Continuing Burton Group’s work of social networking and social media, I’ve been having various forms of this conversation over the last few weeks. First, I was at TechAmerica talking about social networks, privacy, and data breaches. Although the audio isn’t great, you can get the gist from this video. Then I was talking to the guys from InfoChimps ahead of their debut of some huge Twitter datasets. (The potential for data they have is pretty breath-taking.) Meanwhile, I am prep’ing a more formalized version of this talk for an upcoming OWASP event. With all this activity I thought I’d share a part of it.
On the whole, people have no problem using social networking tools. Whether for personal or for work reasons more and more people are using a variety of tools to share and connect. And in this regard, we can think of social tools as engines for disclosure. Although people are relatively comfortable making disclosures such as “had a great meal in Ottawa” or “have to burn the midnight oil to get this blog post done,” people feel uncomfortable when these disclosures appear in other places. This feeling is akin to reaching into your computer bag and finding a long lost banana: a little foreign, a little gross, and a little strange. People often want to keep their social structures separates and, using a highly technical word, people feel oogy when they discover that something they have disclosed (an activity, a group they may have joined, a relationship they formed, a trip they have taken, etc) is known by other people in other networks.
There are three axes to this problem:
Oogy factor #1 – Audience – People often underestimate the size of the audience to whom their are disclosing information. What they think they are sharing with their team at work, is in fact shared with the enterprise. Furthermore, there are cases where the true size of the audience is not known because linkages between different social networking sites and the social graphs defined therein.
Oogy factor #2 -Content – Some disclosures are not obviously under people’s control. It’s obvious when I update my status in Yammer. It isn’t so obvious when I join a group and that fact appears in my work activity stream. This is unsettling as information is being disclosed about me and yet I didn’t actively disclose that information. (I fell prey to this one… ask me sometime – funny story.)
Oogy factor #3 – Time – Closely tied to Content, people don’t necessarily have control of when things are disclosed about them. Where social tools are reporting on activity, it isn’t entirely obvious how a person controls such disclosures and when they happen.
People build mental models for their believed behavior of social tools along these three axis. If any one axis is shifted and the tool behave in a manner contrary to those mental models people feel uncomfortable. Although people are just establishing a comfort level with social tools from a consumer perspective, the enterprise is just taking its first teetering steps with social tools. There is definitely enterprise-grade ooginess ahead as enterprise grapples with the data breach and privacy implications of these tools. To that end, social tools have to provide meaningful ways for people, in the consumer setting, to adjust tool-behavior to meet their own mental models, and enterprises to accommodate wider regulatory and data protection concerns.
I’m going to be giving a longer version of this as a presentation to an OWASP and Tivoli users group meeting in December. If you are in the Hartford area, join us. You can register here.
(Cross-posted from Burton Group’s Identity Blog.)