Changing Our Default Settings: it’s time for a cognitive change

Privacy and “leaving the door open” online:

On 8 Nov 2013 a federal judge in Vermont ruled that information that is available through a P2P server is information in which there can be no right of privacy (United States v. Thomas, 2013 U.S. Dist. LEXIS 159914 (D. Vt. November 8, 2013).  

The ruling came in a challenge over the admissibility of information that had been gleaned via automated searches of P2P streams – the defendants claimed that the information had been illegally taken from their computers and therefore should be inadmissible.  The judge did not agree, finding instead that information on a P2P network is de facto public information – if something can be accessed via the Internet then the “door has been left open” and it is considered public. 

This perception of information on the Internet (or accessible via the Internet) as public rather than private is not restricted to analyses of P2P.  In a previous post I explored the legal treatment of information on Facebook, finding that Canadian courts have tended to allow information from social media profiles to be admitted as relevant and available, regardless of whether privacy settings have been used or not.

The not-so-subtle bias of “default” settings

Perhaps, notionally, default settings are only a starting point and able to be later changed or fine-tuned by users, but in actual fact they exert quite a powerful force. 

This is particularly true in the relatively new world of social media networks. People who when moving into a new residence would not hesitate to change the locks, put curtains on windows, and grow a hedge for privacy may not have the corresponding experience or confidence to take similar measures online.

“Default settings” in the technology world imply a standard configuration and/or best practice. Even Facebook CEO Mark Zuckerberg has asserted that default settings are reflective of broader “social norms” and aim to reflect current standards and values. 

In fact, there are powerful business incentives at work in all aspects of design and implementation of social networking sites. The trend for social network companies to set default settings that favour information sharing helps maximize the commercial potential for these businesses—especially given that users are unlikely to change default settings.  In practice, default settings exert normative force.

Placing the exclusive onus on the end-user to be hyper-vigilant is unrealistic and unfair. The presumption that complying with suggested “norm”-based defaults indicates a waiving of privacy expectations is incompatible with the privacy interests of ordinary internet users.

Time for a change

What is called for is a change in our cognitive defaults as a society when it comes to the publicness of information and the Internet.  It is clearly no longer enough to examine individual sites and technologies to see if they can be considered sufficiently private.  Rather, we must invert our cognitive defaults, change our way of thinking so that privacy is our default assumption rather than an exception.

Only when privacy rather than publicity is the expectation, the “norm”, will we have a chance to cultivate a truly privacy-protective environment including user-centric site defaults, respect for user choices, and—in cases like United States v. Thomas—a high threshold applied when finding that expectation of privacy has been waived.