Dave Morin of Facebook included in his description of Facebook Connect the notion of ‘dynamic privacy’. Debate has surrounded this issue - mainly centered on “how could we possibily trust Facebook to implement dynamic privacy correctly?” (Given their current TOS and attitude towards anything that allows their user’s data to leave their system.

Mark Zuckerberg has said in public that they “support the ‘notion’ of moving data around, but that they still need to protect the user’s privacy”. This argument has seemed to work up until now (though some of us weren’t convinced by this ‘shroud of privacy‘ angle) - but now that Facebook Connect has been announced, they really DO need to come up with an answer and strategy that allows them to have their cake and eat it too.

By that I mean - clearly Facebook wants to keep their user’s data in their system, but they have to answer all our demands for allowing user’s to move their data or at least access their data - from remote locations.

So their answer is almost exactly what MySpace and Google have come up with - “lets let the users embed widgets, access apps or iFrames remotely - but we’ll keep their master profile data, social graphs and content on our servers.” I am STILL amazed that all three platforms came up with the almost identical strategy and announced it - within one week of each other. Its sort of like when Hollywood does almost identical films - at the same time.

I have been personally attacked (on the Gillmor Gang 5/16) over even considering that Facebook’s dynamic privacy approach is correct, so I thought I’d spell out just how I think dynamic privacy SHOULD work - so that we can compare this to what Facebook eventually DOES.

This whole issue may seem incredibly esoteric or soemthing confined to the echo chamber of geeks. Afterall - who would want to move their data from Facebook - anyway?

Well let me just say that one way to figure out what’s valuable - is to find out who DOESN’T want to give you access or control over it. And in this case - trust me - moving my data around IS the most valauble thing we need to preserve, control and fight for. IMHO

During the Data Sharing Summit2 (DSS2) we discussed this issue at length and identified several areas where a nirvana, ideal scenario could unfold. So here is an incredibly nerdy, detailed analysis of what dynamic privacy SHOULD be - for the record.

1. Facebook’s (Dave Morin’s) opening line when announcing Facebook connect is: “we’re committed to enabling people to communicate and stay connected wherever they go.” What he didn’t say was “as long as their profile, social graph and content data is on our hard drives.”

But if you think it through, what else can Facebook guarantee? They can’t force others to ascribe by any standards they provide, so at least they’re getting it right and enabling THEIR users to keep their privacy in tact - as they move around the web. Facebook Connect will supposedly provide the level of protection and privacy that they feel they need to provide. To do that they need to implement access controls which are governed by the user. THAT’s why I like Facebook Connect!

Can you point me to ANY other platform that does that? Or shall I say politely - any other platform with any decent # of installed base of users?

So providing access controls over what happens with your data seems to me to be an underlying requirement or we’re just never gonna get there.

2. But what’s the point of having access controls on one platform when the first thing I wanna do is move that data somewhere else? Who’s gonna respect those access controls? This is what Hans Peter Brondmo brought up on our panel at LeWeb in December. Clearly an open standard, which goes way beyond just Facebook is needed - that all platforms would have to respect and implement - is the ONLY way to go.

3. OK so now we have the notion of access controls. Now what? Well this is where Bob Blakely and his notion of a relationship layer comes in. I’ve often though that unless you represent the relationships BETWEEN people - in the data itself - how can we possibly truly represent and protect anything?

So Bob spells this all out in a white paper (can’t find it on-line!) and this is what we discussed at the DDS2.

Here’s my own summary of the key issues that need to be addressed to implement dynamic privacy

- Our data - unless a system has a clear notion of OUR data - it’s not gonna work. This should be clear if you heard Michael Arrington bitching at Robert Scoble about the (so-called) Plaxo incident and who controls what and what ‘My Data’ is - versus - what is shared data. NONE of these major systems out there recognizes what happens in the real world - when someone befriends someone else. This is all about the social contract established. And this is what Facebook’s dynamic privacy is supposed to deal with. But if it does that ONLY for locked in Facebook data, it kind of defeats the point - right?

This is all about inter-change BETWEEN systems. The realities of living your digital lifestyle. This is NOT about Facebook being the web. We need models and solutions which recognize reality, not some Mark Zuckerberg fantasy!

Once we can represent each kind of social contract that can be established with OUR data - then we can come up with technological solutions to handle all our use cases. But if we DON’T have formal social contracts, there will continue to be fights, disagreements, demands and ignorance surrounding this subtle, but important set of issues.

- Opt In - this is the basic gesture that I believe we need to enable. Its a simple notion. At the point when a relationship is established (and anytime after that) one should be able to say “I’m willing to let xxxx (Robert Scoble seems to be the everyman here) move my data elsewhere - when he wants to.” As long as someone has given Robert permission - then fine. BUT WOE BE IT to someone (again Robert - as an example) who comes in, scraps or grabs ALL their social graph data (friends list) and exports it. Cause WTF is he/she gonna do with it?

Chris Saad refers to a checkbox that needs to get clicked. I don’t care what it’s called, (and I sure as hell hope we don’t have to worry about what the logo looks like.) But I do think we can all agree that opt in controls are needed.

- Normalized access controls - OK so put another way “we need normalized access controls so users can set up who gets to see what, and those privileges are respected and adhered to - wherever they travel on the open web.

- Open Mesh - for dynamic privacy to work, it has to be couched in the principles of the open mesh.  Dynamic privacy not only had ot work across BIG platforms, but it also has to work with ALL platforms, with all the smaller players, in all languages around the world.

For dynamic privacy to work, it has to help inter-connect the distributed open mesh. 

- Context. It seems to me that for dynamic privacy to work, it has to be acutely aware of context. And context changes. If I gave Robert Scoble access to my data on Monday, I may wanna change those access privileges on Tuesday and give it back to him on Weds. Humans are dynamic beasts and any static technological model which doesn’t allow us to be constantly changing things - just isn’t gonna work.

We’ve seen situations (on LiveJournal) where one’s “mood” is attached to a blog post. This is how I was feeling when I created this. And we’ve seen situations where flame wars, love relationships, business dealings, etc change how we feel and think about people. And it’s completely reasonable to imagine that someone would want to flirt with a particular person at a party, while sending out the vibe to everybody ELSE at the party to fuck off. If you can imagine all the complex inter-minglings of context and human relationships - THAT’s how complex representing context is in a dynamic privacy technological implementation.

So that’s why any solution to dynamic privacy has to ALSO come along with a whole slew of use cases and social contracts to properly handle each situation.

- Monetizing our Attention - is one thing we have to keep our eye on.  How can we pay the rent, put food on our tables and live in a future where WE get to benefit from our own attention?  How can WE benefit all this collected data on us - which will be used for targeted advertising and commercial interests?

I believe that at the core of dynamic privacy are my rights to own my own data and the history of my past transactions and behaviors.  If I am going to be able to monetize my data, then its gotta be baked into all notions of dyanmic privacy.

My data needs to get collected along the way - not for THEM (the collectors) but for ME!

- Reputation - for social contracts to work - you have to not only only know WHO this person is, but what they’ve done in the past - so I can figure out if I can trust them or not. So reputation is something that should also be part of an idealistic dynamic privacy system.

I won’t go into too much detail on reputation - except to say that I don’t believe we can ever have ONE reputation system. Afterall - one man’s NRA or Republican party is another man’s ACLU or Greenpeace.

Since we all have different sets of cultural norms, ethics, religion, ways we define ‘normal’ and appropriate behavior, so how can we have one reputation system to weigh ourselves against? And for reputation aggregation to work - we absolutely have to recognize that there might be certain reputation systems out there (say eBay’s or Amazon’s) which I will categorically ignore and not respect.

And for dynamic privacy to work - it has to take all that into account.

All of these issues contribute to the idealistic definition of what dynamic privacy SHOULD be.

I applaud Dave Morin and Facebook for broaching the subject of dynamic privacy. But now the spotlight’s on them to come up with an implementation that will work ACROSS systems and not just on locked in Facebook member’s data.

While I’m at it - I again ask Facebook to change their onerous TOS. That data you got is NOT Facebook data! Its your member’s data and you have no right to control it. IMHO.

One thing to keep in mind - Facebook are the folks who are cutting deals with Attorney Generals around the country, having been forced to deal with pedophiles, nut cases and all forms of illegal identity theft - and they need to protect their own asses. So always take that into consideration when you hear the name Facebook (or MySpace, Bebo, h5, etc.) These folks got problems I would never wish upon an enemy.

So in closing - I hope that you all recognize the importance and significance of Facebook’s dynamic privacy notions and that you DON’T confuse the fact that I applaud them with the fact that I actually LIKE Facebook’s policies and past record of controlling user’s data. I hope that Michael Arrington and others understand that there’s a difference between spotting a trend and working on refining it’s implementation and actually sucking up to someone - to get a job or consulting contract.

But I do appreciate spelling my name correctly and the Techmeme coverage:

I do not suck up. I do not compromise. I hold fast to my ideals.

And when possible I state the ideals we all need to work towards. In public - as I have done this morning.

As they say “know thy enemy” - if you are going to defeat them.

This entry was posted on Saturday, May 17th, 2008 at 7:54 am and is filed under . You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.