I saw my first pair of Google Glass at the IAPP’s Privacy Summit a few weeks back. I can’t say for certain but I’ve got a feeling that the wearer was not only loving the utility his pair of Glass provided but also the circumspect looks shot his way by hundreds of privacy professionals. This got me thinking about how societal privacy issues are born – not just with Google Glass but with any technology.
As Glass debuted, people have been raisingmultipleprivacyconcerns including the concern that Glass could send images of people’s faces back to the Googleplex for post-processing such as facial recognition. This concern is rooted in the asymmetric relationship between the people in the line of sight of the Glass wearer, with whom they may not have a relationship, and Google who could collect their image and use it for whatever purpose it sees fit. The random stranger might not have a relationship with the Glass wearer and she most certainly does not have a relationship with Google (or whoever makes the next Glass-like widget) in this context. The concern, I believe, is not just of asymmetric relationships and power imbalances but also one of post-processing.
I had let Privacy Mirror languish for a bit, and having found a free few hours, I decided to update Privacy Mirror to take advantage of Facebook’s Graph API. (For those of you not familiar with my Privacy Mirror experiment, it is a very basic app that explores what personal data apps can see via your friends.) Since I last updated Privacy Mirror, Facebook rolled out two major features. The first was the previously mentioned Graph API, which is a RESTful API that results Facebook data as JSON.
The second, and frankly the more interesting, was extended permissions. The newish extended permissions govern how apps can access data and how users are informed of this use. It is these extended permissions at the bottom of the recent kerfuffle over Facebook allowing app developers access to phone numbers and addresses. (Ars Technica did a good job over covering this, and here is Facebook’s current response.)
Extended permissions work like this. First, an app developer encodes a request for access to various pieces of your profile data, as well as pieces of your friends’ profile data. Second, when you add the app to your profile, the app asks you for your permission. The following is a picture of what it looks like when Privacy Mirror asks for access to your and your friends’ information.
It is crucial important to notice that you as an app user can only agree to the use of all the requested information (as opposed to individual pieces.) Also, the app user cannot say that the app can have permission to her own data but not that of her friends. (See my series “I ‘like’ you, but I hate you apps” for the implications of this coarse-grained control.) Third, once the app has your permission, it goes off and does what it doe
I have to say, I like the spirit of the extended permissions. I like the fact that developers must ask for permission and I like that users must grant that permission. But I am very troubled by the lack of granular control afforded to the user.
Also, Facebook has not addressed what I feel to be a much bigger privacy issue: the mistreatment of relationship between people and their apps. If I have an app and you don’t use the same app, then that app can only see the elements of your profile that you have allowed applications to see. (This is controlled via the Account > Privacy Settings > Apps, Games and Websites > Info accessible through your friends settings.) But if you and I both have the same app on our profile, then the app can see the elements of your profile that you can granted me access to see. In this sense, the app executes with my permissions based on our relationship. But you have a relationship with me, not my apps. This is subtle and remains an critical unsolved problem.