Facebook was in the news this month for its disturbing policy of making it all but impossible for users to quit the site and erase their personal information. The issue was presented as one of privacy, but it is more precisely a matter of what the sociologist Erving Goffman called “identity management”, which takes on whole new levels on the Internet.
Goffman argued that people spend much of their lives managing their identity through “presentation of self”. Offline, people use clothing, facial expressions, and the revealing and withholding of personal information to convey to the world who they are, or who they want to be taken to be. The physicality of the offline world provides built-in protections. When people talk to a group of friends, they can look around to see who is listening. When they buy a book or rent a video, if they pay in cash, no record is made connecting them to the transaction.
It’s more complicated online. Social networking sites such as Facebook and MySpace create identities for people, and disseminate information about them to large numbers of people. I am Facebook friends with Pierre Omidyar, the founder of eBay, who is an avid “twitterer”. He uses the Twitter social network to send his friends frequent bulletins, which feed into their Facebook pages, about his whereabouts (Hanoi, the other day) and what he is reading (a lot about telecom immunity). This sort of sharing is unobjectionable because Omidyar is deciding what information he wants to put out. More problematic is the amount of unintended sharing going on. There have been countless stories of young people losing job offers when prospective employers find their MySpace pages and read tales of alcohol and drug use.
Most troubling of all is the growing inclination of websites to spread personal information without users’ consent. Facebook was rightly pilloried last fall when it introduced its Beacon service, which notified users’ friends— without the users’ consent— about online purchases. (Hey, Mary bought a pregnancy test!) Google Reader crossed a similar line when it began automatically sharing the news users read with their instant-messaging contacts.
It’s no secret why websites like to spread information of this sort: They are looking for more ways to make more money. Users’ privacy is giving way to websites’ desire to market to their friends and family. Technology companies are also stockpiling personal information. Google has fought hard for its right to hold on to users’ searches in a personally identifiable way.
What websites need to do—and what the government should require them to do—is give users as much control over their identities online as they have offline. Users should be asked if they want information to be viewable by others, and by whom. Privacy settings, which allow for this kind of screening, should be prominent, clear and easily managed. (I’m not sure I was part of the intended audience for my colleague’s college-years anecdotes.)
Before websites disseminate information the user did not ask to share, like an online purchase, the user should be notified and should have to affirmatively “opt in”. It should be easy for users to disappear from a website they have been part of, or simply to delete some information about themselves.
In a visit to the editorial board not long ago, a top Google lawyer made the often-heard claim that in the Internet age, people—especially young people—do not care about privacy the way they once did. It’s a convenient argument for firms that make money compiling and selling personal data, but it’s not true. Protests forced Facebook to modify Beacon and to ease its policies on deleting information. Push-back of this sort is becoming more common.
No one should have personal data stored or shared without their informed, active consent. If they still want to tell the world— including job interviewers and employers—about their wild weekends, they’re on their own.
©2008/The New York Times
Edited excerpts. Adam Cohen writes the column Editorial Observer. Comment at firstname.lastname@example.org