I was recently speaking with a friend on the phone, and she said, “I just had the most embarrassing thing happen! I had one of my Facebook friends send me a text teasing me about reading a rather sleazy article on TMZ. I did not know what she was talking about! So, I went to my Facebook page, and sure enough, down the timeline there was an article I had only briefly gone to the previous day after clicking a headline about moms on Google news and landed on a page; I quickly got off of when I saw it. I was so embarrassed to see that my brief visit to the page had been posted on my Facebook page! I don’t even go to TMZ on purpose, why is Facebook suddenly tattling on me when it accidentally went there?”
Ah, yes; one more unaware victim of a click-by frictionless sharing privacy incident!
What is “Frictionless Sharing”?
The first time I saw the term “friction-less sharing” was in 2011 reading about the F8 Developers Conference when Mark Zuckerberg was explaining how their sharing of copious amounts of activity data to the rest of the world, on Facebook walls, and with unlimited numbers of their third parties, was a good thing; as he put it, it allowed “”real-time serendipity in a friction-less experience” with regard to sharing activities. Talk about spinning that message! He did not come up with this term though; it was used in a Gartner Magic Quadrant report in November 2010; probably before that time as well. While it is not a term coined by Zuckerberg, I guess he gets the credit for making it popular.
In a nutshell, “frictionless sharing” basically is a passive service that allows apps, such as that used by Netflix, the Washington Post, Spotify, Foursquare and social media sites, such as Facebook, to automatically share your activity to a very wide, and possibly unlimited, number of entities and locations as you visit different websites, go to different locations, view different videos and photos, listen to different music, read different ads and articles, and so on. Sure, users must first give the service permission to share automatically on your behalf, but once you give your permission, you have basically given unfettered access to allow unknown others to create your personal online diaries that you are building throughout these services, and they are filling in the digital pages for you, without you ever needing to give any more consent, or explicitly click any more sharing types of buttons.
I’ve Got Nothing to Hide!
There are a lot of folks out there, most of whom have not really paused to think critically about privacy issues and all the actions that can negatively impact lives when privacy protections are not in place, who nonchalantly proclaim, “Privacy!? Pfft!!! I’ve don’t nothing wrong, so I have nothing to hide! Only criminals worry about privacy!” But yet, if you ask to read their emails, look at their website visit logs, or look at their credit card statements, they huff, “Well, no! I’m not going to show you that! That’s personal!” I don’t know any person who truly has nothing to hide.
I’m seeing more exasperated posts from people who may have thought they had nothing to hide, but then were embarrassed to have their innocent peeks, or stumblings, into videos, websites or locations posted for the world to see, and marketers to use, that they had not expected. What most folks don’t realize is that in the fine print of many (or most) of those services asking for consent to automatically post to your sites/walls/etc. whenever you do specific actions, the service also indicates that they may share your data with other third party services, and that they can also then post even more of your activities in even more of the locations that they want to populate or publicize to the world that others (including you) are using.
Like Digital Privacy Cancer, Or Simply TMI?
The ubiquitous manner in which a person’s online actions, as well as many physical activities, are shared through frictionless sharing are in many ways like a type of digital online privacy cancer; there are bits and crumbs of information about personal activities quickly creeping through the ether-world unbeknownst to those about whom they apply, until the information is used, and possibly abused, to the point that the associated individuals no longer have any control over how their personal information is used, shared, sold, or otherwise monetized in some way for the benefit of all those receiving it. Much like an aggressive form of cancer, the personal information has morphed and skewed the perceptions of the individuals involved so extensively that no amount of digital chemotherapy can remove, or possibly more impacting cannot correct, the personal information from the online world. Sound too dramatic and sensational? Perhaps. Perhaps not. Time will tell.
Another way to look at frictionless sharing is that it results in a continuous, often over-abundance of ongoing messages about those who are using (or subjected to) it. There are so many constant dribbles and drabs of messages being posted about every minute detail of their activities that it results in too much information (TMI) that really is of no consequence to all those getting the messages. In fact, it can be quite annoying. Some of my Facebook friends have unfriended others who were sharing way too much information. One friend told me, “Ew, I really find it gross to see Shawn watching all those icky videos and listening to that women-hating music. I don’t want to see it any more!” Yeah, and I hope they don’t start rolling out toilet apps any time soon; based upon what some of my Twitter, and even LinkedIn, contacts post I know some folks that would be the first to use them. T! M! I!
By the way, there are a growing number of frictionless sharing apps for video viewing, such as Socialcam, Metacafe, DailyMotion and Viddy. And likely many more I don’t know about. You can bet more are on the way.
Do Your Frictionless Due Diligence
So, can frictionless sharing improve business? Apparently it is helping the Washington Post, Facebook, Netflix, Spotify, Foursquare, all the video viewing apps, and a large variety of other apps and social media businesses, or they wouldn’t invest so much into doing it. I can certainly understand the appeal from a marketing and sales point of view: A vast army of unpaid advertising testimonials can now be automatically generated and posted in ways and quantities that just a few years ago could only be dreamt about. However, the number of related privacy concerns and issues continue to mount.
Organizations of all sizes are eager to get to that data. However, any organization, or any size, must make sure they aren’t doing activities that will alienate customers or result in privacy violations. Startups need to make sure they will not do something that could put them out of business before they’ve even left the gate.
Before employing the use of frictionless sharing within your organization, be sure to address the following:
- Check your privacy policy. Will your frictionless sharing activities violate your security and/or privacy policies? If your organization insists on using frictionless sharing, is it feasible to update the policies?
- Who are the third parties you will share the frictionless sharing data with? Have you vetted their information security and privacy program and associated practices? Could their actions put your organization in business and/or legal jeopardy?
- How long will you keep all the data collected? Cumulatively the information collected through frictionless sharing provides a type of automated diary of people’s lives. The longer the data is retained, the more organizations, and those they share their data with, will know about all the individuals. By limiting the length of time the data is retained you can at least limit the length of periods into which you can peer into the lives of others.
- Who will be accessing or using the data? I am always concerned about who gets information about personal activities, and how that information will then subsequently be used. Some things I’ve contemplated is how this treasure-trove of frictionless sharing data about the daily goings-on of people’s lives may be used…
- in e-discovery for legal cases,
- by investigators, such as those looking for evidence in divorce, crime or other cases,
- by government agencies, such as for terrorist profiling and to validate audits or valuations,
- by retailers to target market even more than they are doing today, and
- by insurance companies to make changes in policy coverages and premium costs.
- How will your organization answer requests to remove the data of specific individuals? I know individuals who have been so taken aback to see their information posted for the world to see that they are demanding that their data be removed. Is this even possible, considering how the data is stored and propagated throughout a wide range of storage areas and other entities?
Bottom line for all organizations, from the largest to the smallest: Frictionless sharing can bring marketing benefits, but they may be short-lived if you tick-off your customers and the population at large.
Other Information about Frictionless Sharing
To learn more about frictionless sharing, the good, the bad and the ugly, here are just a few more articles to check out:
- Why Facebook’s Frictionless Sharing Is the Future: http://www.businessweek.com/technology/why-facebooks-frictionless-sharing-is-the-future-10032011.html. Analysis and criticisms of the benefits and downfalls.
- As the ‘Friction-Less’ Web Grows, Friction Against It Does Too: http://www.pbs.org/mediashift/2012/04/as-the-friction-less-web-grows-friction-against-it-does-too116.html. Provides a nice listing of organizations using frictionless sharing, in addition to some good examples of the problems involved.
- Check-In Service Usage Has More Than Doubled In Past 9 Months, Study Says: http://marketingland.com/check-in-service-usage-has-more-than-doubled-in-past-9-months-study-says-11792?utm_source=fbwallhd&utm_medium=facebook&utm_campaign=wall. A new Pew Research Center study shows the number of Americans using frictionless sharing check-in services has more than doubled in the past nine months .
- A September, 2011 letter from Electronic Privacy Information Center (“EPIC”), The American Civil Liberties Union, The American Library Association, Bill of Rights Defense Committee, The Center for Digital Democracy, The Center for Media and Democracy, Consumer Action, Consumer Watchdog, PrivacyActivism, and Privacy Times asking the Federal Trade Commission (FTC) to investigate Facebook for their use of frictionless sharing and any inconsistencies they create with their policies. They outline a long list of privacy concerns within this letter. http://www.consumerwatchdog.org/resources/ltrepicftc092811.pdf
- Facebook Frictionless Sharing Whips Privacy Advocates into Frenzy: http://www.eweek.com/c/a/Security/Facebook-Frictionless-Sharing-Whips-Privacy-Advocates-into-Frenzy-404718/. Interesting perspectives from just 7 months ago. Read the reaction that Pete Cashmore, “a pioneering social media blogger,” had, resulting in him uninstalling such frictionless sharing apps. Have the related concerns been addressed? I’ll leave that to your judgment.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet.
Tags: audit, big data, breach, breach response, change controls, compliance, DailyMotion, data analytics, data mining, encryption, facebook, foursquare, frictionless sharing, gartner, IBM, Information Security, information technology, infosec, IT security, Keywords: personal information, Metacafe, midmarket, Netflix, non-compliance, personally identifiable information, PII, policies, privacy, privacy breach, privacy professor, privacyprof, protected health information, Rebecca Herold, security, security engineering, sensitive personal information, Socialcam, SPI, spotify, systems security, Viddy, Washington post, WPO, Zuckerberg