Posts Tagged: privacy

Teaching / Thoughts6 Comments
16
Feb 10

What Google Could Learn From Goffman

In the week since Google introduced Buzz, the most interesting thing about the fiasco has been watching the company.  For an organization as risk-averse and PR-aware as Google, a public failure offers insight that can’t be gleaned from watching daily operations.  As Google attempts to fix the problems and move the conversation onward, I thought I might reflect on some of the teachable elements of this event.

First, a little bit of back story.  As part of my fellowship at the School of Information and Library Science, I teach a course about social network sites.  Each week, I sit down with my students to discuss the social, legal, ethical and privacy implications of social network sites, among other things.  Potentially noteworthy is that my course doesn’t spend a lot of time on social network science – graph theory, quantitative analysis of networks, etc.  Rather, we concern ourselves with the interaction of people with social technology at large scale.

In our readings and discussions, we’re often challenged to think about how people present themselves in technology.  When you create a profile in a social network site, or share a stream of Tweets, you’re essentially creating a representation of an identity.  As we’ve seen time and time again in Facebook, we run into problems when identities collide during “context collapse” – when people from a different segment of your life view an identity you’ve constructed for your friends.

Taken one way, it could be argued that this problem of separate identities reveals some sort of fundamental character flaw: “Why aren’t you the same person to everyone?”  As Google CEO Eric Schmidt pointed out, “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”  It is the intersection of technology and philosophies like Schmidt’s that are causing companies like Google and Facebook to stumble again and again, creating “privacy nightmares.

Many of the readings in my class are influenced by Erving Goffman’s theories of identity and interaction.  Goffman, the legendary Chicago-school sociologist and former ASA president, elaborates in rich detail the process of social interaction in his books The Presentation of Self in Everyday Life, Behavior in Public Places, and Interaction Ritual.  In essence, Goffman argues that identity and interaction are performative, a concept that maps very well onto social network sites.  By “creating” identities, we’re not living dual lives, but rather engaging in a well-established performance of identity that lets us share the proper “front” in context.  We act differently on LinkedIn and Facebook because these sites have contextual norms, not because we’re duplicitous.

At the beginning of each semester of my class, I tell my students that they’re going to leave with a skillset that helps them negotiate human interaction with social technology.  I’ve sat up at night, pondering the value of such a skillset.  More than anything, the Buzz fiasco has driven home the point that we need interdisciplinary information professionals that can work with teams in negotiating the social implications of their tools.  These are the students I’m working with, and I wonder how Buzz would have rolled differently if their voices were brought to the table.

The builders of social technologies are challenged to manage the relationship between technical affordance and what is, for lack of a better term, human inertia.  That is, the tendency for people to act like people.  As Google Buzz engineers attempted to reconfigure our notions of a social group (work/friends/romantic/etc. was collapsed to “most frequently contacted”), they ran smack into human inertia.  Even though Google’s algorithms have likely figured out a more efficient way for us to group the people we know, it was simply too much to ask us to configure ourselves to the technology.

By fabricating new social groupings, Google ran head-on into Facebook’s biggest problem – that of context collapse.  When we merge social groups together, we are challenged to manage our disclosures across these groups, which have different norms of propriety.  How is it possible that Google didn’t see the potential problems of such context collapse at scale?  I’d like to offer a potential answer.

If you read a history of Silicon Valley (such as Katie Hafner’s or Michael Hilzitk’s), you’ll notice a theme of interconnection.  Silicon Valley’s tech economy is a dense series of highly entrepreneurial networks, where employment is characterized by acceptance of failure and short tenures.  The work of AnnaLee Saxenian reveals this trait as being fundamental in the Valley’s success; ideas are gestated frequently, teams assemble rapidly through the uncharacteristically large networks of oft-moving tech employees.  As good as this is for innovation, it is bad for the development of a social networking site.

Working in Silicon Valley is a classical embeddedness problem.   If you work in the Valley, it is likely that many of the people you know share similar traits.  They work at the same company as you, think about similar problems, went to similar schools.  Such homophily is beneficial for allowing entrepreneurial teams to assemble quickly, but it is bad for finding heterogenous opinions.  Consider the case-in-point of the Google Buzz test – it was rolled out initially to Google’s 20,000 employees.  These employees – similar on many traits, richly compensated, cognizant of privacy – are different in key ways from the rest of the Buzz ecosystem.  Perhaps the homophily of the test base accounts for how devastating edge-cases weren’t designed for, or perhaps groupthink shouted such possibilities down.  Either way, this is an important lesson about the pervasive problems of homophily when designing privacy systems.

While involving interdisciplinary information professionals like the ones I train in the design process would be a good step forward, it is easier said than done.  Just as Silicon Valley engineers collide with human inertia, the Valley has its own inertia of bigger, better, and faster.  Introducing the human perspective into such a culture is an ongoing, and challenging problem (see the work on Values in Design).  Right now, the market (and the opinion-sphere, to a lesser extent) regulates and acts as the proxy for human problems with systems.  I’d like to think that by introducing informed, professional voices to the discussion, we can move beyond this reactionary approach to privacy.  Perhaps Buzz is the case that moves this discussion forward.

Image used under CC-BY-ND, original source.

NoticedNo Comments
18
Jun 09

Zimmer on the Facebook Dataset

Michael Zimmer has released a new critique of the “Facebook Dataset” – and it is well worth reading.

Recall that last fall, a group of researchers affiliated with the Berkman Center for Internet & Society at Harvard University released a dataset of Facebook profile information from an entire cohort (the class of 2009) of college students from “an anonymous, northeastern American university.” While the researchers took good faith steps to preserve the anonymity of the source of the data (and, presumably, the privacy of the subjects), I quickly narrowed it down to 7 possible universities, and then with only a little more effort, identified the source (with some confidence) as Harvard College. All this without ever even downloading or looking at the actual data.

Download the draft of Michael’s paper.

Noticed / ThoughtsNo Comments
6
Apr 09

NY Mag asks “Does Facebook Own You?”

New York Magazine leads with an interesting piece on data ownership and online social networks by Vanessa Grigoriadis.  I’ve got a quote in there, which builds on some writing I did last month.

This is part of who I am now—somebody who knows that her nursery-school tormentor wasn’t a bully without a heart. It will get logged into my profile, and that profile will become part of the “social graph,” which is a map of every known human relationship in the universe. Filling it in is Facebook’s big vision, a typically modest one for Silicon Valley. It’s too complex for a computer scientist to build. Just as our free calls to GOOG-411 helped Google build its voice-recognition technology, we are creating the graph for Facebook, and I’m not sure that we can take ourselves out once we’ve put ourselves on there. We have changed the nature of the graph by our very presence, which facilitates connections between our disparate groups of friends, who now know each other. “If you leave Facebook, you can remove data objects, like photographs, but it’s a complete impossibility that you can control all of your data,” says Fred Stutzman, a teaching fellow studying social networks at the University of North Carolina at Chapel Hill. “Facebook can’t promise it, and no one can promise it. You can’t remove yourself from the site because the site has, essentially, been shaped by you.”

Check the full article.

Research / ThoughtsNo Comments
3
Apr 09

CIO Magazine on privacy in social networks

C.G. Lynch of CIO magazine examines the business implications of the shifting nature of privacy in social networks.  He draws on research that Jacob Kramer-Duffield and I ran last fall:

But it turns out some users have fiddled with those privacy settings, after all. In research conducted by the UNC School of Information and Library Science this past fall, more than 70 percent of 495 college students surveyed claimed to have altered their Facebook privacy settings in some way. Around half of the students also said they limited access to their profile to “friends only.”

The research also indicates that their attention to privacy controls increases with their time on the service. During their first six months on Facebook, only 40 percent of students said they modified their privacy settings. After one year, that number jumped to nearly 80 percent.

It is a great article – I’ve spoken with Chris a few times and he’s an astute analyst of social networks.  The article has good quotes from Chris Kelly, Facebook’s smart Chief Privacy Officer.

As I mentioned in a post last week, Jacob and I are currrently writing this study up for publication.  We presented initial results at the ASIST Annual Meeting, but we hope to get this into journal form so we can share the results more broadly.

Noticed / Research5 Comments
9
Mar 09

NY Times Botches SNS Privacy

Via Michael Zimmer, an embarrasing NY Times story from Randall Stross on privacy in social networks.  Stross writes:

As the scope of sharing personal information expands from a few friends to many sundry individuals grouped together under the Facebook label of “friends,” disclosure becomes the norm and privacy becomes a quaint anachronism.

Facebook’s younger members — high school or college students, and recent graduates who came of age as Facebook got its start on campuses — appear comfortable with sharing just about anything. It’s the older members — those who could join only after it opened membership in 2006 to workplace networks, then to anyone — who are adjusting to a new value system that prizes self-expression over reticence.

Stross simply has this one wrong.  Instead of misguided intuition, let’s look at the numbers.  In the Summer/Fall of 2008, Jacob Kramer-Duffield and I ran a survey of undergraduate Facebook users.  We employed a list-based simple random sample, with 494 respondents.  When asked the question Have you changed the default Facebook privacy settings to give yourself enhanced privacy in Facebook?, 72.47% responded “Yes.” To the question Based on your Facebook privacy settings choices, who do you allow to see your Facebook profile?, 50% answered “Only my Facebook friends.” (1)

Stross would also benefit from looking at Lampe et al., 2008, a longitudinal analysis of Facebook use by a cohort of undergraduate students at Michigan State University.  The authors note “In 2006, 64% of users had the default settings for privacy. In 2007, this number dropped to 45% of users who had the default settings, and by users maintained the default privacy settings.” (p. 726)  Williams (2008), employing a SRS at Texas Tech, found that “In regard to public access to their Facebook profile, (50.6%) allowed only their friends to access their page, while (71.0%) stated that the primary target of their communication were friends.” (p. 52)  Williams writes (in her very interesting thesis) “Perhaps this is an indication that Facebook users, in particular at this institution, have greater concerns for invasions of privacy or a greater need to protect their disclosures from the general Facebook audience.”

I could go on.  Strauss, who theoretically has access to a research library, could have skimmed Lewis et al., 2008, Tufekci, 2008 or any of the recent studies put out by the Pew Internet and American Life Project for context.  Since he didn’t, he actually gets the issue backward.  I’ve written about this before, but the basic idea is this: Young people didn’t simply decide to give up privacy.  Rather, the studies show that social network sites, in their early iterations, created a very meaningful sense of close community.  Young people disclosed not because attitudes about privacy instantly and simultaneously changed, but because they felt very comfortable with their audience.  Zimmer continues:

Stross likely doesn’t realize it, but he’s right that sites like Facebook have “[dissolved] the line that separates the private from the public.” In few realms of our lives can we truly identify a strict dichotomy between public and private information. Instead, everything is contextual. And, yes, that’s what makes thinking about privacy difficult, but that doesn’t mean we throw in the towel. Instead, we accept the challenge and work to create policies and build technologies for the sharing of information that properly reflect a contextual notion of privacy, rather than a binary one.

The conclusion that Stross draws – that adults are now going to massively change their disclosure behavior because of young people – is as flawed as his “privacy as anachronism” point.  The real story is that adults are grappling with and establishing norms of privacy in a manner very similar to young people.  This is my summer research topic, so watch this space for more along these lines.  A final point – the 20% statistic.  First, Facebook defaults have changed over the years, so a default now may have been a modification in the past.  Second, Facebook’s audience is increasingly international, so we must remember that norms will vary significantly across nations and cultures.  Third, privacy is not in Facebook’s business interests.  Less privacy = more content, so it may not be in Facebook’s interest to craft a privacy statistic that reflects current norms.

Notes:

(1) This survey was initially presented at the 2008 ASIST Annual Meeting.  We are currently writing it up for publication.

References:

Lampe, C., Ellison, N. B., and Steinfield, C.  (2008).  Changes in use and perception of facebook.  In CSCW ‘08: Proceedings of the ACM 2008 conference on Computer supported cooperative work, New York, NY, USA, 2008 (pp. 721-730).  ACM.

Williams, I. M.  (2008).  The Effects of Anticipated Future Interaction and Self Disclosure on Facebook.  Masters thesis, Texas Tech University.

Lewis, K., Kaufman, J., and Christakis, N.  (2008).  The Taste for Privacy: An Analysis of College Student Privacy Settings in an Online Social Network.  Journal of Computer-Mediated Communication, 14(1), 79-100.

Tufekci, Z.  (2008).  Can You See Me Now? Audience and Disclosure Regulation in Online Social Network Sites.  Bulletin of Science Technology and Society, 28(1), 20-36.  http://bst.sagepub.com/cgi/content/abstract/28/1/20

Noticed / Thoughts4 Comments
5
Mar 09

Facebook and the Death of Networks

InsideFacebook reports on the coming “opening up” of Facebook:

After Facebook’s press event yesterday announcing public profiles and the real-time home page “stream,” I briefly chatted with Mark Zuckerberg about the future of sharing on Facebook. Essentially, Mark said things are headed toward a hybrid model in which some information shared by users can be private and some information shared by users can be public, depending on users’ preferences.

This direction means users will need to think in new ways about sharing on Facebook. Historically, sharing on Facebook has been managed through Facebook’s robust privacy settings, with most of the default settings being set relatively strictly (usually limiting access to most information to others in your school or regional networks). Now, Facebook users will also have the option to easily share some information much more openly – even completely publicly for the whole world (and search engines) to see if they so choose.

While Zuckerberg said Facebook is still working on the user interface that would make such sharing settings robust and easy to use, these changes are going to have significant implications for the nature of sharing on Facebook.

Perhaps.  One of the stories that doesn’t get talked about much is the massive shift towards privacy in Facebook in the last few years.  In studies I’ve run, and in data I’ve seen, there is (and has been) a clear migration towards friends-only profiles in Facebook.  In my opinion, this is the result of 1) increased awareness and comprehension of privacy risks 2) context collapse and 3) the aggressive nature by which Facebook manages the community.  As I’ve written previously, Facebook’s users have adapted to this new reality, and accordingly enforce a high level of information control.  We’ve studied online community long enough to know that users won’t change practice simply because the community has new features.  To that extent, we shouldn’t expect Facebook’s move towards openness to radically affect the community.

I see this move as the death of regional networks. Facebook’s initial genius was to segment schools by network.  Schools are unique; they are closed communities full of individuals who interact daily, who share a strong common bond.  Because of this very strong group identification, Facebook users felt comfortable sharing and disclosing to other members of their school network.  When Facebook opened to everyone, they attempted to replicate this success by introducing regional networks.  As one might imagine, regional networks are vastly different from school networks.  There is no verification for entry, the networks are much larger and much less cohesive, and the group effects are meaningless.  Regional networks were simply an arbitrary segmentation so Facebook could keep up the master-plan nature of its community.

Fast-forward to 2009, and a few things have changed.  Primarily, lots of people have Facebook accounts.  Unlike college students who are heavily focused on interacting in their local, university network, older users operate without a focus on location or geography.  You don’t care about what network Bob from First Grade uses, because the nature of interaction isn’t about browsing Bob’s profile – it is about establishing a friend connection.  For older users, Facebook is much more about point-to-point use than browsing interaction (and if anyone wants to lament the “devaluing” of Friendship, they should consider how the system forces people into friendship to accomplish informational goals).  This nature of interaction has largely rendered regional networks and their privacy functions meaningless.

This takes us back to the original question – will all this new openness radically affect Facebook?  No.  Facebook’s contexts collapsed a long time ago.  Facebook is already open.  Users factor this openness into what they say and do, who they friend, and the privacy settings they maintain.  Sure, publicity seekers will like this new openness, but there may be a reverse incentive for other users.  This semi-openness may make users more findable, forcing more awkward friendship negotiations and context collapse, leading to reduced sharing of information (the lifeblood of Facebook).  This shouldn’t be taken as a criticism of Facebook, but just as a reflection of the social realities of a massive online system with real-world implications.  If everyone in the world was on the same listserv we’d behave the same way.

Upsides for Facebook?  This is a great chance to become a huge peer content-distribution network.  Take photo galleries.  If Facebook stepped their game up a little in photo galleries (hosting multiple size photos, offering printing services, etc), it could easily compete into the territory of Flickr, Kodak or Snapfish (Note: Why FB, with their 11 Trillion photos, hasn’t done this meaningfully yet is beyond me).  There are many valuable products that Facebook could provide via the public profile, any number of which are monetizable and provide real value (i.e. not just network value).  This would mark a serious legitimization of Facebook as a business – sort of like an inverse Google.  In the case of Google, you spread yourself over all of their services.  With Facebook, the individual would be the center of the network, and their profile could be a place for search, hosting, file sharing, chat/videochat, photo hosting, blogging, microblogging, and so forth.  As unglamorous as it sounds, there is still a huge market to be people’s webpage.

Noticed / Research / Thoughts10 Comments
18
Feb 09

How Facebook Should Address User Rights

Earlier today, Mark Zuckerberg announced that Facebook would be significantly revising the new Facebook terms of service.  He writes:

Going forward, we’ve decided to take a new approach towards developing our terms. We concluded that returning to our previous terms was the right thing for now. As I said yesterday, we think that a lot of the language in our terms is overly formal and protective so we don’t plan to leave it there for long.

Our next version will be a substantial revision from where we are now. It will reflect the principles I described yesterday around how people share and control their information, and it will be written clearly in language everyone can understand. Since this will be the governing document that we’ll all live by, Facebook users will have a lot of input in crafting these terms.

Of the changes, Michael Zimmer writes:

Consider their declaration that “We won’t use the information you share on Facebook for anything you haven’t asked us to.” Ok, well, I never asked to be opted into an automatic News Feed, nor did I ask to be a part of Beacon, but Facebook used my data for these purposes without my informed consent. Will they do it again? Will a more robust behavioral targeting system be implemented? Will I have asked Facebook to use my proifle data for that purpose?

Zimmer’s comments reveal the fundamental conceit of this discussion – what is “our information” in Facebook and where does it begin and end?  Put another way, it is easy to imagine a photograph we upload as “our information.”  But what about the pokes we send into the ether, or even more abstractly, the deltas between our logins as recorded by Facebook’s servers.  All of this is “our information,” and all of this information would be coveted by marketers.

I would like to argue that the idea of owning one’s information in the context of third-party systems is impossible.  “Our information” is used, reused, extracted, archived, analyzed, recombined, logged and backed up in so many ways by third-parties, the idea of actually owning it (meaning we could “remove” it at our discretion) is an impossibility.  More practically, if we did own our information, we would be able to do just as Zimmer states – opt out of Newsfeeds, control how our information flows through Facebook.  I don’t forsee this happening any time soon.

To Facebook’s credit, I believe the terms update actually reflected this reality of information ownership dilemma.  There are so many derivatives of information, the company couldn’t reasonably promise ownership.  Information almost inherently shape-shifts in technical systems; this information-derivation “problem” affects everyone from Google and Yahoo to the lowliest blog.

How can Facebook address this issue?  First, Facebook needs to move the discussion away from this overarching concept of “information.”  Facebook cannot truthfully promise ownership of all of our information, at least to the extent is passes a “removal” test.  Second, Facebook needs to study user perceptions of information in the site.  For example, HCI literature shows us a number of gaps between “observable” information and systems- or backend-information.

A user may consider her pictures as information, but they may not consider their attention data as information.  By understanding the user’s conception of information, it can more accurately craft a terms of service that reflects user’s needs.  Facebook is ultimately responsible to its users.  While policy wonks may deride a system that does not promise “absolute” control, Facebook should focus primarily on user conceptions of information and start building the policy out from there.

Facebook should also adopt the following practical suggestions.  First, Facebook should place a reasonable lifespan (eighteen to twenty-four months) on information users identify as important.  Facebook should delete my pictures within two years from the time I remove my account.  Simple as that.  Second, Facebook should work with a few policy and ethics organization to create a Facebook code of information ethics.  A few members of this organization would comprise an external board that could review and approve that new features are in-line with the code of ethics.  Finally, Facebook should hire an ombudsman.  The ombudsman should be hired for a contractually-tenured period and be given a blog on a third-party server.

Mark Zuckerberg talks about Facebook as if it was a country.  If Facebook were a country, it would more accurately resemble North Korea or China than the United States.  Facebook must move forward aggressively to institute better corporate and ethical governance.  Facebook is in a very critical phase, where a new audience is flooding in.  Investments made into protecting user rights will be recouped many times over.  However, if Facebook does not act aggressively, or it simply pays lip service to the problem (e.g., just creating a Facebook group), they stand to alienate this increasingly older, more rights-aware audience.

← Older Entries