[This is a slightly extended re-post of a comment I left on Tim O’Reilly’s blog, here.]
First, I should make it clear that I congratulate Tim O’Reilly on managing a contrarian post which is thought-provoking without being inflammatory… a balance which is hard to strike on this topic.
I have to say, though, that over-all I disagree with Tim’s argument. We are (or should be) way past the stage, with social networks, of just innovating “because it’s possible”; a more evolved attitude is to ask not just whether we can do something (because after all, these days online, pretty much anything is possible) but rather whether we should do it. Innovation does not trump ethics.
By comparison, think what the reaction would be if, instead of personal data, Facebook’s raw material was genetically modified bacteria. Would we really be happy for them to be playing around with a 400 million-person petri dish, all in the name of “innovation”?
No – if Mr Zuckerberg wants to push his agenda of “radical transparency”, he should be doing it with the knowing, informed and explicit consent of whatever subset of users want to take part, not with the vast majority of users who don’t have the information or the tools with which to make rational decisions about the privacy of their information online – and who, in many cases, signed up under a radically different set of terms to those which have since replaced them.
As a more general principle, what this suggests to me is no different from what has been happening for decades in other fields of innovation (and I think of things like medicine, nuclear physics, gene technology and so on): we are quite accustomed to having discrete and very different governance regimes for the “research and development” phase and the “mass consumer roll-out” phase. Facebook’s model (and the one Tim O’Reilly seems keen to endorse) it that it’s OK to conflate the two, treat the “mass consumer roll-out” phase as your personal horde of lab rats, and innovate in ways which put them at risk.
My former colleague Michelle Dennedy, then CPO at Sun Microsystems, used to advise organisations to treat personal data like toxic waste. From that perspective, I don’t think what Mr Zuckerberg is doing with 400m people’s personal data is at all healthy. Not for the individuals concerned, and ultimately not for the rest of us either.