A Contrarian Stance On Facebook and Privacy

macslocum writes "Amid the uproar over Facebook's privacy maneuvers, Tim O'Reilly offers a contrarian view. He writes: 'The essence of my argument is that there's enormous advantage for users in giving up some privacy online and that we need to be exploring the boundary conditions — asking ourselves when is it good for users, and when is it bad, to reveal their personal information. I'd rather have entrepreneurs making high-profile mistakes about those boundaries, and then correcting them, than silently avoiding controversy while quietly taking advantage of public ignorance of the subject, or avoiding a potentially contentious area of innovation because they are afraid of backlash. It's easy to say that this should always be the user's choice, but entrepreneurs from Steve Jobs to Mark Zuckerberg are in the business of discovering things that users don't already know that they will want, and sometimes we only find the right balance by pushing too far, and then recovering.'" Facebook has confirmed it is working on more changes to its privacy policy in response to feedback from users.

In other words

[dreamchaser]

In other words, the end users should be the guinea pigs in a social experiment? I don't think so...

Re:In other words

[XnR'rn]

In my experience end users always end up as guinea pigs in real world testing, one way or ther other...

While it is bad, it is mostly inevitable.

Re:In other words

[sakdoctor]

It's easy to say that this should always be the user's choice

It should always be the user's choice.

Re:In other words

[ScrewMaster]

Democracy has often been described as a "great experiment". Throughout history it has never been tried on as broad a scale as this one.

It still hasn't been tried, and there's a reason for that. In spite of much Presidential rhetoric about "this great Democracy of ours", and general ignorance of the subject by many people, the U.S. is not now, and has never been, a democracy. That's because our Founders were some pretty smart cookies who understood very clearly that true democracy cannot be trusted to work on any significant scale. And why is that? Because they also knew that We the People could not be trusted to cast our votes in a way that was good for all of us, and that democracy often tends to devolve into mob rule. Even so, much of their planning revolved around how to give voters the tools to grasp the bigger picture: our educational system for one, freedom of the press for another. All that was intended to produce educated, well-informed voters who would cast their votes wisely. That worked reasonably well for a long time, but the cracks are showing

Unfortunately for any form of self-government, people usually vote what they think is best for themselves, and the design of our representative republic tried to take that into account. The fundamental problem with such a system is that (sooner or later) those duly-elected representatives start voting only what is best for them, and warp the political system to the point where our influence over their decision-making is minimized. That's the state of affairs in our great "democracy" today. Who will watch the watchers indeed, and when you consider the amount of damage almost three hundred million of us have suffered at the hands of those 434 people in D.C., well, it's tragic, really, it is. But it was we who let them corrupt our educational system, it was we who have accepted an unprecedented (for us) level of media control.

So far as Facebook et. al. go, it's one thing to try something new, to experiment, push the envelope ... but when you know up front that what you're doing is going to damage some number of your own customers, you really should take a step back. Facebook can't get out of this by claiming they didn't know what they were doing, that it was just an experiment. They've demonstrated that they don't give a damn about their users, and that means those users should also take a step back, decide if what Facebook has to offer is really worth it. That's good advice regarding online services in general, when you get right down to it.

Not So Much With The Internet

[WrongSizeGlass]

It's easy to say that this should always be the user's choice, but entrepreneurs from Steve Jobs to Mark Zuckerberg are in the business of discovering things that users don't already know that they will want, and sometimes we only find the right balance by pushing too far, and then recovering.

That's an OK philosophy for developing a product, but when it comes to personal data and privacy, once it's "out there on the internet" (either publicly or for sale by companies who sell to the internet), there's no getting the genie back in the bottle.

There is no recovering when it comes to personal data on the internet.

Re:Not So Much With The Internet

[mickwd]

That philosophy of his sounds exactly like bullying to me.

"Sometimes we only find the right balance by taking what we can get, and then backing off when a victim fights back".

Rapidly losing respect for this man. Shame - the books are (for the most part) great.

Re:Not So Much With The Internet

[Anonymous+Brave+Guy]

I came here to make exactly that point. On-line privacy is Pandora's box: once opened, you can never put whatever was inside back again.

There is merit in considering whether the status quo is really the way we want to continue. It is possible that our current views on privacy and sharing of personal data are unsustainable in the face of modern technology. It might be true that society needs to grow up and stop pretending everyone is perfect when they apply for a job, or that everyone accused of a crime probably did it just because of the accusation. Perhaps we do need to consider censorship and regulation of parts of the Internet, on a global scale, to protect minors from content they are not ready to experience yet.

However, if you're going to experiment in these areas, the way to do it is slowly and progressively, on a relatively small scale, and with well-informed test subjects who have volunteered in the full knowledge of what they are doing. There are parallels here with, say, researching nuclear power, or experimental tests of novel medical techniques. You don't start by building a power station big enough to destroy half a country if it goes wrong, or injecting your entire population with that new vaccine on the first trial.

Sites like Facebook, on the other hand, prey on the young and naive, and suck in as many people and as much data as they can, as fast as they can. But worse, as we have seen all too often recently, they are quite willing to make promises about privacy to those people one minute, and break them the next. There is no excuse for that sort of behaviour, and it's not some commendable way of "pushing boundaries", it's just abuse and should be penalised accordingly.

One comment I saw recently summed it all up: these are difficult questions, and it is going to take at least a generation to resolve them... not least because one generation has now given up any chance of ever doing so.

Re:Not So Much With The Internet

[Anonymous+Brave+Guy]

I agree except for one detail: just because the business nerds assign monetary values to everything, that does not mean the legal system has to. Throwing a few company directors in jail on criminal charges when their companies flagrantly infringe the privacy of others would probably be a better deterrent than some fine that is, again, just numbers on a spreadsheet that they pass to their legal and accounting people to deal with.

Re:Not So Much With The Internet

[drinkypoo]

There is no recovering when it comes to personal data on the internet.

Not for you, or for your neighbor who gets caught blowing the dog and ends up known far and wide as the dogsucker, but for the aggregate it's a perfectly valid concept. Right now we're finding out what is and is not acceptable in social networking. Frankly, since the bad guys can buy access to your information cheaply in most cases due to broad-based incompetence on the part of the gatekeepers, with "private" or even "classified" data being lost every day (at least on average) there's not as much to be lost as most people believe. The best response to this loss of privacy is to essentially eliminate it by not just giving trust to anyone who happens to know a lot about some person. Knowing my name, address, and SSN should not be enough to get credit in my name.

Security and Privacy

[farrellj]

First of all, security is not a destination, it's a process. You can never reach a destination called "security". Privacy is the same type of thing. You can never achieve privacy, only increase it, or decrease it. It's always a multi-point balancing system where things like ease of access, functionality, and popularity, among others, are balanced in regards to how they increase or decrease privacy.

Sure, I might be loosing a bit of privacy using Facebook, but really, none of the information that I post there is anything I would be afraid or ashamed of handing out flyers containing that same info on a street corner. If you are putting your phone number up on it, it is just like having a listed phone number in the phone book. Same goes for your address. Ever posted a resume to a job listing site? All of your employment history is there.

This is not to say that Facebook is blameless, but like any public forum, treat the information you post there as if you were putting it up on a clear and open page on the internet that anyone can read or find in a simple Google search, and you will preserve an important amount of privacy.

ttyl
          Farrell

Tim wants us to tell him why he's wrong

[UpnAtom]

So here it is:

1. Users do not know the boundary conditions until someone's privacy has been abused - if they're paying attention and understand the issue.

2. At that point in time, most users will have already shared too much - and once their privacy has been breached/sold, there's no undo button.

3. Users have to spend time demanding their privacy rights which may or may not be given.

4. We don't need to research where the boundary conditions are because once you know who's likely to access what information, it's not that complicated.

The only question here is whether Facebook et al have a duty of care to their users. Morally they do, legally they generally don't and, financially, they're best of selling as much as they can get away with.

Witness the clash, and hopefully the prelude to the exodus. If Google had their act together, they could clean up. Perhaps it's a good thing they don't.

20th century anonymity an anomaly

[michaelmalak]

Several years ago, someone posted an insight in a Slashdot comment (can't find it now) that ever since I have been expanding upon. That insight is that the 20th century is an anomaly. The 21st century is returning to 19th century tradition. One of the three particulars from that old Slashdot comment was that wearing time on your wrist was unique to the 20th century. In the 19th and 21st centuries, the time-telling piece is in a pocket.

Similarly, anonymity was unique to the 20th century. In the 19th century, due to transportation constraints, everyone knew who you were and what you did. Welcome to Facebook and the 21st century.

My expanded list is as follows (and apologies -- I don't recall which of mine are original, but I believe the original Slashdot comment listed only three examples):

1. Telling time Described above
2. Musician income. 19th century: Live performance. 20th century: Recordings. 21st century: Live performance due to the profit having been taken out of recordings, which in turn is due to near-zero cost to
3. Political discussion. 19th century: Numerous overtly biased newspapers and town hall meetings. 20th century: Few television and newspaper conglomerates; newspapers supposedly "neutral point of view", a Progressive Era invention, but in actuality rarely criticize government or large corporations. 21st century: Numerous overtly biased blogs, which provide for both publication and discussion
4. U.S. political parties 19th centuryFederalist/Whig/Republican vs. Democratic-Republican. I.e. Hamilton vs. Jefferson. I.e. centralized power vs. local power. 20th century Republican vs. Democrat. The Democratic Party got seduced by utopian Communism at the turn of the century and dominated the first half of the century. The Republicans in the second half of the century sold themselves as the anti-Communists and pretended to be for local power when in practice they were for centralized power. I.e. the choice at the ballot box was between fascism and communism. 21st century Ascendency of Ron Paul, Rand Paul, and other libertarians, due to the naked power grab by the Bush administration (and continuance by the Obama administration) and the power of the Internet mentioned above.
5. European Political Alignment 19th century Empires 20th century: Separate countries 21st century EU
6. Wires 19th century No need 20th century: Electrical, stereo, cable TV, and Internet wires everywhere 21st century: Everything is wireless now except for electricity, and even that is going wireless now through inductive surfaces for low-power DC
7. Money 19th century Gold standard 20th century Paper money not backed by gold 21st century Due to collapsing dollar, we will be back on the gold standard whether in a planned or an unplanned manner
8. Transportation and Land Use Patterns 19th century Walking, streetcar, and carriage. Buildings multi-level and close together to keep walking distances shorter. 20th century: Automobile. Buildings far apart to allow for parking lots and because the automobile supposedly provided for the best of the city and country in suburbanism, which instead ended up being the worst of both. 21st century Walking and streetcar are making a comeback, and "New Urbanism" projects that accommodate all forms of transportation without giving precedence to the automobile.
9. Education Ownership 19th century Private schools and private tutors 20th century Public schools 21st century: A million children are now homeschooled, and the numbers are growing.
10. Reading Pedagogy 19th century Phonics 20th century Whole word 21st century: Phonics
11. Catholic Mass 19th century Traditional Latin 20th century Novus Ordo 21st century: Traditional Latin

'Ol Tim is forgetting something important.

[fuzzyfuzzyfungus]

In politics, there is something referred to as the "Overton Window". Essentially, the range of policy positions that are considered "serious", "practical", "respectable", etc. This doesn't mean that everything in the window has a chance of being executed(the opposition party(s) for instance, are virtually always inside this window, and they often don't get what they want); but anything outside the window doesn't even need to be argued against. It can simply be dismissed as "extreme", "unrealistic", "out-of-touch", and so forth.

However, groups outside of the window, while they cannot get what they want(under the political process, nothing stopping them from just shooting some people), do have the effect of gradually pushing the window in one direction or another. I'm not sure whether this happens because people use frequency of hearing an opinion as a heuristic for its popularity, or because having an extremist to point to allows former extremists to claim moderate credentials: "No, my plan to privatize virtually every state function I can is wholly reasonable. Look at those crazy libertarians... Now there is extreme." "No, I just support solid common sense and common decency to our fellow citizens, I'm not a wacko like those communists."

In the case of "online privacy"(such as it is), Facebook's little two-steps-forward-one-step-back-I-apologize-to-anyone-who-was-offended game is playing out an essentially similar dynamic. Every time they do something extreme, the new "moderate" position they "retreat" to is just a little bit further in the direction they want. They aren't just feeling out public opinion, they are working to shape it.

Re:Missing the point

[Alwin+Henseler]

And when we decide who we want to share data with, we dont want the company just deciding since it's Tuesday they can change their policy and go ahead and share^H^H^H sell our info anyways.

Perhaps a simple rule could be that users/customers would have to agree explicitly with any changes that would violate previous policy a user said "yes" to. And make it a criminal offence (as in: go to jail) if you ignore that rule - especially for large numbers of users.

For example, if a user previously agreed to a privacy policy that says "company will not share personal facts X/Y/Z with 3rd parties", then any policy change that would share personal facts X/Y/Z with 3rd parties (read: less restrictive in terms of sharing) should require additional, explicit approval from that user. No user approval for the changed policy -> no use of the less restrictive policy (at least for that user). Use of the less restrictive policy without explicit user approval -> criminal offense. With penalties etc. to be applied to the companies CEO's, not the techies implementing those changes. Same thing for new features that share data beyond what the user previously agreed to.

Why? Many sites have this "check back regularly on our privacy policy page" disclaimer, which is BULLSHIT. You have private data kept by many, many companies, and it is just unreasonable to expect people to re-visit privacy policies (or privacy-related user settings) on all those companies, let alone on a regular basis - and detect policy changes. If you change policies, ask users if they're okay with that. While waiting for a "yes", assume they're not. Ignore that -> face severe penalties.

No, we don't have to give up privacy.

[Animats]

Let's go through this guy's arguments.

• We give up our location in order to get turn by turn directions on our phone. If you get a standalone GPS for your car, you have a receive-only device that doesn't give up your location. So it's not essential that your phone "give up your location". That's a decision the phone vendor made, not something inherent in the technology. There's no fundamental reason that the "assisted GPS" system used in cell phones has to have location info available on the server side, either. There's enough CPU power in cell phones now to run the entire GPS algorithm locally.
• We give up our payment history in return for discounts or reward points. This is getting completely out of hand. There's now a "rewards" program connected to medical insurance. This area needs regulation. There's some sentiment in the airline industry for getting rid of "frequent flyer" programs, if only all the airlines do it at the same time.
• We give up our images to security cameras equipped with increasingly sophisticated machine learning technology. No, we don't "give it up", it's taken from us. It's not a transaction, it's a mugging. If we want that to stop, one way is to hook up face recognition software to as many cameras as possible and track politicians, then put it on a site like "wheresmysenator.com". Or "copwatch.com". That will get some action.