[joho] JOHO - August 31, 2007

  • From: "David Weinberger" <dweinberger@xxxxxxxxx>
  • To: joho@xxxxxxxxxxxxx
  • Date: Sat, 1 Sep 2007 10:50:08 -0400

Journal of the Hyperlinked Organization
August 31, 2007
Editor: David Weinberger (self@xxxxxxxxxxx)
To unsubscribe, see instructions at the end
For the fully glorious illustrated and hyperlink-saturated
online version of JOHO, please visit:
To view this issue correctly, please use a monospaced
font such as Courier and stretch your window until
it all makes sense.

| CONTENTS                                    |
|                                             |
|THE PRIVACY NON-PRINCIPLE: Privacy is too    |
|squirrely for principles. We need to keep  it|
|difficult.                                   |
|                                             |
|Suppose the norms never settle down?         |
|                                             |
|Or are some that look so really not so much? |
|                                             |
|VOWELS OR CONSONANTS?  Which you prefer      |
|scientifically determines your fate. Really! |
|                                             |
|TIP: Scanning is a pain. Snapping is easy.   |
|                                             |
|COOL TOOL: Librarything.com                  |
|                                             |
|Look, none of us like this, but you know we  |
|have to do it. So let's just get it out of   |
|the way.                                     |
|                                             |
|I have a book out. It's called "Everything   |
|Is Miscellaneous." Here's the blog about it: |
|www.EverythingIsMiscellaneous.com. And  the  |
|reviews are here:                            |
|                                             |
|Now just clean up your room and eat your     |
|sprouts, and then you can go out and play.   |


0. Preface

A couple of weeks ago, I participated on a panel
on privacy and anonymity at a session at
the Berkman Center. We took as our text "Privacy in
Atlantis" [1], a dialogue by Jerry Kang and
Benedikt Buchner in  which counselors to the
benevolent queen  of Atlantis discuss
recommendations for a privacy policy. Atlantis
is presumed to be the US in terms of values,
norms, and  economy.

As a result of reading that article and the
discussion at the session and afterwards, I
realized my recommendation would be that Atlantis
not have a policy on privacy. I also realized I'm
more confused about privacy  than I'd even thought.

Part of the confusion is due to my thickness on the
topic. But some of it is inherent in the topic
itself, which should (I think) affect our privacy
policies. So, prepare for a foundering, thrashing,
unsatisfying article...

[1] http://papers.ssrn.com/sol3/papers.cfm?abstract_id=626942

I. Information and the generalization of privacy

The concept "privacy" covers everything from the
highway authorities recording every quarter you
throw at a tollbooth, to people tagging Flickr'ed
photos of you with your pseudonym, to not asking why
a friend is out dancing with someone other than
his/her spouse. Privacy, like love and meaning, is a
single word that covers wildly disparate cases.

It didn't used to. Back before the information age,
privacy had a fairly well-defined set of
applications. It covered what authorities could ask
about you, and acts you wouldn't feel comfortable
performing in the middle of a skating rink.  But now
it applies to wherever there's information. And
nowadays, everything is information.

        Digression: There's definitely been a change
        in the meaning and use of the term
        "information" over the past twenty years. In
        the late 1980s and early 1990s, when I was
        working at a company that was one of the
        inventors of document management, we couldn't
        figure out how to talk about the broad range
        of stuff people put in documents.
        "Information" was obviously the wrong term
        because that's what databases handled. At
        least at the time. Now most of us would be
        quite comfortable talking about the content
        of documents being information. In fact, if
        you walk down the street without a paper bag
        over your head, we now think you're emitting
        information about yourself. And if you do put
        a bag over your head, that's information,
        too. We've given "information" the sort of
        breadth formerly reserved for terms like
        "experience" and "perception." Although
        "information" has snuck into our epistemology
        and our metaphysics, it is not a well-formed
        notion, except in the Shannon-Weaver
        mathematical sense that we don't mean
        99.99999999% of the time when we talk about
        information. Pervasive and poorly defined ...
        that's how we like our terms! (Arjan Vreeken
        has written a scholarly history of
        information [1]. Paul Starr talks about it
        also, in his remarkable The Creation of the
        Media [2]. On the other hand, if you want to
        see "information" stretched to its limit, see
        the time line Geoffrey Nunberg did for the
        Encyclopedia Britannica.[3]

If everything is information — or if information is
coextensive with experience — then we have a steady
stream of data that we can either allow people to
access or not. It thus seems that all of our
experience has to be public or private, just as we
have to decide what files we're going to let other
people on our network see. We therefore need a
guiding principle to help us decide which
information gets let out in the sun and which we
keep indoors behind drawn curtains.

But, our experience is inexplicable if we think of
it as an undifferentiated stream of mere
information. Information is reductive, not
foundational. Rather, experience occurs within
social forms and institutions, so that a wave from
a friend across the hall is different from a wave
from a cop across the street, which is different
from a wave from the Queen of Atlantis as her
motorcade goes by.

Privacy is even more situation- and
institution-specific than are friendly waves. In
fact, we differ about privacy along cultural,
class, and generational lines-- see danah boyd's
fascinating work on what privacy looks like to the
MySpace generation [4]. Also, drinking seems to make
a difference. (A favorite headline-without-a-story
from The Onion: "Girl Gone Wild Actually Just
Regular Girl, Only More Insecure and Drunk" [5]).

Indeed, the whole metaphysics is screwy. The social
realm doesn't pre-exist the acts of making public
and private.  As many have pointed out, our social
network is not just described but constituted by the
intimacy of sharing, and by the limits we place on
that intimacy. "Letting you in on a secret" creates
or solidifies a friendship. Inviting you to see me
at home changes an office relationship. Making
public and private isn't something we do within the
social realm; rather, they make the social realm.

It thus seems unlikely that anything like a
principle could possibly apply to how we decide what
to make public or keep private. We can't even come
up with prima facie principles for this. Something
is prima facie good if you don't need a special
justification to do it, but you do need a
justification to do its opposite. E.g., you don't
need a special justification to tell the truth, but
you do need one to lie. This is helpful because it
acknowledges that there are times that lying is
justified, while still giving truth-telling its
moral due. But the prima facie doesn't much help
with the question of privacy. Do you need a special
justification to keep things private? It depends.
You need a special justification for walking down
the street with a bag over your head, but you don't
need one to refuse to point out to a stranger which
is your bathroom window and exactly when you like to
take showers. Likewise, do you need special
justification to make things public? You do to strip
naked in public, but you don't to put on a name
badge at a conference. We are too insanely social
for a general principal of privacy to work even
prima facie.

Even the general privacy principle that individuals
should be able to control how much of their privacy
they want to give up doesn't work as a principle.
Although it sounds good, we don't really believe it.
You don't control how much of your naked body you're
allowed to show in public. It'd be rude to refuse to
give your first name to someone who asks at a party.
You don't own the right to hold back your year of
birth when buying beer. You can't refuse to be
patted down at the airport when they notice a lit
fuse sticking out from under your coat. The putative
principle instead must be that individuals should be
able to control their private information as
appropriate within particular domains. But, then,
how do we use this principle when facing particular
issues in particular domains? That maintaining
privacy is generally to be preferred? But that would
make us into a society of hermits. In fact, we could
just as easily maintain that being public and open
is generally to be preferred. The principle gives us

So, the Atlantis' article's premise turns out to be
misleading. The counselors are supposed to make a
recommendation to the Queen about privacy in
general. But privacy depends on the specifics. It
varies wildly by domain. And the line between the
public and the private is not a property of social
interactions so much as a foundation for social

II. Privacy as hurly burly

But all of this is beside the point. In the digital
world, the privacy advocates have particular cases
in mind. They are thinking about government
snooping, online stores sharing data about what
you've bought, and medical insurers checking your
genome for tire tracks. Within domains such as
these, we certainly can have policies.  You should
be able to control whether the company who sold you
the Swedish Organ Pump can pass your email address
on to Nigerian Inheritance Surprises, Ltd. I'd be
happy to have the Queen establish rules prohibiting
commercial data sharing without user permission. I
suspect you would be, too.

The question is why.

Even within the realm of commercial transactions,
the privacy principle -- people ought to control the
information about themselves, because privacy
generally is to be preferred -- is tough to apply. The
concept of "necessary" is fluid. If a vendor demands
the last four digits of your social security number
as an extra security measure -- it's always for your
protection, people -- is that necessary? How about a
zip code? How about an email address so they can let
us know if there's a product upgrade or recall? To a
large degree, it's a matter of norms. And the norms
have shifted already. We routinely give vendors lots
of "unnecessary" information. I defy you to find one
person in a hundred who expects an online store to
wipe clean its memory of our purchases after a week
or even year. Not one in a hundred knows or cares
that the site is recording our stream of clicks. We
don't expect online sites to have the attention span
of a vending machine.

So, strictly speaking, trying to pare the
information-gathering to what's necessary is a lost
cause because "necessary" is a matter of the very
norms that are shifting. The real battlefront is
centered on the next set of extensions of data
gathering, retention, and sharing in which large
organizations start to put together information
about us from all over the place. And that's a
worthy battle. But it's not going to be resolved
through an appeal to a privacy principle. We're
going to fight for rules restraining information
synthesis not because of principle but because it
makes us feel icky.

We're going to rise up against insurance companies
getting access to our genetic tests because it
outrages our sense of fairness that someone born
with a propensity for a disease should be barred
from coverage for that disease. We'll write to our
Congresspeople to make it easier to find and harass
the sex offenders in our neighborhoods because our
fear will overwhelm our "respect for privacy." We
are not going to be able to define the line we draw
by means of a principle because we do not blush out
of principle.

III. Keeping identity hard

I'm finding it difficult to know what to conclude
from the failure of principles in the privacy
debate. Here are some thoughts.

a. While I believe privacy overall is hugely
complex, within the confined circumstances of doing
a transaction with an online merchant, there are
good reasons to push for a code of conduct. That's
why in 2003 I suggested (and was hardly the first
or only person) that vendors take what I was
calling the "You First" pledge [6]. Codes are not
principles, however. We resort to codes when norms
are not settled. In this case, the code would be
within a narrow enough domain that it'd make sense.

b. When privacy looks like a single thing subject to
clear principles, it's tempting to want to build a
single solution to support those principles. That is
one reason, I believe, that we are willing to listen
favorably to proposals for a new identity layer or
infrastructure. In its best incarnations, your
identity information would be completely under your
control, it would not be centralized in any one
place, and it would let you give out information
about you without always tying it back to the
living, incarnate you in the real world. This is
far, far preferable to the worst-ever proposals for
a government mandated, centrally managed ID.

But, while the best-case ID systems prevent
totalitarian abuses by putting up a user-controlled
firewall between multiple online identities, and
between those identities and the physical person at
a physical address -- huge advantages over the
likely alternatives -- we still should be worried
about what life might be like after sites can take
for granted that their users all participate in a
standardized identity system.

c. How do we decide if this prospect should worry
us, delight us, or both? If we give up on being
guided by principles, then we have to look to an
assessment of possible outcomes. That means we
should be concerned by Brad Templeton's law [7]: "If
you make something easy to do, it will be done more
often." Brad continues:

        "The easier it is to give somebody ID
        information, the more often it will be done.
        And the easier it is to give ID information,
        the more palatable it is to ask for, or
        demand it."

Being required to list all of your purchases at all
other sites over the past six months is currently
not just intrusive, it's also a pain in the butt. If
it becomes as easy as pressing a button so a vendor
"may serve you better," many of us will. That's
predictable. The software will change the norms.

John Clippinger, a friend, Berkman colleague, and the
author of the excellent "A Crowd of One" [7],
objects that Templeton's Law isn't really a law (and
Brad isn't really suggesting otherwise), so we have
to think about whether it actually would hold in
this case. It's hard to tell, but I think it would.
Right now, in the real world and online, we do not
have to identify ourselves to buy stuff. We can pay
by cash. Even if we pay by credit card, the card
doesn't identify us to the merchant as this or that
person living at this or that address. Because of
Templeton's Law, I think it likely that online
vendors will ask us to identify ourselves "for our
own security." It'll be way easy to do, so we will.
As the commercial norm changes, the temptation will
be to change it on non-commercial sites. Want to
comment on a blog? First you have to identify
yourself. It's easy! Some look forward to the death
of anonymity. I fear its social and political

We can't know if this will happen for sure. It is
cause for worry, though.

d. The strongest argument from the
pro-infrastructure folks, in my opinion, is in fact
that we are going to get privacy ripped out of our
hands by hostile forces, so we should be working for
the best version, which is one that gives users
control over the information. (See Kim Cameron's
Laws of Identity [10].) This is a practical,
political argument, as it should be. Yet I'm on the
fence about it. On the one hand, if I were given the
opportunity to try to persuade Congress or the major
economic players, I'd want to present the case for
keeping identity difficult and anonymity the
default. On the other, I'm happy to have people who
share many of my concerns presenting a plausible
alternative to the identity schemes being created by
the government and economic giants who don't
actually care much about the social benefits of
privacy and anonymity. Ultimately, I think we need
both arguments to be pressed simultaneously. It's a
contradiction, but we're talking politics here, a
realm that wouldn't exist without contradiction.

e. There is, however, another solution, one that
acknowledges that privacy is a manifold and complex
social relationship. It suggests a code of conduct
for retail operations, while understanding that
there may be good reasons for some operations to
disregard elements of that code, especially as
retail is transformed, transgressing the old lines
between merchant, customer and market. Nevertheless,
before a retailer casually decides to gather data
about us, the retailer should recognize that there
are prima facie reasons not to do so. Meanwhile, we
enable sites to come up with their own ID
requirements and techniques. As a result, we end up
with solutions that address the nuances of each
case. And, yes, it is basically what we have now.

This makes it harder for customers and users. You
have to manage your identity information at each
site you go to. Good! Giving away your privacy ought
to be a little hard. And if you don't want to do all
that typing, you can get software -- I use RoboForm
on my Windows PC -- that auto-fills forms.

Such a solution isn't simple. Neither is privacy.The
solution ought to be as local, nuanced, and
difficult as the multiple norms of privacy
themselves are.

We will preserve privacy by maintaining the sense of
ickiness and outrage.

We will win -- well, I doubt very much that we'll
win -- by keeping identity transactions difficult.

We will win by keeping identity and privacy as sore
spots, even as the norms shift.

f. It is entirely possible that our norms are
shifting deeply, and not just from a presumption of
privacy rights to a presumption of publicity
rights. Rather, privacy may be becoming not a
matter of what information is recorded but what
information others are allowed to pay attention to.
Privacy = ignoring what you're not allowed to
notice. (danah thinks about this in terms of
expectations about who a space is for.) Just
because you take an outdoor shower when the spy
satellite happens to be overhead doesn't make you a

Ok, so that's a lousy way of putting it. Instead,
consider the British public's acceptance of
near-ubiquitous video surveillance cameras -
500,000+ in London alone. Nevertheless, people still
have coffee with their adulterous lovers, thumb
through inappropriate magazines, and pick their
noses, because the more information is collected,
the bigger the shadow of irrelevance it casts.
Similarly, it's possible, and even probable, that we
will continue down our current path and assume that
vendors are capturing and sharing every bit of info
about us that they can. We won't mind so long as
they don't spam us or turn us down for medical
insurance because we bought six diet books. This is
not just a change in where we draw the line between
the public and the private. It is a radical change
in their natures.

If privacy issues can only be resolved in the
hurly-burly of politics and shifting social norms,
we're in for a rough time. But there's some
protection and some hope in that very fact.

IV. Summary, in the form of a limerick

There once was a queen of Atlantis
unsure what rights to grant us.
Norms are so squishy and
principles artifishy,
And the icky's too tricky to plant us.


[1] http://primavera.feb.uva.nl/PDFdocs/2005-19.pdf
[4] http://www.danah.org/papers/AAAS2006.html
[5] http://www.theonion.com/content/node/34514
[6] http://www.hyperorg.com/backissues/joho-feb25-03.html#youfirst
[7] http://ideas.4brad.com/paradox-identity-management
[8] http://www.acrowdofone.org/
[10] http://www.identityblog.com/?page_id=354


I keep thinking that many of the problems of the Web
are due to the lack of settled norms: We don't know
how much personal information to expose, how
aggressive and obnoxious we can be in anonymous
forums, even what to do about linking to sites we're
denouncing. Employers don't know what to make of
prospective employees' college years' drunk
FaceBooking. Citizens don't know how to take the
exposure of every candidates' every infelicitous
joke, each gleefully YouTubed.

Just wait. The norms will settle. We'll figure this

Maybe. Suppose we are never going to have settled
norms on the Web. As more cultures get connected, we
are promised an influx of divergent beliefs, values
and practices. So, if we were all to agree tomorrow
that, say, sarcasm on sites open to strangers is
just rude, the day after that a million sarcastic
Freedonian school kids might get their shiny new One
Laptop Per Child portables. Perhaps all norms will
be local forever and forever in flux.

Now that the local is global, the Internet may well
exist in a state of perpetual embarrassment.


I've put off for years now the task of scanning in
our albums of photos. Scanners are cheap and
scanning is easy, but it's a pain in the butt.

Then I had the sort of brainstorm that puts me a
solid six years behind everyone else. I have a
digital camera with more pixels than there are days
in all of recorded history. Why not just take
pictures of the pictures?

And so, in 2034, when I finally get around to doing
this, it shall go much faster than scanning in the
photos one by one.


Even if you happen not to find LibraryThing.com [1]
particularly useful, it's a place to watch just to
see what Tim Spalding will come up with next.

LibraryThing is for sharing the list of books in
your personal library. You can sort them in a
variety of ways, tag them, review them, and share
all of the above. (The books themselves are not at
LT.) Recently, Tim added "tagmashes," which allow
you to specify an intersection of tags. Nothing
unusual there, but LT treats the queries as if they
were new subject headings. It's a simple twist, but
it's also a clarifying one. And it's typical of how
Tim is playing with the ideas behind the tech.

[1] http://LibraryThing.com


A fellow at West Point who is also a student of
psychology and social organization read an article
in JOHO [1]in which I wrote:

        "In the Army, your rank couldn't be more
        explicit. You've got stuff sewn into your
        clothing denoting your precise position in
        the hierarchy. Thus, there's no need to
        joust, and teams can be more genuinely

He sent me an email asking me if I think all
organizations have the equivalent of rank. Are all
organizations  hierarchical?

Good question, especially in the face of those who
point to the disparities in power, rank and role in
online groups as proof that nothing has changed.

I don't think all clusterings of humans are
hierarchical, unless you define "hierarchy" so
broadly that it covers any time one person defers
to another. A hierarchy worth the name ought to be
a persistent social structure with well-defined and
comprehensive power or status relationships, in
which each node has exactly one superior node. We
can loosen that up somewhat to accommodate the
complexities of modern business, but that's what
the paradigmatic hierarchy looks like.

Corporations have a legally-defined hierarchy that
covers a decision-making process and the legal
accountability of the system. But, even within that
hierarchy, much of the work is done across and
regardless of the hierarchy.  In fact, many
organizations in my experience are embarrassed by
rank. The CEO talks about being just another
worker. (See Jack Welch's "Jack: From the Gut" for
an example of this.) Managers don't like to order
people to do things; they'd rather pretend that
we're all equals, working collaboratively. That's
why we don't salute our managers in the business
world. At least, not explicitly. Instead, we
pretend to listen while they talk.

Organizations that aren't corporations may also
have ranks and status systems, but that doesn't
mean that it's right to characterize them as
hierarchies. Wikipedia, for example, has an
emergent hierarchy, but the hierarchy is there
primarily to handle exceptions and problems.
Likewise, it'd be a mistake (imo) to look at the
open source movement, find the hierarchical
elements ("Linus decides stuff!") and think that
it's fundamentally a hierarchical movement. One
could just as well find the collaborative,
non-hierarchical elements and highlight those.
Indeed, that would obviously be a better way of
thinking about the open source movement.

So, yes, you can find elements of hierarchy in many
or even most organizations (depending on how loosely
you define it), but that doesn't mean that those
organizations are usefully described as

[1] http://www.hyperorg.com/blogger/mtarchive/000823.html


Last night in the video store, as I quickly scanned
the shelves, I misread "Lonely Hearts" as "Honey
Bears." When trying to remember Montana, I'm more
likely to think of Topanga than Missouri.  I can
never keep Hamas and Fatah straight. "Monopoly"
seems to me to rhyme, in an odd way, with "polo

My brain prefers patterns of vowels to similarities
of consonants.

So, I figure there's got to be a million dollar New
Age or self-help book to be written based on this
fundamental division of humanity. Men Are from
Consonants. Women are from Vowels. Or maybe Drawing
on the Vowel Side of the Brain or The One Minute
Vowel Manager. Something like that. It would explain
how vowelers are more open-minded and interested in
connections, while consonantals are great at finding
limits and are better at finishing projects. Spin up
a whole psychology and sociology, and then maybe
follow it up with a book called "Ooooooooo! How
Businesses are Voweling to Success."

Waddyathink? A million dollar idea or what?


JOHO is a free, independent newsletter written and
produced by David Weinberger. If you write him with
corrections or criticisms, it will probably turn out
to have been your fault.

To unsubscribe, send an email to


with "unsubscribe" in the subject line. If you have
more than one email address, you must send the
unsubscribe request from the email address you want
unsubscribed. There's more information about
subscribing, changing your address, etc., at
http://www.hyperorg.com/forms/adminhome.html. In
case of confusion, you can always send mail to me at
self@xxxxxxxxxxxx There is no need for harshness or
recriminations. Sometimes things just don't work out
between people.

The Journal of the Hyperlinked Organization is a
publication of Evident Marketing, Inc. "Hyperlinked
Organization" is a trademark of Open Text. For
information about trademarks owned by Evident
Marketing, Inc., please see our Preemptive
Trademarksôô page at

This issue of JOHO is licensed under a creative
commons license:

Other related posts:

  • » [joho] JOHO - August 31, 2007