John McAfee, the software executive turned millionaire and fugitive. The journalist intended to keep his location secret, but the article included a photograph shot with an iphone. In the embedded metadata was a geotag, pointing to a restaurant in Guatemala, which unintentionally disclosed the fugitive’s location (Figure 4).

Figure 4: left: photographs featuring John McAfee published in Vice website. Right: geotag location revealed by Wired. 2. Discussion: metadata display and contextual visibility 1.2 Photographs as documents vs. traces of activity In the literature dealing with research ethics on the Web, there are very few studies focusing on image embedded metadata. The main contribution thus far was made by Lonneke van der Velden in a paper published in Big Data & Society (2015). She analysed two dispositives called



6

InformaCam and ObscuraCam developed by NGOs and political activists to facilitate the handling of such data. One of the protocols associated with InformaCam consists in developing “a new kind of licensing system”, that would signal whether the author consented to the exploitation of metadata. But this standard is not commonly used across the web, and researchers cannot rely on it to design their ethical framework. The broader discussions about informed consent and “privacy in context” provide useful insights to tackle the questions raised by embedded metadata (Ess, 2002; Markham and Buchanan, 2012). One of the main debates in the field of visual methods on the Web concerns the status of visual material: should photographs be considered as documents, created by authors who intend for their work to be public? Or should they be considered as traces of activity left by human subjects, in which case researchers have more obligations to protect privacy? Bassett and O'Riordan argue that in the case of published texts, authors “make a decision about the level of their visibility, by controlling the degree of their disclosure of identification” (2002: 236). However, the problem with applying this principle to the case of embedded metadata is that intentional disclosure cannot always be assumed. 2.2 Contextual visibility What is specific to the mediality of embedded metadata is its particular status, between public-ness and invisibility? It is publicly accessible because the image was publicly shared, but it may also be invisible—hidden inside of the file—and in this case one cannot assume intentional disclosure. This means that the status of metadata should be evaluated separately from the status of the image. In the end, what is important is to evaluate is the degree of visibility of the metadata in the context of the platform where the image was initially published, which can be described as contextual



7

visibility. This proposed notion refers to Helen Nissenbaum’s principle of “privacy as contextual integrity”, meaning that information gathering and dissemination should respect the norms of the original context where the information was found (2004). In the case of Flickr mentioned earlier, geotags are signalled on a map, displayed along with the image, so we can assume that the user was aware that this information was publicly shared, and consented to this publication. In the case of Vice’s website, the interface was not programmed to display geotags, so its presence was not detected, and it was unintentionally shared. Disclosing this information changed its status from confidential to publicly exposed (Latzko-Toth and Proulx, 2013). Conclusion: privacy and visibility by design Visibility and invisibility are keys issues in the discussion of metadata and research ethics. These two states of the image—visible or invisible—are contextual, because for the same file displayed on different platforms, the presence of metadata can be made obvious, or kept hidden. Yet it would be problematic to systematically associate visibility with informed consent because other parameters of “privacy in context” must also be taken into account (Zimmer, 2010). These parameters can be embedded into platform and interface design to enhance users’ awareness and control over privacy. From this perspective, the notion of contextual visibility proposed in this paper resonates with the principles of Privacy by Design; they recommend to engineer “privacy principles into the design and operation of information and communications technologies” (Cavoukian, 2012: 180). In the case of image embedded metadata, visibility by design consists in displaying the hidden and potential sensitive information on the screen, so that users can gain an awareness of its presence. Without means to control or remove the sensitive metadata, however,



8

this public display could also reinforce the exposure of sensitive information. To achieve Privacy by Design, interfaces and platforms should therefore enable both awareness and agency. Bibliography Casemajor Nathalie (forthcoming) “Embedded Metadata and the Digital Lifecycle of Images: Methodological and Ethical Challenges in Researching Sensitive Topics”, amodern, Nick Mirzoeff and Jonathan Sterne (eds.), special issue “Sound, Vision, Action”. Cavoukian Ann (2012) “Privacy by Design: Origins, Meanings and Prospects for Assuring Privacy and Trust in the Information Era”, in George O.M. Yee (ed.) Privacy Protection Measures and Technologies in Business Organizations: Aspects and Standards, Hershey, PA: Information Science Reference, p. 170-209. Ess Charles (2016) “Research ethical issues for panel at AoIR16”, Call for papers, AIR-List. URL: http://listserv.aoir.org/pipermail/air-l-aoir.org/2016-February/032523.html, accessed October 16, 2016. Ess Charles (2002) Ethical decision-making and Internet research: Recommendations from the AoIR ethics working committee, Association of Internet Researchers (AoIR). URL : http://aoir.org/reports/ethics.pdf, accessed October 16, 2016. Friedland Gerald and Sommer Robin (2010) “Cybercasing the Joint: On the Privacy Implications of Geotagging”, In Proceedings of the Fifth USENIX Workshop on Hot Topics in Security (HotSec

10),

August

2010,

Washington,

D.C.

URL:

http://usenix.org/events/hotsec10/tech/full_papers/Friedland.pdf, accessed October 16, 2016. Latzko-Toth Guillaume et Proulx Serge (2013) “Enjeux éthiques de la recherche sur le Web”, in Barats Christine (ed.), Manuel d'analyse du web en Sciences Humaines et Sociales, Paris: Armand Colin, p. 32-48. Markham Annette and Buchanan Elizabeth (2012) Ethical decision-making and Internet research: Recommendations from the AoIR ethics working committee. Version 2.0, Association of Internet Researchers (AoIR). URL : http://aoir.org/reports/ethics2.pdf, accessed October 16, 2016.



9

Murdoch Steven J. and Dornseif Maximillian (2004) “Far More Than You Ever Wanted To Tell. Hidden Data in Internet”, 21st Chaos Communication Congress, December 27-29 2004, Berliner

Congress

Center,

Berlin,

Germany.

URL:

http://sec.cs.ucl.ac.uk/users/smurdoch/talks/ccc04_hiddendata.pdf, accessed October 16, 2016. Van der Velden Lonneke, (2015) “Forensic devices for activism: Metadata tracking and public proof,” Big Data & Society, 2, 2. DOI: 10.1177/2053951715612823, accessed October 16, 2016. Van Dijck José (2010) “Flickr and the Culture of Connectivity: Sharing Views, Experiences, Memories,” Memory Studies, 4, 4. DOI: 10.1177/1750698010385215, accessed October 16, 2016. Zimmer Michael (2010) “‘But the data is already public’: on the ethics of research in Facebook”, Ethics and Information Technology, 12, 4, p. 313-325.



10