Data Ownership Might Not Work for Social Networking Sites
from the open-or-closed dept
Chris Saad, head of the DataPortability Project, weighs in on last week's announcements from MySpace, Facebook, and Google of new data-sharing services. Saad says that while none of these services fully achieve the goals of DataPortability, all are steps in the right direction, and MySpace's approach is most promising. Saad points out that data-sharing is grounded in a social contract. He gives the good example of an email address book. When someone sends me email, it's understood that I'm free to put it in my address book, and that I'm mostly free to do as I please with my address book. I can, for example, export my address book to a third party site to see if my friends are using the site. However, I face social pressures not to do something malicious like sell my address book to spammers. If I did that, many of the friends in my address book might not speak to me again.
Now social networking sites are trying to hash out a similar social contract for the use of their customers' data. When Facebook cut off Google from its Connect service, it was effectively trying to establish a similar, albeit more restrictive, social contract: using information from Facebook is OK, but sharing it with third parties is not. But it's not clear how well this will work. As Tom pointed out a few months ago, it's extremely difficult to limit the spread of information once it's been released online. Also, notice that in the address book example, much of the force of the social contract comes from personal ties to the people in my address book. Companies don't have personal relationships, and they can't exert pressure on one another in the same ways individuals can. So when information-sharing is automated, informal social mechanisms may not be sufficient to stop abuse.
There are several ways the social networking world could evolve. One is the totally open approach of email, in which it's assumed that any information you put online can be widely shared. Another is the walled garden approach that now dominates with instant messaging, in which sites tightly control access to information and offer very little third-party access to it, and people have to sign up for multiple services to reach everyone. A third possible model is a "data ownership" model, in which sites share information while users retain ultimate control over it. But as Ed Felten pointed out back in January, ownership may not be a good way to think about privacy issues. It may not be possible to design contractual mechanisms that make these ownership claim enforcible. And that would mean we'd face a choice between a totally open model and a totally closed one, with very little in between.