Friendster and Symmetrical Privacy
The social networking site Friendster got into a lot of trouble with some of its members recently by changing its ground rules. Friendster, along with similar social networking sites, allows individuals to create profiles of themselves on the Internet and then look up profiles belonging to friends, potential romantic interests, and long lost acquaintances. One of Friendster’s neatest functionalities is the ability to see beyond one degree of separation (i.e. to friends-of-friends), which exponentially expands the range of one’s possible social contacts. (For a paper on social networks and their privacy implications, go here.)
Friendster seems to have been gathering data all along about which of its members were viewing which other members’ profiles. But until recently, it kept this data secret, and many of its members appear to have assumed that they could look up the profiles belonging to long-lost-exes, elementary school friends, friends-of-friends, and co-workers anonymously. Not so. Friendster, with little fanfare, recently introduced the “Who’s viewed me” function, and allowed its users to learn the names of everyone who had ever looked them up. Now Friendster users could quickly satisfy their curiosity by finding out who had viewed their profiles, but were mortified to learn that other users could do the same thing to them. Friendster was deluged with outraged user emails and blog commentary, and a terrific law student, Rebecca Silver, brought the controversy to my attention.
Friendster has since apologized for underestimating the intensity of its users’ opposition to the policy change and enabled users to opt in to the anonymous viewing of others’ profiles, which solves the problem reasonably well going forward. But I actually think that Friendster’s initial instincts, this notion of symmetrical privacy, have broad applications to privacy law.
Symmetrical privacy is simply the idea that individuals or entities may access my private data, but if they do so, I am entitled to know what they are up to. Symmetrical privacy is not a core feature of American privacy law, with the exception of case law and several statutes governing criminal searches, but I would argue that this principle has great appeal as a method of resolving many contentious information privacy issues. If an employer, identity thief, health insurer, or credit card company wants to access my credit report, at least let me know about it. If someone makes a FOIA request for government documents that reveal something about me, I should be notified of this request by the government. If someone goes to Fundrace.org or a similar site to see which political candidates I have donated to, I have no right to stop them from doing so, but I ought to have the right to be informed of their snooping. Symmetrical privacy might or might not be a solid foundation for a social networking site, but it seems to me that it is an excellent starting point for the law’s treatment of private information.
On Friendster: Ouch. On your proposal: That's really interesting. I don't think we'd want a rule requiring symmetric disclosure for all information providers, e.g. Google (although Google's not completely anonymous either, at least where someone is reading their site's server logs). Credit reports seem like a good example (there is already 15 U.S.C. 1681g(a)(3), but it could be made more user-friendly); and perhaps marketing data collected and sold by businesses, but that seems much more difficult to implement.
Posted by: Bruce | October 06, 2005 at 04:49 PM
I am concerned that applying privacy symmetry to Internet-based activities might create a chilling effect, discouraging use and eliminating one of the greatest advantages of the Internet: free access to information. (How many of us would continue Googling people if a notification system were in place?) In fact, some of my friends have given up Friendster entirely because they no longer trust the service and are afraid that the viewing information might again be made public at a later date.
On the other hand, it is possible that the effects of such a system would be minimal. For example, it is well-known that personal websites and blogs are often equipped with the capacity to trace IP addresses to specific locations. Despite knowledge of this tracking feature, curiosity wins out for many of us and we still click away.
Posted by: ellen | October 06, 2005 at 08:51 PM
I don't know, ellen, does that really "discourage use"? the "use" it discourages, frankly, is the somewhat creepy use of chasing down exes or whatever. even as it originally existed, friendster always allowed your employer or professor or whoever to view your information, and that didn't stop you from using the service. why is it more disturbing for someone to know you've looked at them than to have someone you don't know about looking at you? one explanation might be that you created a minimal, nonembarassing profile (notice you have to join to use the service). but obviously many people created more substantive profiles (or else what would be the point of stalking them?) so i'm not sure how much chilling there would be, or how much we should worry about it. then again, it's only friendster...wonder how many hits lior's getting.
Posted by: anon | October 06, 2005 at 10:38 PM
actually, a simple form of symmetrical privacy has existed since the internet's inception in the form of details regarding site traffic and the location of individual viewers. Though not as revealing as Friendster's "Who's Viewed Me" function, this simple form of symmetrical privacy has certainly not had any apparent "chilling effect" on use.
Posted by: jason | October 06, 2005 at 10:44 PM
Anon, the discouraged use I am considering is not that of making a Friendster profile-- obviously members are aware that anyone can access their information. The "who's viewed me" option might discourage users from looking at exes/old friends/random acquaintances (assuming users distrust the new privacy viewing option). And creepy or not, isn't that one of the major purposes of the service in the first place?
Jason, I agree with you-- that's the point I tried to suggest at the end of my original post. I do wonder, however, how much information the typical Internet user thinks is being/can be gathered about her. I wouldn't be surprised if less people know about this capability than we'd think. Of course, some personal web sites post IP details. In those cases, viewers definitively know that their information has been logged. It would be interesting to compare the traffic volume of such sites to comparable ones that do not make the information-gathering explicit. My guess is that the latter has more repeat viewers (aka "stalkers" :)) than the former. After all, for websites of the latter type, even users who know that websites generally log IP addresses may hold out hope that the webmaster of each particular site does not know how/bother to convert those details to a real location. Of course, this is all highly speculative...
Posted by: ellen | October 07, 2005 at 07:33 AM
I'd prefer to think of symmerical privacy as a practice or requirement such that if you can or do invade my privacy, then I have a symmetrical ability to invade yours. You caa interrupt my dinner with a phone call and I can interrupt yours, while a telemarketer can interrupt mine in a manner that I cannot match. This is one reason telemarketing is unpopular. The Friendster move seems more like one of transparency, and perhaps the question is how far we want to take it. A credit card company can simply say "we automatically acquire background information on everyone who has a social secutity number" and that may not be quite the same thing as saying they used the information. Confessing to a practice of making universal inquiries seems to satisfy the transparency requirement, but it does not really get at the issue. I might like to know who has eavesdropped on my conversations (then again I might not). That is more useful than either having the right to eavesdrop on my eavesdroppers (symmetry) or knowing that X eavesdrops on everyone (transparency). Professor Strahilevitz's observation gets at these distinctions. Friendster would have taken its users by even greater surprise if it had been entirely transparent, and not just to those who were viewed. It might have shown the world where everyone went to look.
Posted by: slevmore | October 07, 2005 at 07:37 AM
In the increasingly networked world, another problematic consequence of a symmetrical notification system would be a form of information overload. Depending on how broadly you define "snooping", giving individuals notice of each instance of such "snooping" might well involve informing them of multiple daily transactions. Every time anyone looks up anything about you? That could be a lot... And as a result, the notifications could simply add further clutter to the vast quantity of incoming communications many of us process constantly.
A second problem, exemplified by the credit reports mentioned by Bruce. Have you looked at yours lately? Sure, they tell you who requested your data. But mine reveal requests from multiple vaguely-named and unfamiliar entities. In some cases I was able to figure out who they were based on what I knew already -- I applied for a store credit card a few months ago, so that must explain the request around that time from "First National Trust" (or whatever). Others, I still don't know who they are, and the burden of figuring it out would be huge. So true symmetry would require that I know more than just the name of the institution that now knows a great deal about me.
Still, it certainly is a thought-provoking idea...
Posted by: Bill McGeveran | October 07, 2005 at 10:25 AM