I am pleased to see a major shift underway in the prevailing thoughts on one of the most important topics relating to data portability, interoperability, and the emergence of the Social Web — the question of whether the service providers need to protect us with “social DRM” or trust us to do the right thing. Microsoft’s Dare Obasanjo has an excellent post on the topic, outlining the two schools of thought, and publicly declaring that he has shifted sides in this critical debate:
The issue of what to do with content a user has shared when they decide to delete the content or attempt to revoke it is in an interesting policy issue for sites geared around people sharing content. When I’ve discussed this with peers in the industry I’ve heard two schools of thought. The first is that when you share something on the Web, it is out there forever and you have to deal with it. Once you post a blog post, it is indexed by search engines and polled by RSS readers and is then available in their caches even if you delete it. If you send an inappropriate email to your friends, you can’t un-send it. This mirrors the real world where if I tell you a secret but it turns out you are a jerk I can’t un-tell you the secret.
The other school of thought is that technology does actually give you the power to un-tell your secrets especially if various parties cooperate. There are ways to remove your content from search engine indexes. There are specifications that dictate how to mark an item as deleted from an RSS/Atom feed. If your workplace uses Outlook+Exchange you can actually recall an email message. And so on. In the case of Facebook, since the entire system is closed it is actually possible for them to respect a user’s wishes and delete all of the content they’ve shared on the site including removing sent messages from people’s inboxes.
I used to be a member of the second school of thought but I’ve finally switched over to agreeing that once you’ve shared something it’s out there. The problem with the second school of thought is that it is disrespectful of the person(s) you’ve shared the content with. Looking back at the Outlook email recall feature, it actually doesn’t delete a mail if the person has already read it. This is probably for technical reasons but it also has the side effect of not deleting a message from someone’s inbox that they have read and filed away. After all, the person already knows what you don’t want them to find out and Outlook has respected an important boundary by not allowing a sender to arbitrarily delete content from a recipient’s inbox with no recourse on the part of the recipient. This is especially true when you consider that allowing the sender to have such power over recipients still does not address resharing (e.g. the person forwarding along your inappropriate mail, printing it or saving it to disk).
And, as he points out, Dare is not alone in this shift. Mark Zuckerberg and the team at Facebook clearly appear to be shifting stance as well. In his epic post On Facebook, People Own and Control Their Information, in response to the confusion over the update to the Facebook TOS:
Still, the interesting thing about this change in our terms is that it highlights the importance of these issues and their complexity. People want full ownership and control of their information so they can turn off access to it at any time. At the same time, people also want to be able to bring the information others have shared with them—like email addresses, phone numbers, photos and so on—to other services and grant those services access to those people’s information. These two positions are at odds with each other. There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.
We’re at an interesting point in the development of the open online world where these issues are being worked out. It’s difficult terrain to navigate and we’re going to make some missteps, but as the leading service for sharing information we take these issues and our responsibility to help resolve them very seriously. This is a big focus for us this year, and I’ll post some more thoughts on openness and these other issues soon.
Some of us tried to get this debate started in September of 2007, with the publication of the Bill of Rights for Users of the Social Web, by Joseph Smarr, Marc Canter, Michael Arrington, and Robert Scoble. In hindsight, the world was not yet ready for that debate; few took notice, and no actions came in response. Then, in January of 2008, when Plaxo was trying to get a Facebook contacts importer ready to launch, which would have enabled social address book sync between Facebook, Plaxo, Outlook, the Mac address book, Yahoo Mail, and more, it turned by accident and miss-communication into a major incident. By then the world was ready to argue and debate the key questions, but not ready to come to any consensus.
But over the course of 2008, projects like Google Friend Connect, Facebook Connect, MySpaceID, and the quickening drumbeat of progress for OpenID and the Open Stack helped the industry to think through the issues preventing data portability and interoperability. In the end, we’re all coming to realize that rather than try to prevent anything bad from ever happening via “social DRM,” we’re going to have to trust our users, so that we can enable amazing things to happen — like all your tools and services working well together!