5th Internet, Law and Politics Conference (I). James Grimmelmann: Saving Facebook

Notes from the 5th Internet, Law and Politics Conference: The Pros and Cons of Social Networking Sites, organized by the Open University of Catalonia, School of Law and Political Science, and held in Barcelona, Spain, on July 6th and 7th, 2009. More notes on this event: idp2009.

Saving Facebook
James Grimmelmann, Associate Professor New York Law School.

Embedded video at http://ictlogy.net/?p=2375

There are plenty of motivations to use Social Networking Sites (SNS) and many risky ways for your privacy and security in using them. Why, then, keep using them?

SNS have profiles for their individuals, links to other people and a social graph that maps your network.

Your profile expresses and identifies, in some way, with your identity. But it’s not only what you say about you, but what your “friends” say about you: the people you befriend in a SNS is also adding up to your own identity.

People that you befriend, talk about you, comment the things you say or state, and links between users are created. Links that, all together, form a social graph where you can map your friends, the friends or your friends, etc.

Some false assumptions in SNSs

  • If everybody’s doing it, you do it too
  • There’s many people doing it, so I’ll keep unnoticed
  • False sense of privacy, “I’m alone here”
  • Feeling that everybody’s like us in the SNS
  • Electronic mediation makes us underestimate the impact of our actions
  • Distorted sense of (real) friendship and of knowing who the others are
  • Feeling that everything is under control and that one can “see” everything

Social harms

  • Disclosure: letting some intimacies known on SNS can spread quicker and broader than anywhere else
  • Surveillance: the mere sense of being watched all the time is by definition a limit to your own freedom (and scary and creepy to many too)
  • Instability: assumptions about an SNS that prove wrong along time, leading to privacy issues, e.g. seein photos you shouldn’t be allowed to see, Facebook Beacon, bugs…
  • Disagreement: you might not agree with some privacy issues, e.g. you can remove a tag from a photo, but not the photo itself. Or you would want to remove someone as a friend, but this someone feel hurt if you do, which leads to an embarrassing situation.
  • Spillovers: my decisions might have consequences to your privacy. Your decision on your profile affect who can see my information (e.g. you decide your friends list is public, hence I appear on your profile)
  • Denigration: defamation, attacks to persona, including how you present yourself. And this can be really subjective: how you match different groups of people (professional acquaintances, family, friends) reading the same type of information about you, without context, without filtering. And more: your profile can degenerate into an advertising platform.


  • Clearer privacy policies, but how to make simple what is complex?
  • Better technical controls to customize your privacy levels, better definitions, higher accuracy or detail in controlling your privacy setup
  • Data ownership: you should be free to take your information and move it where you want, data portability. If I’m your friend on a SNS: whose is this information (i.e. “we are friends”), yours or mine? Data portability is a solution but also a way to circumvent and decontextualize some security issues about privacy

The same motivations that drive us into SNS are the ones that lead to mistakes, and mistakes lead to harms. This makes really difficult how to solve some problems related to privacy.

Most privacy violations are produced by ourselves, we have met the enemy and he is us, it’s individual users (not anonymous big brothers) the ones that are violating privacy on a peer-to-peer basis.

Privacy violations spread as a virus: SNS are privacy viruses that spread from person to person.


Miquel Peguera: how should default settings be set? is data portability the solution? A: default settings should be set to more privacy friendly levels. New features, for instance, are set on an opt-out basis, not an opt-in. The problem with data portability is whose is the ownership of data, specially when this “ownership” is shared?

Q: why is Facebook’s newsfeed a weapon? A: The problem is that there is a huge granularity on what you (and Facebook… and advertisers) can see and use for several purposes.

Ismael Peña-López: isn’t privacy overstated? A: Even if that might be true, the question is that people seeked some cover in SNS thinking that they privacy was assured there vs. the openness of the broad Internet. And the fact is that people got outraged when they found they search for privacy had been violated. So the point is not whether privacy is good or not, but that some people’s desire for privacy was guaranteed and then systematically violated.

Q: What happens when privacy can lead to crime? A: A big difference between SNS and typical surveillance tools is that the later are held by the power that should be having this kind of control, and opperated on a transparency basis. Instead, SNS surveillance systems are more complex, distributed and highly out of control.

Mònica Vilasau: are we more confident on the Net than offline? A: Psicologycal effects are really important in how we behave on SNSs.

Daithí Mac Sithigh: What are going to be the next steps of Facebook in the subject of privacy? A: Facebook is an extraordinary arrogant company. Dealing with privacy discussion, they would acknowledge they made a mistake, but won’t move back and, especially, won’t loose control.

Q: Can we increase control on existing or new SNSs? A: What we’ve been seeing so far is that this is a major challenge, that what people look for in networks is exactly the opposite of what would be needed to make these networks more privacy compliant.

More Information

  • Grimmelmann, J. (forthcoming 2009) Saving Facebook In Iowa Law Review, #94
  • IDP2009: Saving Facebook, by Daithí Mac Sithigh


5th Internet, Law and Politics Conference (2009)

The scarcely relevant practice of chat rooms and social networking sites

Manuel Castells is a scientific I admire. There are things I share — most of them — and things I don’t. Right now I’m working hard with two works of him:

Castells, M. (2000). “Materials for an exploratory theory of the network society”. In British Journal of Sociology, Jan-Mar 2000, 51(1), 5-24. London: Routledge.
Castells, M. (2004). “Informationalism, Networks, And The Network Society: A Theoretical Blueprint”. In Castells, M. (Ed.), The Network Society: A Cross-Cultural Perspective. Northampton, MA: Edward Elgar.

which I find really interesting and a recommended reading for everyone.

This is why I find so disappointing when an author of his stature can so unexpectedly slip out of the road by writing:

the Internet is quickly becoming a medium of interactive communication beyond the cute, but scarcely relevant practice of chat rooms (increasingly made obsolete by SMSs and other wireless, instant communication systems)

[bold letters are mine]

Of course, I’m not questioning him for not foreseeing that SMS would not replace instant messaging — which is what he’s actually meaning by the general concept of chat rooms —, two technologies that now live together in perfect harmony, especially in teen environments. It’s about the scarcely relevant practice of chat rooms.

This is 0% evidence, 100% value judgment.

Evidence about the relevance of such practice is way easy to be checked. First of all, we should remember the origins of both e-mail and instant messaging: high-tech scientific laboratories — there’s plenty of literature about this issue. But once it went out of the scientific environment and got popular, there’s more and more evidence about the relevance of such tools: the Pew Internet & American Life Project issued in that same year, 2004, the report How Americans Use Instant Messaging about 53 million American adults using instant messaging programs. Well, this is quite a lot of people doing scarcely relevant practices. But just at the end of last year, 2007, Garrett and Danziger analyzed how instant messaging was used at work for work purposes in their article IM=Interruption Management? Instant Messaging and Disruption in the Workplace, finding positive uses — yes, you read right: positive. So, evidence absolutely shows that there are good, interesting, useful practices around instant messaging.

What about value judgment? Well, I’d personally agree on assessing as useful, effective, efficient, etc. the use instant messaging for criminal purposes: phishing and pharming, organizing terrorist attacks, seducing minors for sexual purposes, etc. Actually, the main security concerns nowadays about the Internet are precisely in this line: how to avoid the effectiveness of tools like instant messaging, social networking sites and e-mail for criminal purposes. Hence, what is to blame is the criminal who uses these tools, but the tools are working great — even if in bad hands, because tools know no ethics, no law (well, Lessig would complain about this last point).

Summing up: a tool is useful, efficient, effective or relevant besides the fact that we like or dislike the way it is used, but based on its performance.

Same with social networking sites. In a work I’ve already talked about by David Beer and Roger Burrows, they write about Facebook. Even if they are quite open minded, there’s a full chapter about the bad uses of Facebook concerning teachers’ privacy issues which, from my point of view, is almost a digression that really does not deal with the sense of ‘democratization’, as stated in the title of that chapter.

While the authors complain — more than criticize — about the fact of having some colleagues exposed to public dishonor, they lose focus on the subject of analysis: Facebook, social networking sites, shifting towards the (bad) education and practices of such students, which was (supposedly) not the matter of debate in the article.

Day after day I am surprised by the recurrent exercise to blame on the Internet things that belong to “real” life: Law, Education, Business Management… And, even worse, to state about Internet applications and uses things that are absolutely false, taking as evidence what, all in all, was just lack of deeper knowledge and prejudice. Even in the most brilliant scientists. We all have bad days everywhen.