Zero Privacy: Thoughts on McNealy and Zuckerberg and “privacy statements”

In some of my recent posts about privacy, occasioned by Facebook founder Mark Zuckerberg's apparently dismissive attitude to privacy concerns, I referenced the "infamous" privacy comment that Scott McNealy made in 1999.

At that time, McNealy was the CEO of Sun Microsystems, and Sun was hot. Java was cooking, so to speak. Anyway, McNealy was reported to have said, to a group of reporters, something like: “You already have zero privacy anyway, so get over it.” The rest of this post is what I wrote on this subject in my 2002 book on privacy (which you can always download, for free, if you feel like reading more) followed by a few fresh thoughts.
Light Down Under
When Scott McNealy addressed the National Press Club of Australia in September 2000 he explained what he meant by that zero privacy remark. Here is a verbatim transcript:
“If you get hit by a truck, you want somebody to have your medical records. If you cannot tell them the combination to your safe or where your medical records are kept, you have a problem. In effect you want your medical records to be available online out over the Internet. You want every ambulance driver to be able to unlock it. So that is a little risk you take. Every ambulance driver might be able to tap into your medical records. Get over it. That is better than getting hit by a truck and dying.”
That's not quite the same as simply saying: "You have zero privacy, get over it."

Various versions of the quote—and Mr. McNealy’s last name—rapidly populated articles and presentations about privacy, most of which made no mention of the original context. That context was frustration at announcing a new product, JINI, then having to field questions about the one thing it can’t do—guarantee absolute privacy of personal data—rather than the many things it can do, such as make vital data instantly available across a wide range of hardware, software, and networks.

A lot of people in business can relate to Mr. McNealy’s frustration with those who have turned privacy into an absolute. While the potential to abuse information technology such as Web sites and email is a genuine cause for concern, foolishly equating privacy with anonymity—somehow forgetting that you cannot participate in society unless you share information about yourself—does nobody any good. As I said in Chapter 1, the reason that privacy on the Web is such a big challenge is that nobody yet understands exactly what privacy means in the context of today’s highly interconnected, heavily computerized, data-dependent world. About the best we can say is that privacy in the information age is a work in progress.

Of course, if you are the sort of person who thinks corporate America is only out to steal people’s wallets and ruin their lives, you are unlikely to be swayed by my assertion that most businesses actually want to respect the privacy of their customers, particularly if that is what their customers want. The problem is that we, as a society, simply haven’t finished our homework on this one. In other words, we are not yet at the point where a significant percentage of consumers have articulated specific Web and email privacy demands that businesses have chosen to reject.

As Rob Leathern, a Jupiter Research privacy analyst recently observed, “Neither consumers nor businesses effectively address online privacy issues.” He was reflecting on a Jupiter Media Metrix report that found more than 80 percent of U.S. consumers would give out personal information in exchange for small rewards, while at the same time nearly 70 percent said they were concerned about their privacy online. They might be concerned, but 60 percent admitted that they did not read privacy statements before handing over personal information to Web sites (not helped by the fact that a lot more than half of consumers surveyed found online privacy statements difficult to understand).

Notes from 6/26/2010: A lot has changed since 1999, but a lot remains the same. As Facebook and Twitter attest, digital privacy is still very much a work in progress. And some things never change: CEOs do not have "freedom of speech" any more than their employees. A bank clerk can be fired for mouthing off about the company. A CEO can put his or her job in jeopardy by saying the wrong things in the wrong place, like in email that lives forever or in the presence of a reporter's microphone. What may be new is the extent to which we are all more closely watched, surveilled if you will, which adds a level of transparency to our society, the implications of which we don't yet fully grasp.]

AT&T Apple iPhone 4 Launch More Proof Big Companies Mess Up Big

Tried to pre-order an Apple iPhone 4 lately? I just went to the AT&T web site which proudly proclaims "iPhone 4 This changes everything. Again." Apparently it does not change the tradition of Apple messing up product launches and AT&T failing to deliver on its promises. There's a big button that says "Pre-order Now" but when you click it, you find you can't (the message is "Pre-orders for iPhone temporarily suspended").

Found! The Gyro-X Car on YouTube

Wow! Thanks to John Windsor for contacting me about his amazing find and waking up the Gyro Car Blog. John has the Gyro-X Car! See it running (although not on the gyro-ocntrolled system):

Here it is on YouTube!

Stephen Cobb
The Gyro-X Files

Found! The Gyro-X Car on YouTube

Wow! Thanks to John Windsor for contacting me about his amazing find and waking up the Gyro Car Blog. John has the Gyro-X Car! See it running (although not on the gyro-controlled system):
Apparently someone disabled or removed the gyro stabilization system and put two wheels on the back instead of the original one.

Stephen Cobb
The Gyro-X Files

The SPAM Rule: There is no SPAM in your email

The number of people and companies who abuse the word SPAM continues to amaze me (that's me speaking as someone who started ringing alarm bells about unsolicited bulk email about ten years ago).

I see everyone from well-meaning hi-tech startups to established email companies talking about avoiding email SPAM. The fact is, email SPAM does not exist. It is email spam. The word SPAM is a trademark of Hormel Foods, used for a meat product that comes in a can (and the SPAM on the can in the special font is a registered trademark).

If you want to be taken seriously talking about spam in email you need to follow the rules: There can be spam in my email inbox but never SPAM and seldom Spam. You can say "Remove Spam From Email" but not "Remove SPAM From Email." The only time the stuff in email is SPAM is when it's hanging with a bunch of other capital letters like SPAM IN MY INBOX.

Are we clear now? I hope so.

The "Oilmen Lie" Rule

As a rule, the men who lead the petroleum industry cannot be trusted to tell the truth about their industry. In other words, you should never accept at face value what oilmen tell you about the oil business. And by oilmen I mean the men who run the petroleum business, not the many honest, hard-working folk who risk their lives to bring us the oil and gas products to which our country is sadly addicted. 

(For the record, I am saying "men" quite intentionally, because historically the oil business was started, and is led and run, almost entirely by men, not women. I am not saying that women are incapable of discovering novel uses for naturally occurring substances. Many have. However, while managing a large petroleum-based enterprise with ruthless efficiency and blatant disregard for the environment is not something a woman cannot do, not many have.)

I realize that publicly questioning the moral integrity of the leaders of a large and powerful industry in a blog post is a bit risky. Who knows when someone might be checking out my background—maybe as part of a hiring or employment process—and come across this post. But hey, if you can't get to say what you believe when you're pushing 60, then when?

I'm not just talking about all the lying BP executives have been doing in the last 40 days (and before that when they said they could do deep water drilling without screwing up life as we know it for millions of people). I worked with oilmen for three years back in the 1980s. I was Chief Oil and Gas Tax Auditor for a state that became the tenth largest oil-producer in the Union.

I approached that job as I do most things, with a passion for the past and as a path to the future. I read the history of the oil business. And I went on Petroleum Accounting courses. I did a week-long petroleum auditing boot camp out in Texas Hill Country, courtesy of the Texas Comptroller's office. 

I also did a lot of research for politicians and taxpayers who wanted to see an increase in the state's oil production tax—the one I was tasked with enforcing—from 5% of gross value to 10%. In hearings for those proposed tax increases, the oil industry spokesman told state lawmakers that the oil industry would leave the state if the tax was increased. Eventually the tax was doubled and the state eventually rose from 17th to 10th in the production rankings. That oilman lied. 

He also lied when he said, in about 1983, that there was no need to double the production tax because the price of oil would soon double, from the then current price of $30 per barrel, to $60 a barrel, so the state would soon see a doubling of oil tax revenues without changing the tax rate. Oil did not reach $60 a barrel until about 2006.

A great way to gauge the honesty of oilmen over the years is to read these four books:
  1. The Seven Sisters by Anthony Sampson.
  2. The Prize: The Epic Quest for Oil, Money, and Power by Daniel Yergin.
  3. Texas Rich: The Hunt Dynasty from the Early Oil Days through the Silver Crash by Harry Hurt III.
  4. Oil! by Upton Sinclair (not the 2007 film “There Will Be Blood”).
Among the interesting things you will learn from these books is the way oilmen lied to Arabs in order to cheat them out of a fair price for their oil. And the fact that controls on the price of oil in America were originally put in place at the request of the oil industry, not imposed by the federal government. This may come as a shock if you grew up with the huge propaganda campaign oilmen mounted in the 1970s to get domestic oil prices deregulated. Yep, a whole lot of lying went on.

BTW, the last of those four books, Oil! may have the shortest title but it is one of the richest reads in twentieth century American literature. Forget the movie for which this book was butchered (There Will Be Blood). This long-neglected novel reveals a lot about American history that they just don't teach in (American) schools. Like the rule I'm citing here: Oilmen lie!

Facebook Tool Might Help With Privacy Settings and Awareness

Using Facebook means sharing personal information with at least some people, but Facebook sometimes makes changes to the way sharing works. Knowing exactly what you share and with whom can be hard to figure out. And at least some of your information is visible to everyone, even people who don't use Facebook, thanks to something called the Graph API. Confused? Fortunately, someone created a web tool that shows you what the Graph API reveals. Here's a sample of my Facebook information, as revealed by this tool:

How revealing is this? In one sense it is no revelation at all. It's no secret that I like Stagecoach Coffee. I've blogged about their great French Toast more than once. But in this screen shot I cropped the full report which shows I like a lot more than just these three things. Frankly, I was not aware that people who are not "on" Facebook could see this information and I am probably not the only person sharing this false assumption.

There are some potentially serious implications. What if you "like" something that is not liked by your boss or perhaps a prospective employer? Maybe you like the idea of legalizing marijuana. Some people could read that the wrong way. "Like" is the new Facebook term for "Fan" and maybe, perhaps a few years ago, you "fanned" some crazy stuff. Do you even remember all the things you fanned? (I had totally forgotten some of my likes).

So, my hat is off to Ka-Ping Yee, the software engineer and UC Berkeley graduate who created this little application that could have some big implications. (In that sense, he's a good example of a "white hat hacker," a gifted technologist who has shown us some of the pitfalls of a particular technology.) For example, thanks to Graph API you can check out people on Facebook without being logged into Facebook. You can just plug in their Facebook ID and look around. You can even enter random names and ID numbers. Some information is protected by privacy settings, some is not. And the reports that Ka-Ping Yee's web page displays contain live links (e.g. the report above shows a live link to the Stagecoach Coffee page) so you can just click your way from one piece of data to the next.

All of which is a little worrying when you factor in something I have blogged elsewhere, namely Facebook's founder Marc Zuckergerg's alleged indifference towards privacy. The various privacy missteps that Facebook has taken since its inception, and the difficulty many users have trying to keep up with changes to the way Facebook handles privacy settings, tend to add credence to the claim that Mr. Zuckerberg does not care about privacy. Consider what happens when you want to change your privacy settings.

Facebook makes you go through a two-step process if you want the most private of settings. When you want something to be visible to Everyone or Friends of Friends all you need is to select from a pull down list. But making something visible only to yourself is not visible as an option. You have to go through an extra step and choose Customize to see that choice.

That suggests the interface designers are not keen for you to get restrictive with your privacy. Of course, it could be a simple design flaw, but Facebook users are likely to be sensitive to such things these days, particularly when they learn that none of the settings can hide your "likes" from the Graph API and the outside world.

(If I have this wrong, please leave me a comment and let me know. I changed the privacy setting for "Things I Like" to "Only me" but they are still visible to the Graph API, as seen here:

Mark Zuckerberg Faces the Privacy Meter: Facebook trends open book

Face it folks, it's time to dust off the Privacy Meter for a quick check of Facebook founder Mark Zuckerberg. According to an internal source, Mr. Zuckerberg has placed himself in the camp made (in)famous in 1999 by Scott McNealy, the CEO of Sun Microsystems, who was reported to have said: “You already have zero privacy anyway, so get over it.”

Mr. Zuckerberg's position was recently described by a Facebook insider in response to this question: "How does Zuck feel about privacy?" Response: “He doesn’t believe in it.”

The details of this revelation can be read here and I'd have to say it hardly amounts to a public statement by "Zuck" himself (for the record, Scott McNealy's declaration was not a public statement either, and should be placed in context, something I tried to do in my 2002 book on privacy).

I doubt that either Mr. Zuckerberg or Mr. McNealy would say, on the record, that they don't believe in privacy. What both men seem to share is a frustration with privacy concerns as they relate to digital systems. Human beings can be annoyingly inconsistent and hard to predict when it comes to matters of personal information. That makes it inherently difficult to design online communications and online communities that satisfy every shade of sentiment with respect to the sharing of personal information. And that's why I created the Privacy Meter:

Not exactly a high tech device, it nevertheless serves its purpose: to help people assess their own attitude to their personal information. I developed the privacy meter as a teaching tool, specifically to teach Chief Privacy Officers and other C-level execs that:

a. Everyone has a different place on the privacy scale, there is no "correct" score;

b. Entities like companies and agencies cannot handle privacy issues according to one person's views about privacy.

In other words, the fact that you're an open book kind of person does not make it okay to impose an open book approach on people who are more closed book. If you are closed book you can't impose that view either because it could limit your organization's ability to serve its customers. Most importantly, the way you handle other people's private data has to be in accordance with their view, not yours. That principle was established, in the context of computer data, back in 1974, and remains one of the pillars of privacy best practices in the realm of data protection (see Chapter 3 of Privacy for Business, available as a free .pdf file here).

Several years ago I put together a short set of slides on the privacy meter and the potential benefits and problems arising from getting privacy positioning right or wrong. You can click here to download the slides as a .pdf file which I recently updated to include Facebook's current privacy perception problem. That slide is pretty easy to understand:

Just a few hours after Wired puts out the story that your CEO doesn't believe in privacy, PC World publishes a story about the latest privacy invading scam that your system is enabling. Not good. Just the sort thing that can hurt your share price and tarnish your brand. Which is why your personal feelings about privacy should probably remain private when you are running a company.

[BTW, you can now download the full 240 page text of Privacy for Business (2002) as an Adobe Acrobat document from this web site; there's no charge and no registration required.]

New Public/Private Consortium to Drive Small Business Growth With Broadband

Interesting initiative I just spotted: A New Public/Private Consortium to Drive Small Business Growth Through the Access to Broadband
Constant Contact and SCORE “Counselors to America’s Small Business” will help increase small business success with the Broadband Plan, training, tools and resources for high speed Internet use. Learn more at (