August 31 , 2007
ContentsThe Privacy
Non-Principle:
Privacy is too squirrely for principles. We need to keep it difficult. |
Required Plug for My New BookLook, none of us like this, but you know we have to do it. So let's just get it out of the way. I have a book out. It's called "Everything Is Miscellaneous." Here's the blog about it: www.EverythingIsMiscellaneous.com. And here are the reviews. Now just clean up your room and eat your sprouts, and you can go out and play. |
The Privacy Non-Principle
|
A couple of weeks ago, I participated on a panel on privacy and anonymity at a session at the Berkman Center. We took as our text Privacy in Atlantis, a dialog by Jerry Kang and Benedikt Buchner in which counselors to the benevolent queen of Atlantis discuss recommendations for a privacy policy. Atlantis is presumed to be the US in terms of values, norms, and economy. As a result of reading that article and the discussion at the session and afterwards, I realized my recommendation would be that Atlantis not have a policy on privacy. I also realized I'm more confused about privacy than I'd even thought. Part of the confusion is due to my thickness on the topic. But some of it is inherent in the topic itself, which should (I think) affect our privacy policies. So, prepare for a foundering, thrashing, unsatisfying article... |
I. Information and the generalization of privacy
The concept "privacy" covers everything from the highway authorities recording every quarter you throw at a tollbooth, to people tagging Flickr'ed photos of you with your pseudonym, to not asking why a friend is out dancing with someone other than his/her spouse. Privacy, like love and meaning, is a single word that covers wildly disparate cases.
It didn't used to. Back before the information age, privacy had a fairly well-defined set of applications. It covered what authorities could ask about you, and acts you wouldn't feel comfortable performing in the middle of a skating rink. But now it applies to wherever there's information. And nowadays, everything is information.
Digression: There's definitely been a change in the meaning and use of the term "information" over the past twenty years. In the late 1980s and early 1990s, when I was working at a company that was one of the inventors of document management, we couldn't figure out how to talk about the broad range of stuff people put in documents. "Information" was obviously the wrong term because that's what databases handled. At least at the time. Now most of us would be quite comfortable talking about the content of documents being information. In fact, if you walk down the street without a paper bag over your head, we now think you're emitting information about yourself. And if you do put a bag over your head, that's information, too. We've given "information" the sort of breadth formerly reserved for terms like "experience" and "perception." Although "information" has snuck into our epistemology and our metaphysics, it is not a well-formed notion, except in the Shannon-Weaver mathematical sense that we don't mean 99.99999999% of the time when we talk about information. Pervasive and poorly defined ... that's how we like our terms! (Arjan Vreeken has written a scholarly history of information. Paul Starr talks about it also, in his remarkable The Creation of the Media. On the other hand, if you want to see "information" stretched to its limit, see the time line Geoffrey Nunberg did for the Encyclopedia Britannica.)
If everything is information — or if information is coextensive with experience — then we have a steady stream of data that we can either allow people to access or not. It thus seems that all of our experience has to be public or private, just as we have to decide what files we're going to let other people on our network see. We therefore need a guiding principle to help us decide which information gets let out in the sun and which we keep indoors behind drawn curtains.
But, our experience is inexplicable if we think of it as an undifferentiated stream of mere information. Information is reductive, not foundational. Rather, experience occurs within social forms and institutions, so that a wave from a friend across the hall is different from a wave from a cop across the street, which is different from a wave from the Queen of Atlantis as her motorcade goes by.
Privacy is even more situation- and institution-specific than are friendly waves. In fact, we differ about privacy along cultural, class, and generational lines -- see danah boyd's fascinating work on what privacy looks like to the MySpace generation. Also, drinking seems to make a difference. (A favorite headline-without-a-story from The Onion: "Girl Gone Wild Actually Just Regular Girl, Only More Insecure and Drunk").
Indeed, the whole metaphysics is screwy. The social realm doesn't pre-exist the acts of making public and private. As many have pointed out, our social network is not just described but constituted by the intimacy of sharing, and by the limits we place on that intimacy. "Letting you in on a secret" creates or solidifies a friendship. Inviting you to see me at home changes an office relationship. Making public and private isn't something we do within the social realm; rather, they make the social realm.
It thus seems unlikely that anything like a principle could possibly apply to how we decide what to make public or keep private. We can't even come up with prima facie principles for this. Something is prima facie good if you don't need a special justification to do it, but you do need a justification to do its opposite. E.g., you don't need a special justification to tell the truth, but you do need one to lie. This is helpful because it acknowledges that there are times that lying is justified, while still giving truth-telling its moral due. But the prima facie doesn't much help with the question of privacy. Do you need a special justification to keep things private? It depends. You need a special justification for walking down the street with a bag over your head, but you don't need one to refuse to point out to a stranger which is your bathroom window and exactly when you like to take showers. Likewise, do you need special justification to make things public? You do to strip naked in public, but you don't to put on a name badge at a conference. We are too insanely social for a general principal of privacy to work even prima facie.
Even the general privacy principle that individuals should be able to control how much of their privacy they want to give up doesn't work as a principle. Although it sounds good, we don't really believe it. You don't control how much of your naked body you're allowed to show in public. It'd be rude to refuse to give your first name to someone who asks at a party. You don't own the right to hold back your year of birth when buying beer. You can't refuse to be patted down at the airport when they notice a lit fuse sticking out from under your coat. The putative principle instead must be that individuals should be able to control their private information as appropriate within particular domains. But, then, how do we use this principle when facing particular issues in particular domains? That maintaining privacy is generally to be preferred? But that would make us into a society of hermits. In fact, we could just as easily maintain that being public and open is generally to be preferred. The principle gives us nothing.
So, the Atlantis' article's premise turns out to be misleading. The counselors are supposed to make a recommendation to the Queen about privacy in general. But privacy depends on the specifics. It varies wildly by domain. And the line between the public and the private is not a property of social interactions so much as a foundation for social interactions.
II. Privacy as hurly burly
But all of this is beside the point. In the digital world, the privacy advocates have particular cases in mind. They are thinking about government snooping, online stores sharing data about what you've bought, and medical insurers checking your genome for tire tracks. Within domains such as these, we certainly can have policies. You should be able to control whether the company who sold you the Swedish Organ Pump can pass your email address on to Nigerian Inheritance Surprises, Ltd. I'd be happy to have the Queen establish rules prohibiting commercial data sharing without user permission. I suspect you would be, too.
The question is why.
Even within the realm of commercial transactions, the privacy principle — people ought to control the information about themselves, because privacy generally is to be preferred — is tough to apply. The concept of "necessary" is fluid. If a vendor demands the last four digits of your social security number as an extra security measure — it's always for your protection, people — is that necessary? How about a zip code? How about an email address so they can let us know if there's a product upgrade or recall? To a large degree, it's a matter of norms. And the norms have shifted already. We routinely give vendors lots of "unnecessary" information. I defy you to find one person in a hundred who expects an online store to wipe clean its memory of our purchases after a week or even year. Not one in a hundred knows or cares that the site is recording our stream of clicks. We don't expect online sites to have the attention span of a vending machine.
So, strictly speaking, trying to pare the information-gathering to what's necessary is a lost cause because the "necessary" is a matter of the very norms that are shifting. The real battlefront is centered on the next set of extensions of data gathering, retention, and sharing in which large organizations start to put together information about us from all over the place. And that's a worthy battle. But it's not going to be resolved through an appeal to a privacy principle. We're going to fight for rules restraining information synthesis not because of principle but because it makes us feel icky.
We're going to rise up against insurance companies getting access to our genetic tests because it outrages our sense of fairness that someone born with a propensity for a disease should be barred from coverage for that disease. We'll write to our Congresspeople to make it easier to find and harass the sex offenders in our neighborhoods because our fear will overwhelm our "respect for privacy." We are not going to be able to define the line we draw by means of a principle because we do not blush out of principle.
III. Keeping identity hard
I'm finding it difficult to know what to conclude from the failure of principles in the privacy debate. Here are some thoughts.
a. While I believe privacy overall is hugely complex, within the confined circumstances of doing a transaction with an online merchant, there are good reasons to push for a code of conduct. That's why in 2003 I suggested (and was hardly the first or only person) that vendors take what I was calling the "You First" pledge. Codes are not principles, however. We resort to codes when norms are not settled. In this case, the code would be within a narrow enough domain that it'd make sense.
b. When privacy looks like a single thing subject to clear principles, it's tempting to want to build a single solution to support those principles. That is one reason, I believe, that we are willing to listen favorably to proposals for a new identity layer or infrastructure. In its best incarnations, your identity information would be completely under your control, it would not be centralized in any one place, and it would let you give out information about you without always tying it back to the living, incarnate you in the real world. This is far, far preferable to the worst-ever proposals for a government mandated, centrally managed ID.
But, while the best-case ID systems prevent totalitarian abuses by putting up a user-controlled firewall between multiple online identities, and between those identities and the physical person at a physical address -- huge advantages over the likely alternatives -- we still should be worried about what life might be like after sites can take for granted that their users all participate in a standardized identity system.
c. How do we decide if this prospect should worry us, delight us, or both? If we give up on being guided by principles, then we have to look to an assessment of possible outcomes. That means we should be concerned by Brad Templeton's law : "If you make something easy to do, it will be done more often." Brad continues:
The easier it is to give somebody ID information, the more often it will be done. And the easier it is to give ID information, the more palatable it is to ask for, or demand it.
Being required to list all of your purchases at all other sites over the past six months is currently not just intrusive, it's also a pain in the butt. If it becomes as easy as pressing a button so a vendor "may serve you better," many of us will. That's predictable. The software will change the norms.
John Clippinger, a friend, Berkman colleague, and the author of the excellent A Crowd of One, objects that Templeton's Law isn't really a law (and Brad isn't seriously suggesting otherwise), so we have to think about whether it actually would hold in this case. It's hard to tell, but I think it would. Right now, in the real world and online, we do not have to identify ourselves to buy stuff. We can pay by cash. Even if we pay by credit card, the card doesn't identify us to the merchant as this or that person living at this or that address. Because of Templeton's Law, I think it likely that online vendors will ask us to identify ourselves "for our own security." It'll be way easy to do, so we will. As the commercial norm changes, the temptation will be to change it on non-commercial sites. Want to comment on a blog? First you have to identify yourself. It's easy! Some look forward to the death of anonymity. I fear its social and political consequences. (See here.)
We can't know if this will happen for sure. It is cause for worry, though.
d. The strongest argument from the pro-infrastructure folks, in my opinion, is in fact that we are going to get privacy ripped out of our hands by hostile forces, so we should be working for the best version, which is one that gives users control over the information. (See Kim Cameron's Laws of Identity.) This is a practical, political argument, as it should be. Yet I'm on the fence about it. On the one hand, if I were given the opportunity to try to persuade Congress or the major economic players, I'd want to present the case for keeping identity difficult and anonymity the default. On the other, I'm happy to have people who share many of my concerns presenting a plausible alternative to the identity schemes being created by the government and economic giants who don't actually care much about the social benefits of privacy and anonymity. Ultimately, I think we need both arguments to be pressed simultaneously. It's a contradiction, but we're talking politics here, a realm that wouldn't exist without contradiction.
e. There is, however, another solution, one that acknowledges that privacy is a manifold and complex social relationship. It suggests a code of conduct for retail operations, while understanding that there may be good reasons for some operations to disregard elements of that code, especially as retail is transformed, transgressing the old lines between merchant, customer and market. Nevertheless, before a retailer casually decides to gather data about us, the retailer should recognize that there are prima facie reasons not to do so. Meanwhile, we enable sites to come up with their own ID requirements and techniques. As a result, we end up with solutions that address the nuances of each case. And, yes, it is basically what we have now.
This makes it harder for customers and users. You have to manage your identity information at each site you go to. Good! Giving away your privacy ought to be a little hard. And if you don't want to do all that typing, you can get software — I use RoboForm on my Windows PC— that auto-fills forms.
Such a solution isn't simple. Neither is privacy.The solution ought to be as local, nuanced, and difficult as the multiple norms of privacy themselves are.
We will preserve privacy by maintaining the sense of ickiness and outrage.
We will win — well, I doubt very much that we'll win — by keeping identity transactions difficult.
We will win by keeping identity and privacy as sore spots, even as the norms shift.
f. It is entirely possible that our norms are shifting deeply, and not just from a presumption of privacy rights to a presumption of publicity rights. Rather, privacy may be becoming not a matter of what information is recorded but what information others are allowed to pay attention to. Privacy = ignoring what you're not allowed to notice. (danah thinks about this in terms of expectations about who a space is for.) Just because you take an outdoor shower when the spy satellite happens to be overhead doesn't make you a nudist.
Ok, so that's a lousy way of putting it. Instead, consider the British public's acceptance of near-ubiquitous video surveillance cameras - 500,000+ in London alone. Nevertheless, people still have coffee with their adulterous lovers, thumb through inappropriate magazines, and pick their noses, because the more information is collected, the bigger the shadow of irrelevance it casts. Similarly, it's possible, and even probable, that we will continue down our current path and assume that vendors are capturing and sharing every bit of info about us that they can. We won't mind so long as they don't spam us or turn us down for medical insurance because we bought six diet books. This is not just a change in where we draw the line between the public and the private. It is a radical change in their natures.
If privacy issues can only be resolved in the hurly-burly of politics and shifting social norms, we're in for a rough time. But there's some protection and some hope in that very fact.
IV. Summary, in the form of a limerick
There once was a queen of Atlantis
unsure what rights to grant us.
Norms are so squishy
and principles artifishy,
And the icky's too tricky to plant us.
The Web as perpetual
embarrassment
I keep thinking that many of the problems of the Web are due to the lack of settled norms: We don't know how much personal information to expose, how aggressive and obnoxious we can be in anonymous forums, even what to do about linking to sites we're denouncing. Employers don't know what to make of prospective employees' college years' drunk FaceBooking. Citizens don't know how to take the exposure of every candidates' every infelicitous joke, each gleefully YouTubed.
Just wait. The norms will settle. We'll figure this out.
Maybe. Suppose we are never going to have settled norms on the Web. As more cultures get connected, we are promised an influx of divergent beliefs, values and practices. So, if we were all to agree tomorrow that, say, sarcasm on sites open to strangers is just rude, the day after that a million sarcastic Freedonian school kids might get their shiny new One Laptop Per Child portables. Perhaps all norms will be local forever and forever in flux.
Now that the local is global, the Internet may well exist in a state of perpetual embarrassment.
Middle World Resources |
|
| Tip
I've put off for years now the task of scanning in our albums of photos. Scanners are cheap and scanning is easy, but it's a pain in the butt. Then I had the sort of brainstorm that puts me a solid six years behind everyone else. I have a digital camera with more pixels than there are days in all of recorded history. Why not just take pictures of the pictures? And so, in 2034, when I finally get around to doing this, it shall go much faster than scanning in the photos one by one. |
Even if you happen not to find LibraryThing.com particularly useful, it's a place to watch just to see what Tim Spalding will come up with next. LibraryThing is for sharing the list of books in your personal library. You can sort them in a variety of ways, tag them, review them, and share all of the above. (The books themselves are not at LT.) Recently, Tim added "tagmashes," which allow you to specify an intersection of tags. Nothing unusual there, but LT treats the queries as if they were new subject headings. It's a simple twist, but it's also a clarifying one. And it's typical of how Tim is playing with the ideas behind the tech.
|
Are
hierarchical organizations hierarchies? Or: Why don't we salute our
boss?
A fellow at West Point who is also a student of psychology and social organization read an article in JOHO in which I wrote:
"In the Army, your rank couldn't be more explicit. You've got stuff sewn into your clothing denoting your precise position in the hierarchy. Thus, there's no need to joust, and teams can be more genuinely collaborative."
He sent me an email asking me if I think all organizations have the equivalent of rank. Are all organizations hierarchical?
Good question, especially in the face of those who point to the disparities in power, rank and role in online groups as proof that nothing has changed except the actors.
I don't think all clusterings of humans arehierarchical, unless you define "hierarchy" so broadly that it covers any time one person defers to another. A hierarchy worth the name ought to be a persistent social structure with well-defined and comprehensive power or status relationships, in which each node has exactly one superior node. We can loosen that up somewhat to accommodate the complexities of modern business, but that's what the paradigmatic hierarchy looks like.
Corporations have a legally-defined hierarchy that covers a decision-making process and the legal accountability of the system. But, even within that hierarchy, much of the work is done across and regardless of the hierarchy. In fact, many organizations in my experience are embarrassed by rank. The CEO talks about being just another worker. (See Jack Welch's "Jack: From the Gut" for an example of this.) Managers don't like to order people to do things; they'd rather pretend that we're all equals, working collaboratively. That's why we don't salute our managers in the business world. At least, not explicitly. Instead, we pretend to listen while they talk.
Organizations that aren't corporations may also have ranks and status systems, but that doesn't mean that it's right to characterize them as hierarchies. Wikipedia, for example, has an emergent hierarchy, but the hierarchy is there primarily to handle exceptions and problems. Likewise, it'd be a mistake (imo) to look at the open source movement, find the hierarchical elements ("Linus decides stuff!") and think that it's fundamentally a hierarchical movement. One could just as well find the collaborative, non-hierarchical elements and highlight those. Indeed, that would obviously be a better way of thinking about the open source movement.
So, yes, you can find elements of hierarchy in many or even most organizations (depending on how loosely you define it), but that doesn't mean that those organizations are usefully described as hierarchical.
Vowelers vs.
Consonantals
Last night in the video store, as I quickly scanned the shelves, I misread "Lonely Hearts" as "Honey Bears." When trying to remember Montana, I'm more likely to think of Topanga than Missouri. I can never keep Hamas and Fatah straight. "Monopoly" seems to me to rhyme, in an odd way, with "polo pony."
My brain prefers patterns of vowels to similarities of consonants.
So, I figure there's got to be a million dollar New Age or self-help book to be written based on this fundamental division of humanity. Men Are from Consonants. Women are from Vowels. Or maybe Drawing on the Vowel Side of the Brain or The One Minute Vowel Manager. Something like that. It would explain how vowelers are more open-minded and interested in connections, while consonantals are great at finding limits and are better at finishing projects. Spin up a whole psychology and sociology, and then maybe follow it up with a book called "Ooooooooo! How Businesses are Voweling to Success."
Waddyathink? A million dollar idea or what?
Editorial Lint
JOHO is a free, independent newsletter written and produced by David Weinberger. If you write him with corrections or criticisms, it will probably turn out to have been your fault.
To unsubscribe, send an email to [email protected] with "unsubscribe" in the subject line. If you have more than one email address, you must send the unsubscribe request from the email address you want unsubscribed. In case of difficulty, let me know: [email protected]
There's more information about subscribing, changing your address, etc., at www.hyperorg.com/forms/adminhome.html. In case of confusion, you can always send mail to me at [email protected]. There is no need for harshness or recriminations. Sometimes things just don't work out between people. .
Dr. Weinberger is represented by a fiercely aggressive legal team who responds to any provocation with massive litigatory procedures. This notice constitutes fair warning.
Any email sent to JOHO may be published in JOHO and snarkily commented on unless the email explicitly states that it's not for publication.
.
The Journal of the Hyperlinked Organization is a publication of Evident Marketing, Inc. "The Hyperlinked Organization" is trademarked by Open Text Corp. For information about trademarks owned by Evident Marketing, Inc., please see our Preemptive Trademarks™™ page at http://www.hyperorg.com/misc/trademarks.html
This work is licensed under a Creative
Commons License.