My data and having it my way

Quoting Burger King slogan “having it my way”, last week was a flurry of announcements, arguments, and personality clashes among tech pundits discussing, or rather arguing, the implications of user privacy following announcements from 3 big companies, MySpace, Google, Facebook, each announcing remarkably similar data portability features. I won’t belabor the details of each announcement because they have been covered in great details.

A controversial thing that came out of the announcements is Facebook blocking access to its users data from Google Friend Connect. The official reason cited by Facebook is that Google Friend Connect violated their TOS with regards to respecting their users privacy. IMO the real reason, as pointed out by several tech pundits already, is that Facebook wanted to continue to wall in their users data while conveniently citing the TOS privacy concern as the reason to block access.

What transpired afterward is even more controversial as several tech pundits, Steve Gillmor, Sam Whitmore, Marc Canter, Dana Gardner, Mike Arrington, Mike Vizard, Robert Scoble, self-invited guest Chris Saad (Gillmor’s words, not mine), weighed in about user privacy in general, and really ripped into each other at a Gillmore Gang conference call. You can read related posts on the subject at

Arrington and Scoble duked it out here Data Portability: It’s The New Walled Garden and later on in the Gillmor Gang conference call. I have also seen similar mulitiple discussions raised at DataPortability.org without any conclusion.

Details notwithstanding, I had a epiphany about user privacy while trying to sort through the numerous and different opinions about what constitutes right and wrong user privacy controls. It dawned on me that user privacy is a personal and individual thing and is also dependent on the context of usage. IMO, this means no one can or should tell me what I consider private or not. Hence it is not meaningful to define a universal bill of rights for user privacy that works for everyone.

Let’s take the hotly debated example between Scoble and Arrington. Arrington’s position is that his data is his data and he should have the ultimate control over how that data is used which includes the ability to stop someone like Scoble with whom he has shared his email with to not use it on 3rd party services like Plaxo without Arrington’s explicit permission. Scoble’s counter argument is that once Arrington shares his email that he has given implicit permission for Scoble to use it elsewhere. He cited the examples of adding Arrington’s email to his Gmail and Yahoo mail accounts so he can email Arrington from either email account and Arrington has no issue with that. However, Arrington has an issue if Scoble wanted to expose Arrington’s email to a 3rd party service like Plaxo which according to Arrington has a tendency to spam people. If Scoble doesn’t care that Arrington use his email on Plaxo, then that’s Scoble’s right to not care, but if Arrington has an issue with Scoble using his email on Plaxo, then that’s Arrington right to care. Note that Arrington’s reaction is context based because he has no problem with Scoble adding his email to Gmail and Yahoo accounts, which brings me back to my point about user privacy being a personal and individual thing and is also dependent on the context of usage.

So how does this translate to implementing the right user privacy controls. IMO, a service should implement privacy controls ranging from air tight to I honestly don’t care who sees and uses my data along with a set of sensible defaults, e.g.,

  1. I am a private person and I want to explicitly approve every use of my data, WARNING: this might result in excessive permission requests but it’s what you asked for, think Microsoft Vista User Account Control feature.
  2. I am ok with sharing some but not all of my data with my friends and the world. Here’s where the sensible defaults come in, the challenge is to define a set of sensible defaults that makes sense for a particular service but needs to be contextual aware or requires contextual approval.
  3. I love attention and frankly don’t care who sees and uses my data. WARNING: you might regret this later on when you run for the post of US President or mayor when there are bikini pictures of you on the web but that’s a risk you accept.

I suspect most users will pick option 2, and that’s where the real fun begins, defining sensible defaults for each service while allowing for contextual awareness or approval. It’s interesting to note that in his post on How SHOULD dynamic privacy work?, Marc Canter also mentioned the need for privacy controls to be contextual aware although his example is different than mine. I like my example better =)

Disclaimer
The above perspective is offered purely, and selfishly, from a user’s point of view without consideration for why big companies like MySpace or Facebook would want to provide free service and making their users data fully portable, hence loosing a competitive advantage. Does a service have a right to users data for providing free service in return, I think so. However, if the industry mindshare is moving towards making data portable, big companies are forced to go along so they don’t get left behind and that is exactly what Google, MySpace, Microsoft, and Facebook did though with varying degrees of data portability but it’s a good start.

One last thought, I believe it is Gillmor that posed this argument, when you sign up for a free service and agrees to their TOS, you have agreed to the terms that they laid out regarding usage of your data, so it’s a done deal and you have to abide by the terms you agreed to. First off, to be realistic, very few people read TOS in its entirety, if you do, you are in the minority. As they say, the devil is in the details which you unwittingly agreed to without reading in full because TOS are designed to be purposely mind numbingly boring and unnecessarily long to discourage a user from reading it in full and providing CYA coverage. And even if you read it in full, it’s not easy to decipher the legal jargon thrown in for further confusion. IMO, while this is technically a correct argument, it is not an effective argument.

10 Responses to “My data and having it my way”


  1. 1 Pat Hawks May 20, 2008 at 3:07 am

    About TOS…
    Remember Beacon? Totally within Facebook’s terms, but since it made users uncomfortable, people spoke out and Facebook backed down.
    While we can’t assume that companies will *always* give users what they demand, we can be sure that companies that consistently violate implicit user trust won’t last too long.

  2. 2 Franco Folini May 21, 2008 at 3:46 am

    I’m new to the Data Portability discussion and may be proposing something that has already been widely discussed.
    My impression is that Data Portability is presented mostly from the “website” point of view and less from the end-user point of view. Data portability seems to be about making easier for a social network to steal users from another social network in a fair and user-controlled way. I believe there can be a different way to approach data portability. As an end-user I would have to have access to a “big-picture” of where my data is, who is accessing it, and I would like to be able to turn the access ON or OFF for a website with a single click.

    To create this kind of “total-user-control” I would like to “elect” one website to the role of my “data controller”. A data-controller doesn’t need my e-mail, my pictures, or my phone number. A “data controller” hosts only the info about who can use each piece of information. Let suppose I’m electing MyData.org as my data-controller. On MyData.org I can define that Yahoo and Facebook can use my e-mail, while only Facebook can also use my pictures and videos. I will also define my default privacy level (for example based on the levels you proposed). If a friend of mine shares my contact info with Plaxo, Plaxo will have to check the permissions against my data-controller and as as they receive the authorization, Plaxo will appear on MyData.org control panel.
    From the “control-panel” I will be able to turn Plaxo off with just a click.

    Data-controllers could be hosted by anybody (in a way similar to OpenID). Even by Facebook, Yahoo, Foldier, or Plaxo. When one of my friends moves my contact info from one website to the other, the destination website will receive along with the data a sort of permission-descriptor that states who is my data-controller. The receiving website will be in charge of checking my privacy policy on my data-controller and of notifying the same data-controller before storing my info on their servers.

  3. 3 Jim McCusker May 21, 2008 at 4:06 pm

    Franco,

    You’ve got the right idea and I agree with where you are going in your analysis. I’ve always believed that DP would require external data-controllers that followed established standards (eg. OpenID). Also, I think you need to expand beyond the centralized view of control when it comes to how data can be used by sites consuming your data. Having to pre-define who can see what data is unnecessary in my view.

    Think about it in real life, if I give you a piece of information (eg. my email address) and I say to you “please don’t give my email out”, you’ve essentially established a data distribution rule.

    Now, convert this to a centralized DP data-controlled. In my idealized world of DP a user would log into a site like Facebook using their OpenID. After authentication the OpenID provider would pass back the data-provider’s address to Facebook and Facebook would present a form detailing the data they would like access to (eg. Name, address, email addresses, contact list, photos, blogs, etc).

    Now here’s the key…

    Next to each data item the user would indicate
    1) If Facebook had access to read the data
    2) If Facebook had access to update the data
    3) If Facebook had access to share the data with other FB users
    4) If Facebook had access to share the data with external sites.

    Essentially, it turns into a huge security management issue. I think Scoble doesn’t fully appreciate people’s need for privacy once they give him information. But in his defense, people need to communicate clearly with Scoble to tell him exactly how they can use their data. If I walk up to Scoble on the street and give him my email address and say nothing more, there’s no implied contract that he should not share that email. So as far as I’m concerned, data given without user-imposed rules is totally free to use by the entities receiving it.

    We can only really settle the debate once data is managed by an agreed to data-controller in which sites (Facebook, MySpace), and people (Scoble), agree to the terms of use.

    Perhaps this is too idealistic, but it seems like the proper approach.

    Comments??

  4. 4 Bob Ngu May 21, 2008 at 4:27 pm

    @Pat, agreed.

    @Franco,
    Thanks for your comment. The proponents of data portability firmly believe in end user privacy and rights, not the website. The basic idea is that a user should have control over his data and use it on any site without have to re-enter the same information time and time again. I can see though why you think this makes it easier for a social network to steal users from another social network in a fair and user-controlled way. One of data portability’s goal is educating and/or rather trying to convince social sites that focusing on providing valuable service is the competitive advantage rather than keeping users data walled in.

    Your idea of a “data controller” is interesting, essentially it acts as the gateway controlling access to your data but yet doesn’t hold the data itself. However, you would still need to host your data somewhere, right? In a way, this is what OAuth provides, the ability to let you control access to your data but not to the level that you described plus it isn’t a standalone service, at least not that I am aware of, could be an opportunity :)

    In order for this to work, all participating sites have to implement support for the privacy mechanisms and abide by them. One concern is that it only takes one bad site to violate privacy by making copies of the user data and not respecting the privacy for further distribution to other sites.

    In general, it’s an idea worth exploring further.

  5. 5 Bob Ngu May 21, 2008 at 5:00 pm

    @Jim,

    Good thoughts. I still think there needs to be a way to make the privacy control more context aware. For example, simply having the option for you to specify if Facebook is allowed to share the data with external sites isn’t fully context aware, e.g., Arrington might barf at sharing his email with Plaxo but doesn’t mind sharing his email with another service like say FireEagle. If Arrington checks yes for the option, then all sites will get his email, if he checks no, then no sites will get his email. Perhaps there need to be another option that says “ask me for permission”?

  6. 6 Jim McCusker May 21, 2008 at 5:10 pm

    @Bob

    Exactly. I obviously wasn’t trying to write a specification, but my thoughts are that permissions are always requested from the data-controller. In my opinion thought I think the data-controller would also host your data, not just your permissions, otherwise the user would have to either re-enter the data (which is error prone, annoying, etc) or carry their data with them (via browser plug-in’s or 3rd party sites that hold the data). Regardless, the data needs to be hosted somewhere that’s easily accessable so my thought is to host it at the data-controller site. Some may argue that this just creates a walled-garden, but not really since the data-controller isn’t really a destination (at least, it shouldn’t become a destination!)

  7. 7 Bob Ngu May 21, 2008 at 5:40 pm

    @Jim,

    Agreed, the data needs to be hosted somewhere, that’s the same question I posed to Franco. And you are right, if that happens, it could be viewed as another walled-garden. If the data controller isn’t a destination site, it will be a challenge to get average users to migrate their information there because I just don’t get the feeling that this level of privacy is that important to most users. Most users are far more interested in the social features provided by destination sites and would happily keep their information there despite privacy concerns.

    I wrote a post on a stealth startup, Chi.mp, that is relevant to this discussion. Chi.mp has an interesting angle by allowing each user to host his profile and social graph information in his own domain and allowing the users to take the data with them if they wish to use another service provider. The post is here

    http://ungeekdapo.wordpress.com/2008/04/26/master-of-my-domain/

  8. 8 Bob Ngu May 21, 2008 at 11:21 pm

    @Jim, Franco,

    Sharing a couple of relevant posts to our discussion, the first one is from the Chi.mp’s blog, so maybe conflict of interest but still worth a read IMO

    http://www.ownyouridentity.com/2008/04/08/we-don%E2%80%99t-need-url-centric-identity/

    This is a thread started by someone in DataPortability.org

    http://groups.google.com/group/dataportability-public/browse_thread/thread/9bc9be257eb28c33?hl=en

    Great discussions so far.


  1. 1 Marc’s Voice » Blog Archive » What Facebook SHOULD do Trackback on May 20, 2008 at 6:25 pm
  2. 2 Time to define open privacy standards? « Ungeek DaPo Trackback on June 23, 2008 at 8:03 pm

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s





Follow

Get every new post delivered to your Inbox.

Join 47,453 other followers

%d bloggers like this: