(or: Technology Policy by Default.)
If you are one of 350 million Facebook users, you may recall that when you recently used the site you were asked to “update” your privacy settings. This Facebook privacy “transition” started earlier in December, and it has now escalated into a full-blown scandal. EPIC just filed a complaint with the Federal Trade Commission and the bad press is building up. Essentially the EPIC claim is that this is a “transition” to less privacy for you, handled in a deceptive manner.
Facebook and indeed most Internet companies like to justify their policies with reference to individual choice as an ideal. The individual user has “options” “settings” and “preferences”. Each person should set their own privacy settings and indeed choose anything else that is controversial — the companies involved say that this is much better than the scary government choosing for everyone. Yet a moment’s consideration of this false choice will tell you that it doesn’t hold up. After all, who has time to monitor all of the possible settings and configurations for every piece of software that we use? Moreover, how much of privacy is really a matter of taste that should vary for each person? Few have the knowledge and the energy to develop an informed opinion about every checkbox and button we encounter online. Even given the time, interest, and knowledge, it can be remarkably hard to find these settings at all.
It turns out that the people who most benefit from the ability to set their own software preferences are well educated I.T.-saavy professionals with money — the people who suffer are the poorer and less educated users. So making privacy an individual option basically takes privacy away from the poor. This may sound bold but hear me out: If you followed that request to update your privacy settings, it eventually led you to a page that looks like the following image.
(Click to enlarge.)
What kind of psychological weight follows from Facebook asking you make a choice and then selecting one of the two options for you in advance? (In this case, note the option on the left is selected by default — the one that in most cases gives you less privacy.) Rajiv Shah and I published a paper last year titled Software Defaults as De Facto Regulation (PDF) looking at this question.
We used the example of wireless access points to investigate how often people change their default settings and what kind of people do so. The nice thing about wireless access points is that different routers have different defaults, and it is possible to monitor the default settings of wireless access points by driving around with a laptop computer and listening to their transmissions (which we did). Of course the content of the setting matters — but privacy settings on facebook and security settings on wireless routers are at least similar.
In this study we looked at several groups of routers, the largest being more than a quarter million (!). In at least some circumstances, when a setting is turned “ON” by default, from 96-99% of users just follow the default. When the default was set to “OFF” and then users were told to change manufacturer defaults, from 28-57% of users did so. In this case, equipment likely to be maintained by paid I.T. experts was somewhat more likely to have changed defaults (a 16% difference for one setting).
By looking at wireless settings in different neighborhoods of Chicago, we also found at least a suggestion that people in poorer neighborhoods were more likely to obey manufacturer’s default settings. (Long parenthetical: Here and in the title of this post “poor” and “rich” are proxies for money as well as other things — wealth is a proxy for education and time as well as just money. Poorer people will tend to have less technology skill and less time to become informed and interested in things like social network privacy issues.)
So calling this a “choice” basically means the manufacturers choose for most people, particularly if they are not skilled (see p. 42 of our paper). Facebook gets to have the appearance of consultation (after all, you “agreed” by clicking through the above screen) even though the result overall is the reduction of privacy. As is clear in the table of this dotrights.org analysis of the Facebook privacy transition, the Facebook move is all about changing the defaults. They presumably did so because more data accessibility means more visibility and value for their service.
The larger point is that facilitating “choice” is bankrupt as a societal strategy for managing difficult problems (like privacy) related to new technologies. More than anything, it’s a strategy to circumvent difficult public deliberation (in this case, about privacy) that we as a polity ought to have. Even in the case of decisions with real consequences, if individual choice is used, as we put it: “the authority of software trumps that of advice” (p. 43)… Facebook’s pre-selected default options are going to be the societal policy in this area. And that means that effective regulation requires the scrutiny of defaults. Pushing individual choice offers us false freedom and this is not good enough.