Blogger: Bob Blakley
Imagine you’re a divorced mother of two small children with an ex-husband with whom you share joint custody of those children. On one of your custodial days, you drop the kids off at daycare and go to work. At lunchtime you drive back to the daycare center to have lunch with the kids. As you drive up, you notice your children playing in the street in front of the center. After collecting the children and breathing for a few minutes into a paper bag, you go into the center and ask some questions. You learn that that your ex-husband came into the center, picked up the children, and (apparently) left them to play in the middle of the street.
You are, of course, not happy with your ex. But you are also not happy with the daycare center, and it’s worth spending a moment to talk about why. When you enrolled your children in the daycare center, you informed them of your custody agreement. You also discussed with them the rules - including the rule that, except in emergencies in which the custodial parent was unreachable, only the custodial parent could pick the children up. Since it was your custodial day (you had of course informed the center of your custody schedules well in advance), the center should not have allowed your husband to take the children out of the center. They violated their agreement to respect the rules of your relationship with your ex-husband. You’ll probably withdraw your children from this daycare center, because they’ve demonstrated that they can’t be trusted to live up to their obligations to respect your relationship rules (of course, your ex-husband’s custody will probably be revoked for letting the kids play in the street, so the relationship rules may be less of an issue...)
OK, now let’s get back to being geeks. Why are we talking about this scenario? We’re talking about it because it illustrates perfectly why “opening the social graph” is a bad idea - bad for individuals and bad for social networking sites.
Last week, Robert Scoble’s Facebook account was suspended, reportedly because he was running a Plaxo script which exported his contact information from Facebook via the Facebook API.
Michael Arrington notes that Plaxo’s script was deliberabtely circumventing Facebook’s terms and conditions, which forbid exporting the email addresses of your contacts from Facebook.
Mathew Ingram thinks this is fine because Scoble’s contact information belongs to Scoble. He’s wrong.
Ed Felten correctly notes that it’s not about ownership, and he explains somewhat less clearly that what it’s really about is relationships.
So let’s examine the matter. When you accepted Scoble’s friend request in Facebook, you did it in the context both of a relationship with Scoble and in the context of the rules of a particular social environment (Facebook).
Even the fact of your relationship with Scoble is not Scoble’s property, it is common property, like the kids in a joint custody arrangement. Both you and Scoble are obligated by the laws of relation here and here to treat the fact that you have a relationship, and also the details of the relationship, according to certain understandings and social conventions. If you don’t believe this, meditate on whether you think it would be OK for adultfriendfinder.com, match.com, and linkedin to share friend lists. The information Scoble tried to take out of Facebook is NOT Scoble’s property; it is relationship information. Scoble is not free to do whatever he pleases with relationship information; if he violates social understandings and conventions by disclosing the existence of or certain information about his relationship with you in the wrong context, he may embarrass or endanger you, and he will certainly endanger the relationship.
But if this is true, and the relationship information is so dangerous (I hear you ask....) why did you accept Scoble’s friend request in the first place? That’s the $64,000 question, and the answer is: because Facebook promised you that the rules of the Facebook community would not allow Scoble to take sensitive relationship out of the Facebook environment, where its appropriate use could be protected by Facebook’s terms of use and its automated information flow controls, and into the public, where no mechanisms exist to protect the information against antisocial uses. It is in fact this set of rules that make Facebook a SOCIAL network. Facebook is not the public. It’s not a place where information flows freely. It’s not a daycare center that allows your ex-husband to take the kids out on a non-custodial day and let them play in the street. It’s a nice, safe, trustworthy daycare center which respects the rules under which you agreed to the relationship with Scoble in the first place, and tries to prevent Scoble from taking the kids (relationship data) out of the daycare (Facebook) into the public where there are no rules and he can let them play in the street.
If Facebook does not live up to its obligations to prevent exfiltration of your data into the public, it will cease to be a social environment and become merely another public space on the public internet - like USENET with a prettier interface.
My Burton Group colleague Mike Neuenschwander is fond of saying that our generation is using computer geeks - the least social people on the planet - to design social systems. This is the kind of thing he’s talking about.
Opening the social graph will destroy social networks, and turn them into sterile public spaces in which formation of meaningful and intimate relationships is not possible. Opening the social graph is a bad idea. Relationship information is not the property of individuals - it held in joint custody among all parties in a relationship, and it cannot be used or disclosed in violation of the rules under which it was brought into the relationship - or else the relationship will die and the individuals in it will be harmed. If you don’t understand this, or come to understand it, you will never have any real relationships, and neither will the software you write.
Update: I hadn't noticed this excellent post on the subject from Adam Greenfield before today:
http://speedbird.wordpress.com/2007/12/09/antisocial-networking/
Posted by: Bob Blakley | January 11, 2008 at 03:53 PM
Facebook's users don't make agreements with Facebook (despite Facebook pretending otherwise), though they will take Facebook's promises to respect their privacy at face value.
Facebook (the faceless corporation) doesn't have a peer relationship with each of its users.
People have proper peer relationships with other people and this includes relationships between facebook users. Unless any contract is made otherwise, the mutual privacy of a relationship is a matter of confidence and trust. No person can bind or burden another simply through the act of confidence. Respect and reputation may well be affected by how well each person in a relationship treats any confidence, but this is no place for the law to step in. As free as any individual is to confide their secrets to another, just as free is the other to 'asset strip' the value of those secrets in their relationship and confess all to another 'friend', or even to a newspaper. This is a part of trust - risk.
There may well be a social graph visible to god, and many commercial organisations would no doubt like to peer over his shoulder at it, but I suspect it will prove to be as unattainable as the holy grail, subject to the same uncertainty as Heisenberg's principle.
As fast as the confidence of relationships is stripped of its asset, as fast will those relationships cease.
Nothing can be obtained from a relationship that does not add value to it, for a relationship is value.
Comparably, no work can be harnessed from public collaboration except that for which the public are the ultimate beneficiaries.
Posted by: Crosbie Fitch | January 13, 2008 at 06:47 AM
Wrong. Facebook's users make at least two very explicit agreements with Facebook. They are required to agree to the Facebook "Terms of Use" before they can complete the registration process. If they do NOT agree to these terms, their registration is not completed and they do not receive an account. The Terms of Use to which all users agree is posted here: http://www.facebook.com/terms.php
In my opinion (and I am of course not a lawyer) Scoble's use of the Plaxo script clearly violates the sections of this agreement entitled "Proprietary Rights in Site Content; Limited License", "User Conduct", and perhaps also "User Content Posted on the Site".
Facebook also makes another agreement with users; it agrees to implement a set of privacy policies and practices. The text of this agreement can be found here:
http://www.facebook.com/policy.php
"Faceless corporations" which claim to operate social spaces and which do not take action against antisocial behavior (like members appropriating other users' personal information and using it for their own purposes in violation of what you call confidence and trust) will lose their subscribers and will deserve to do so.
Facebook understands this, and in the (Terms of Use) agreement which all users make with Facebook the users acknowledge that Facebook can terminate their accounts if they behave antisocially in this way - as enumerated in the section of the agreement entitled "Repeat Infringer Policy". This is probably the clause under which Scoble's account was deactivated.
Posted by: Bob Blakley | January 14, 2008 at 01:27 AM
You appear to be making the same mistake that Facebook is making, that agreements with users can be made unilaterally.
An agreement requires proactive consent between two peers.
Firstly, Facebook, being a corporation, is not a peer to a human registrant.
Secondly, there is no proactive consent on the part of the registrant. They are merely going through various form filling activities involving keyboard presses and mouse clicks to access online facilities.
There is no dialogue, let alone a meeting of minds.
Posted by: Crosbie Fitch | January 14, 2008 at 12:09 PM
Bob,
Yes,I'm in agreement with you here. (parking the thorny issue of click through agreements for another day.)
I discussed something similar a couple of weeks ago, looking at the Facebook T&Cs and also the implications in EU Data Protection law. It caused a bit of a ruckus.
http://theotherthomasotter.wordpress.com/2008/01/08/facebook-scoble-manifestos-and-european-privacy-law/
Posted by: Thomas Otter | January 22, 2008 at 12:01 AM
Crosbie, by your argument ("an agreement requires proactive consent between two peers... Facebook, being a corporation, is not a peer to a human registrant") contracts between corporations and natural persons are not binding on the natural persons. This is of course absurd.
On your second point, arguing that Scoble wasn't bound by the Facebook terms of service misses my point, which was that even if Scoble were entitled by law to do what he did, the act of doing it undermines the sociability of Facebook as a space, which is in the interests of neither Scoble nor any other Facebook subscriber.
Thomas, thanks for the link; I like your post a lot.
Posted by: Bob Blakley | January 24, 2008 at 07:59 PM
Actually, I think it's absurd to believe that contracts between corporations and natural persons could ever be made, let alone be binding.
See http://www.digitalproductions.co.uk/index.php?id=80
I'm not trying to defend Scoble by any means. If anything, Facebook has made a rod for its own back by facilitating breach of confidence by its users.
Beware of automating human relationships.
Posted by: Crosbie Fitch | February 13, 2008 at 05:27 AM
Excellent thoughts.
I grew up with USENET 15+ years ago, and BBS's before that. I learned that personal data was a commodity to be guarded lest you expose yourself to abuse & SPAM.
Perhaps that explains why facebook is so... (hmmm what is the right word???) annoying, no, intrusive, hmmm, uh-uh, pablum... to me.
Posted by: CTYankee | July 24, 2009 at 10:07 AM