E-mail updates
Follow on Twitter
Subscribe to RSSWhat would a world without secrets look like? Thanks to Facebook, we may find out.
Privacy experts continue to watch in wonder as hundreds of millions of adults around the globe do things online that they would never do in person. Facebook CEO Mark Zuckerberg created a stir recently when he offered a simple explanation: He suggested Web users now see privacy as quaint, and Facebook is creating a new social norm.
If you look at the data, he's right. According to researcher Larry Ponemon of The Ponemon Institute, Facebook has hypnotized even the most private people , an elite group he calls "privacy-centric." They make up only 8 percent of the population. These folks won't even sign up for supermarket loyalty cards, but they will post pictures and tell stories on Facebook. In fact, they are so mesmerized that, untrue to their nature, they don't even spend more time tweaking their Facebook privacy settings than regular users.
"People want to believe they are safe," Ponemon said. There's really no way to participate in Facebook without self-revelation – it's baked right into the product, he points out. Without stepping forward, posting pictures, making your identity searchable, and so on, there is no payoff on Facebook. Because of that, Facebook even trumps personal Web pages – people put pictures and stories on Facebook that they'd never post on their own blogs, he said. "(People) like the tool, so they convince themselves there really isn't much risk."
Privacy and behavioral economics expert Alessandro Acquisti, a professor at Carnegie Mellon University, agrees that Facebook seems to be eroding even skeptics' concerns about being overly exposed. But he disagrees with Zuckerberg. There's no new social norm, Acquisti said. There's just a grand illusion.
Facebook has managed to convince users of something economists call an "illusion of control," Acquisti claims. Consumers who think they have power over the outcome of a transaction will naturally be overly self-confident. The effect is most obvious in gambling, where a craps player might believe he or she can roll snake eyes just by tossing the dice a little softer, and thus bet a little more. Human beings are easy to sucker into an "illusion of control."
The illusion at work
Here's how it works in the privacy realm: When consumers believe they can control what happens to their personal information, they don't fret about divulging it. Facebook and other so-called Web 2.0 sites, Acquisti says, has given people a false sense of security about the availability of their personal information to others.
How? By standing by while consumers confuse two different privacy issues – divulging information, and controlling the information after it's divulged. Facebook users indeed have great control over what information they submit to the service - they have complete controls over what they post in their profile, for example (ignoring, for now, the imposter threat). But they have little control over how the data will be used after it's posted to the site. In a recent yet-to-be published paper on the subject, the distinction is described as control over publication vs. control over access.
"People seem to conflate he two issues, so on a psychological level they feel better because they feel they are in control," Acquisti said. "They underestimate the risks of how the data will actually be used." In an experiment, students who had few qualms offering up very personal information -- such as how many sexual partners they had -- for a Facebook-like service showed far more reticence when told random researchers would be creating a profile for them. While the end result would be the same, the idea of a human handling the information - gave the students pause. Acquisti and fellow researchers Laura Brandimarte and George Loewenstein attribute the cause to losing control over the actual act of sharing the information.
One other possible explanation, however, would be second thoughts because of human involvement. One college technology professor I know asks students on the first day of class to stand in front and show their Facebook page on a large screen to the rest of the class. No one ever does. Students share things online they don't want to share in person.
Don't mean what they say?
Acquisti's "illusion of control" theory is one reason for Facebook users' seemingly incongruous behavior – so many say they are concerned with privacy, but fail to act as if they are concerned. This privacy paradox, however, is best understood through the simplest explanation. Privacy transactions are notoriously difficult to judge. The payoff from sharing a little information today is obvious; the punishment that may happen in the future is not. Giving a supermarket your phone number today might net you a 50-cent coupon on a gallon of ice cream; that's an obvious benefit. But what is the cost? Reams of junk mail in the future? A health insurance premium surcharge because your grocery store reveals your bad eating habits? It's nearly impossible to say. And so it is with Facebook – a picture that looks like fun at 22 could be a career-killer at 32. But people rarely make good choices about vague possibilities 10 years away. If we did, there would be no French fry industry.
Sure, Facebook site settings offer some ways to manage who can see the information. But the settings are easy to evade or hack, and Facebook's terms of service can be changed at any time. Not long ago, Facebook friend pictures ended up in personal ads without the users' permission. The ads were pulled, but they represent a small window into big possibilities.
But even if Facebook privacy settings were completely trustworthy, Acquisti argues that a fundamental usability problem skews the service – and all social networking tools - toward privacy-risky behavior. Two years ago, he did research which showed that only 1 percent of Facebook users had even touched their privacy settings. Facebook says that number has now grown to 20 percent, but still, there is an obvious flaw. It's far easier to share than conceal. It is an order of magnitude easier to upload photos, for example, than it is to hide them from sets of potential viewers using privacy settings. As a result, site users will always overshare.
"Technology has vastly enhanced our ability to disseminate information, but we still lack controls on how that information will be used," Acquisti said. "It's like we have made faster cars but have been much slower to develop new brakes."
Nothing to hide? Really? How about...
So what? So what if an ex-girlfriend will occasionally bump into a picture of you bumping and grinding your new beau? What, really, is the harm?
Acquisti, like many psychologists, is convinced of the power of secrets – and he's not anxious to live in a world without them.
"I do believe that inside each of us is an innate need for privacy, and there is a need to share. Right now, technology is much better at making us reveal than helping us maintain privacy," he said.
The human need for privacy is real. While some elements of privacy are relatively recent human developments, fundamental privacy needs have always existed. Nowhere on the planet do humans regularly make love in public, notes anthropologist Helen Fisher in a recent Psychology Today article.
No normal adult shares the same level of intimacy with their spouse, their friends, their colleagues, and strangers on the bus. It's unhealthy – or just plain strange – to act otherwise, as anyone who's ever uttered the words "too much information" can attest.
Meanwhile, the ability to keep secrets is a natural part of maturation. Children tell each other secrets to establish friendships. Adults keep secrets to gain advantage in business dealings. Journalists only gain the trust of sources by proving they can be trusted with secrets. Corporations often count secrets – intellectual property – as their most valuable asset.
And yet, the message implicit in avid use of Facebook is the credo of the 30 percent of adults who are privacy complacent by Ponemon's scale – "I've got nothing to hide, so who cares?"
Privacy researchers spare no time in conjuring up doomsday plots in an attempt to make people care.
It's easy to imagine an Internet predator using details left by kids to attack them ("Hey, I went to Riverdale Middle School, too! I'm sorry you are having a fight with your best friend…")
Even sharing seemingly harmless details could have some future consequence.
Telling the world that your favorite rock band is the Beatles or Coldplay might seem innocuous enough, but what happens when an employment background firm shows that Coldplay fans who also like 60s music tend to come late to work? No law prevents that.
A slightly less ominous effect of lost privacy, something called "price discrimination," is already a reality. Retailers have run numerous tests to hone the fine art of overcharging people who say they like something. For example: die-hard Coldplay fans are almost certainly likely to pay more for a new album than casual fans. Most won't notice when their music retailer of choice slips in a $1 or $2 fan premium.
Data mining for everyone
Until now, practicality has limited these kinds of scary possibilities, says Hugh Thompson, chief security strategist at People Security. Pulling together that much disparate information left all around the Web was a chore only government agencies would attempt. But that's not true anymore. A host of new software programs aimed at small-time data mining are slowly becoming available. They scour the Web and create dossiers on target subjects in seconds. One, named Maltego, even provides visualizations of data points that connect people and things online.
"The critical barrier is it hasn't been easy. It is now," he said. "What was a 'data wasteland' is now the richest environment in human history for backgrounding people."
It's easy to see risks here. Few would argue with the need to keep medical conditions private, for example. Even exposed salary information, which sometimes is shared widely, can cause serious problems for the victim. Those with high incomes become an easy target for criminals.
But Acquisti conjures up even more fundamental concerns about lazy attitudes towards privacy. Information, he notes, is power.
"The minute someone knows something about you, they gain a measure of control over you," he says. This is obvious in the case of an affair: If someone learns about your secret lover, they can hold a wide measure of control over your future. In a less obvious way, a future employer who knows that embarrassing Facebook photos from the past are hurting your job prospects can easily gain an upper hand in salary negotiations.
Worse still, the agency which might exercise that power someday might be a government, Acquisti notes. It would not be hard to use Facebook to determine who voted for McCain or Obama in 2008, even who is Republican and who is a Democrat. Maybe that's okay; but if databases begin to erode the notion of secrets in politics, the election system could erode with it. Secret ballots are essential to a functioning democracy.
And perhaps the political threat won't come in the United States. Perhaps, someday soon, foreign governments will screen travelers based on political positions mined from social networks.
"I'm worried about control in the future," Acquisti said. "I feel that we are more and more getting adjusted to the idea that so much of what was done in private in the past is now done in public. I won't be surprised when corporations or governments make more and more claims on data. We are doing things today that 40 years ago we would have reacted by rioting, but now it is business as usual. By accepting these deals now we are paving the way for even more in the future. That's why people who say they have nothing to hide…that argument is completely wrong."
Become a Red Tape Chronicles Facebook fan and follow RedTapeChron on Twitter.
