Fred Stutzman and Woodrow Hartzog, Obscurity by Design

Fred Stutzman and Woodrow Hartzog, Obscurity by Design

Comment by: Travis Breaux

PLSC 2012

Workshop draft abstract:

Currently, the most pressing issue for privacy regulators is the accumulation and use of consumer data by companies, including social media providers. Post-hoc responses by regulators to privacy violations, including violations by social media providers, do not sufficiently protect consumer privacy. To enhance consumer privacy, regulators recommend that privacy protections be built into all phases of the technology development lifecycle. This approach, known as privacy-by-design (PbD), mandates companies to proactively address privacy concerns so as to produce positive privacy outcomes for users. Although well intentioned, PbD faces a number of challenges in implementation, including a lack of specificity and weak market forces motivating adoption. To date, applied PbD work has largely focused on back-end implementation principles, such as data minimization and security. Very little work has focused on integrating PbD into the design of interfaces or interaction. Additionally, although regulators have paid much attention to the potential harms committed by companies that hold personal information, the threat posed by other users has been largely neglected. In the context of social media, PbD has not yet addressed the “social.” In this work, we argue that the design of privacy in social media user interaction is an integral concern that necessitates policy coordination between site designers and administrators. In social media sites, the development of PbD practices for interaction are equally important to those developed for data storage and security. Of course, the design of PbD practices for interaction is challenging. Interaction varies by site, culture, and context, and is not necessarily amenable to formal engineering requirements. To address this challenge, we propose a novel, empirically grounded approach to PbD for social media interaction. Drawing on an established framework for online obscurity, which identifies a set of practices for how individuals shield their identity in online social interaction, we propose the four factors of online obscurity as a set of design and policy criteria for approaching PbD for user interaction in social media. We then illustrate how designers and administrators of sites can address these factors through a range of technical, policy, and behavioral “nudge” solutions. In doing so, our work improves PbD discourse by providing actionable, empirically grounded specifications that are both flexible and feasible to implement.