Facebook, Protocol, and WWHD

Photo Credit: “Private” by Malabarista

I haven’t been able to locate the exact quote, but while President Obama was candidate Obama he explained his simple policy with regard to email.  That policy was this: he assumed anything he sent via email could be published in the New York Times.  I remember saying (and probably posting to Facebook) that I thought this was a good policy for everyone.  While it’s unlikely that my emails will find their way into a major newspaper, I think it’s only safe and prudent to assume that my emails, IMs, text messages, and even Facebook posts can (and will) find their way into various digital nooks and crannies that I never considered.

This brings me to the recent bellyaching about Facebook’s privacy policy.  Twitter (well, at least my Twitter feed) and various tech publications have been littered with righteous indignation about Facebook’s slimy privacy policies.  Yes, Facebook pulled various bait-and-switch moves on users by making more and more information “public.”  Yes, Zuckerberg and Co. are being extremely disingenuous when they say that they only care about users being able to “communicate more effectively” or have more control over “their data.”

I get the frustration with Facebook’s various deceptions. However, the data was always public and it was never yours.  If any Facebook user thought they could exert control over where their status updates or images ended up, they were mistaken. Not only did they lack a healthy dose of skepticism with regard to corporate profit motives, they also completely misunderstood how the Web works and how protocol works. As Alexander Galloway argues in Protocol: How Control Exists After Decentralization, networks operate within the realm of protocols, “a set of recommendations and rules that outline specific technical standards” (6).  There is no Web without its various protocols, and understanding these protocols is essential to those who decide to live or interact online.  Those protocols dictate what we can and can’t do online, and they care very little about what is “right” or “wrong.”  The protocols of the Web are not like rules of etiquette (though, this is where the word comes from):

Instead of governing social or political practices as did their diplomatic predecessors, computer protocols govern how specific technologies are agreed to, adopted, implemented, and ultimately used by people around the world. What was once a question of consideration and sense is now a question of logic and physics. (7)

People are arguing about the “ought” and they are completely missing the more important fact of the “is.” Trusting Facebook to parse out the information you provide (images, videos, status updates) is not only naive but also rests on a misunderstanding of how protocol shapes our online existence. The network is built so that information moves and flows easily. We can build certain reservoirs and walls (or we can attempt to), but the protocol will always win out. Galloway explains this in terms of hackers, who are often (like Facebook) accused of being unethical:

Hackers don’t care about rules, feelings, or opinions. They care about what is true and what is possible. And in the logical world of computers, if it is possible then it is real. Can you break into a computer, not should you or is it right to. When poured in a vessel, water will fill the vessel completely; when poured into a computer network, the hacker will enter any space available to him.

In fact, possibility often erases the unethical in the mind of the hacker. An anecdote from the legendary hacker Acid Phreak illustrates this well. After being told certain personal details about his rhetorical opponent John Perry Barlow, informationthat he would later use to obtain Barlow’s credit history, Acid Phreak screamed, ‘Mr Barlow: Thank you for posting all I need to know to get your credit information and a whole lot more! Now, who is to blame? ME for getting it or YOU for being such an idiot?’ Most hackers would answer: You, for being such an idiot. (168)

I’m not calling people idiots for thinking that they could control the information they post to Facebook (though, a hacker most certainly would), but I am asking them to re-examine their relationship to the network and to protocol. We would all do well to think WWHD (What would hackers do?) before clicking submit, save, or send. Before you jump online and broadcast information about you, your family, or anything else, consider that the network (protocol) operates in the realm of what is possible not in the realm of what should happen. You may view hackers as nefarious for exploiting such protocols, but its the network (and the various RFCs put out by standardization bodies) that lays out the rules. Hate the network, not the hackers. Or, better yet, attempt to understand the network.

I am not defending Facebook. However, Facebook’s actions are, for me, very much beside the point. Facebook operates in the realm of protocol, and this means that we should assume that they operate in the realm of the possible. Whatever can be done with “your” data (it ceases to be “yours” when you put it online) – sold to companies, offered to search engines, sent to people for which it was not intended – will be done. If you’re not comfortable with this, you need a deeper understanding of what you’re getting yourself into before you leap into the next digital fad.


  1. Posted May 18, 2010 at 1:21 pm | #

    I think you put your finger on a certain incoherence in some of the discussions surrounding Facebook when you write that “People are arguing about the ‘ought’ and they are completely missing the more important fact of the ‘is.'” Though I am inclined to exactly reverse the order of precedence you’re arguing for here. The key question really is what ought to be done? The question you would have us ask, “What Would Hackers Do?” seems to shunt aside the question of what we would like the world to be in order to focus on the most brute fact of what is possible. The sort of astringent response you describe here seems to unnecessarily limit the range of our responses, fetishizing protocols and networks as things beyond our control: you can “hate the network . . . Or, better yet, attempt to understand it.” As a piece of practical advice this is quite wise. But is it unnecessarily limiting? Can we not try to change it? And isn’t all the belly-aching one hears about Facebook made in the (perhaps naive) hope that Facebook will change?

    For presidential candidates perhaps the strategy of writing every email as though it were going to be published in the New York Times is prudent. But it is hardly a standard to which we all need hew; and it is certainly not a policy we would will into existence. Trying to imagine a social work which would empower its users rather than simply commoditize them seems to be a preferable solution to simply accepting that no such solution can exist.

    I’ve heard some folks propose government regulation. I’d like to imagine that isn’t necessary. I mean, if we were to ask what a hacker would do, why wouldn’t she build such a solution?

  2. Posted May 18, 2010 at 5:42 pm | #

    Thanks for the Comment, Chris. And thanks for taking the time to read my post. Let me try to respond to a couple of things here:

    Perhaps I should have been a bit more precise. Your question – shouldn’t we try to change it? – is a good one. However, I think one of the mistakes people are making is that they’re not asking this question in a way that takes into account what is possible. Alexander Galloway (who, as you can see, I’m drawing on a lot in this discussion) explains the difference between “protocol” and simple rules or guidelines by comparing speed bumps to speed limit signs. The former compels people to slow down. In fact, it makes them want to slow down. This is the realm of protocol. It’s not about persuading people to go slower. Speed limit signs, on the other hand, are less about protocol and much more about creating a layer of rules on top of protocol. In this situation, the protocol is smooth roads where people can drive as fast as they want. The signs might have some success (particularly if there’s some kind of speed trap), but it won’t have the same affect as a change in protocol.

    When people argue that Facebook should treat data differently, their hoping that speed limit signs will change things instead of thinking about how protocol works (and the Web is based on a model of smooth roads). And the biggest problem is that most people signed on to this world of protocol without understanding much about it to begin with. Facebook has slimy policies, yes. And people can try to persuade them to change it (or, they can leave). But the bottom line is that the network works on the principle of easily flowing information, Facebook is capitalizing on this (as are a whole lot of other companies, Google being the biggest player).

    With regard to President Obama’s email/Blackberry policy: I think this might be a place where we just flat disagree. The Web is built upon the principle of being conservative in what you provide and liberal in what you accept from others. The first part of this statement is important, whether or not you are famous. And until people stop buying into the fiction that information posted online can be “private,” they’re going to continue to misunderstand how “their” data (again, it is NOT theirs once it enters the network) is going to circulate into various rhetorical contexts.

  3. Posted May 19, 2010 at 11:18 pm | #

    Jim, thanks for the thoughtful response. I think there are some areas where our disagreement still has enough space for elaboration to be valuable (rather than
    merely repetitive or grating), so I hope you’ll indulge me for one more go.

    Clearly, given the frequency with which I am finding people refer to Galloway’s Protocol, I should find time to have a look myself. That said, I hope I’m not misrepresenting the heart of our conversation by suggesting that while I am trying to suggest that folks work for greater control over their online identity and presence, you are stressing the ways in which the conditions of possibility of such control is (always?) governed by “protocol.”

    I wonder if the binarism between protocol and its others (the speed bump and the speed limit), though, is too absolute. There is a lot of space in between having no control (say,a corporation deciding by fiat that everything I contributed to a social network, when access was limited, should suddenly be public) and having absolute control (only what I want, when I want, forever and always). And I think the extreme suggestion that one must act as if anything could be public is fundamentally unreasonable. Email has established a reasonable expectation of privacy (even for folks who don’t feel like breaking out their PGP key for every message); if someone publishes your email against your wishes, your problem is not with email, but with that individual. Remove any notion of control or privacy from email and, like the idea of theft viewed from the perspective of the categorical imperative, email itself evaporates as an incoherent idea. (What is an email written as if everyone could see it? A blog post? Whatever it is, it isn’t email anymore.)

    When people complain about Facebook, I take them to be similarly complaining about a sort of violated contract. It is a (perhaps naive) social contract (rather than the EULA, say). And obviously it isn’t legally binding. But to say Facebook as a “network works on the principle of easily flowing information” doesn’t even acknowledge what the complaint is. (It is also not entirely fair; Facebook built up its user base precisely by being a segregated, controlled, part of the internet where information flowed at least a little less easily).

    There is probably more to say here; but my basic point is that there is a wide spectrum of expectations of how, and by whom, data should be controlled. And I don’t think that there is anything about the internet that would necessarily and absolutely preclude individuals having a greater degree of control over their online existences (even if Facebook is almost certainly not such an service). (Coincidentaly, Dave Winer mentioned an apposite project on his blog today; a protocol to give individuals greater control over their own data).

    I’ll close by turning to your own final comment which I take as indicative of our disagreement. I’ve heard the line about “conservative about what you provide,
    liberal in what you accept” before (which wikipedia informs me is sometimes called “Postel’s law”); but always as a principle of software design and development—never as a piece of social advice. To rely on such a law to govern how we interact with one another would be a unfortunate fate indeed. From my perspective, it seems just as important for individuals to find ways to establish and respect social norms within technology, as to force their social behavior to conform to software design principles. And, indeed, to remove protocol entirely from the realm of agency seems to fetishize it.

    (At the risk of ending on a non-sequitur, you have a great design for this blog; very nice. Cheers!)

  4. Posted May 20, 2010 at 7:34 am | #

    I can’t take too much credit for the blog design – the Word Press theme I use is called Autofocus, and it does most of the work. It really is a great looking theme. Thanks for the kind words!

    A lot of great points here, but let me offer a couple of quick responses:

    You say:
    “I hope I’m not misrepresenting the heart of our conversation by suggesting that while I am trying to suggest that folks work for greater control over their online identity and presence, you are stressing the ways in which the conditions of possibility of such control is (always?) governed by ‘protocol.'”

    This is a perfect description of our disagreement. Or, better, it’s a perfect description of where my focus differs from yours.

    You close with this:
    “to remove protocol entirely from the realm of agency seems to fetishize it.”

    I need to respond to this part because it’s the only point at which I think you’re not representing my argument fairly. I am not removing protocol from the realm of agency – I am trying to account for the agency of protocol. Agency can be both human and nonhuman, and software/protocol exerts agency. And this is the crux of the problem for me when it comes to the Facebook flare up. People are not always realizing that human agency is but one factor in a complex matrix.

One Trackback

  1. […] This post was mentioned on Twitter by Jim, Ron Brooks. Ron Brooks said: RT @jamesjbrownjr: My thoughts on Facebook privacy, righteous indignation, protocol, and WWHD (What would hackers do?): […]

Post a Comment

Your email is never published nor shared. Required fields are marked *


You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>