BlurryEdge Strategies

I have a comment on the NYT Room to Debate forum Google or China: Who Has More to Lose? praising Google's decision not to censor search results on .cn but recognizing that it was the alleged Chinese government's hacking that broke the camel's back as opposed to general disgust with the regime's Internet Freedom policy (I also wrote about this at the time of the initial announcement in January).  I do think it shows that while doing business with China could be justified by a goal of fostering engagement, collaborating with the regime cannot.

It's easy to make headlines by offering grand statements that privacy is dead.  Millions of users certainly are sharing a lot of very personal information, stories, pictures, and data online everyday.  So why should a company or any other institution invest their limited time and resources in thinking about privacy?

Because carefully considering privacy issues early on can save you significant headaches later.  First, there are dozens of national and international laws and regulations that cover data collection, and if you are not in compliance with those laws you can have serious problems.  Second, if you aspire to get funded, acquired or go public, you want to build your data collection architecture so that privacy issues do not create a roadblock when you least expect it.    And finally, the truth is no one really knows where your users will draw the line when it comes to your use of their data.  It simply makes good business sense to consider the implications of your decisions early and often, as your innovate in technology, as new business models develop or as new corporate directions evolve.

Personally, I think people care about privacy a lot more than the anecdotal evidence of the moment suggests. Successful businesses building sustainable and innovative products are those that are ready to answer the tough questions, whether asked by their investors, the press or their users, and to evolve their privacy strategy to complement their business strategy.

I'm teaching Privacy and Free Speech Online at Stanford Law School in the Spring Quarter.  The course description:

Privacy and free speech values frequently conflict. Protecting one individual's privacy often requires preventing another's speech. The Internet has created significant opportunity for users to express themselves in chatrooms, on the web, and through new social network applications. With this increased expression has come increased disclosures of personal information that may be saved, searched, and republished. Courts are currently grappling with the privacy- speech tension in cases where individuals as opposed to media institutions are the publishers of personal information about themselves and others and where people are publishing information on public networks but intended for limited groups of readers. This seminar will explore the tension between protecting privacy and free speech online, with specific emphasis on the legal rules and social norms around user initiated communications and social networking and other web 2.0 applications.

I have a fairly hefty set of legal readings, but I'm also looking for interesting apps, websites, non- legal papers and innovative policies or business models that bring the privacy-speech conflict into focus.  Any ideas?

The Boston College Law Review published my paper Privacy, Free Speech and Blurry Edged-Social Networks last November.

From the Abstract:

Much of Internet-related scholarship over the past ten years has focused on the enormous benefits that come from eliminating intermediaries and allowing user generated one-to-many (one person to many people) communications. Many commentators have noted the tension created between the positive benefits for free speech and the negative effects on user privacy. This tension has been exacerbated by technologies that permit users to create social networks with “blurry edges” - places where they post information generally intended for a small network of friends and family, but which is left available to the whole world to access. The thought is that someone the user cannot identify a priori might find the information interesting or useful. These technological advances have created enormous benefits as people connect to each other and build communities online. The technology that enables these communities, however, also creates an illusion of privacy and control that the law fails to recognize. This Article discusses the technological, social, and legal regimes that have created this framework, and proposes a technical solution to permit users to maintain networks with blurry edges while still appropriately balancing speech and privacy concerns.

I propose a system of privacy tags, perhaps a common metadata system, that users can attach to any content (like a blog post or picture) to indicate their preference for subsequent reuse.    Because of the potential chilling effect on speech a code-based approach might create, I suggest a neighborliness approach where people can choose to indicate their preference and rely on social norms to enforce it. Of course, I hope that the privacy torts that assume  a user's musings on the public web are available for any reuse would adjust once subjective intentions of individuals become visceral.  But I still prefer a liability rule to a property based approach.

I've been thinking about this project for a long time-- when Creative Commons was launched a few doors down from my office at Stanford Law School, I thought: Why can't we do this for privacy?  Some of my early thoughts from working with students at SLS are here.  Professor Ann Bartow is less optimistic that a norms (as opposed to code or law) based approach will actually produce any behavioral change.

I am interested what others think about the "neighborliness" approach.