Control versus Efficiency (i.e. privacy transaction costs)

While working on my speech for this weekend’s Software Architecture Symposiums International conference on Cloud Architecture, I’ve come to the curious realization that control and efficiency are a sliding scale. I’ve previously talked about the notion that privacy is not about secrets but about control.

Consider a very simple game that allows you to play with friends and associates. The pinnacle of control (i.e. privacy) would give each player random string of a characters that could be given by the player to their friends they want to play with. I say this is the pinnacle because the player must decide proactively with who to share two bits of information: one, that they play the game and secondly, how to contact them to play.

Now for someone with lots of friends, this is a very transaction costly endeavor. If I’m looking for friends to play with, I have to contact each one of them individually and ask “Do you play game XYZ? If so, here is my contact in the game.” A less costly activity would be for me to broadcast that information out to all my friends (say on my Facebook wall or via Twitter) or perhaps using an interface provided by the game’s creator. While transactions cost have now plummeted, I’ve done so at the cost of cost of control. If I want to broadcast to all my friends except my ex who still is on my friend’s list but whom I don’t really want to interact with, I now have to take the time and effort to exclude her. In other words, my transaction costs have just increased.

This is the conundrum faced by many a web 2.0 company. The create efficiencies by allowing you to connect with other people but then have to layer on control features to maintain privacy. Sure, I could email all my friends that funny video, but isn’t it easier to post it to my Facebook wall or Twitter account? But wait, I don’t want my grandmother seeing it, it’s too risque. This is where Google has tried with Circles to find a middle ground. What might be appropriate for your high school friends, might not be appropriate for family or business associates. Humans naturally segregate information. I don’t tell my co-workers about my health problems and I don’t bother my wife with a new Identity management solution. However, what Google and Facebook and the ilk fail to appreciate is the mental energy it takes to manage multiple communities of consumers of my information from one interface and the inherent risks of leakage and spillage are often not advantageous. What most consumers do (and this is based on anecdotal experience not any scientific study) is segregate people by platform or different username. Teens have been found to be using Twitter to communicate with other teens because parents don’t use Twitter. Business professionals use LinkedIn because they don’t need their business associates looking at the drunken escapades to the Caribbean.

The control efficiency dichotomy can also be looked as defaulting to opt in or opt out, with the requirement of an affirmative opt in being the control option and defaulting in but allowing for opt out being the efficient option. It bears noting that transaction costs really do play a role here. When people are required to opt in the opt in rates are similar to the opt out rates when people are given the option to opt out. Why should this be the case? If people were truly expressing their desire, it shouldn’t matter whether they were given an option to get in or automatically put in and given an option to get out. Only, if the group preference was at 50% in and 50% out should the selection of opt in or opt out be equal. But no, give people the option to opt in and 20% say yes. Give people the option to opt out and 20% say yes. Really, it comes down to 20% of the people are willing to express a preference.

I’ll post more on this topic later.