The Googlization of Everything

Ed Felten writes on Freedom to Tinker that we can distill some general lessons from the dumb moves Facebook made with their social marketing tool, Beacon:

(1) Overlawyerization: Organizations see privacy as a legal compliance problem. They're happy as long as what they're doing doesn'€™t break the law; so they do something that is lawful but foolish.

(2) Institutional structure: Privacy is spun off to a special office or officer so the rest of the organization doesn’t have to worry about it; and the privacy office doesn't have the power to head off mistakes.

(3) Treating privacy as only a PR problem: Rather than asking whether its practices are really acceptable to clients, the organization does what it wants and then tries to sell its actions to clients. The strategy works, until angry clients seize control of the conversation.

(4) Undervaluing emotional factors: The organization sees a potential privacy backlash as "only"€ an emotional response, which must take a backseat to more important business factors. But clients might be angry for a reason; and in any case they will act on their anger.

(5) Irrational desire for control: Decisionmakers like to feel that they're in control of client interactions. Sometimes they insist on control even when it would be rational to follow the client's lead. Where privacy is concerned, they want to decide what clients should want, rather than listening to what clients actually do want.

Perhaps the underlying cause is the complex and subtle nature of privacy. We agree that privacy matters, but we don’t all agree on its contours. It's hard to offer precise rules for recognizing a privacy problem, but we know one when we see it. Or at least we know it after we'€™ve seen it.

Ed is right about all of this.

Why does this matter to a discussion about Google?

Well, for one thing, the Facebook ad revenue strategy is an attempt to leverage personal preferences with more accuracy and influence than Google can. Google can profile most users by IP number and many users by personal identifiers (if they log in to Google to use GMail or some other service). But it's an imperfect profiling system. Using search history as a proxy for preferences is rough. You need years of data to do accurate profiling and ad targeting. Facebook thinks it can do better.

Beacon was an attempt to do just that. Social marketing is the holy grail. It's based on reductive misreadings of social network theory (blame Malcolm Gladwell's The Tipping Point or Seth Godin's Ideavirus). If people often make consumer choices based on trusted "experts" in their social realms, then Facebook could engineer such an alert.

Every time your super-hip friend Joe bought something on line (from a handful of sites) you and all of Joe's 200 Facebook friends would have received a notice of the purchase in their newsfeeds. You were supposed to think, "hey, if Joe likes buying his plane tickets on Travelocity, then it must be super-cool, like Joe himself!"

Of course, there was massive protest to this move. The surveillance/profiling/publicity function was way obvious. Google's surveillance/profiling function is discreet to the point of invisibility. That's its brilliance and virtue. Your preferences are between you and Google (or so we are led to believe).

After more than 50,000 Facebook users screamed about the service, Facebook officials relented and installed some options that require permission for each Beacon alert. This is much better.

However, in the midst of the uproar Facebook officials basically called all Facebook users dumb, claiming that people always whine about privacy at first but then they get used to the violations over time. And besides, young people don't care about privacy, right? (note my smirky reference to the "Born Digital" idea). From a NY Times story about Beacon:

Facebook executives say the people who are complaining are a marginal minority. With time, Facebook says, users will accept Beacon, which Facebook views as an extension of the type of book and movie recommendations that members routinely volunteer on their profile pages. The Beacon notices are “based on getting into the conversations that are already happening between people,” Mr. Zuckerberg said when he introduced Beacon in New York on Nov. 6.

“Whenever we innovate and create great new experiences and new features, if they are not well understood at the outset, one thing we need to do is give people an opportunity to interact with them,” said Chamath Palihapitiya, a vice president at Facebook. “After a while, they fall in love with them.”

See, this canard that young people don't care about privacy is supported only by shallow anecdotal evidence and a complete misunderstanding of what privacy means. Privacy is not some stable set of facts and features that we all agree should not circulate. What we hold private varies from individual to individual. But we all want to keep something safe.

Privacy is not about the information. It's about the power. It's about the ability to decide whether and what to keep private. So while millions of people might now be comfortable declaring on Facebook that they are seeking members of the same sex or that they hooked up with so-and-so, that does not indicate a lack of concern for privacy. Everyone still wants to be in control of what gets out there and how to publicize it. When a company (or a government or a mob of vigilantes) claims that power for themselves and denies that power to an individual, we have a privacy problem.

That's what Facebook did. That's what Google has avoided (so far). And that's why we don't seem to collectively "get" privacy. The public conversation has been really dumb so far. Let's hope this "Beacon" of light improves it.