Privacy issues dominate the global debate about protecting the rights of individuals online. Yet, the conversation almost entirely misses a vital point: public or private isn’t a black or white choice and it never has been.
Sociologists have long recognized that there is no single “public”, no monolithic context where social norms congeal and deviant behavior is shunned. Instead, we’ve recognized that each of us engages in multiple, distinct publics, with their own boundaries and rules of etiquette. We act one way at PTA meetings, another in Las Vegas, yet again a third way at work. These are different flavors of public behavior and yet we expect most people to respect boundaries between these areas. We manage these publics as easily and naturally as we greet a newcomer to the workplace. We do it without conscious effort, but with a sensitivity to the place and moment.
We also constantly manage any number of private contexts, where certain topics and behaviors are understood to be held in confidence, from family matters and Santa Claus to corporate secrets. Just as there is no monolithic “public”, there is no single “private” domain, where insiders know everything and outsiders know nothing. We share confidences with our kids, our spouses, our lawyers, our doctors, our psychiatrists, our bartenders, our business partners, all with certain, often unstated, rules about appropriate use and redistribution. Sure, these confidences are occasionally broken, but when they are, it violates our privacy and breaks trust. Frackin’ jerks!
Privacy leaks occur when information entrusted to one context finds its way into another: when our doctor’s receptionist tells our co-worker a bit too much about our visit, a boss overhears an embarrassing story about where we really were last Monday, or an ex tells her gossiping friends about our intimate moments. These context violations hurt whether they occur between “private” contexts or “public” ones. The issue isn’t whether something was said or done in “public” or “private”. The issue is the boundary breaking, the violation of expectations, and the betrayal of trust.
Our worlds are not defined by a single boundary between public and private, but by a constellation of privacy, comprised of multiple, distinct contexts, each with their own set of participants and expectations. There are literally billions and billions of contexts worldwide, each of us participating in dozens, perhaps hundreds.
We’ve been figuring this out for a long time. Over thousands of years, we’ve developed social norms that help us navigate different contexts. Space and time are our most common tools, marking the boundaries between strip clubs, schools, churches, homes, bedrooms, and restrooms. Don’t interrupt the magician, don’t talk during mass, don’t make personal calls on company time. Sometimes it’s topical, like spelling out “S.A.N.T.A” to keep the magic of Christmas alive. These social rules keep naked people out of the cafeteria and accountants out of our bathroom and thank goodness for that!
Today, we are faced with a rapidly growing digital domain with new boundaries and connections, where uncertain rules confound expectations. In a relatively short period, huge portions of our daily lives have moved online, into contexts that lack clear social norms. These online services are often interpreted and promoted as being far more discreet then they actually are. We post a photo to Facebook to share with our friends, forgetting for a moment that co-workers or students might also see that indulgent image. We post a political rant on our blog, only to later have it come up in a job interview. Our Foursquare sign-ins get linked to Twitter without realizing it… and now our location is in the public stream for anyone to find. To make matters worse, many of these services regularly release new features or change their privacy policies… the rules are not just uncertain, they keep changing.
Focusing on public verses private misses the point. The analog world was never that black and white, why would we expect it to be that way online? Rather than an opt-in or opt-out, track or do-not-track, we need a solution that allows us to participate with the same shades of gray we use in the rest of our lives. This isn’t about the end of privacy nor is it about the inevitability of living in public. It’s about figuring out a new set of viable contexts with clear, understandable boundaries, rules, and participants. It’s about giving people as clear and simple control over their online social contexts as we have in the analog world.
We should be able to explicitly manage our online contexts: what we share, with whom, for what purpose, and with what constraints. Once we do that, the overly simplistic model of public verses private will yield to a beautiful constellation of privacy that is more understandable, more flexible, more realistic, and more empowering.
So, put down your pen and step away from the regulatorium. The last thing we need is half-baked black and white thinking turned into law.
Pingback: Equals Drummond » Blog Archive » Privacy is nuanced
Reminds me of Danah Boyd’s SXSW 2010 keynote:
http://www.danah.org/papers/talks/2010/SXSW2010.html
It’s easy to think that “public” and “private” are binaries. We certainly build a lot of technology with this assumption. … But this binary logic isn’t good enough for understanding what people mean when they talk about privacy.
Great reframing of the issues – I love it. Right up to the last para when you cast aspersions on regulatory objectives. In my view, a great deal of good is done by OECD style data protection principles. And they nearly sidestep the philosophical quagmires you allude to. Please see my further thought on the public yet private paradox: http://lockstep.com.au/library/privacy/public-yet-still-private
Fair enough. Casting aspersions isn’t very friendly, but I am specifically concerned about things like Do Not Track which are focused on data access or data capture instead of data use.
I’ve long felt that Do Not Call works because it regulates behavior rather than data. IMO, the “right” version of DNT would outlaw inappropriate behavior, no matter where the data comes from. Personally, I favor a strict permissioning architecture, and in theory, OECD helps, especially with purpose binding, but as I understand it, in practice, the impact on actual systems is minimal.