I’ve been pretty haggard with work lately, so I’m a bit late on this, but James Grimmelmann has written a great paper called “Privacy as Product Safety”, to be published in the Widener Law Journal. It’s an adaptation of his “Myths of Privacy on Facebook”, and it’s quite good.
In his “Saving Facebook”, Grimmelmann explained the “social dynamics” of privacy problems on Facebook. He canvassed the social science literature to explain how and why people used Facebook, and what their behavior could tell us about proper regulation and privacy protections.
But in this article, he’s honing in on what I’ll call the “design dynamics” that he explored in his first article – that is, how the design of Facebook (or other such services) relates to its privacy problems. This idea isn’t new – he calls them “privacy lurches” in Saving Facebook, and they’re somewhat the focus of my “Losing Face” – but what is really great about this article is how Grimmelmann maps product liability law onto the scaffold of social network sites.
For example, on Google Buzz:
“Buzz as a whole is a powerful, possibly revolutionary product—but it also launched with a serious design defect. Just as an otherwise-useful buzzsaw is still unreasonably dangerous to life and limb if it sports a flimsy handle, the auto-add feature made the otherwise-useful Buzz unreasonably dangerous to privacy.”
In “Losing Face”, I mostly gave up on law as a tool to fix the defective designs of social network sites. I’m interested, and excited, by Grimmelmann’s effort to adapt liability law to achieve an admirable end.
Yesterday, I submitted Losing Face: An Environmental Analysis of Privacy on Facebook to a variety of science and technology law reviews. Its abstract is as follows:
This Article contributes to the ongoing conversation about privacy on social network sites. Adopting Facebook as its primary example, it reviews behavioral data and case studies of privacy problems in an attempt to understand user experiences. The Article fills a crucial gap in the literature by conducting the first extensive analysis of the informational and decisional environment of Facebook. Privacy and the environment are inextricably linked: the practice of the former depends upon the dynamics and heuristics of the latter.
The Article argues that there is an environmental element to the Facebook privacy problem. Data flow differently on Facebook than in the physical world, and the architectural heuristics of privacy are absent or misleading. This counterintuitive informational environment waylays privacy practices, opens a gulf between expectation and outcome, causes a crisis in self-presentation, and facilitates what Professor Helen Nissenbaum calls a loss of contextual integrity.
The Article explores possible interventions. It explains how regulatory solutions and market forces are themselves hindered by the the deficient privacy environment of Facebook and can’t solve all of its problems. This Article recommends renovating the design of Facebook to privilege privacy practices and proposes specific interventions drawn from the computer science and behavioral economics literature. It concludes with a message of cautious optimism for the emerging coalition of engineers, academics, and practitioners who care about privacy on networked publics.
The Article is a heavily revised adaptation of the thesis I conducted for Ethan Katsh and Alan Gaitenby at the University of Massachusetts, Amherst. If you’ve read my thesis (entitled “Saving Face”; title changed to avoid confusion with James Grimmelmann’s excellent Saving Facebook, recently published in the Iowa Law Review), then you’re familiar with the broad contours of the idea.
Losing Face, however, has been both greatly refined in its argumentation and noticeably reworked in its format (bah Bluebook) over the last year or so. I received invaluable feedback and assistance over the last from many people during this drafting process, including Helen Nissenbaum, researchers and interns at the Berkman Center for Internet and Society, but most indispensably James Grimmelmann, who helped me navigate the convoluted and mystified norms and logistics of the publication process.
I’ve posted a copy of the Article here and on BePress for further comment while it wends its merry way through the editorial process. This is a draft only, and should not be used for citation. I’ve endeavored to make all references as clear as possible, though some are not as clear as they will be in the final version because I haven’t nailed down all the infras and supras yet. If you have any questions, comments, or concerns about Losing Face, please feel free to drop a comment here or shoot me an email.
Marshall Kirkpatrick of ReadWriteWeb (syndicated to the New York Times) had a great article about Facebook privacy today that incorporated some stuff from my thesis/working paper. Marshall was nice enough to contact me before he ran the article to ask what I thought about the new Facebook Publisher.
Basically, Facebook is introducing a new Publisher that gives people easier access to (and more granularity over) what they publish to whom. While I don’t have access to the new Publisher yet, here’s what I told Marshall yesterday:
Today I coauthored a short essay/blog post entitled What’s In A (User) Name? Facebook’s Contribution to Online Dispute Creation with Professor Ethan Katsh of the National Center for Technology and Dispute Resolution. It’s a short piece which briefly describes some of the potential benefits and drawbacks of the new Facebook Username system from an online dispute resolution perspective.