Facebook and the Social Dynamics of Privacy

Ed. Note: Boing Boing's current guestblogger Clay Shirky is the author of Here Comes Everybody: The Power of Organizing Without Organizations. He teaches at the Interactive Telecommunications Program at NYU, where he works on the overlap of social and technological networks.

James Grimmelmann of New York Law School has written a terrific essay on privacy issues and social networks services entitled Facebook and the Social Dynamics of Privacy.

Grimmelmann is trying to do nothing less than re-shape our attitude towards privacy on social networks, building an erudite and extensively documented argument that our framing of privacy problems, and most of the solutions we have in mind, are bad fits for social networking services.

There are no ideal technical controls for the use of information in social software. The very idea is an oxymoron; "social" and "technical" are incompatible adjectives here. Adding "friendYouDontLike" to a controlled vocabulary will not make it socially complete; there's still "friendYouDidntUsedToLike." As long as there are social nuances that aren't captured in the rules of the network (i.e., always), the network will be unable to prevent them from sparking privacy blowups. […]

Another reason that comprehensive technical controls are ineffective can be found in Facebook's other "core principle": that its users should "have access to the information others want to share." If you're already sharing your information with Alice, checking the box that says "Don't show to Bob" will stop Facebook from showing it Bob, but it won't stop Alice from showing it to him. […]

There's also another way of looking at "information others want to share": If I want to share information about myself — and since I'm using a social network site, it's a moral certainty that I do — anything that makes it harder for me to share is a bug, not a feature. Users will disable any feature that protects their privacy too much.

For me, the essential pair of insights in this paper are that a) our attitudes towards privacy are shaped by industrial norms — the individual vs. the corporation or the state — while on social networks, the most important class of privacy violations are in fact peer-to-peer and b) that these violations, when they happen, are a side-effect of the system doing what it is designed to do, which is to facilitate the spread of personal information.

The first challenge is re-shaping our sense of what a privacy violation means in the context of social network services, and the second is to accept that, since a full stemming of these violations is prima facie impossible, we need a new set of practices around minimizing them where possible and improving recovery from them where possible.

Because of the enormity of the head-shift required to think through peer-to-peer privacy risks, and because Grimmelmann has worked through the issues so carefully and thoroughly, I think this should be required reading for anyone thinking about privacy as it is actually lived.

Facebook and the Social Dynamics of Privacy