Zuckerberg, Facebook & the Privacy Paradox

by on January 15, 2010 · 10 comments

Over this past week, a lot of people were making hay over this recent ReadWriteWeb story, “Facebook’s Zuckerberg Says The Age of Privacy is Over.” Seems that some people were taking issue with Facebook founder Mark Zuckerberg’s suggestion that Facebook’s recent site policy changes, which generally encouraged more sharing or information, were in line with public expectations.  Most people put words in Zuckerberg’s mouth and accused him of saying that “privacy is over” or that he claimed he “is a prophet,” neither of which he actually said.  But let’s ignore the fact that some people made stuff up and get back to the point: What set people off about Facebook’s recent site changes and Zuckerberg’s rationalization of them?

I think it goes back to the fact that a lot of people want to have their cake and eat it too. “It is the paradox of the cyber era,” notes Washington Post columnist Michael Gerson: We are “a nation of exhibitionists demanding privacy.”  Indeed, that’s true, but there’s a good reason why this so-called “privacy paradox” exists. As Larry Downes, author of the brilliant new book, The Laws of Disruption, argues:

People value their privacy, but then go out of their way to give it up. There’s nothing paradoxical about it. We do value privacy. It’s just that we’re willing to trade it for services we value even more. Consumers intuitively look at the information being requested and decide whether the value they receive for disclosing it is worth the cost of their privacy. (p. 80)

That’s exactly right. When confronted with real world choices about privacy and information sharing, we often are willing to accept some trade-offs in exchange for something of value. But when we are asked about this process we are loathe to admit that we would willingly engage in such privacy-for-services trade-offs even if we do it every day of our lives.  As Michael Arrington of TechCrunch rightly points out:

the rest of us seem to be ok with Gmail. And our phone. That’s because the benefits of those products far outweigh the privacy costs. And people are going to be just fine with Facebook, too.

And he notes there are other examples of where people seemingly make these trade-offs every day, even if it seems illogical to others why they would do so.

The most articulate counter-argument to all this comes from Michael Zimmer, an assistant professor in the School of Information Studies at the University of Wisconsin-Milwaukee, who says:

Users want to be able to control what information they provide and to whom it is visible. That’s the essence of privacy, and it’s still very much in demand. That doesn’t make one a Luddite. It makes one a responsible user of information technology.

Well, I can generally agree with all that, but the question is what it means in practice.  After all, we’re all in favor of giving consumers more choices and empowering them to make decisions for themselves. Berin Szoka and I have again and again and again argued that:

In an ideal world, adults would be fully empowered to tailor privacy decisions, like speech decisions, to their own values and preferences (“household standards”).  Consumers would have (1) the information necessary to make informed decisions and (2) the tools and methods necessary to act upon that information. Importantly, those tools and methods would give them the ability to block the things they don’t like—annoying ads or the collection of data about them, as well as objectionable content—while also helping them find the information and content they desire.

But let’s be clear about something. Even as we move closer to this ideal state, there are still many citizens who will choose to never take advantage or privacy-enhancing tools and will never read a single privacy policy. But if you ask most of those people in a random survey, “Do you care about your privacy?” what do you think they are going to say? Well, it should be as obvious as what the answer would be to a poll question like: “Do you love your mother?”  Yes, of course we do!  But, again, how does that translate to real-world behavior? More importantly, what are the ramifications for public policy?

Last month, I sat on a panel about polls and privacy expectations at the Federal Trade Commission’s December 7th workshop on “Exploring Privacy.” I argued that, while privacy polls and surveys may offer us some interesting insights into how some in the public think about advertising and privacy in the abstract, ultimately, polls and surveys are no substitute for real-world experiments in which people make real choices, in real time, often with real money, and face many real trade-offs. [See Berin's paper on this issue.]

I also argued that privacy is a highly subjective condition and that consumers are empowered with many real privacy controls such that they can make the privacy choices that are right for them. [See this ongoing series and this paper.] Moreover, it remains unclear what the harms are that privacy regulatory advocates are really trying to protect us against.  For these reasons, I argued that rational ignorance may often be at work since many consumers likely won’t feel the need to read privacy policies or take steps to “protect their privacy” online. Or, people just implicitly accept the fact that they are getting something of value even if it means they might also be sharing some information about themselves with others.

Which brings us back to Zuckerberg’s comments.  People expressed outrage — even if he didn’t say the things they accused him of saying — and many rushed to claim that privacy is still alive and well and worthy of protection, even if it means an onerous federal data regulation regime.  But I wonder… how many of those people left Facebook or changed their behavior in any other way after they expressed that outrage?  I suspect most people went right along with their lives and probably jumped right back on Facebook and starting sharing even more about themselves with the world.

  • http://www.theotherthomasotter.wordpress.com/ Thomas

    Adam,
    When seat belts were first introduced on cars, it took a while to get people to used them. It took lots of government coercion to make us wear them. Now it we do it automatically, and it is even socially acceptable to suggest to others that they buckle up.

    To assume that privacy isn't worth protecting because consumers don't seem to value it is oversimplifying the issue, which is Facebook's big mistake.

  • fishbane

    I think the backlash is easier than that to explain: Zuckerberg was clearly being weasely with is “in line with public expectations” bit. “The public” expected what Facebook was already doing. They then unilaterally redefined access controls on things that people had entrusted to them with a different set of access controls.

    People don't like their underwear suddenly becoming see-through and then telling them that they expected it to do so.

    The moral for Facebook and related services is (or should be) that if you want to change defaults, that's one thing, but don't retroactively modify prior settings.

    The moral for consumers, of course, is not to trust companies like Facebook.

  • takingnotice

    The foundation principles which effect privacy using Facebook have a major flaw. There is no verification of any users true identity. Therefore, profiles are too easily cloned and there are exposures to even non-Facebook people when it is too easy to be an imposter of any name with any picture. Making those personal attributes that are easy to steal and clone make public publishing a bigger problem. Remember, when Facebook started it required a college email address. This was a much better verification of a true identity associated with a name and picture.

  • fredleeflang

    Hi Adam,

    I'm currently writing a long series of articles on Identity Management and only just recently wrote an article called 'Privacy vs. Anonimity' where I described a bit more formally on http://wordpress.3dn.nl/2010/01/14/google-china/. It looks like you have a similar take on the subject, would you like to participate in what I plan to make a project out of in the long run?

  • fredleeflang

    Oops… I posted the wrong link :( Sorry about that, the correct link is http://wordpress.3dn.nl/2010/01/15/privacy-anon….

  • Pingback: Zuckerberg, Facebook & the Privacy Paradox — Technology Liberation … | BLOGSKID

  • fishbane

    Takingnotice is conflating privacy with identity for reasons that are beyond me. (And I'm alway amused with folks who use a pseudonym to attack anonymous communication.)

    Identity is not the same thing as is-a-person verification, is not the same thing as has-a.edu-email-address, is not the same thing as has-government-id.

    I get why people viscerally wish to project that sort of thing and pine for small-town reputation, but. It. Is. Dead. Outside of a small town, and even there, we still have intertubes. Getting used to the idea that people might lie via typing is going to be easier, and ultimately safer, than trying to piggyback is-a-person identity on some existing verification scheme that doesn't always work, either.

    True fact: For about three years, I had what amounted to a fake ID by accident. The California DMV screwed up and associated me with someone else's SSN. I didn't notice until applying for credit. Convincing the DMV of the problem was easy; getting them to do something about it was rather more annoying. I wonder if “Adventures in Heroic Paperwork” could become a reality show, or perhaps literary genre. This identity-blur caused by a state actor is still causing problems 16 years after it first happened. (Seven or 10 years? Hah.)

  • fishbane

    Takingnotice is conflating privacy with identity for reasons that are beyond me. (And I'm alway amused with folks who use a pseudonym to attack anonymous communication.)

    Identity is not the same thing as is-a-person verification, is not the same thing as has-a.edu-email-address, is not the same thing as has-government-id.

    I get why people viscerally wish to project that sort of thing and pine for small-town reputation, but. It. Is. Dead. Outside of a small town, and even there, we still have intertubes. Getting used to the idea that people might lie via typing is going to be easier, and ultimately safer, than trying to piggyback is-a-person identity on some existing verification scheme that doesn't always work, either.

    True fact: For about three years, I had what amounted to a fake ID by accident. The California DMV screwed up and associated me with someone else's SSN. I didn't notice until applying for credit. Convincing the DMV of the problem was easy; getting them to do something about it was rather more annoying. I wonder if “Adventures in Heroic Paperwork” could become a reality show, or perhaps literary genre. This identity-blur caused by a state actor is still causing problems 16 years after it first happened. (Seven or 10 years? Hah.)

  • Pingback: Varuhi osebnih podatkov v izgubljeni bitki z državo in kapitalom? « razgledi.net

  • Pingback: Zuckerberg, Facebook & the Privacy Paradox — Technology Liberation … | Xtreme Geeks

Previous post:

Next post: