Skip to content


Privacy in context

The following is an email I sent to my father who recently read this piece at The Atlantic (The Philosopher Whose Fingerprints Are All Over the FTC’s New Approach to Privacy), which is all about Professor Helen Nissenbaum’s idea that the privacy of information is all a matter of context and breaches of privacy are not so much about “invasions” of your life as they are about inappropriately taking information from one social context and sharing it with another. If any of you feel weird about me re-publishing on the web, verbatim, a conversation I had with my father, then you instinctively understand this idea of privacy.

Which brings us to the conversation. My father asked “How realistic is this context stuff?”, to which I replied:

I actually audited one of Nissenbaum’s graduate seminars on privacy and technology two years ago when my boss was thinking of writing a book on the subject. Philosophically, I have great respect for the idea; it is powerful and elegant, and seems to neatly summarize what people really care about with these issues. For instance, it explains why Google’s change in data handling this month raised so many hackles: when you start using a particular google service, there are clear expectations about how your data is used and generally you can see it happen, as your searches turn up targeted ads or your email text does the same in gmail, but Google’s decision to pool that /exact same information/ system wide feels like a betrayal of the terms under which you gave the information to them originally.

Part of what has stymied the discussion for a decade is that it makes little sense to talk about this kind of profound shift in how data is processed and used as an “invasion” of privacy. People have, after all, already volunteered the data to Google, or to Facebook, whose many changes designed to push more of your social data into the public represent a string of this kind of context changing. Once you stop talking about “Invasions” your description of the problem becomes both easier for people to understand, and more accurate. You gave Google your email as a postman, it is inappropriate for them to now decide to filter what news you receive based on those messages, just as it would be inappropriate for your postman to cut articles out of your newspaper.

In that sense, I think the context framework will be very helpful to the discussion of privacy related issues and to those people having to decide what actions of regulated organizations are appropriate or inappropriate. Whether the regulations based on this will work, I am not expert enough to venture a guess. This framing of suffers the same weakness as the Supreme Court’s “reasonable expectation” view of privacy in that it relies on ill-defined social norms. This unfortunately comes with the territory since “privacy” is such a norm itself. In the world of technology, where the limits of what is possible and the ways in which those possible ends are achieved shift every year, defining social norms and relating them to individual actions by people in the industry seems a difficult task to say the least. Given how thoroughly the banking and telecoms industries have captures their relevant regulators, I don’t expect any piece of regulation to transform the data-mining industry right now.

That is why I continue to help push technological tools like FreedomBox that are designed to keep as much information as possible decentralized and why I continue to use discrete services, for which I pay, for web hosting, mail, and search. On the plus side, having more people talking about the context sensitive nature of personal information makes advocacy and education much easier, which I am quite pleased about.

Freedom Box: Look and Feel

Since the beginning of this Freedom Box series back in March, I’ve talked a lot about infrastructure and very little about what the interface is actually going to look like. I saved this portion for last because Interfaces can be very complicated and hard to get right but also because this is one of the easiest parts of the problem to solve, if we build it right.

All existing social network tools use interfaces built from the same collection of elements. It is well-worn territory and so we have a good list of what elements our interface will need. Even better for us, all of the existing interfaces are built using web tools (html and css) that allow users to choose their own arrangements for those elements. We don’t have to build the perfect interface, we just need to let users build their own.

Building Blocks of a F2F interface

Most of the functionality we expect from “Social network” tools is provided by a series of older communication bundled together. These older tools are still visible in the social network’s interface, as an Instant messenger-like contact list on one side, an email-like message window in the middle, or an RSS-like activity feed. I’ve highlighted a couple of the relevant sections from a twitter and facebook screenshot below.

Highlighted functional components of Twitter UI

Highlighted functional elements of Facebook's UI

For giant “social network” services like facebook, the design process is simple, just select the traditional communication elements you want to build your service around and arrange them on the page. Our job is slightly more complicated because we are building a system where individuals have much more control over their tools than in the case of centralized commercial services.

Some people are going to run email, IM, and photo sharing services and have an interface that looks a lot like Facebook or Google Buzz, Others might only want activity streams and an interface more like Twitter’s, with any number of combinations in between and some new kinds of services that we haven’t even thought of yet, let alone come up with interfaces for. Thankfully, html and css are well suited to this task.

For an example of what this might look like, check out the NatSkin style browser and play around with the options. All of the major elements of the page can be displayed or hidden, their position can be placed around the screen, and all of the decorative elements can be re-styled on the fly, and it is all done with css.

This is something we can build if we just keep in mind that we’re not design a single interface, or a single social network, we’re designing a flexible framework with some sensible defaults. Now, let’s see what we can make.

    Posts in this series

    Part 1 – The Idea: Freedom Box

    Part 2 – Finding each other: Dynamic DNS Facebook

    Part 3 – Talking amongst ourselves: Friend-to-Friend Network

    Part 4 – Putting the pieces together: Freedom Box schematic

    Part 5 – Making it easy: Look and Feel

The Census is Private

Last night a local census taker came to my door and asked me a number of personal questions. As anyone reading this likely knows, I care deeply about my privacy, but I was happy to fill out the census. This might seem counter-intuitive, especially given all the apparent controversy over giving personal information to the government, so let me explain.

Initially, I was reluctant to participate as well, but some of the census advertising, and a little independent research, convinced me it was a good idea. Ironically, the advertising convinced me to participate not by explaining how necessary the census is but by highlighting it’s uselessness.

The ads that struck me are from the subway and follow this pattern: How will we know how many ______ to provide is we don’t know how many people there are? Where the blank can be anything from “hospital beds” to “teachers” to “trains”. It is a sensible plea highlighting the relationship between having reliable information about the beneficiaries of government services and the effective administration of those services. Unfortunately it is also obviously outdated.

Do we actually rely on the census figures, taken once every ten years, to plan out how many trains to run or how many hospital beds we need? I certainly hope not. Operating a transit system or hospital in the 21st century involves collecting records more detailed than the census as a daily part of functioning. You simply cannot manage a train schedule or service changes without accurate knowledge of how many people use what trains at what times, nor can you manage hospital scheduling and inventory without knowing how many people needed what medical resources on each day of your management cycle.

The administration of government services does not depend on the information collected by the census, it produces far more accurate and detailed records than the census is set up to collect. If you were worried about the government having information about your private life, don’t worry about the census. Take some of that energy and consider what the government learns about you every time you use a metrocard or pass a toll booth with your ez-pass, or when all our medical records are digitized and centralized. If you believe that not filling out the census will blind the government to the private details of your life, you need to take a better look at the details they already have.

The census is not about spying on you, it is about enfranchising you. The only government service that is apportioned by the census is representation in the national government, and it is the one that determines how much weight all of your concerns and needs for other services have for the next ten years. So I was glad to be counted and encourage anyone else who has avoided the census thus far to stand and be counted as well.

Hopefully, next time around we can dispense with the ritual paperwork and use the information we already have to, more accurately, estimate population, automatically adding millions of the poorest and most vulnerable members of our community to the count. Like most efforts to enfranchise the poor and vulnerable, it is going to be an uphill struggle.