Economics of Privacy in Social Networks

by on July 18, 2009 at 2:21 pm

Asks Ross Anderson on a Cambridge economics and security resource page: do we spend enough on keeping ‘hackers’ out of our computer systems? Do we not spend enough or do we spend too much? Do we spend too little on the police and the army, or too much? And do we spend our security budgets on the right things?

Dr. Richard Clayton’s work at the University of Cambridge tackles these issues and more.

They also now have a blog called Light Blue Touch Paper where he and other colleagues write regularly about issues around security and security research.

A recent post
by Joseph Bonneau for example addresses the economics of privacy in social networks, more relevant to our world in Silicon Valley.

He writes about his experience:

We often think of social networking to Facebook, MySpace, and the also-rans, but in reality there are there are tons of social networks out there, dozens which have membership in the millions.

Around the world it’s quite a competitive market. Sören Preibusch and I decided to study the whole ecosystem to analyse how free-market competition has shaped the privacy practices which I’ve been complaining about.

We carefully examined 45 sites, collecting over 250 data points about each sites’ privacy policies, privacy controls, data collection practices, and more. The results were fascinating, as we presented this week at the WEIS conference in London.

The most interesting story we found though was how sites consistently hid any mention of privacy, until we visited the privacy policies where they provided paid privacy seals and strong reassurances about how important privacy is.

We developed a novel economic explanation for this: sites appear to craft two different messages for two different populations. Most users care about privacy about privacy but don’t think about it in day-to-day life.

Sites take care to avoid mentioning privacy to them, because even mentioning privacy positively will cause them to be more cautious about sharing data. This phenomenon is known as “privacy salience” and it makes sites tread very carefully around privacy, because users must be comfortable sharing data for the site to be fun.

Instead of mentioning privacy, new users are shown a huge sample of other users posting fun pictures, which encourages them to share as well.

For privacy fundamentalists who go looking for privacy by reading the privacy policy, though, it is important to drum up privacy re-assurance.

Cambridge held their annual bash on Economics and Information Security in London shortly before we arrived: June 24-25. They also held a security and human behavior workshop, which brought together security engineers with psychologists, behavioral economists and others.