32nd International Conference of Data Protection and Privacy Commissioners
October 29, 2010
[This is a rough unedited crib of the actual talk. ]
Citation: boyd, danah. 2010. "The Future of Privacy: How Privacy Norms Can Inform Regulation." International Conference of Data Protection and Privacy Commissioners. Jerusalem, Israel, October 29.
Good afternoon! Thank you so much for the opportunity to speak with you today. I’m deeply grateful to the organizers for the warm welcome. I am also humbled to be speaking before such an esteemed audience.
Given the “Generations” theme at the conference this year, I’ve been asked to talk with you today about my research on teens’ understandings of social norms with respect to privacy. I am an ethnographer, a sociologist. My work focuses on how everyday people engage with social media as part of their everyday lives. And so I’ve been spending a lot of time talking with teens about their notions of privacy, in part because the notion that kids don’t care about privacy is completely inaccurate.
I'm completely baffled by the persistent assumption that social norms around privacy have radically changed because of social media. This rhetoric is pervasive and is often used to justify privacy invasions. There is little doubt that the Internet is restructuring social interactions, but there is no radical shift in social norms because of social media. Teenagers care _deeply_ about privacy. But they also want to participate in public life and they're trying to find ways to have both. Privacy is far from dead but it is definitely in a state of flux.
The goal of my talk today is to help you understand engagement with social media through the eyes of young people, exploring social norms around privacy. I believe that understanding the cultural logic of people who are engaged with technology can help you think critically about technology and policy.
Over a decade ago, legal scholar Larry Lessig published his seminal book "Code and Other Laws of Cyberspace." In it, he argued that systems are regulated by four different regulatory pressures: the market, the law, code (or architecture), and social norms. Lessig rightfully pointed out that when the four different forms of regulation are aligned, magic happens. Yet, when the four are in conflict, it's important to step back and explicitly address the sites of conflict.
Most of the conversation surrounding privacy tends to focus on the market, the technology, and the law. All of these entities tend to use social norms to justify their position without actually understanding the nuance that goes on and without taking an opportunity to learn from what people do to manage privacy. I believe that if you actually dive into and understand social norms, you will be able to develop more innovative and appropriate policies, technologies, and business models.
It is important to recognize that there is a broad and deep interest in privacy, even if there's also a desire to engage in public. The two are not in opposition. And you cannot assume that people's participation in social media suggests that privacy is dead. Quite the contrary, privacy often matters more to people when they are forced into the spotlight. But privacy in an era of social media is complicated. It’s not simply about individual data. It's about managing visibility, negotiating networks, and facing an ever-increasing flow of information.
Privacy is a hugely contested word and means many things to many different people. I understand that y'all have had ongoing definitional debates for years and I don't want to fuel that fire. But I also want you to understand that there is no coherent definition among teens either. The word doesn't mean anything to them. This makes it extremely difficult to survey teens about whether they care about privacy or not, which is part of why you see such conflicting messages. The advantage of ethnographic work is that you can see the cultural logic and strategies that teens take to make sense of privacy even when they don’t have the language for talking about it explicitly.
I'm not going to solve the definitional debate, but I do need to give you a sense of how I conceptualize privacy so that you can understand where I'm coming from. I focus on people's ability to successfully manage a social situation and the flow of information that helps define that situation. Privacy requires that people can meaningfully interpret the context and that they have agency over how information flows. Privacy isn't about controlling functional access to content as much as knowing what to share when and how it will flow. While spaces and moments are marked as private, privacy is experienced over time. Most importantly, privacy is networked. It's not just about the information that an individual shares; it's about what can be interpreted about someone based on their relationship to others and their everyday interactions. Privacy is fundamentally about both context and networks.
All too often, folks presume that privacy is about hiding information or controlling access to information. This is a very limited view. For teens, privacy has more to do with feeling safe and in control of a situation, trusting people and systems, and leveraging an understood context for intimacy.
Let me ground this in an example. If I'm dealing with an illness, I'm not hiding it from people just because I'm not talking about it. If I choose to share my illness, I'm probably not going to start by standing up in the middle of the town square and shouting loudly to everyone who could possibly hear that I'm ill. I may start by gathering my family and sharing in an intimate situation where I feel supported. I open up to them, make myself vulnerable, in exchange for support. This is privacy. I also have expectations about that social situation. I expect my family to respect the situation in which I shared something deeply personal. I _trust_ them to understand how far that information is supposed to be spread. Any one of them is capable of breaking my trust, telling someone against my wishes and expectations, but what's at stake is the relationship. My agency, my power, in that situation does not stem from me locking my family in a closet after I told them something personal. It comes from the social expectation that they respect the context of the situation.
There are certain structural assumptions baked into this unmediated scenario. First, and most importantly, there is an assumption in everyday interactions that conversations are private-by-default, public through effort. In unmediated situations, publicity takes effort. We have to consciously tell other people what we hear. Shouting to the entire town square is a lot harder than telling just a few people. Even when we share in public places, there's a huge difference between sitting in a cafe talking with a friend and screaming to the entire room. Sure, people can overhear us in the cafe. And they do. But that doesn't mean that they're in the conversation. Sociologist Erving Goffman noted that there's a societal value of "civil inattention." Even when we can overhear conversations, we generally try to not listen. Doing so is a way of indicating that we respect others' space. This isn't universal and people are always jumping into conversations that they're not a part of. But all of the parties know that they're "butting in."
What's different about the Internet is not about a radical shift in social norms. What's different has to do with how the architecture shifts the balance of power in terms of visibility. In online public spaces, interactions are public-by-default, private-through-effort, the exact opposite of what we experience offline. There is no equivalent to the cafe where you can have a private conversation in public with a close friend without thinking about who might overhear. Your online conversations are easily overheard. And they're often persistent, searchable, and easily spreadable. Online, we have to put effort into limiting how far information flows. We have to consciously act to curb visibility. This runs counter to every experience we've ever had in unmediated environments.
When people participate online, they don't choose what to publicize. They choose what to limit others from seeing. Offline, it takes effort to get something to be seen. Online, it takes effort for things to NOT be seen. This is why it appears that more is public. Because there's a lot of content out there that people don't care enough about to lock down. I hear this from teens all the time. "Public by default, privacy when necessary." Teens turn to private messages or texting or other forms of communication for intimate interactions, but they don't care enough about certain information to put the effort into locking it down. But this isn't because they don't care about privacy. This is because they don't think that what they're saying really matters all that much to anyone. Just like you don't care that your small talk during the conference breaks are overheard by anyone. Of course, teens aren't aware of how their interactions in aggregate can be used to make serious assumptions about who they are, who they know, and what they might like in terms of advertising. Just like you don't calculate who to talk to in the halls based on how a surveillance algorithm might interpret your social network.
Let's ground this by drilling down on norms surrounding social media practices. I'm going to use examples from my work with American teenagers, because I think it's important for everyone in this room to step out of their own shoes and see the world from a different perspective. And while "the kids" have been referenced in numerous panels, I don't see many teenagers around here.
While many of you probably have an account on Facebook and may even use it to connect with old friends, it's important to recognize that Facebook - and other genres of social media - play a central role in the lives of young people. You can think of these technologies as the equivalent of the mall or the cafe or the park when you were growing up. Teens go to them because all of their friends are there. They use them as public spaces where they can gather, socialize, gossip, flirt, and hang out. Just like fashions change over time, so do expectations about how you use social media.
Right now, for example, in many teen circles, it's considered "conceited" if your primary Facebook picture is just of you. While the practice of putting up photos with friends originated as a safety mechanism, it's now considered a social signal that you are sociable. Features like "siblings" are no longer used to indicate blood relatives; they're used by many to identify their closest and dearest friends. And before there's a panic over how many teenagers have "children" on Facebook, keep in mind that teens identify younger those that they look out for as their kids so it's quite common for a 16-year-old to say she has a 14-year-old daughter. These are just some of the small ways in which teens play with Facebook's structure as a mechanism for identity work.
At this point, on Facebook, there's a social expectation among teens that you connect with everyone that you know. This means everyone from school, after-school activities, summer camp, middle school, etc. But it also means extended family. There are always people who are fraught. Parents, for example, are tricky and it seems as though the norms around parents are highly localized. In some communities, everyone friends their parents; in some, no one does. If you don't like someone at school, you're not likely to send them a friend request, but if they send you one, you're probably going to accept. But, most likely, they won't bother either. This creates an environment where mutual disinterest becomes apparent. Connecting to strangers is socially taboo, but if your best friend starts dating someone you've never met, you better ask him to be your Friend on Facebook or it's a sign that you don't think that the relationship will go anywhere. If you're a highly regarded football player and a college scout asks you to be Friends on Facebook, you clean up your profile and say yes. And if you're angling to get into a particular college, you take your shiny profile and friend people from that college that you met on the school tour. Or you befriend the college admissions officer that seemed nice. Given all of this, teens consistently state that Facebook is "everybody." And by that, they mean everyone who is a part of their life.
Facebook is seen as "private" in that it's not full of "creepers." But it's also seen as "public" in that it's where "everyone" is. This is complicating Facebook use and resulting in teens seeking new networked spaces which are more intimate. This fall, in the United States, Twitter is starting to gain traction among the more "popular" kids at wealthier American schools. Their use of Twitter in juxtaposition to Facebook highlights how these sites are perceived. As one teen explained, "Facebook is like shouting in a crowd; Twitter is like talking in a room." For those teens who've embraced Twitter, it's become a sanctuary away from the highly public, highly visible - and thus, highly dramatic - dynamics of Facebook. When you follow someone on Twitter, there's no expectation of reciprocity. Many of these teens protect their accounts, making them only available to a subset of friends who will all understand the same jokes. So they feel free to write silly things on Twitter that half of their Facebook friends would never understand. And besides, there's a lot of pressure against "blowing up" one's Facebook by posting too much; on Twitter, there's an expectation that if someone talks too much for your own taste, just stop following them. This isn't a technology issue - Facebook actually has a whole host of complicated features that allow you to achieve the same restrictions on its site. But it's just easier and cleaner to move to a different site. And this is part of the privacy story. When teens want privacy, they switch sites. Twitter will inevitably become "public" to teens but right now, it's a pretty private space.
While Facebook is extraordinarily popular with American teens right now, it's not the only technology that they use. Today's teens are obsessed with text messaging. This may seem odd in Europe where teens have been texting for a long time, but texting was barely visible 4 years ago because of horrendous plans offered by carriers that made you pay to receive text messages, motivating parents to not allow texting for fear of the bill. Today, with all-you-can-eat plans, the numbers that I'm hearing are that teens send and receive over 3000 texts on average per month. It seems outrageous but it also seems pretty accurate to me. Texting is a persistent backchannel, a way of coordinating but also a site for 1-1 conversations. Texting dominates 1-1 messaging, but if you happen to both be in front of Facebook, Facebook chat will do. And if it's not urgent or if the message isn't meant for someone you're close with, sending a private message on Facebook is also reasonable. But generally speaking, texting is for 1-1 and Facebook is for socializing among all peers.
Given this landscape, what are teens using the highly public Facebook for? You come to conferences to see and be seen, to make small chat with people who seem interesting and catch up with old friends. Sure, you may sneak off to a private room to broker a deal, but when you're standing around the reception, you're talking to colleagues in a performative way. Like it or not, you want to be seen connecting with people. No one likes the person standing in the corner. This is social grooming.
For teens, Facebook is a mega-conference reception. Teens show up there, knowing that their friends will be there and that they might also run into other people who interest them. They gab with one another in a semi-performative way, Liking Friends' photos as a way of showing that they're there, and commenting when they really care.
What makes the dynamics on Facebook different than those at a conference reception is that every photo one uploads and every text one takes is public-by-default, private-through-effort. Not public in the sense of "all people across all space and all time." But public in that it's visible to everyone that matters.
At this conference, you might be seen talking to someone at the reception, but that doesn't mean that the content of your conversation is being broadcast on the speakers for everyone else to hear, let alone put on a USB drive for everyone to take home. Yet, that's what happens online. Thus, when people talk about wanting privacy in Facebook, they're not talking about wanting a space for the most private 1-1 conversations - they turn to texting for that. They want privacy in that they want a way of controlling how far a conversation goes. They want what you take for granted at the reception - the ability to grab a few professional friends and have a conversation that isn't going to be videotaped and reviewed by every employee at your company or every constituent in your country. They want the ability to interact without every word choice being used by data mining algorithms to more optimally choose what content they should see. They want what we take for granted when we socialize in unmediated spaces.
There's a huge difference between how we experience public spaces and how mega-celebrities like Angelina Jolie experience public spaces. Some of you do have entourages or security. But I doubt that many of you are incapable of having dinner in a restaurant without being swarmed by giggling fans who want your signature. Yet, when you talk to celebrities, you quickly learn that it's not the fans that make their lives miserable. Sure, it's hard to have a romantic night out when fans are buzzing. But what makes their lives frustrating are the paparazzi who follow them around at close quarters to photograph the personal for profit. Celebrities have all sorts of different ways of dealing with paparazzi - some choose to accept it and tell the paparazzi when to meet them where. For others, it pushes them over the edge, and their public breakdowns become a spectacle in and of themselves. Still others move to France.
Celebrities struggle to find privacy in a life of being constantly under surveillance. Many develop strategies for managing life under the spotlight. A reporter once chided Angelina Jolie for publicizing every detail of her life. The reporter implied that Angelina Jolie had no interest in privacy because she was always sharing everything. Angelina laughed and told the reporter that the opposite was true. She had found that the more she threw out to the public, the more the press stayed out of her face about what was truly private. In a culture of paparazzi, Angelina found that only way to have privacy is to appear to be fully public. If you seem to be hiding things, the press are obsessed with prying. As a result, choosing to be public in a culture of publicity can actually mean choosing privacy. But even Jolie got pushed over the edge once she had children. Her efforts to keep them out of the spotlight nearly destroyed many of those around her. When her brother returned from visiting her after her twins were born, presumably having photos on his body, paparazzi in Los Angeles swarmed him and they set off on a high speed car chase that nearly killed him. Jolie responded to this by releasing photos and donating the money. She couldn't win by demanding privacy when others were intent on invading her life.
What teens today are experiencing is a muted version of the celebrity lifestyle. Everything that they say, everything that they do is not only read by their close friends, but by all sorts of people who feel as though they have the right to look simply because the content is accessible. They have to deal with friends and schoolmates who want to be in their business. Meanwhile, they have to navigate adults, including both parents and college admissions officers. They're aware that they're being watched and they're absolutely petrified of "creepers" (aka scary older men). Furthermore, they're being watched by audiences that they don't even really understand yet - governments, corporations, and, more significantly, algorithms. Increasingly, they are being surrounded by digital paparazzi, ready to prey on their every move. But the practice of locking everything down so that they can't be seen is considered to be too onerous, the social cost too high. They want to be seen - just like you want to be seen at this conference - but they only want to be seen when it's appropriate and by the _right_ people. So they deal with the anxieties of surveillance even though they HATE it. But for all of the talk here about governments and corporations, let's not forget that what teens hate the most is being watched by people who hold immediate power over them.
Teens are fully aware of how difficult achieving privacy is. Many complain non-stop about the impossibilities of obtaining privacy at home, talking relentlessly about their parents who are always "in their business." But we don't give teens enough credit. They're creative and they use all sorts of tactics to achieve privacy, online and off.
Interestingly, the "privacy features" are usually the least reliable for teens. I don't care how "simplified" Facebook says those settings are, the teens that I'm meeting can't make heads or tails of what those settings mean. They read the notification at the top of the page that says that Facebook has taken extra precautions for minors and they hope that Facebook's settings are good enough. They've fiddled with the settings some but have no sense of whether or not they're doing the job. Luckily for Facebook, all that teens expect those settings to do is to keep out the "creepers." Teens have given up trusting Facebook to help them limit how far a photo can be seen or restricting access to a status update. The problems that they face are more systemic. No matter what tools Facebook builds, nothing will let them keep their mother from looking over their shoulder at home. And nothing will stop their ex-best-friend from re-posting a photo. And besides, from their point of view, somehow, people seem to be looking in which is why they're getting advertisements that are connected to their content because they don't understand how behavioral ads work. They are convinced their content is being read by people and they don't like it, but they don't know how to stop it. And it's too socially important to be in the place where all other teens are to worry too much about it anyways. So they stomach the surveillance and look for different tactics.
My favorite tactic that teens take can be referred to as "social steganography" or hiding messages in plain sites. Keep in mind that teens want strategies that allow them to manage "collapsed contexts." They want to be able to speak and be understood by those who are in the know without upsetting or alerting those who aren't. They have given up thinking that they can lock down the content so they're trying to find ways of locking down the _meaning_. In-jokes and song lyrics have become a form of currency, a way of speaking in code.
Let me tell you about Carmen. Carmen is a 17-year-old Latina living in Boston. She is close with her parents but doesn't believe that they need to know everything about everything that happens in her life. Still, she's close enough with them to be friends with them on Facebook. One day, she and her boyfriend broke up. The relationship wasn't working but she's still sad about it. Not suicidal sad, just normal sad. Whenever she feels moody, she posts song lyrics to Facebook. She uses lyrics to help her friends understand how she feels. But what's interesting is that she does it in a way where she know her mother can't read what she posts. On the day that she and her boyfriend broke up, she thought about posting sappy song lyrics but she decided against it because she didn't want to worry her mother. Instead, she chose to post song lyrics from "Always Look on the Bright Side of Life." Her mother didn't even realize the words were a song lyric, but her friends immediately knew the reference. This song is sung in Monty Python's "The Life of Brian" when the character is about to be executed. Carmen's mom posted a comment to Carmen's Facebook, believing that she was being supportive and loving by saying that she seemed to be doing really good. Her friends, knowing that was the wrong interpretation, immediately texted her.
Carmen is engaged in "social steganography." Her mother doesn't even realize that there's a message there. She's posted her message extremely publicly but in a coded way. She relies on her friends to decode the message and make meaning from it. For the last few months, I've been sitting down with teenagers and going through their Facebook news feeds with them. I did this with MySpace comments 4 years ago. What's different today is that I cannot even begin to decode the messages. In a four year cycle, teens have gone from posting public messages that are fairly transparent to writing messages that are primarily song lyrics, in-jokes, and other coded references. They've come to accept publicity and work around it. That is a radical shift in social norms.
This doesn't mean that all teens are nearly that sophisticated or that the messages that they encode are always interpreted correctly. I've met countless teens who have no idea what is being said by any particular message. Generally speaking, they assume that it's not meant for them. But, sometimes, they get nosy and try to investigate. And sometimes, their misinterpretations cause problems. In Massachusetts, 17-year-old Kelly was unhappy about her relationship but didn't have the nerve to break up with her seriously depressed boyfriend. To set the stage for doing so, she started posting morbid messages and unhappy "emo" lyrics to her Facebook. Her friends knew what she was up to and didn't call her on any of it, but a girl in her class that she didn't know very well took these messages to be suicidal notes and flipped out. Kelly was irritated because these messages weren't meant for that girl, but she had to deal with this girl's reaction all the same. Working out the meaning behind content isn't easy and just because teens are trying to use this as a mechanism of achieving privacy doesn't mean that they always succeed.
When misinterpretations happen among peer groups, they cause fights. But when misinterpretations involve structural power, we have a different problem on our hands. Five years ago, I received a phone call from a college admissions officer. She had received an application from young black man named Chris living in the South Central area of Los Angeles, a community known for serious gang warfare. She asked me a serious question: why do teenagers lie to college admissions officers when they can tell the truth online? The boy had written a college application essay about how he wanted to escape the gang-ridden communities in his hometown. The college admissions officer had gone to his MySpace and seen all of the gang insignias and decided that he was lying to her. I offered an alternative explanation: perhaps he needed to signal gang membership as a form of survival in his hometown? Just because we can see content online doesn't mean that it was meant for us. Or that it means what you think it means.
While I'm excited about what innovative teens are doing, it's also critical to recognize that there's a huge disparity among teen users. And a lot of it comes down to skill which is 100% linked to socio-economic status or privilege. Examining young people's practices, sociologist Eszter Hargittai has found that higher status teens are far more likely to be confident about their ability to manage privacy online. While she is mostly concerned with whether or not they have the skills to manage the actual settings, I'm seeing the same disparity among teens when it comes to innovative approaches to obtaining privacy. Highly coded messages - like the story of Carmen - aren't coming from just anywhere. It's the highly confident, privileged teens who are most commonly experimenting with encoding meaning through layered messages.
Part of what's shaping these dynamics has to do with audience awareness. Teens from more privileged backgrounds _know_ that their parents are lurking and have completely accepted the message that college admissions officers will read their profiles. They're expecting it and they're performing for them. I met teens who purposely composed their Facebook profiles with college admissions officers in mind. One teen crafted his photos page to look like the All-American teen. He had sports photos that made him look talented and friend photos that made him look popular and friendly. He knew that getting into a top school required looking his best and he used his Facebook as part of that performance. That is the marker of a highly privileged, highly strategic teen who has been taught to understand how to navigate adult worlds. And to manipulate them based on knowing what kinds of future students they'll like. While I see variations of this among elite teens, I see nothing of the sort among working class teens.
Social media isn't being used to even the playing field - it's being used to replicate pre-existing structural dynamics in a more public forum. All teens are being surveilled - by governmental agencies and corporations - but the teens who are developing strategies to cope are those teens who are responding to surveillance by people they see everyday - their parents. Most other teens only feel the surveillance when something goes terrible awry.
For all that teens are attentive to parents and college admissions officers and other "nosy" adults in their everyday life, few have any inkling of what companies are keeping about them or how this data can and is being used. It's not just teens that don't understand this; most adults don't get it. Some teens have started to figure out that what they write affects the ads they see - some even play games with this, writing silly comments or sending ridiculous emails so that their friends will get ridiculous ads. But they have no sense of the data portraits that are built up around them.
American teens believe that when they lock down the privacy settings on Facebook that they've made everything private. And they think that Facebook is protecting their account because they’re minors. They're actively worried about people that they know but they have no real conception of institutional authority. When I talk to people about Facebook, the only institutional authorities that come up naturally are college admissions officers, future employers, and military recruiters. These are the institutions that individuals try to lock out and limit access to. Most people aren't trying to lock out governments and corporations because they simply aren't in their mental model of how these things work.
Earlier this year, Facebook and privacy became a huge topic of concern, resulting in tremendous amounts of news coverage. Many people that I spoke with were really bothered by the news coverage, not fully understanding what it meant, but feeling like they shouldn't trust Facebook. This discomfort was documented in the American Customer Satisfaction Index where Facebook was ranked poorly. But when I asked users if they would quit Facebook, they repeatedly said that they couldn't. Note: _couldn't_, not wouldn't. As much as they didn't like Facebook's policies and didn't trust Facebook, the social cost of leaving Facebook was far too great.
Here's where we see an interesting issue when it comes to social norms and privacy. People may not like having their privacy violated or being in situations where they're being surveilled, but they will always choose social status and community over privacy. They would rather be vulnerable to more people and deal with institutions than to feel disconnected from their peers and loved ones. They don't like what companies are doing to privacy, but they don't feel as though they have a choice. They don't know how to object and opting-out isn't an objection that they're OK with. Opting out of social media, opting out of online communities is quickly becoming akin to opting out of society. Sure, there are always going to be people who go off the grid or people who can convince their friends to build communes run by different rules, but the vast majority of people will accept the status quo, not because they like it, but because the alternatives aren't worth it.
All of this is happening because privacy - and sociality - are tightly entwined in social media. Participation in Facebook is not as much of an individual choice as people think. Even if you opt out, people can still write about you, can still create groups about you, can still reference you in updates. You become part of the network regardless of your personal choices.
In discussions of personal privacy, we typically focus on the individual. But in an era of social media, in an era of user-generated content, privacy is no longer simply about the individual. Sure, we should continue to protect personally identifiable information and other individual data that we have always been concerned about. But there's a new set of issues emerging, issues that we've barely gotten our heads around, issues concerning networked privacy.
On all sorts of social media, people are uploading pictures of their friends and tagging them, talking about events that they're at with friends online, and leaving comments about family members that become visible to wide audiences. People have never had complete control over what others say about them. Try telling your mom to not tell her friends about you. But when your mom exaggerates your successes to her friends, she's not doing it in a place where your employer might see and object. There's normal maternal embarrassment, and then there are the moms who blog every detail of your life in gory detail.
Networked social norms have not stabilized. People are regularly disagreeing with their friends and family about what is acceptable to put online and what is too much information. But the networked nature of information production makes it painfully clear that personal privacy is not simply in the hands of the individual; it's located in the social dynamics.
And then there's relational privacy. Not only are people finding their digital personas constructed by the content that those around them produce about them, but they're also being constructed in their relationships themselves. In some sense, people are who they know. You can learn a lot about someone by understanding their friends. Through the "Friends lists" common on many social network sites, it's possible to access someone's social relationships. This can be used to evaluate someone as an individual or to better target advertising. But it means that there's no such thing as individual privacy when you can be located within a social network.
The market is currently using data mining and machine learning to develop complex models about people and networks. Over the next decade, we're going to see the development of ever-increasingly complex algorithms that boil people down to a set of obfuscated data points. Average people have no idea how this works or why they're getting recommendations or advertisements that are so deeply personalized. And while data mining presents amazing opportunities for innovation, it also presents new challenges for privacy. What's at stake is not just about personally identifiable information; it's about how algorithms judge individuals and define the social situation in which they are positioned. It's about how "personalization" is used to differentiate people and reinforce social divides. Understanding and having control over a social situation is essential to privacy. This is increasingly hard to do when embedded in networks.
This is where y’all have a unique challenge. People care about privacy even if they're engaging publicly. They're going to increasingly share information, information that makes it possible for them to be boxed in and algorithmic-ized. And they're sharing for good reasons. The social value of sharing is highly important. So the "solutions" to the privacy problem are not going to come from telling people to shut up and disengage. People are going to continue to expose information about themselves and about the people around them. And they're not going to rise up and challenge institutions that provide them with tools to socialize. But that doesn't mean that we don't have a responsibility to help them achieve privacy. As technologists, entrepreneurs, and policy makers, we all have a role to play in shaping the future of privacy. Addressing privacy in a networked era is not easy, but we all need to be working together to innovate and evolve so that we can help people achieve their privacy goals.
From my perspective, y’all makers should be focusing on four different approaches to address the privacy concerns that I’ve raised today:
1) Provide tools that allow people to make wise decisions;
2) Offer control and transparency around data and information flows;
3) Emphasize opt-in over opt-out models;
4) Focus on curtailing usage, not collection.
People make mistakes all the time, thinking that they understand the social context in which they're operating. Much of this can be solved by providing tools that allow people to fully grok how visible they are when they're interacting. Facebook has come a long way in trying to provide people with feedback about what is available to whom when, but it's still bloody confusing. Part of the challenge is that people don't think like computers. Computationally, we're used to thinking about access-control lists and groups. But telling people that content is available to "friends" or "friends-of-friends" is not going to provide them with an accurate understanding of the social situation.
I was talking with a teen about her privacy settings, which were mostly set to "friends-of-friends." In her mind, she wanted people that her friends trusted to see her photos and updates, just like she loved when her friends invited their friends along to social gatherings. I asked her if she allowed her mother access and she looked stricken. "Of course not." Then I pointed out that she was friends with her aunt who was friends with her mom and, thereby, her mom was a friend-of-a-friend. I feel badly for scaring that poor girl, but that example highlights how computer models don't match with mental models.
We need to innovate ways of being able to look out over a crowd online and have a sense of who can see what and how far the content flows. This is a technical challenge, but one that is extremely important for helping people wisely manage their own content.
Of course, it's not just awareness about friends that we need to concern ourselves with. People who participate in social media need to have a sense of who all is grabbing their content. And that's a lot trickier because it's impossible to know what public content is being scraped by whom and for what purposes. It's impossible to know what companies are doing with aggregate information or how data brokers are piecing together full portraits outside of our reach. While people are up in arms about Facebook, they have no idea what’s happening at the data aggregation and brokering layer.
I do think that companies that have data about consumers should be required to make that data available back to them. Consumers should have the right to know what companies know about them. And consumers should have a right to know who has the ability to access that data, including which employees and 3rd parties. When companies monetize user data, consumers should have access to the partners that the companies work with when they "match" data. They should have the right to know how the information is matched and what happens when they click on links. Don't get me wrong - most users won't bother looking. But transparency is key to accountability when we're talking about monetizing user-generated content. Hammering out the details of this is not going to be easy, but it's important that users who provide content have a right to that content.
For this very reason, it's also important that users have the ability to download all of the content that they've provided to private databases. If a company can serve user data, they can make that data available for download. This gets very tricky when we're talking about networked data but we should be moving towards best practices in this area, innovating ways of helping consumers have control over the data that they make available.
Speaking of control... when something goes from less public to more public, it always causes problems in terms of privacy. Companies shouldn't be able to opt people into more visibility without them understanding the repercussions of the move and explicitly consenting to the process. I fully recognize that increasing exposure allows for quicker uptake, but the cost of transition can be huge for individuals caught in the tsunami. We really need to be working towards a cultural dynamic where companies do not justify exposing people simply because social norms are changing. They're not changing and exposure is costly.
Finally, we need to shift from thinking purely about how data is collected to how it is used. A decade ago, database nation was primarily about data implicitly derived by companies. Today, most of the data that we're dealing with stems from user-generated content. Companies need to be keeping that data secure, but I also think that we need to focus on how data can be used and who can profit off of what kinds of use.
I think that we really need to interrogate the sale of data and to think about regulating who can sell what data for what purposes, especially in light of emergent technologies that allow companies to piece it altogether for profit. But we also need to think through what it means for people to use data just because they have access to it, at both a technical and social level.
Let's me ground this suggestion through one case study: employment. When applying for employment in the United States and many other countries, employers have the right to obtain certain information about you. They may be able to do a credit check or they may have a process by which they fact-check your application information. In each of these steps, you are informed that this is going to happen and, in some cases, required to sign a confirmation that this will take place. This serves multiple purposes. On one hand, knowing that your information will be checked encourages you to be honest. On the other, it turns an exchange of information into a formalized process that allows you to address any concerns.
Given this protocol, why should an employer be allowed to check up on you online without your knowledge? More often than not, they are using online content to assess your "character." What processes are in place for addressing misinterpretations of content that they find online? We all know that not everything on the Internet is true. This comes up time and time again when we're talking about journalism and the importance of news organizations. So then why do we think that what's online about people is inherently true? How do we provide structures that allow people to correct misinformation? As we face complicated issues like bullying, we're also going to see a lot of people's reputations sullied by others. And we see people misinterpreting what information is out there. People's ability to control their reputation is not entirely in their own hands. So how do we work to protect them from being violated by institutional surveillance?
Rather than focusing solely on what data can be collected, I'd argue that we need to think critically about what data can be used in what circumstances by people in positions of power. There's a long history of anti-discrimination laws that differ around the globe, but, generally speaking, employers are not allowed to discriminate against a potential candidate on the basis of their skin color or gender or other visible information that you can obtain during an interview. This is not a question of whether or not you can access this information - of course you can access someone's gender when they come into an interview. But you cannot discriminate against them on the basis of that information. In some countries, you are not allowed to ask about information like marriage status or if a woman is pregnant. What then does it mean if you can obtain this information online? Just because you can access it does not mean that you should be able to use it. Now, of course, we all know that this doesn't stop people from discriminating, but putting the structures in place helps keep many people honest and provides a legal framework for when discrimination does take place.
It’s also important to point out that any interventions – whether legal or technical – can have unintended consequences. I'm dealing with this right now. Today's teenagers have grown up with the Children's Online Privacy Protection Act (COPPA). As most of you know, the intentions behind COPPA were extremely admirable. Yet, those intentions were never communicated to the public. Parents across the United States are convinced that sites that restrict access to those over 13 are for mature audiences only because they can be unsafe. Some parents respond to this by forbidding their children from accessing the sites. Others respond with animosity. They want their children to have access to tools like Skype so that they can talk to their grandparents and they don't like technology companies telling them how to parent. For their part, kids have simply learned that they should lie about their age. In most households, it's parents who teach their kids to lie about their age. This gets further cemented when police officers come to school to give safety lectures, convincing children that putting accurate information online will result in them being preyed on by predators. COPPA has taught an entire generation that they should lie online. And not a single parent or teen that I interview outside of the technology world has any clue that the 13 restriction has to do with privacy.
Whatever approaches we take, we must evaluate our interventions and see if they meet our goals. And we must iterate accordingly. There’s no technical or legal silver bullet to social privacy. But one thing is for certain: if we let politics get in the way or if we choose to create interventions that are not grounded in social practice, our solutions will do absolutely nothing to help people achieve privacy.
Social media is complicating privacy in entirely new ways, but not because of radical shifts in social norms. What changing stems from the architecture level. Participation in a networked era means that people are exposed in entirely new ways. Interactions are increasingly public-by-default, private-through-effort. People will make an effort to keep personal and intimate information private so as to not be embarrassed or vulnerable in front of people that they care about. But we are not yet at a point where people have any model for thinking through what an algorithmic society looks like. People don't know how data about them and their interactions with others is being used to build data portraits. They don't know how algorithms are judging them.
We definitely need protections in this area, but we also need transparency. It's important that those who profit off of data help people understand what's going on so that they can start developing norms to manage their lives in a healthy way. When we talk about innovation, we can't just rely on technical or legal or economic innovations. We also need to promote social innovations. And that requires broad awareness.
People care about privacy. That's not going to go away. But we need to engage people in the process of developing privacy-friendly solutions for an algorithmic society. Social norms will evolve, but the value of privacy will not disappear. Rather, I’d expect to see it become ever increasingly important to people.