|
|
 |
|
Call for A Social Networking Bill of Rights
Duncan Work
A social software pioneer suggests how "six degrees" websites ought to treat personal information.
Introduction
 Online privacy issues are becoming increasingly important as potential invasions of privacy become more pervasive. Social networking systems – which facilitate getting introductions from people you trust to people they trust – add significant new capabilities to protect privacy. But if correct design and privacy policies aren't applied, they also have the power to further invade privacy.
The primary question posed by this paper is: What are those correct designs and policies? Many online systems don't get privacy policies right because of self-interest, or simply because privacy is not a high priority. For online retailers, protecting credit card information quickly became a high priority. But social networking systems are still fairly new, so while earning the trust of their users is being increasingly recognized as important, clear privacy standards are yet to emerge. What basic principles can social networking systems follow to best protect the rights of both users and non-users?
By the way, what exactly are the rights of users? The right to privacy is probably the most basic, but how should that be expressed, and what other related rights are also important?
And what about non-users? Should non-users have rights too? Most online privacy policies seem to speak exclusively about rights of users, without mentioning non-users. But in social networking systems, the rights of non-users can quickly become important, as well.
The Evolution of Social Networking Software
(and my humble role in it)
Important groundwork in the study and understanding of social networks began 70 years ago. However, the inspiration for social networking software was really born around the same time as the Internet, when many first began to see its planet-connecting potential. Around the same period many people, including myself, were drawn to the idea of social networking upon hearing about the idea of "six degrees," popularized earlier by Stanley Milgram (in 1967). In my case, my interest was due to a background in anthropology and sociology, and a love for the ideas of Teilhard de Chardin. I was fascinated with work coming out of several disciplines that suggested that networks are really the most intelligent form of organization, considerably more intelligent than hierarchies and centralized control structures. When I later also heard about the Internet (in the late '80s) I was of course ecstatic, as were most people who were in love with the potential of networked intelligence.
The popular "six degrees" idea (that all six billion of us are connected in only six links from friend to friend) helped us realize that trusted connections between people are present, but we need a way to make them visible. When I began thinking about this challenge I was an international trade consultant in a small but well-connected firm. I was impressed with how many advantages a small firm can create for itself by making good use of personal connections – and through introductions to the trusted contacts of trusted contacts. I began to develop an idea of "connected Rolodexes" so that we and others could instantly find out who among our close contacts knows the people we want to meet. (Several, probably lots, of other people were having similar thoughts). When I proposed this idea to some of my international trade colleagues, almost overwhelmingly they thought it was interesting – but that it would never work, because Roladexes are way too sensitive to share. Instead, people need to make individual decisions when making introductions, on a case-by-case basis.
Although I had little time to develop outside projects, my global networking ideas continued to percolate. I soon discovered that facilitating social networks was my real passion, and I was interested in much broader connections than present in international trade networks. So I left international trade and gravitated towards software development, consulting with association software developers and their clients while continuing my study and design of social networking software.
It was during this time that I began learning about "intelligent agents" – software agents that can perform almost people-like services for those who use them. My thought was that the software has to be able to protect individual privacy, just like a really good assistant or an excellent broker. A broker, for example, is trusted by lots of people with their confidential information, but the broker only reveals the information needed to make a match when given permission by both parties. I envisioned two kinds of agents, a personal gatekeeper agent and a network broker agent, and began to design how they could both work effectively. To be effective, I reasoned they had to be sophisticated enough to deal with all the nuances required in social networking; at the same time, the sophistication had to be hidden until needed.
Think of trust as the currency of social capital. Managing trusted relationships is a complex and risky social, emotional, and strategic problem.
|
When the SixDegrees.com site launched in early 1997, I was busy working on these ideas and was of course interested to see what SixDegrees would do with its namesake concept. It quickly became clear that they had the idea right, but not the implementation. I was very happy to see how many people were interested in the idea and joined the system. But I and others also saw that there wasn't much you could do after you joined. The implementation was mainly an attempt to create a product that would spread quickly from person to person ("virally") in order to attract as many "eyeballs" to the site as possible, and at a very low cost. The product completely lacked privacy controls (other than simple password-controlled access), and also had an extremely sparse profile that prevented meaningful searches. (In the end SixDegrees was sold for $40 per eyeball, but I'm afraid the eyeballs didn't help the acquirer as much as he hoped, because most of them had long before ceased being active.)
In contrast, it was clear to me that an ideal social networking system would have to include: (a) rich profiles, to enhance both searches and personal evaluations of matches that were found; (b) personalized and sophisticated access controls, to give people the ability to selectively share rich profiles (otherwise they wouldn't reveal much), (c) a network broker that could insure mutual interest and also find mutual connections for personal introductions, and (d) methods to verify that people are who they say they are, including ways to find mutual contacts as well as other trusted means.
In April of 2000, as the Internet bubble was already leaking, I finally found a small seed investor who believed in my ideas and provided considerable business development and technical help. My company, Net Deva, Inc. was thus launched. Even without counting the mistakes that we made, the timing wasn't good for starting an Internet company with an unproven business model, and the funding we had was ultimately inadequate. Yet, with considerable sweat equity of many talented people, and, towards the end through a small but significant loan from Planetwork, we managed to build a working prototype and to get the attention of a number of potential early adopters. But by then the additional funds we needed to complete our work were especially scarce, and as an extra challenge, my own personal "fortunes" were in a hole that was deep, scary, and surprisingly quiet.
Quiet times are good for reflection, and for letting new things bubble up. So, a year ago through a trusted contact of a trusted contact of a trusted contact I was introduced to Reid Hoffman, CEO of LinkedIn. Reid was incredibly busy then since LinkedIn was just launching, but he made time to meet largely because he highly trusted the person who introduced us – and likewise my trust in our mutual contact persuaded me that Reid was trustable and good to talk to. So in early June of 2003, at the Planetwork conference, Reid and I met in person for the first time. The more I got to know Reid and others at LinkedIn (and while comparing LinkedIn carefully with other products), the more convinced I became that our values and visions were well aligned, and that I would have the best chance of bringing my ideas into fruition by working with them. Today I'm happy to be working with LinkedIn as their Chief Scientist; I'm also wearing the hat of Privacy Officer, since privacy and trust have always been the key to the solutions I was developing.
Trust, Privacy and Social Networks
The need for trust and privacy was the core of what I was doing with Net Deva. Everybody I talked with agreed this was essential. So why did it take such a long time to launch a truly effective and rapidly growing social networking system? In brief, because several other Internet frontiers had to be tamed and settled first, before we could tackle the harder problem of helping us manage and exchange trusted relationships.
Think of trust as the currency of social capital. Financial capital has stock exchanges and currency exchanges, intellectual capital has knowledge exchanges, and the labor market has labor exchanges (job-matching). Exchanges have also developed for finding dates or targeted expertise. But these exchanges are all much easier to establish and get people comfortable with than an online, automated system that relies on an exchange of trust. I think the part about "getting people comfortable" and willing to participate was the major hurtle. Managing trusted relationships is a complex and risky social, emotional, and strategic problem.
After watching Six Degrees (the company) launch a "six degrees" type product, however, it became apparent that the early versions of social networking software didn't require all of the elaborate features I was designing to help people manage trust. Only now is the need for more sophistication becoming urgent, as social networks grow in size and more "mainstream" professionals begin to use them.
Friendster, for example, achieved exponential viral growth because its targeted group had high motivations (e.g., getting dates), high energy, and sufficient time. But the privacy needs of its users were relatively low; i.e., not much was at stake and users could always limit whom they actually communicated with. With Friendster the ability to limit connections to friends of friends and out a few degrees was fascinating, while it was also private enough for the needs it was tackling.
LinkedIn, which has become the biggest and fastest growing professional-use social network, has been successful precisely because of a design that carefully considered the privacy needs of professionals, which it presented in a format that mirrored "real world" professional networking interactions. It delivered considerably more privacy than Friendster, but in a very simple, non-tech-heavy way that gave each individual full control, and which made each individual an arbiter of trust.
The core of LinkedIn's design incorporates these primary principles:
1. All connections are mutually confirmed.
2. Both individuals in a connection own the relationship together; one can't publish the relationship without the consent of the other.
3. Because connections are mutually confirmed, most connections in the system are strong and reciprocal.
4. Requests are thus always received from someone the user knows well, and forwarded to someone the user knows well.
5. Each user controls what requests to accept or forward, on a case-by-case basis.
6. Only direct connections exchange contact information (email, etc.).
As a result of this decentralized privacy design, LinkedIn now has over 820,000 registered users and an excellent record of actual use and value to users. This is an important point. SixDegrees.com grew fast, but delivered little real value. It grew fast by quickly getting new recruits to invite their friends, before they discovered that there wasn't much they could do with it. So, to measure value to users, we need to look for more than growth statistics – that is, measures of actual use and results. For example, users search for professionals on LinkedIn over a million times per month. Most importantly, LinkedIn facilitates over 25,000 referrals per month, which account for 83% of all requests for referrals that are sent. This is again largely because the connections from person to person are very strong in LinkedIn.
Some other networking services have pursued other strategies to increase membership. They tried to go for higher numbers of people in the chain, and included the names of people in a user's address books as "contacts." This has resulted in a majority of the names in the database being non-users who are often weak connections, and who have little data recorded about them within the system. By adopting a design that emphasizes a need for high-quality trusted connections, LinkedIn has actually been able to attract hundreds of thousands more registered users than services that have used more aggressive ways to increase the size of the contact database.
Why Privacy is Important for Social Networking Services
Why is privacy particularly important? Here's a quick list of what I'm trying to protect when I seek privacy:
* My time and control over my attention and effectiveness; I want information and contacts that help me, not information and requests that waste my time.
* Parts of my life that are personally private; I want to control who, if anyone, will know these things.
* My money and my means of earning a living, including secrets of my success; my knowledge, contacts, and resources.
* My reputation; both professional and personal.
* My social capital, which is similar to reputation, but more personal; derived from the trust my contacts have in me and their interest in a reciprocal relationship with me.
* My identity and the rights and capabilities it gives me; only I should be able to access my bank account, email, etc.
Some invasions of privacy cause me annoyance and waste my time. This is an age when time is excruciatingly short and, thanks to labor-saving inventions, annoyances are pouring upon us. We are now ready to declare spam, telemarketing, and other intentional wastes of our time to be criminal acts. Of course, other invasions of privacy, involving theft and abuse related to money, property, reputation, opportunity, dignity, and identify, are even more serious.
Social networking tools make use of trusted relationships to enhance all of these: earning potential, reputation, social capital, privileges and capabilities, effective use of my time and attention, and personal privacy. Social networking systems also have the ability to protect us from abuse by helping us to better choose and evaluate potential recipients of our trust.
And yet, social networking systems also have their special issues related to privacy. Social networking systems help people store, invest, draw upon, accumulate and manage social capital. "Social capital" can be defined as what people are willing to do for each other, and is derived from trust, affinity, and loyalty. People "invest" in social capital when they help someone; they "draw" on their social capital when they ask for a favor. Keeping "score" (using "social network accounting") is frowned upon, but people nevertheless do keep score, at least emotionally if not also strategically.
The right of each user to control access to information that they contribute is fundamental. Each individual must have control over his or her own information.
|
In a social network, the actions of each person ripple through the network, affecting many others. Thus, if I refer one contact to another, and the situation works out well for both of them, then my social capital increases. But if the introduction leads to a serious problem, my social capital can actually decline.
If someone steals my identify and empties my bank account, they harm only me. But if they steal my social capital (by abusing or faking a relationship with me) then they harm not only me, but my close contacts, and potentially also the close contacts of my close contacts. Most professional social networking systems are well designed to prevent this kind of abuse, and yet the systems are still evolving, as are the potentials for abuse.
There is another privacy issue peculiar to social networking systems. This is an issue that is most related to the "annoyance" types of privacy issues, but can also have more serious ramifications. Social networking systems, like all responsible online services, have privacy policies that protect users. And yet, some social networking systems also encourage their users to upload information about their non-user contacts. In some social networking systems the percent of searchable non-users in the system is actually a great majority of their searchable contact database. [1]
To provide adequate protections to non-users requires more than vigilance by the users who contribute information about them, because users can be careless, and in some systems users may not fully realize the implications of their actions. The system itself thus has a responsibility to protect the rights of non-users.
Identifying Basic Individual Rights for Social Networking
At LinkedIn we are developing a "Social Networking Bill of Rights" that can reflect the special needs for privacy of highly automated social networking services. We welcome discussion and broader participation in developing a set of individual rights that can be industry-wide. At the end of this paper, I'll list some of the basic rights that we feel should be part of social networking privacy policies. To suggest how to get to that list, let's start with a broader set of principles that we feel are at the heart of the need for individual rights in social networking system. These are:
1. The right to know who is collecting what and for what purposes;
2. The right to not participate;
3. The right to clear and, in some cases, irrevocable privacy policies;
4. The right to control access to personal information and attention;
5. The right to participate in a global social networking system without restrictive barriers.
[Continued on next page...]
Footnotes
[1] One example is Spoke, which has 25,000,000 names in their searchable database and less than 50,000 registered users. My intention in making this point is not to criticize LinkedIn competitors, such as Spoke, but to help spark a valuable debate on this issue, while hopefully not triggering an on-going exchange of accusations.
|
|
