The Article explores possible interventions. It explains how regulatory solutions and market forces are themselves hindered by the the deficient privacy environment of Facebook and can’t solve all of its problems. This Article recommends renovating the design of Facebook to privilege privacy practices and proposes specific interventions drawn from the computer science and behavioral economics literature. It concludes with a message of cautious optimism for the emerging coalition of engineers, academics, and practitioners who care about privacy on networked publics.

The Article is a heavily revised adaptation of the thesis I conducted for Ethan Katsh and Alan Gaitenby at the University of Massachusetts, Amherst. If you’ve read my thesis (entitled “Saving Face”; title changed to avoid confusion with James Grimmelmann’s excellent Saving Facebook, recently published in the Iowa Law Review), then you’re familiar with the broad contours of the idea.

Losing Face, however, has been both greatly refined in its argumentation and noticeably reworked in its format (bah Bluebook) over the last year or so. I received invaluable feedback and assistance over the last from many people during this drafting process, including Helen Nissenbaum, researchers and interns at the Berkman Center for Internet and Society, but most indispensably James Grimmelmann, who helped me navigate the convoluted and mystified norms and logistics of the publication process.

I’ve posted a copy of the Article here and on BePress for further comment while it wends its merry way through the editorial process. This is a draft only, and should not be used for citation. I’ve endeavored to make all references as clear as possible, though some are not as clear as they will be in the final version because I haven’t nailed down all the infras and supras yet. If you have any questions, comments, or concerns about Losing Face, please feel free to drop a comment here or shoot me an email.

My revisions are mostly streamlining and refining the argument. I’ve also got to come up with a new name as Grimmelmann’s Facebook and the Social Dynamics of Privacy has been retitled “Saving Facebook” for forthcoming publication in the Iowa Law Review.

Below is excerpted a draft of my new introduction.

Everybody And Their Grandmother
On April 12, 2009, a college student named Rachel broadcast a distress signal out into the electronic ether. “my grandmother just friend requested1 me,” her Facebook status read.2 “no. Facebook, you have gone too far!”

It’s not intuitively obvious why such a simple request should bother Rachel so much. After all, Rachel and her grandmother are very close. She trusts her grandmother. She confides in her grandmother. She tells her grandmother “private” things. She is certainly closer to her grandmother than to many of her Facebook Friends. So what’s the big deal?

Rachel explains:

Facebook started off as basically an online directory of COLLEGE STUDENTS. I couldn’t wait until I had my college email so that I could set up an account of my own, since no other emails would give you access to the site. Now, that was great. One could [meet] classmates online or stay in touch with high school mates [but it]has become a place, no longer for college students, but for anyone. [About] five days ago, the worst possible facebook scenario occurred, so bizarre that it hadn’t even crossed my mind as possible. MY GRANDMOTHER!? How did she get onto facebook?…As my mouse hovered between the accept and decline button, images flashed through my mind of sweet Grandma [seeing] me drinking from an ice luge, tossing ping pong balls into solo cups full of beer, and countless pictures of drunken laughter, eyes half closed. Disgraceful, I know, but these are good memories to me. To her, the picture of my perfectly angelic self, studying hard away at school, would be shattered forever. 3

Rachel isn’t the only Facebook user facing this sort of social dilemma. Some members of the popular social networking site have been shamed,4 expelled,5 fired,6 and even arrested7 because of content posted by them or their “Friends” to the site. Many more have experienced less dramatic but quite uncomfortable social tensions that arise from unexpected encounters like Rachel’s.8 And all of them characterize these many and varied troubles to be problems of privacy.9

The most obvious and interesting question to ask here is why. Why do these problems occur? Why do members of Facebook regularly share such sensitive information with so many people? Why do they routinely underestimate the breadth of their disclosure and so poorly assess the risk involved? And, with all of these well-known dangers, why do users continue to flock to Facebook?

Some have argued that users of social network sites are members of a generation of exhibitionists who just don’t care about privacy.10 This viewpoint is completely contradicted by behavioral data11 and ethnographic accounts.12 Members of social network sites, as a rule, care deeply about privacy, and worry terribly about the sort of problems posed to Rachel and others. Any argument which presumes they “just don’t care” is counterfactual to its core.

Other analyses engage these social dynamics provide more credible explanations. For instance, Professor James Grimmelmann compellingly argues that users “have social reasons to participate on social network sites, and these social motivations explain both why users value Facebook notwithstanding its well-known privacy risks and why they systematically underestimate those risks.”13 Grimmelmann presents an exhaustive account of the social dynamics of Facebook, explains how these practices and norms give rise to privacy problems, and describes a number of policy interventions that mesh with the social milieu of Facebook and therefore might actually do some good.

Grimmelmann’s is far and away the best analysis of this phenomenon in the legal literature. It is a crucial component of a larger conceptual framework to explain privacy phenomena in networked publics. It is part of an ongoing conversation between jurists, behavioral scientists, and engineers about how to understand and approach privacy problems on social network sites.

This Article contributes to this conversation by exploring another critical and complementary part of the problem: the environment of Facebook. The environmental element of the Facebook privacy problem has been neglected in the legal literature to its detriment, as any study of privacy that does not engage the environment within which privacy practices occur is conceptually incomplete. Privacy and the environment are inextricably linked: the successful practice of the former depend upon the dynamics and heuristics of the latter. As the behavioral scientist Irwin Altman explained in The Environment and Social Behavior:

Environment and behavior are closely intertwined, almost to the point of being inseparable. Their inseparability says more than the traditional dictum that “environment affects behavior.” It also states that behavior cannot be understood independent of its intrinsic relationship to the environment and that the very definition of behavior must be within an environmental context…What is now called for [is] recognition that the appropriate unit of study is a people-environment unit.14

In other words, privacy is mutually constituted by the individual and her environment. They are interdependent variables: changing either input changes the privacy output. That is why an environmental analysis is so important: the physical world and Facebook have extremely different information architectures and so are necessarily different when it comes to practicing privacy.

Whereas Grimmelmann and many social scientists focused on the “people” part of Altman’s unit, I’m focusing on the “environment.” To that end, this Article conducts a complementary and comprehensive analysis of the privacy environment of Facebook, provides a conceptual framework for understanding how its information architecture impacts user privacy practices, and describes various interventions by markets, law, or code and why they are likely or unlikely to help.

Probably not. At least, that’s the answer suggested by the behavioral economist Dilip Soman. I subscribe to the podcast Arming the Donkeys by Dan Ariely. On last week’s show, Dan interviewed Dilip about “The Effect of Bracketing on Spending“, cowritten with Amar Cheema.

The basic finding of Soman and Cheema is this: portions affect consumption. Nothing new to dietitians, perhaps, but definitely new to economists. Soman explains that, ceteris paribus, your twin will eat less than you, because putting the same amount of popcorn into different bags creates “brackets” that contextualize consumption. There’s nothing to stop you from eating all of the giant tub of popcorn, but the tiny barrier of opening the bag makes you think about how much you are eating and gives you the chance to reevaluate your total consumption.

Soman and Cheema found the same effect held true with gambling. Roughly speaking, give a gambler an envelope with $X, or give them 10 envelopes each containing a tenth of $X, and they will gamble differently. According to Cheema, partitioning this way can reduce spending by 50%.

Now, what on earth does this have to do with my bank?

During my final year of college I lived off-campus with a group of friends. Because I was the most responsible of all my housemates (which really says more about them than about me) I was charged with handling the house funds. I opened up a new checking account with a separate debit card. Every month, each housemate would give me a $500 check. I’d deposit the checks into this new checking account to keep it separate from my personal checking account.

Here is why this matters: I was unconsciously subjecting myself to the bracketing effect by keeping house money in a separate account.

Let’s say I had $2500 in the house account and $2500 in my personal account. My statement would show that I had $5000 to my name. But, subjectively, I didn’t have $5000. Because half of that was kept in this separate shoebox labeled “house money”, I spent as if I only had $2500. The bracketing of my assets into two distinct categories – “house” and “personal” – made it easier for me to earmark my total assets and see where my money went before I spent it.

This is critically different from existing money management tools like Mint or Bank of America’s My Portfolio Service. Both use Yodlee, which lets you track your money, see where it is going, see what you are spending it on, etc. It is a great way to enhance the salience of your spending and realize that the $2 a day you spend on coffee in the morning adds up to an HDTV over the course of the year.

However, as far as I’ve seen them implemented, these tools only offer ex post facto analyses of your spending behavior, not ex ante bracketing of your assets. In other words, they help you understand where the money has gone after you’ve spent it, but they don’t help you see where your money will go before you spend it. In this sense, “money management” in a misnomer: Yodlee-based services are money trackers. They’re like the detective that helps you figure out where your jewelry went, not the alarm system that prevents the burglar from running off with it in the first place. This is useful but – and maybe I’m weird – I prefer prevention!

What I’d like to see from my bank is online banking software that provided true money management which leverages the bracketing effect without having to create a new account. Right now, when I log into my online banking, I see my checking account, with a (depressingly small) dollar amount next to it. When I click on that account, I currently see all my recent expenditures. What I should be able to do is  see, create, and manipulate ad-hoc envelopes or categories.

Suppose I have $5,000 in my checking account. That is a nice chunk of change, I say to myself – I can clearly go out and buy an iPod touch (with Flight Control of course)! I think this because I only see a $5,000 tub, and though I know I have to pay rent, save money for the holidays, and put away a little bit for that vacation I want to take next summer, I think that I can certainly spare myself a measly $200.

But suppose that when I clicked on that checking account I could see the constitutive categories I had created for myself. I would see that the $5000 I thought I had is mostly spoken for. I have assigned $1000 to rent; $200 for utilities; $500 for holiday gifts; $800 for LASIK; $250 each for food and car insurance; and $1000 more for that vacation. Suddenly, my $5000 has become $2000! Suddenly the iPod Touch doesn’t seem like such a good idea. I am perhaps more sad, but I am also less likely to overdraw or (worse) be forced to load up on my credit card come December.

Note that these are not new accounts, with the attendant legal, procedural, or administrative headaches opening a new account entails. Rather, these are bottom-up user-created taxonomies that exist within an existing account.

This is a perfect example of how behavioral economics can help everyone overcome those pesky and irrational cognitive biases. It would be easy to implement and  empower people to save or spend smarter. It could completely revolutionize the way people understand and interact with their assets.

Banks, credit unions, lend me your ears! Empower us with the bracketing effect. You may lose out on some overdraft fees, but you will gain a lot, including, if nothing else, my eternal gratitude. I’ll even buy you popcorn – in quart bags, of course.

I’m currently doing some work on cyberaggression for Urs Gasser at the Berkman Center. The Vogel case – quoted above – would seem to be a textbook example of malicious online aggression: a number of users, acting in concert, overwhelm the web servers of a foe until the site shuts down. As far as I can tell, it is a textbook distributed denial of service attack, with the one rather noteworthy exception that instead of hiring out a botnet for an hour or so Vogel actually got real people to run the software.

So here is the question: should we treat Vogel like a ruthless criminal or like a virtuous activist? Or, in other words, was the Lufthansa DDoS more like blackmail (Vogel was charged with coercion) or more like a sit-in?

Blackmail and sit-ins are both illegal, of course. Activists were arrested for trespass or breach of the peace across much of the American South during the Civil Rights Era for sitting at restaurant bars and preventing other customers from using the space.

But there seems to me to be a normative distinction between the two. No one considers the students who sat silently at the counter at Woolworth’s to be hardened criminals, despite the fact that they deprived other customers of the ability to use the counter and indeed may have cost individual shopowners hundreds or thousands of dollars in lost revenue and bad publicity. There is a moral element to the sit-in that gets more respect than crime for financial benefit alone. That’s why activists at sit-ins were booked for trespassing and then released usually within hours. The political content and moral character of their behavior contextualized and mitigated the formal offense.

In some ways a DDoS is like a sit-in. Both, at their conceptual core, consist of overutilizing scarce resources (in the former, server cycles; in the latter, space at a counter) to exclude others for political effect. Both are nonviolent but economically painful. And both can have a political character that might contextualize the offense.

This is the argument that Vogel made, at least, and the German appeals court bought it. Meanwhile, here in the U.S., script kiddie Dmitry Guzner faces 10 years in jail for DDoSing Scientology as part of Project Chanology. Now, details on Guzner and what he did are hard to find. It’s not clear to me whether he hired a botnet or whether he just distributed software that a bunch of 4chan kids used in concert similar to the Libertad movement. And I’m not saying that the DDoS is a good tactic, or a morally right tactic, or that it shouldn’t be illegal. But there is a huge disproportionality between the punishments for the two crimes.

Paul Ohm has a good paper called The Myth of the Superuser (h/t Chris Soghoian) where he argues that all lawmakers have Kevin Mitnick in mind when they write cybercrime statutes and that therefore they are always prone to overcompensation. And I think this is really what interests me – not whether or not the DDoS incurs the same costs or should have the same social effect, but why the punishments are so different, and why we treat all DDoSs the same when we treat trespassing very differently depending on its political character.

There is (as far as I can tell) zero investigation of this issue in the legal literature. There are plenty of law review articles about assessing tort liability for the various parties to a DDoS attack (i.e. what percentage of damages should Microsoft pay in recompense for not patching their system against malware quickly enough). But there doesn’t seem to be anything out there investigating what I think to be a very interesting and possibly important unexplored issue. To what extent (or under what circumstances) may a DDoS be considered a political act analogous to a sit-in? What analytical framework could distinguish malicious (i.e. blackmail) DDoSs from political (i.e. sit-in) DDoSs? How should these distinctions or similarities inform both the social and legal responses to different DDoSs?

This is very much a half-baked idea, something I’ve been mulling over for the last few days while reviewing the legal and behavioral literature for this project for Urs. There are already some major conceptual problems with the analogy (i.e. difference in costs incurred by those conducting the “demonstration”, both in terms of physical inconvenience during the act and legal repercussions after the act, just to hit the most obvious point). But it seems to me that this is something worth formal investigation at some point. And I’d love to know if anyone out there has any thoughts about it.