January 7, 2008
@ 03:39 AM
Comments [13]
Breaking the Social Contract: My Data is not Your Data

This is likely my last post in Robert Scoble vs. Facebook saga but I think there are some subtle points being lost because of the typical blog feeding frenzy where people either choose to flame Facebook, Scoble or both. Robert Scoble has a post entitled Plaxo: the social monster? where he writes

Judi Sohn rips into the trustworthiness of both me and Plaxo for attempting to import email addresses, names, and birthdays.
...
What if I wrote down Judi’s email and then manually put it into my Outlook’s contact database. Wouldn’t that have been exactly the same thing that I tried to do with Plaxo’s script?

There are a couple of things wrong with Robert's analogy.

When I entire my personally identifiable information (PII) into Facebook, I am entering into a social contract with two entities. I am trusting Facebook to protect my data so it is safe from malicious hackers and not sell it to malicious third parties like spammers or telemarketers, in return I provide Facebook with accurate data which improves their service and the user experience of the people in my social network.  In addition, I am implicitly trusting the people in my social network not to abuse the privilege of having my personal information (e.g. by prank calling my cell phone, giving my personal details to third parties I don't trust).

There is a key difference between Robert taking my personal information I shared with him on Facebook and importing into Outlook versus importing it into Plaxo Pulse. In the former case, Robert is taking data I shared with him and viewing it in a different application. In the latter case, Robert is additionally sharing my personal details with a corporate entity; Plaxo, Inc. This is an entity that is synonymous with spam and at the time of writing this post there 209,000 hits returned for a search for "Plaxo Spam" on the Google search engine. This is the key difference between Robert importing my personal details into Outlook and importing it into Plaxo Pulse.

Lots of geeks have focused on the fact that since it was possible for Robert to manually extract this data, then then people sharing data with him shouldn't complain since they gave him access to the data. This ignores the fact that just because something is technically possible doesn't make it right even if it is legal. Just because it is technically possible for you to read the RSS feed for my blog and republish it on a splog so you can make money from AdSense ads doesn't make it right. Just because it is technically possible for you to view my photo albums on Windows Live Spaces doesn't mean I'd think it was OK to use Omar's Send to Smugmug script to republish these photos on Smugmug. Just because you have my phone number doesn't mean I think it is OK for you to share it with all your drinking buddies that want to work at Microsoft and need a recommendation. And so on...

In all of these cases, there the social contract between us would have been broken. This is independent of whether it's technically possible for you to do these things by hand without needing a script or whatever.

Taking my data and sharing it with a third party without my permission isn't cool. Just because I shared information with you doesn't give you the right to share it with others.

 Now Playing: Eminem - Mockingbird


 

Categories: Social Software

« Python vs C# 3.0: Tuples vs. Anonymous T... | Home | Finding Names that are Anagrams of Each ... »
Monday, 07 January 2008 05:26:45 (GMT Standard Time, UTC+00:00)
Well said!

jon
Jon Pincus
Monday, 07 January 2008 05:44:54 (GMT Standard Time, UTC+00:00)
You are absolutely right - it's a social gaffe, and a particularly egregious one in these days of spam and malware.

From a social point of view think of it like this: you are my friend and I lend one of my books, one I think highly of. Then I find out that you've loaned MY book on to someone else; or worse, you've donated it to your local library. What do I think of this? It's the height of bad manners.
David
Monday, 07 January 2008 11:05:28 (GMT Standard Time, UTC+00:00)
In the UK the Data Protection Act has 8 basic principles, plain english guidance for what is becoming a very complicated legal area
http://en.wikipedia.org/wiki/Data_Protection_Act#Data_protection_principles

All the principles are important, but in this case:

"Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes."

More simply, use the information I give you for the sole purpose I provided it. I think if I give my email address to an individual, it is so we can exchange information. That is the personal contract we engage. It is NOT for that individual to give to 3rd parties, even if it is tangential to the purpose of staying in contact.

Of course it would be easy to over litigate on the subject, but it is still a 'common sense' approach. As a developer, being aware of the principles certainly makes me question why I'm collecting the information my applications are requesting, and how I re-use that information - regardless of how cool or web2.0 that use is.
Doug
Monday, 07 January 2008 11:08:51 (GMT Standard Time, UTC+00:00)
well put. however, what if robert is importing data to plaxo pulse from outlook? furthermore, various social sites are asking you would you like to import your address book from google, hotmail, yahoo, msn, outlook, facebook?, ... what is the difference between having social site import data from facebook, and robert manually (different layer of abstraction) doing so except in who has the control.

all the best
dan
ace
Monday, 07 January 2008 11:16:15 (GMT Standard Time, UTC+00:00)
from dev side, is facebook applications host flawed in such a way that script could reach data through shared applications? or, this measure should slow down data mining script run by somene who has stolen my account?
ace
Monday, 07 January 2008 16:35:47 (GMT Standard Time, UTC+00:00)
I have to agree with Dan here. Facebook has no way of knowing WHAT Scoble intended to do with the data. If he was simply saving it to his Outlook contacts, then I don't think he was breaking the social contract. If they can't prove intention, they shouldn't be stopping legitimate usage.

It's a lot like DRM music. Yes, the file could be shared with thousands on BitTorrent, or copies be re-sold illegally. Or the file's purchaser could give a copy to a few friends, which is completely legal. Why bar the consumer from doing the legal activity (sharing with a few friends) with an artificial block, when the criminal who wants to do the illegal activity will just find a way around that block anyway?
Luigi Montanez
Monday, 07 January 2008 17:05:52 (GMT Standard Time, UTC+00:00)
Dare, you mentioned that just because you provided your data to someone does not mean that it should go to others. But that already happens. In many other non-digital ways. As long as intent is positive, I am sure you would not mind.

In all the uproar in the blogosphere I did not hear anyone of Scoble's friends complain that they did not want Scoble porting their details to another social platform. Infact, some of the details you have provided in your facebook contact DB [or smartphone, or other contact bearing application/device you own] or MSN equivalent may have been initially provided my confidants who never gave express permission for a port.

But, as you say, Plaxo is linked to spam, so maybe porting those details to plaxo might be cause for concern. Personally I found the whole Scoble/Facebook/Plaxo uproar excessive.

For the record, I do think that people should adhere to terms of service/contracts they have agreed to. So, in principle, Scoble was wrong.
Lanre Ogundero
Monday, 07 January 2008 19:24:53 (GMT Standard Time, UTC+00:00)
I agree with Dare on this one. How many of the 5000 people on Scobble's contact list have close personal relationships with Scobble? I doubt that more than 100 know him in any more than a passing social acquaintance. I have a relatively small LinkedIn list, and there are many in my list who I have never met in person, much less know well enough to know if they mind if I share their information with another entity. I have had situations where I needed to contact someone and called a common friend to get a phone number. I have always felt uncomfortable doing that, because instinctively I know that I am treading on thin ice. I would never dream of asking a friend for contact information for someone who I did not know well.
Joe Brinkman
Monday, 07 January 2008 19:45:00 (GMT Standard Time, UTC+00:00)
"More simply, use the information I give you for the sole purpose I provided it. I think if I give my email address to an individual, it is so we can exchange information. That is the personal contract we engage. It is NOT for that individual to give to 3rd parties, even if it is tangential to the purpose of staying in contact. "

Doug, this sounds unworkable if your email provider is hotmail, y! or gmail.
Bill de hÓra
Thursday, 10 January 2008 07:19:37 (GMT Standard Time, UTC+00:00)
Dare,
Wish I'd seen this earlier. You explain the social contract really well. In my post on this I argued that Robert was in breach of EU data protection law too, and this set off fair bit of disagreement.


http://theotherthomasotter.wordpress.com/2008/01/08/facebook-scoble-manifestos-and-european-privacy-law/#comment-35628
Thomas

Thomas Otter
Thursday, 10 January 2008 07:45:30 (GMT Standard Time, UTC+00:00)
Very interesting point. The line between right and legal is always fine (as is, according to my father, the line between courageous and foolhardy).

Perhaps Scoble's 4658 (the number may have grown or fallen since last night) friends on Facebook would like to read this post? :-)
Shefaly
Saturday, 26 January 2008 09:53:20 (GMT Standard Time, UTC+00:00)
"Taking my data and sharing it with a third party without my permission isn't cool. Just because I shared information with you doesn't give you the right to share it with others."

I guess you asked for permission from your contacts before importing their information from your mail provider into Facebook... hmm.

For the record,
Plaxo Spam: 242,000 Google results
Facebook Spam: 18,500,000 Google results

So wtf is your point?!
Olubi Ezra
Sunday, 03 February 2008 15:02:22 (GMT Standard Time, UTC+00:00)
Cool, the post.

Thanks for the information.
wow gold
Comments are closed.