State of the Net: Social Networking Privacy: An Oxymoron?

The second item on the agenda of this year’s State of the New conference of specific interest to me and appropriate for this blog was a panel discussion of social networking sites (SNS) and privacy. The panel was formally titled “Social Networking Privacy: An Oxymoron?” and it was moderated by Tim Lordan of the Internet Education Foundation. Federal Trade Commission (FTC) Commissioner Jon Leibowitz introduced the discussion. Unfortunately, this appears to be one of the sessions that was not recorded or at least the recording is not yet on the Net Caucus’ Web page.

The panelists in this discussion included:

• danah boyd, University of California: boyd is the leading expert on how and why young people in America use SNSes
• Eric Goldman, Santa Clara University: Goldman is Assistant Professor and Academic Director of the High Tech Law Institute at the Santa Clara University School of Law; he has written his own recap of the State of the Net conference
• Chris Kelly, Facebook: Kelly is Facebook’s Chief Privacy Officer; he seemed to spend most of this time during this discussion correcting misperceptions or misunderstandings of how Facebook operates rather than engaging in substantive discussion of the broader issues
• Daniel Solove, George Washington University: Solove is an Associate Professor of law at the George Washington University Law School and the author of several important and relevant books including “The Future of Reputation: Gossip, Rumor, and Privacy on the Internet.”

In his introduction, FTC Commissioner Leibowitz discussed some of the thoughts the FTC has in relation to SNSes:

• Two documents regarding SNSes and privacy the FTC has produced, one aimed at parents and the other at “tweens and teens,” have been viewed over 2 million times.
• The FTC has recently asked for individuals involved in nefarious activities on MySpace be held in contempt of court.
• If Facebook had not reacted as quickly as did when uses rebelled against the initial rollout of Beacon, a feature that allows business to connect with their visitors’ Facebook profile, Leibowitz would have instructed his staff to look into potential Facebook violations of federal law (I think he said “COPA” but I’m not sure I wrote that down right; hasn’t COPA been struck down as unconstitutional?).
• When it comes to collecting or sharing user data, it’s always better to have a “true opt-in.” For all of its faults, Beacon was at least transparent.
• It is not inconceivable that very popular SNSes may one day be forced to abide by the First Amendment as other owners of privacy property have been forced. In fact, this was not the only time this very issue was raised during the conference; it came up again in a later panel discussion involving press rights in Second Life.

After Leibowitz’s introduction, the panel got off to a lively start. Lordan opened the discussion by asking the panelists if SNSes are so different from other operations that collect data such as e-commerce merchants and search engines as to merit special consideration. Goldman and Kelly seemed to reply in the negative with the view that SNSes are an evolution of communication media. boyd expressed disagreement and asserted that SNSes differ from other operations in that SNSes collect not only data about you but also data about your social network. So by giving away “your” data you are also giving away, by some measure, “your friends’” data at the same time since.

boyd continued by giving examples that related to the concept of “outting.” This is a term traditionally used in to refer to the process of homosexual persons revealing their homosexuality; it’s a very personal and often private experience often fraught with emotion and personal risk. It can be used in other situations, however, to refer to having information about oneself revealed by another without your permission. The specific example used by boyd was that although she is careful not post photos of herself drinking online there is nothing stopping her friends from posting such photos and then labeling (“tagging”) boyd in the photos this outting boyd as one who drinks alcohol.  So we can not think of data residing on and in SNSes as data merely about one person but we must think “in terms of network models.”  Remember, two of the defining features of SNSes are that they (a) contain a list of other users with whom other users share a connection and (b) allow one to view and traverse the list of connections from one user to another.

The next set of exchanges focused on privacy policies and the “illusion of privacy” they provide. There seemed to be general agreement that the current paradigm of posting privacy policies laden with legal jargon incomprehensible to the general public is ineffective. Goldman opined that asking consumers simple questions to determine their preferences might be a good way to go about things. Interestingly, there was no discussion of machine-readable privacy policies (P3P); has this idea died off completely, perhaps becoming outdated before it ever rolled off the assembly line?

The discussion then shifted to advertising as Kelly and boyd sparred about how well or poorly Facebook users understand privacy controls on Facebook. Kelly asserted that the controls work. Coming at it from a different angle, boyd insisted that the controls don’t matter because youths believe that Facebook is a closed network (as contrasted with MySpace). She pointed the finger at mass media for establishing the idea that Facebook is closed but MySpace is open. The same scene – Kelly describing how a feature in Facebook works and boyd insisting that users don’t understand it – occurred later when discussing (again) Beacon. Goldman and boyd both seemed to strongly agree, as would I, that much of the consternation caused by the use of SNS data stems from the commercial nature of those intended uses.

Solove wisely reminded us that these privacy challenges are much broader than Facebook. He asserted, and presumably also asserts in his book (which is on my bookshelf and near the top of my “To Read” list), that our definitions of privacy are not static but are changing. He also asserted that because people don’t care about sharing information that does not mean that they don’t care about how that information is used. He illustrated this with an example in which he would someone might be okay in publicly stating their preference for a brand of bottled water but not okay with that statement being used to promote that brand (drink Aquafina water -it’s approved by Daniel Solove!). Solove then presented some of the changes he thinks may have to occur in the legal landscape to deal with privacy and reputation as our definitions and abilities have changed but I’ll let you buy and read his book to get those ideas.

I feel as if the entire conversation was strained on the part of Facebook’s official representative and I can’t blame him given the audience (there was nothing else scheduled concurrently with this discussion so nearly everyone was there). He seemed to spend most of his time defending his company which didn’t seem to advance the discussion in useful ways. Of course, that there were apparently many misconceptions about Facebook that he had to correct is itself telling.

The comments by Leibowitz (FTC would have investigated Facebook regarding Beacon, fictional Facebook and MySpace merger would be a vcry bad idea, companies must be held to task for what they say they are going to do or not do, etc.) were most interesting.

The focus of the conversation seemed to be on the fact that SNSes have large amounts of data and will continue to gather them. Users don’t know what’s being done with the data and the current mechanisms for telling consumers are inadequate. I was most disappointed in the lack of empirical data cited during the discussion, particularly in light of the relatively-recent Pew Internet & American Life Project data regarding users’ expectations of privacy.

Finally, I am again struck by the challenges posed by SNSes and other tools that force people to “flatten” their presentation and identity. We regularly and without thinking adapt our public presentation to the audiences we perceive and expect, moving from one presentation of self to others seamlessly. Environments that draw together disparate audiences (high school classmates, college classmates, professors, coworkers, family, etc.) and force people to adapt one presentation are very different from the environments in which we live our day-to-day lives. Those different presentations we exhibit are natural and important and it’s very confusing in many ways to be forced to put on the same presentation to every audience. That confusion and this flattening of our public identity is one of the key issues at the center of this discussion of privacy and SNSes.