thoughts and observations of a privacy, security and internet researcher, activist, and policy advisor

Friday, January 25, 2008

Data Portability or Context Control?

There has been a lot of chatter about users being entitled to take their data from social networking sites and carrying them somewhere else. While Google's OpenSocial has not gained much traction yet, the Data Portability Working Group is the talk of the town these days. Their "Philosophy" isn't one, but more a collection of metaphors:
As users, our identity, photos, videos and other forms of personal data should be discoverable by, and shared between our chosen (and trusted) tools or vendors. We need a DHCP for Identity. A distributed File System for data.
And not to forget: We can do it, so we should:
The technologies already exist, we simply need a complete reference design to put the pieces together.
Unfortunately, with Yahoo, MySpace, LinkedIn, Google, Plaxo, Facebook already on board and now Microsoft joining, it looks like there will be even more personal data going around and being used out of context pretty soon.

Robert Scoble has tried this manually: He was running a Plaxo script which exported his Facebook contact information via the Facebook API. As a reaction, his Facebook account was suspended. I think this was a very wise decison, and I am not the only one. Bob Blakley has it right:
When you accepted Scoble’s friend request in Facebook, you did it in the context both of a relationship with Scoble and in the context of the rules of a particular social environment (Facebook).
Michael Arrington has a similar take on it:
Robert Scoble may be perfectly fine with having my contact information be easily downloaded from Facebook, but I may not be. Ultimately it should be me that decides, not him.
I think it is funny that finally everybody seems to notice that relational information is not a property of just one party. But good to see they finally understand. I guess this will be the most rewarding challenge in the next few years: Being able to decide where your personal and relational information is used, making sure it stays in the context it was published, and by this establishing audience control. Whoever still works on context-blind portability of personal information will not be part of this next big thing. Ben Laurie has more on the technical and conceptual issues.

Update: Chris Soghoian has a great extensive discussion of "The next Facebook privacy scandal" at CNet.