What is it with technology that makes these kinds of privacy breaches so common?
The importance of physical objects in privacy
We recruit physical objects to prop up our privacy. Doors, walls and curtains help us control access to information by obscuring the view into private space. Sometimes, objects are used to indicate a purely symbolic boundary, as in the case of a window. In public or shared spaces, we recruit physical objects to demarcate space we claim as private. Yoga class participants carry out this process by placing their mat on a carefully chosen spot. New arrivals to the class know that space is now “taken” by another student.
An office with walls and a door is less accessible than a mere desk – even when the office door is open. Fictional news reporter Les Nessman illustrated this by painting yellow lines on the carpet around his desk. Visitors to his “office” were asked to pantomime knocking on the “door.”
Figure 1: Les Nessman answering his “door”
The physical context of information tells us how private that information is intended to be. A piece of paper sitting in plain view suggests it is not private information. But that place that same piece of paper in a folder, and shut it in a drawer and the information is clearly intended to be private. The physical context itself connotes the nature of the information.
In the digital world, we no longer have these physical objects to help us. The digital context lacks the same fidelity of the physical world. Without physical objects to indicate the nature of privacy, digital objects typically are given metadata to indicate their private nature.
Metadata’s primary shortcoming is that it doesn’t relate the object to other objects, thereby robbing the user of a rich source of information. Imagine a photo placed in a frame and set on a piano. Imagine the same photo stuck on a corkboard, next to a mug shot. Imagine it again placed in a shoebox and tucked under a bed. Then imagine this photo posted on Facebook. The human mind quickly intuits the meaning of the object by means of comparing it to other, nearby objects. In the digital realm, objects are stripped of this context. Hashtags or metadata lack the richness of the physical context, and makes it that much more difficult to intuit the private nature of the object.
Ethnography and the importance of attachments and involvements
Elsewhere I have argued that ethnography is one of the best ways to understand how products relate to people and to the world. I argued that Heidegger’s concepts of “attachments” and “involvements” are what ethnographers should be looking for in the field. How does this product fit with other products? How does it fit with with people? You must understand a potential user’s system if you’re developing a product, and ethnography gives you a high-fidelity view into the user’s world.
This is one of the reasons we have so many privacy breaches; digital products were developed without understanding the user’s attachments and involvements, especially those relating to privacy. Sadly, entire business models have been built on users not realizing this fact, and over-sharing their information in a digital space. In the physical world, they might unconsciously recruit physical objects to communicate a high-fidelity privacy desire. We need more systems to integrate this desire, but with authentically digital options.
 A. Westin, Privacy And Freedom, vol. 25, no. 1. New York: Athenum, 1967.
 A. Cerra and C. James, Identity Shift: Where Identity Meets Technology in A Networked Age. Indianapolis: John Wiley & Sons, 2012.
 M. Madejski, M. Johnson, and S. M. Bellovin, “The Failure of Online Social Network Privacy Settings,” New York, 2011.
 B. Meeder, J. Tam, P. G. Kelley, and L. F. Cranor, “RT @ IWantPrivacy : Widespread Violation of Privacy Settings in the Twitter Social Network,” in Proceedings of the Web, Vol. 2, 2009.
 T. a. Pempek, Y. a. Yermolayeva, and S. L. Calvert, “College students’ social networking experiences on Facebook,” J. Appl. Dev. Psychol., vol. 30, no. 3, pp. 227–238, May 2009.
 E. Protalinksi, “13 Million US Facebook Users Don’t Change Privacy Settings,” ZDNet News2, 2012. [Online]. Available: http://www.zdnet.com/blog/facebook/13-million-us-facebook-users-dont-change-privacy-settings/12398. [Accessed: 06-Dec-2013].
Why does Snapchat process 50 million messages a day? All of which disappear 10 seconds after they are delivered?
If you’re over 20, chances are you’ve never even heard of Snapchat, yet it’s one of the fastest growing social media apps we have. I argue that Snapchat is growing so quickly because it offers us something we desperately need but do not have: a way to deal with the routine embarrassments our socially enhanced Web spits back at us everyday. We lack the “intellectual technology” that would provide us socially adroit online interaction. Instead we have technology that ignores decades of sociological work on identity. For this reason, Snapchat and other ephemeral content tools, such as the new Detour App will fill the gap.
Creating “Intellectual Technologies”
We could never have moved from producing goods to producing services without what sociologist Daniel Bell called “intellectual technologies.” In The Coming of The Postindustrial Society, Bell argued that the intellectual technologies of probability theory and statistical analysis allowed us to understand and manage new kinds of production that did not involve widgets. We could not offer marketing services without first having a way to think about and analyze the “average consumer.” We needed a set of tools to help us conceive of the symbolic world, and particularly the nature of social life
The intellectual technologies of probability theory paved the way for digital technologies, such as the now ubiquitous spreadsheet, which uses statistical algorithms. But tools like Excel would not be possible were it not for intellectual technologies such as demographic variables, conceived through the lens of analysis of variance, confidence intervals, and regression analysis. Were it not for these intellectual technologies, insight into the aggregate social world still be unknown, and services such as policy analysis, marketing, and public relations would not have been possible. We are in need of a similar set of intellectual technologies for this century’s current conundrum: how to manage multiple social spheres at the same time.
The New Intellectual Technologies of Privacy and Identity
We are in dire need of intellectual technologies relating to privacy and identity.
There has been no shortage of digital technologies relating to privacy and identity, but they have no intellectual foundation relating to the nature of social interaction itself. It is as if we are all vainly trying to use Excel, without the benefit of even the simplest formulae with which to program it. We are currently using social networks that are designed without any conception of the nature of social interaction itself. This is why the Web routinely produces humiliating social slips out of even the most pedestrian of social interactions.
The digital technologies we now have are failing miserably in helping us manage privacy and identity. OpenID, for example, attempted to be a single sign-on tool that allowed the user to control his or her credentials by encouraging a standardization across the anarchic system of the Web. Ultimately OpenID failed to achieve this status because there was no accompanying intellectual technology in the form of a robust consensus on what privacy and identity really means.
A user’s OpenID is now simply a signon tool, and not a tool of controlling one’s representation in social life. Technology companies with multiple sign-on experiences, such as Google, have actually made the problem worse, not better, as they consolidate their various ID experiences. Users have become accustomed to having their credentials carry across disparate online experiences, which desensitizes them to the privacy implications of credentials consolidation.
Google Buzz illustrated the problem with this single sign-on experience; users were upset to find that their “google identity” and all its accompanying details, were broadcasted to all their Google contacts. But they had been trained, through single sign-on, not to see that they were passing through different social “spaces” as they moved from site to site.
Facebook, of course, regularly abuses its users and their claims to privacy. They continually introduce technological fixes to privacy without any of the intellectual support for users to own their own identity and present it appropriately in different social contexts. Worse, Facebook has affordances that actually invite social breaches. Its very design sets the stage for embarrassment, humiliation and shame.
Facebook’s various iterations of the “status update” encourages users to share increasingly intimate and emotional experiences. Today, Facebook asked me, “How are you feeling, Sam?” in its best impression of HAL 9000. In the offline social world, astute social actors discern, for themselves, the correct tone and character of shared information.
If a work colleague asks “How are you feeling?” I am astute enough to know I should answer “Much better, thank you. That flu was terrible!” I do not answer “Desolate. I lost my car keys and my cat is at the vet and will probably die.” Yet these are the very kinds of status updates that Facebook is attempting to solicit from me. The idea of “TMI” or “too much information” is something most social actors practice particularly well in face-to-face situations. By inviting users to share emotional experiences to a wide and unsorted grouping of “friends,” Facebook is setting the stage for tone deaf social interactions.
Facebook’s lack of intellectual technologies of privacy and identity make it downright autistic.
Socially enhanced productivity tools
The lack of intellectual technologies for privacy and identity has particular implications for productivity. As work has become more geographically distributed and technologically mediated, we are even more in need of these intellectual technologies to manage workers’ experiences, legal rights, and productivity.
Researchers have argued that unlike work in fixed offices, mobile work entails moving through mental, physical, virtual and social spaces (Mark et al, 2005). Productivity tools must allow users to occupy and manipulate these spaces appropriately, not just to be socially apt and but also to be treated fairly and to achieve material results.
Workers in an Ottawa grocery store felt this distinct lack of intellectual technologies when they were fired for talking about their employer on Facebook. OpenID did not help them, nor did Facebook’s privacy settings. Facebook had no intellectual foundation on which it could build a digital technology that would have protected these workers.
These workers themselves had not coherent intellectual concept to glom onto to help them understand and interpret the implications of their postings. Instead, Facebook’s socially autistic privacy settings and overly familiar affordances invited these workers to put themselves in harm’s way. This kind of interaction is happening more and more as people and companies increasingly move more of their working lives onto socially enabled platforms.
Yammer’s enterprise-only service mimics Twitter, but does not allow for users to interact with those outside the company, thereby defeating many of the potential productivity gains that could be achieved. They do this because it is simply the easiest solution — in the absence of intellectual technologies of privacy and identity. While Facebook may make social interaction awkward, it makes work-based social interaction positively treacherous. Building the intellectual technology of social media The digital realm in general needs more of these intellectual technologies for privacy and identity, which unlike the tools like probability theory and statistical analyses of variances, require deep theoretical clarity on the social nature of interaction.
These socially clumsy technologies are committing the sin of “crossing the streams,” or what social scientists call context collapse. Context collapse emerged out of the identity theory of Erving Goffman, who argued in the 1960s that social actors project different “selves” in different social contexts. We engage in “impression management” in face-to-face interactions without even thinking.
Our “work selves” and our “domestic selves” are usually kept apart but when these contexts are collapsed, there is a sense of awkwardness and discomfort, as anyone who has run into a work colleague unexpectedly while shopping with a spouse at the grocery store. Context collapse forces us to grapple with multiple selves at the same time.
This insight is fundamentally sociological in nature, but the sociological has rarely, if ever, been brought to bear in technology design.
How Snapchat closes the gap
Technology forecasters point out that it’s rare to find a technology that completely replaces another. That sort of breakthrough comes once a generation. Instead, you are more likely to see innovations that fill a particular gap between two systems. For example, the computing power of the average desktop computer greatly outpaced the Web’s bandwidth in its early days. This mismatch enabled all sorts of workarounds to take off and be highly adopted. One could argue that text-based email, which takes very little bandwidth, became the killer app because of the bandwidth problem. Right now, we have a privacy and identity problem.
Snapchat fills that gap.
Communication technologies offer extremely sophisticated and instantaneous data transfer. But the intellectual technologies of privacy have not kept pace in terms of sophistication. While you can immediately send a large video file to Kuala Lampur, and have it watched rather effortlessly on many different computers, you cannot ensure that it will not be shared with people you do not wish to see it. We have a rather blunt system of privacy, compared to an incredibly sophisticated system of data exchange. This gap could be closed by Snapchat, which allows for the instantaneous and cross-platform of sharing imagery, but also solves the very real need to control the privacy.
Snapchat is an enabling technology in the sense that it enables better data exchange between people because it offers two key features: better privacy controls and a reduction in information glut. For this reason, I argue that Snapchat, or more accurately, ephemeral content in general, will be the next emergent technology. There is a price to be paid if this does happen.
The archival nature of digital technologies is a wonderful way to save our cognitive burden. We don’t have to remember phone numbers, email addresses, or even complete bodies of knowledge because it is now at our fingertips. Yet, ephemeral content, with its promise of better privacy and identity management, could become the “normal” way to communicate online. What would happen if we come to expect all of our email to disappear? What would happen if our images start to delete themselves regularly, simply because we are scared of identity breaches?
Building the intellectual technology of privacy and identity
Some social scientists have attempted to bring context collapse to the attention of technology designers and provide the intellectual technology to catch up with the digital technology. danah boyd, for example, has argued forcefully that “real name” policies in single signons have the downstream effect of “outing” protestors whose very lives may be in danger from such a policy. This kind of analysis provides the foundation of a sociological tool that may inform the currently socially ignorant and blunt single signons offered by Google and Facebook.
We need a set of principles, based on sociological research, that becomes baked into any digital technology that enables social interaction. We need to create nuanced, elegant and useful algorithms that can provide at least a modicum of protection against social slips. We must do this for social sites like Facebook but also for workplace tools like Microsoft Outlook.
Contrary to what many technology designers believe, there is a robust set of research that already allows us to build prototype algorithms that prevent context collapse. They may be blunt, and they may be imperfect, but they would be a whole lot better than what we currently have.
Why is Snapchat processing 50M messages a day? Why are these message not emails? Or Facebook messages? why are people choosing for their content to disappear?
There are several reasons why someone would choose an ephemeral tool like Snapchat. First, the most obvious: the content is not persistent. This is the primary problem with the Web in general, and Facebook in particular. To share now means to share in perpetuity. Certainly, there are privacy settings, but the digital landscape is littered with the corpses of those who took such settings at face value. And why should we be surprised?
The hot mic is an exceptional incident that garners a great deal of attention (and not just due to the high profile character of its victims). On the web, this kind of slip is a routine daily occurrence. We have had so many embarrassing slips that we cannot possibly catalogue them all. They run the gamut from the “oops, my mom saw my dirty post,” to “I got fired for talking about my employer.” There are even web sites devoted to showing us the hilarity of these slips. Facebook Fail is guaranteed to make you LOL.
The web’s routine failure to protect us from embarrassment has made its persistence a liability.
Snapchat allows you to turn the Web back into regular conversation, shared with only those “present,” and not recorded for anyone else to hear. It turns off the “hot mic” of the web and alleviates the anxiety of navigating the shifting sands of Facebook’s privacy settings. Persistence has now become a liability for many Web users. Snapchat allows you to confidently send content without worrying about it. The content simply disappears, making it more like conversation before we had the Web.
The second reason ephemeral content tools are attractive is less obvious, but just as important. On the one hand, the web offers persistence, which as I have argued can be a distinct liability. But on the other hand, it also offers archiving, which is generally thought to be a good thing. What was the name of that guy who sent you his resume in an email? Where is that restaurant we went to that time? How much time does it take to fly to Hawaii? All of these questions can be answered by leveraging the persistence of the Web. And this is a good thing. This is precisely what Vannevar Bush imagined when we wrote about the “memex” back in 1947 — all the world’s knowledge available on the desktop.
But all the world’s knowledge becomes total chaos without any librarians (yay! Librarians!). That is not what Vannevar Bush imagined. He did not foresee the sheer randomness of what effortless information sharing would bring. Google itself would not exist were it not for this chaos. But at least on the Web, Google does a good job of ordering at least some of the chaos. It doesn’t do such a good job of helping you find those Power Point slides you made 10 years ago, in part because there is simply too much digital content for us to wade through and in part because this detritus sadly ends up on our hard drives.
Our desktop computers, our mobile devices, our web-based email have become dumping grounds for our digital hoarding habits. Rare is it when a user asks herself, will I need to find this three-word email in the future? Should I tag it with a color, or a category? She simply whips it off and forgets about it. But that three-line email clogs up her inbox just as much as a 14-paragraph missive from her bosses’ bosses’ boss, which could affect her very job. There is no immediately apparent difference between the two emails, even if she is experimenting with Gmail’s “significance” algorithm. Her meta data is only ever as good as the effort she puts into them.
If emails were paper letters, we would need to build 15 million more houses just to hold the crap we send to each other. Those houses would be filled to the rafters. All of us are digital hoarders; we just don’t see it. Our digital hygiene habits are very bad.
The mere decision to use Snapchat means the user has already considered this photo to be of little archival value. Right then and there, he has succeeded in reducing his future cognitive load. But even better, he doesn’t even need to consider the photo ever again, even if it were to merely dismiss its importance. Even that tiny cognitive burden is gone. The photo is gone. Snapchat came and took out the garbage that you put in a particular pile. You don’t even have to think of that pile. It is simply gone. How liberating!
These are the main two reasons I believe ephemeral content is going to take root in our collective psyche. But as I consider this topic, I will add to this list. I will also consider the implications as we start to forget to forget. We will no longer even notice the piles of content around our digital houses. What effect will that have on our mental models? It may even signal the final shift from an analogue world masquerading as a digital one, with its transparent metaphors of desktops and file folders that scream 20th century. But what will replace this analogue playing dress-up? What is the shape of that truly digital mental model for our content? It’s hard to say.