Unpredictable Patterns #10: Reframing Privacy
Spheres of exchange, identity and personal data spaces in a world of accelerating data growth
I am privileged to be able to spend some of my time in the archipelago, and this week I have spent in the summer house on Vårholma. The weather has been weird - spring, winter, spring and then grumpy winter again - but the calm and nature has been wonderful. I went kayaking first time this year and took my first dip on the sound. It is only 2 degrees celsius now, the ice has just lifted, so it literally hurts - but in a good health way. Luckily the sauna was on. This is the tenth note, and I am very grateful for all the feedback and ideas I have had from many of you in this small circle. The first section on anthropological re-framings of privacy owes a lot to a discussion with AH, DS and RY - you know who you are, and thank you so much for the feedback, ideas and thinking.
Dear Reader
In this week’s note I want to look at three re-framings of privacy that can help us think about the issue in different ways.
Kula rings and spheres of exchange
The first reframing is anthropological.
The Kula-ring is a group of almost 20 islands in the Massim archipelago, an archipelago with thousands of inhabitants and are connected through - among other things - trade. What makes the Kula-ring interesting is that there are two different forms of trade in the ring - one is called the kula and essentially consists of the giving of gifts (necklaces, armbands and other trinkets) that have no monetary value, but are used to build and sustain social status and relationships. The other is called the gimwali and resembles regular market exchanges or barter.
The first, the kula, is characterized by reciprocity and the maintenance of a series of complex social ties across families and communities. You are not automatically included, but have to work your way in and then rise in the Kula through the giving of increasingly complex and valuable gifts. The inhabitants of the ring risk their lives in these exchanges, traveling vast distances across an often capricious ocean to continue the Kula.
The second, the gimwali, is governed by regular rules, but fundamentally resembles commerce or barter more than anything else. Here the value of the goods matter, and engaging in this sphere of exchange is not tied tightly to your social standing or any long term commitments to the community you live in.
The Kula-ring was made famous - or famous in anthropology - by Bronislaw Malinowksi, who, in his book Argonauts of the Western Pacific, carefully described and analyzed these two different spheres of exchange and how they were woven into the communities that engaged in them.
This mental model of two different spheres of exchange - one purely social without commercial values and one focused entirely on commercial value and market demand - is surprisingly helpful if we want to reframe our discussions of privacy, since we can observe two distinct spheres of exchange of personal data as well.
In the first sphere personal data is bartered for services, often with advertising as the bartering mechanism. This system is, like the gimwali, market-based and regulated openly with a focus on the use and processing of personal data. Let’s call this the bartering sphere of privacy, and the personal data collected here barter data.
In the second sphere personal data is used to sustain relationships and negotiate our identities in a complex social context. We expect reciprocity, and we rise and sink in this sphere of exchange according to how we commit, respond and share. Let’s call this the social sphere of privacy, the personal data collected here social data.
Which sphere impacts our privacy most? It seems obvious that we are sharing data in the social sphere that we would never share in the barter sphere - about our sorrows, love, disease and personal stories. The second sphere is richer and deeper than the first sphere and we are multidimensional and complex individuals in that sphere. The data we share is much more sensitive than the data that is collected. And this is another distinction: in the barter sphere data is collected in the social sphere data is shared.
A lot of the privacy challenges companies are facing comes from not being able to manage the two spheres in a good way, or confusing them. We are sensitive to leaks or violations of the boundary between the two spheres and react strongly to them. This presents an interesting question for tech companies.
Should companies stay in the barter sphere and carefully articulate that this is where it thinks of itself, or should they assume that the two spheres are converging and start building products and policies that build on the social sphere?
Let’s look at a few examples.
Companies sometimes speak of the ”data you share with us”. When they do so they violate the boundary between the two different spheres and suggest that the company is in the social sphere, capable of reciprocating and respecting the social norms around sharing. Today companies rarely have that capability, and so talk of sharing raises our hackles.
What would a company need to do in order to be able to participate in the second sphere?
First, it would need to replicate the social norms and privacy functions that exist in that sphere. First, you need to reciprocate in some way. This is hard, since a company is not a person, but reciprocating does not have to be about sharing data. It can also be about granting social status. If my sharing data with you gives me social status, I will take that as a kind of reciprocation. Second you can not share that data on in an indiscriminate fashion (you will be branded a gossip and excluded from the exchange) - but only to our agreed authorized contacts - we need to build and maintain a circle of trust. Third, I need to know that you will not record the data I share indiscriminately and that there will be some ephemerality to our interaction.
We see some signs that there are companies that are shifting into this design mode.
One example is Snap, who pioneered ephemerality, and most social media platforms now offer sharing with expiration dates as a basic function. This is social sphere innovation.
But there is one company that is far ahead here, and clearly on a social sphere path in their design, and that is Apple.
Apple manages reciprocity through the status afforded to those that use Apple products and the almost tribal social structure they have managed to build around their brand (they had that long before they worried about identity, I think, but are now projecting into privacy discussions in an interesting way). This is sometimes misunderstood as a walled garden where Apple lures consumers in, but what it really is, is a shared community, carefully governed and monetized, of course. There will be challenges for Apple here as they have become so enormously successful and large, but so far they have managed to grow with the community intact, which is intriguing.
Apple limits its data collection and keeps data short times, but more than anything it has created a boundary around Apple and the customer that replicates the second sphere limits on sharing data on. The use of remailers / fake e-mail addresses and the privacy settings in apps and software are explicitly producing a circle of trust between users and Apple, as well as creating an Other in companies like Facebook and outside app developers. For Apple being sued by Facebook here is not necessarily a bad thing at all.
Apple is building a Kula-ring in the middle of a market, and seems to be pursuing a social sphere strategy.
In contrast Facebook seems to be digging into the barter sphere and wants to make it clear that the exchange is commercially driven. The clearest sign is that barter sphere companies start from ownership. You own your data. That is the basic principle and the center of gravity in the barter sphere. The response to criticism is to collect less data and to process less data - in an attempt to really separate the two spheres and improve the barter for users: you get more for less. Facebook’s strategy here is transactional and their question for regulation also places them squarely in the bartering sphere — markets need regulation.
By reframing our understanding of privacy in these two spheres of exchange we can start asking questions about which strategy is likely to win in the long run. One seeking demarcation lines between the barter and social sphere or one integrating them?
Wittgenstein, of course
Our second reframing is philosophical.
Privacy is a secondary concept. What this means is that it is embedded in another concept that we have to understand first in order to make any sense of it. Philosopher Ludwig Wittgenstein noted in his remarkable little book On Certainty that we cannot conceive of doubt without understanding the concept belief, and that the idea of doubt really is embedded in the understanding of belief (hence quietly but resolutely demolishing the Cartesian project).
Privacy is a concept like that, and it is embedded in the notion of identity. We cannot understand privacy before we understand the concept of identity. It makes no sense to speak about privacy if we do not start from the assumption that we have identities.
Yet we rarely ask what identity is. The 1980 OECD privacy principles do not start from a discussion of identity, the data protection directive and regulation in the European Union do not emerge from a deep understanding of identity and privacy debates rarely start from the idea of identity at all.
It is first if we have an identity that we can talk of privacy. And it is then we can start examining the pictures that are holding us hostages (to follow Wittgenstein’s metaphors). The picture of the private sphere in which we reside, and we decide who gets to peek into the sphere. The picture of the closed diary where no-one else gets to read our deepest secrets, or the closed bedroom door. Pictures that suggest that identity is something we hide and keep hidden for everyone except our closest friends.
Identity is not that at all. Identity is, I think, much closer what philosopher Paul Ricouer suggested: the story we and others tell about ourselves. And the telling of that story is done, to a large degree, by others. That in turn means that privacy is really the negotiation of that story and who gets to tell it, it is the negotiation of how our identity is produced. Identity is deeply narrative.
Why, then, care about our identity? Why care about the stories that can be told about us? One reason is that narratives open or close fields of action for us. If the story is that you are not trustworthy and have unsavory friends, there are jobs you will not get and social circles that will be closed off to you. Your narrative determines the degrees of autonomy you have.
It is noteworthy that this is not a question of minimizing the stories told about you.
Quite the opposite: you want the good stories told, the stories that open doors and help you get what you want and need. It is even better if those stories are told by others than yourself, so you want stories to be told about you - you just want to pick which stories.
Society will limit your ability to do so, for obvious reasons. If we were to try to let everyone control their own stories we would have to eliminate free expression and the consequences would be disastrous: we would not be able to call out frauds or criminals, and it would be impossible for a society where everyone controlled their own stories to build any trust whatsoever between individuals. Trust depends on the freedom with which others can tell stories about us.
Identity is not singular. We will have one identity - a set of negotiated exchanges of data to return to our anthropological mindset - with friends and family, another at work and a third in public or commercial context. Privacy is as much about the capability to keep these separate as it is about controlling specific narratives. If we cannot managed different stages for our performance of identity, we will be reduced to the lowest common denominator stories we contain. Such a flattening of the identity landscape is perhaps the worst kind of privacy violation there is.
Here again we can distinguish at least two different strategies for tech companies. One identity-centric and one privacy-centric. The first will be about how you can manage your identities and narratives, the second about minimizing any narratives that can be told about you. The privacy-centric strategy can, perhaps counter-intuitively, reduce your autonomy since you may not be able to marshal narratives that help you in building the identity you want.
There is also a deeper point here about the origins of privacy. In the German philosophical tradition starting from Husserl and Heidegger the concept of the Other is often invoked to explain how we constitute ourselves. Heidegger has a phrase, I seem to remember, that would translate into something like ”we are strewn in the eyes of others”. His point is that we are not born with identities, but they are constructed by the Other seeing us, making us and then we are able to see ourselves and remake ourselves as we grow and develop.
We start without an identity, but this also means that we start without any privacy as well! You cannot have privacy before you have identity, and so your identity has to reach a certain complexity before it can carry any privacy at all.
This in turn leads to some serious questions about kids and sharenting - where parents share stories about their kids online. I suspect that this is not so much a privacy violation as an identity violation. Kids are building their identities through the gaze of others, and whose eyes they are strewn in matters.
The sum total of you
The third re-framing is mathematical.
How much personal data has been recorded about you? Do you think there is more personal data recorded about you now than a year ago? For me the answer is an obvious yes. There is much more data in all the different systems that I interact with today than a year ago.
What about the speed of that increase? Is it also increasing? Is there more data recorded about me per day now than a year ago. Again, I think the answer is trivially yes. I have added more sensors to my phone, I have some home automation toys and I am using more online services now than a year ago - some of them explicitly focused on health and genomic sequencing. So yes, the pace of collection is also increasing.
And the diversity of the data? Are there more kinds of data about you now than before? Yes, I think so — and I think that is true across two different dimensions. The first is primary - as I noted there are now more sensors in my phone than 10 years ago, and some of these can collect a lot of new data. I have also gotten an Apple Watch that now measures not just my pulse but saturation of oxygen in my blood and me heart beat can be scanned for irregularities. So, yes, there is also an increase in the diversity of the data collected. The second is the derivative. I am quite sure that there are derivative categorizations and analysis happening across any number of services, getting me scores on credit and risk for fraudulent behavior etc, etc.
I can now imagine myself as a personal data set or space and ask how that space is changing. It seems obvious that it is expanding absolutely, relatively and in granularity or resolution. And it is doing so fast.
What can we learn from this simple model of ourselves as personal data spaces?
One thing that it suggests is that the risk for derivative spurious correlations must be growing. When the number of variables in a data set grows linearly, the number of correlations grow exponentially, and so the possible pattern matches that look like insights but are really accidents and meaningless is likely to be many more today than a year ago.
Another thing we can study is the growth of personal data spaces.
Do personal data spaces grow with age? Do they slow down when we become older as commercial interest in us wanes? Or is that compensated by (ugh!) the amount of medical data produced as we age? Or is the growth of these spaces determined entirely by other factors, like the development of technology?
What is the optimal personal data space size for the individual? For society and the economy?
Classical privacy law was premised on the idea that we are better off if our data spaces are fragmented and stove piped. Collating personal information - consolidating a data space - was seen as a clear privacy harm. But as these personal data spaces grow we need to ask if this is not the wrong way to approach the risk generated by flaws and inaccuracies in different data sets. The obvious example is medical data where you want all medical providers to share one data space for you, because that data space is the relevant for everything from diagnosis to machine learning analysis of your health.
And if we think about personal data spaces rather than personal data - what should tech companies focus on? Are there well delineated personal data spaces that companies can curate?
One really powerful model often applied to business model analysis for tech companies is the graph model. The analysis essentially asks which graphs a company is building value from. Search builds value from first an information graph, and then a knowledge graph - seeking to ensure that individuals can navigate increasingly complex graphs to learn what they need. Social networks build social graphs that maximize value for the individual (although the current social graphs are diluted by commercial value in the graphs as well, where connecting more is in some senses increasing the value for the social media platform, but reducing it for the individual — size is not simply correlated with value for social graphs).
Personal data spaces are essentially personal knowledge graphs - graphs of us. We can separate them into medical graphs, educational graphs and social graphs - and the question then is where these are best managed - and the question of how tech companies create value then really is one of graph curation and matching.
A key tactic will be to manage the growth of these graphs and try to make sure that they are living things - that they evolve but do not grow uncontrollably. Personal graph management will quickly turn into an important way to ensure that we can interact efficiently with the world around us.
Here too we will find new privacy questions - especially those that have to do with graph privacy. As we reveal parts of our graph we should consider that we are connected with others and that there are no free-standing personal graphs. The most obvious example is the genetic graph where we have seen criminal cases be resolved through genetic graph data shared by relatives in the criminal’s broader genetic graph. The criminal’s privacy was lifted through access to another entry node in a shared graph. As we learn more about social graphs we will probably find that a lot of them actually resemble genetic graphs, and that we can learn a lot about people through entry points in the tree of graphs that are once or twice removed from them.
(The extreme conclusion of this would be to say that there is only one identity when you reach deep enough in graph space and hence only one privacy. An interesting thought.)
What is also interesting here is to look at how our notion of privacy changes when we assume relentless accelerating growth of personal data - how structure then becomes a key privacy value, because when your personal data space evolves to fast it risks inverting into a black hole of personal noise where you have no clear way of interacting with the world around you.
The thinking prompt is this: imagine the privacy debates in 2030! How will we then think about personal data spaces or graphs and noise in the data?
On the blog this week
Two posts that may interest you this week.
A note on US citizens’ attitudes to China.
Some thoughts about large systems always operating in failure mode.
As always, thanks for reading and do let me know what thoughts or ideas you have! If you know someone else who might like to get these notes have them send me a quick email or let me know and I will add them.
Take care!
Nicklas