Jonathan Zittrain: Well, when I think about privacy on social media sites, there’s kind of the usual suspect problems, which doesn’t make them any less important or severe, it’s just we kind of know their shape and we kind of know how we’re going to solve them. Those are problems that hinge around whether the site itself, Facebook say, can be entrusted with the information we give it, under what circumstances will it release it to third parties, things like that. And there, I think, standard privacy laws and forces are already at work trying to keep sites like Facebook from going too far and that’s standard stuff about opt-in versus opt-out. There’s a beacon program that Facebook introduced now called, I think, social ads. And it’s working its way along. In fact, I think it’s under special scrutiny, every day, it seems there’s a new Facebook group called, you know, “One Million Strong Against Facebook Invading My Privacy,” so I’m not as worried about that.
But that’s actually a couple of other issues of interest. One is in the name of privacy, and I think in a way that is actually privacy protective, when we see third party developers writing applications that run on Facebook and that interact with your data, Facebook has a way of being in the middle in an ongoing sense. So when that application wants to pull data from your profile, it’s going through Facebook and Facebook can turn it off later and say, “No, no, you can’t get this data any more because we’ve deemed that you’ve broken the rules in some way or we just no longer want to do business with you.” It’s very different than the free-for-all, say, for an application developer on a personal computer who doesn’t have to deal with, say, Microsoft, even if you’re using Windows in order to get to the data on the computer. That’s between you and the software writer.
So in the name of privacy protection, what we see is, is Facebook able to create barriers and restrictions to the flow of information to third party developers that wouldn’t exist in counterpart systems like PC’s? And then you start to see possibly a trade off between privacy and innovation because the more control a vendor has in the middle, between that relationship, between a software author and somebody who wants to run the software, the less freedom a software author has to do whatever he or she wants.
I also see within a cauldron like Facebook, opportunity for really interesting experimentation about new ways of protecting privacy. I don’t know how much thought is behind it, but it seems to me, highly effective the way that Facebook will let somebody tag a photo with a friend’s name, then others who are friend of that friend can perhaps immediately see the photo, and the friend, in the meantime, has a chance to wander back and un-tag it. At which point the person who owns the photo could re-tag it, and then you un-tag it again. But what you end up with is sort of a good enough for government work system where embarrassing photos might go up and somebody pictured in the photo can’t delete it, but can try to see to it that they’re not identified with it in a way that direct search under their name could find them in the photo. Instead, somebody has to be paging through the entire album and say, “Oh, I recognize that guy,” or see a dead tag link.
Innovations like that, I’d like to see experimented with on the internet at large and just as there is a creative commons to let people express, in the terms of intellectual property, how they’d like their work to be used or re-used, if at all, I think there needs to be a kind of privacy creative commons that lets you express your preferences about how a photo of you should be used or a video or something like that, and then give others an opportunity to see whether they want to respect those preferences. At the moment, there really isn’t a system for that, and that’s how sometimes I think videos can go viral, where people featured in them might well wish it not to be so, but those who are contributing to the viral nature don’t even have a chance to realize it and abide by a request for forbearance.
Recorded on August 18, 2009