WEBVTT 00:00:09.960 --> 00:00:12.004 Hi everybody. My name is Brad NOTE Paragraph 00:00:12.004 --> 00:00:14.006 and I'm here to talk to you about privacy. 00:00:14.006 --> 00:00:15.633 So just a quick caveat 00:00:15.633 --> 00:00:19.428 my views expressed are my own not either of my employers, 00:00:19.428 --> 00:00:21.722 so impute the crazy only to me. 00:00:21.722 --> 00:00:23.933 So I wanna talk to you a little about how 00:00:23.933 --> 00:00:26.268 privacy is changing and how the ways 00:00:26.268 --> 00:00:28.437 that we think about what is private 00:00:28.437 --> 00:00:31.065 has started to morph and where I think it's going. 00:00:31.065 --> 00:00:33.275 And so my premise to you is we've gone 00:00:33.275 --> 00:00:35.986 from the society of privacy laws to privacy norms 00:00:35.986 --> 00:00:38.572 and that we can encapsulate this 00:00:38.572 --> 00:00:42.451 with a simple phrase of "Not cool bro" or 00:00:42.451 --> 00:00:45.246 "bro act" or whatever the proper term is 00:00:45.246 --> 00:00:48.249 as the case may be. So, now, you gonna ask, 00:00:48.249 --> 00:00:50.334 What do I mean when I say 00:00:50.334 --> 00:00:52.586 "Not cool bro"? So, when I say, 00:00:52.586 --> 00:00:54.713 "Not cool bro", I'll give you an example: 00:00:54.713 --> 00:00:56.382 You are on Facebook and 00:00:56.382 --> 00:00:58.342 you have a bad break-up or fight with 00:00:58.342 --> 00:01:00.017 one of your friends. And you block 00:01:00.017 --> 00:01:01.679 that person and so they can no longer see your wall. 00:01:01.679 --> 00:01:05.391 Someone else who still has access to your 00:01:05.391 --> 00:01:07.247 Facebook wall, goes in, and either 00:01:07.247 --> 00:01:09.436 copies and pastes the entire thing, 00:01:09.436 --> 00:01:12.314 or takes a screenshot every day 00:01:12.314 --> 00:01:13.565 and mails it to that person. 00:01:13.565 --> 00:01:15.734 OK, so our initial response is: 00:01:15.734 --> 00:01:19.071 That's not cool. Not cool bro! Not cool! 00:01:19.071 --> 00:01:21.615 We get the visceral feeling 00:01:21.615 --> 00:01:24.076 that that's somehow privacy violation. 00:01:24.076 --> 00:01:25.911 We get the feeling that that something 00:01:25.911 --> 00:01:28.497 unseemly is happening but we don't know 00:01:28.497 --> 00:01:30.332 how to quite talk about it. 00:01:30.332 --> 00:01:32.167 And that is what I am talking about by 00:01:32.167 --> 00:01:33.711 "Not cool bro" privacy, because the law 00:01:33.711 --> 00:01:35.671 doesn't recognize that as a real 00:01:35.671 --> 00:01:37.464 privacy interest. 00:01:37.464 --> 00:01:39.425 So it first makes a little sense 00:01:39.425 --> 00:01:40.968 to talk about what the law does recognize. 00:01:40.968 --> 00:01:43.429 And most of our privacy comes from 00:01:43.429 --> 00:01:45.420 the criminal context. 00:01:45.420 --> 00:01:48.809 All privacy was literally -- you had to sneak up to 00:01:48.809 --> 00:01:50.807 someones house and eavesdrop. 00:01:50.807 --> 00:01:52.990 So the eaves of a house were the waterfalls. 00:01:52.990 --> 00:01:54.773 So you would stand outside 00:01:54.773 --> 00:01:55.637 and you would listen. 00:01:55.637 --> 00:01:57.359 You would climb over their fence, 00:01:57.359 --> 00:01:58.736 shimmy across their lawn, 00:01:58.736 --> 00:02:00.404 nozzle up to the side of the house, 00:02:00.404 --> 00:02:01.655 maybe like you know poke a hole 00:02:01.655 --> 00:02:04.033 on a window and then you can eavesdrop. 00:02:04.033 --> 00:02:05.075 That's what you had to do 00:02:05.075 --> 00:02:06.618 to violate someone's privacy. 00:02:06.618 --> 00:02:08.411 So privacy was really about access 00:02:08.411 --> 00:02:09.913 to information. 00:02:09.913 --> 00:02:11.749 And we didn't need special rules 00:02:11.749 --> 00:02:14.043 regulating access to information because 00:02:14.043 --> 00:02:16.337 you couldn't violate someone's privacy 00:02:16.337 --> 00:02:18.422 in the 1700's, unless you showed up 00:02:18.422 --> 00:02:20.257 at their front gate. 00:02:20.257 --> 00:02:22.108 Right? There was no Facebook. 00:02:22.108 --> 00:02:24.709 The only wall that happened in 1700 00:02:24.709 --> 00:02:26.195 was literally the wall 00:02:26.195 --> 00:02:28.145 outside the carriage house. 00:02:28.145 --> 00:02:32.511 So we go from that to this modern era 00:02:32.511 --> 00:02:35.297 or pre-modern era in which we have 00:02:35.297 --> 00:02:37.155 ways of getting information 00:02:37.155 --> 00:02:39.337 that don't necessarily involve 00:02:39.337 --> 00:02:41.737 the traditional structures of space. 00:02:41.737 --> 00:02:43.447 So there is a very famous case 00:02:43.447 --> 00:02:44.656 involving a guy 00:02:44.656 --> 00:02:46.200 who walks into the phone booth 00:02:46.200 --> 00:02:49.004 and he closes the door behind him and then he does some illegal activity 00:02:49.004 --> 00:02:51.448 and the police are listening and they don't have a warrant. 00:02:51.448 --> 00:02:53.559 And by the way in the law you need to get a warrant 00:02:53.559 --> 00:02:54.917 before you can listen to any of this stuff. 00:02:54.917 --> 00:02:56.168 And for those of you who've seen 00:02:56.168 --> 00:02:57.169 CSI or Law and Order - 00:02:57.169 --> 00:03:00.190 Big judges who give out warrants are sometimes like Oprah: 00:03:00.190 --> 00:03:01.840 You get a warrant and You get a warrant 00:03:01.840 --> 00:03:04.005 and everybody gets a warrant. 00:03:04.005 --> 00:03:05.777 (Laughter) 00:03:05.777 --> 00:03:07.596 But at least we still have that 00:03:07.596 --> 00:03:09.378 nominal process, that the privacy 00:03:09.378 --> 00:03:11.392 is still being protected, 00:03:11.392 --> 00:03:12.913 right, there is a reasonableness here. 00:03:12.913 --> 00:03:15.049 Well, this guy and his name is Kats, 00:03:15.049 --> 00:03:17.518 so you can have all sorts of phonetics -- it's spelled with a K. 00:03:17.523 --> 00:03:20.401 He had a reasonable expectation 00:03:20.401 --> 00:03:21.777 of privacy here. Two types: 00:03:21.777 --> 00:03:23.695 It was subjected: meaning 00:03:23.695 --> 00:03:25.531 he personally believed that it was private 00:03:25.531 --> 00:03:26.824 because he closed the booth behind him. 00:03:26.824 --> 00:03:29.660 And then two: objective. 00:03:29.660 --> 00:03:31.286 Society as a whole is willing to say, 00:03:31.286 --> 00:03:33.455 You know what, yeah, if you are going 00:03:33.455 --> 00:03:36.553 into a telephone booth and close the door that should be private. 00:03:36.553 --> 00:03:39.002 Now, what about if we apply this to Facebook? 00:03:39.002 --> 00:03:42.078 Right? This is the "not cool bro" version of privacy. 00:03:42.078 --> 00:03:44.007 You just take it one more step. 00:03:44.007 --> 00:03:45.653 In the old version of privacy, 00:03:45.653 --> 00:03:48.254 it's all about control over 00:03:48.254 --> 00:03:50.390 the means of accessing information. 00:03:50.390 --> 00:03:52.666 In the new version of privacy, 00:03:52.666 --> 00:03:54.152 it's all about control over 00:03:54.152 --> 00:03:57.593 who can get the information that you give it to? 00:03:57.593 --> 00:04:00.213 So in the old version of privacy, if I tell someone, 00:04:00.236 --> 00:04:02.568 "Hey I got an F on a test." 00:04:02.568 --> 00:04:04.914 That person can tell anyone else 00:04:04.914 --> 00:04:06.488 and it's not really considered 00:04:06.488 --> 00:04:07.906 a violation of privacy. 00:04:07.906 --> 00:04:09.241 I didn't keep it private, 00:04:09.241 --> 00:04:11.195 because I allowed someone else access. 00:04:11.210 --> 00:04:13.245 In the new version of privacy, 00:04:13.245 --> 00:04:16.071 when you post something to your Facebook wall, 00:04:16.080 --> 00:04:19.085 if you prevented the rest of the world from seeing it, 00:04:19.085 --> 00:04:22.259 is there an implied understanding to anyone else you've given access to 00:04:22.259 --> 00:04:24.006 that they shouldn't re-share it? 00:04:24.006 --> 00:04:27.056 Or another example: If you are on Twitter 00:04:27.056 --> 00:04:28.927 and you've got a protected Twitter stream 00:04:28.927 --> 00:04:30.304 that no one can see 00:04:30.304 --> 00:04:32.926 unless they expressly follow you and you allow them. 00:04:32.931 --> 00:04:34.475 And someone just sort of re-tweeting 00:04:34.475 --> 00:04:36.041 all of your protected tweets. 00:04:36.041 --> 00:04:37.573 You would say the exact same thing. 00:04:37.573 --> 00:04:39.291 But the understanding would've been: 00:04:39.291 --> 00:04:41.482 Wait a minute, I only let you see 00:04:41.482 --> 00:04:42.900 my Twitter stream, because 00:04:42.900 --> 00:04:44.776 I thought you weren't going to re-tweet it. 00:04:44.776 --> 00:04:48.184 You violated some sort of implied understanding we had. 00:04:48.184 --> 00:04:49.990 So, now we have our modern eavesdropper, 00:04:49.990 --> 00:04:52.034 who is in your Facebook wall 00:04:52.034 --> 00:04:53.952 posting again. So this is 00:04:53.952 --> 00:04:55.871 our modern eavesdropper over here 00:04:55.871 --> 00:04:58.285 in conversation. So how do we get 00:04:58.285 --> 00:05:00.004 to a place in which the law 00:05:00.004 --> 00:05:01.676 can come up to where we are. 00:05:01.676 --> 00:05:05.512 Because we think of this, new norm, this new idea 00:05:06.165 --> 00:05:08.091 you won't re-share something 00:05:08.091 --> 00:05:09.632 I only share with you. 00:05:09.632 --> 00:05:11.178 How do we get there? 00:05:11.178 --> 00:05:12.721 And there is actually an interesting way 00:05:12.721 --> 00:05:16.349 and I'll take it back a little bit to give you an example. 00:05:16.351 --> 00:05:17.697 When Facebook started out 00:05:17.697 --> 00:05:20.019 you had to be a member of a network 00:05:20.019 --> 00:05:22.063 to just look at someone's profile. 00:05:22.063 --> 00:05:24.628 And I remember having a job, 00:05:24.628 --> 00:05:27.935 where someone in HR knew that I went to Yale 00:05:27.935 --> 00:05:30.230 and sent me an e-mail and said: 00:05:30.239 --> 00:05:31.490 Brad, we know you went to Yale, 00:05:31.490 --> 00:05:34.961 could you log into Facebook and print out a copy 00:05:34.961 --> 00:05:37.246 of this applicant's Facebook page? 00:05:37.246 --> 00:05:38.997 We'd like to see it. 00:05:38.997 --> 00:05:40.082 So, by the way, for those of you 00:05:40.082 --> 00:05:42.585 who thought that didn't happen, it was happening in 2004. 00:05:42.585 --> 00:05:44.461 So you better believe it's happening now. 00:05:44.461 --> 00:05:48.589 That said, I recoiled in like shock and horror. 00:05:48.590 --> 00:05:51.684 I was like that would be a violation of that person's privacy. 00:05:51.692 --> 00:05:53.011 It would be a betrayal of trust. 00:05:53.011 --> 00:05:56.929 But the idea was back then, what happened in the Yale network, 00:05:56.929 --> 00:05:58.100 stayed in the Yale network. 00:05:58.100 --> 00:05:59.823 It's kind of like Vegas. (Laughter) 00:05:59.823 --> 00:06:02.919 And so, there was a knowledge that was like, 00:06:02.919 --> 00:06:04.748 Hey, not cool, bro! 00:06:04.748 --> 00:06:06.024 You knew that you only had access to this. 00:06:06.024 --> 00:06:08.606 There was a reciprocal understanding. 00:06:08.606 --> 00:06:11.327 You won't tell other people what goes on in the Yale network, 00:06:11.327 --> 00:06:13.928 and I won't tell other people what goes on in the Yale network. 00:06:13.928 --> 00:06:15.117 And so, if you think about it 00:06:15.117 --> 00:06:16.702 there is an implied commitment 00:06:16.702 --> 00:06:18.203 when you join any of these social networks, 00:06:18.203 --> 00:06:20.122 that if you are not supposed 00:06:20.122 --> 00:06:22.165 to re-share information, you won't. 00:06:22.165 --> 00:06:23.917 And there is another area of the law 00:06:23.917 --> 00:06:26.513 that actually has really had this transformation, 00:06:26.513 --> 00:06:29.374 where they went from a very formal -- you have to be explicit understandings -- 00:06:29.381 --> 00:06:31.091 to just anything goes. 00:06:31.091 --> 00:06:32.426 And that's products liability. 00:06:32.426 --> 00:06:33.677 As crazy as this may sound 00:06:33.677 --> 00:06:35.012 there was a time where if you bought 00:06:35.012 --> 00:06:38.641 a can of coca-cola and it blew up in your hand as you were drinking it. 00:06:38.641 --> 00:06:40.175 The only person you could sue 00:06:40.175 --> 00:06:41.754 was the bodega or bodegua, 00:06:41.754 --> 00:06:45.051 as the case may be, that you bought it from. 00:06:45.051 --> 00:06:47.829 And over time courts sort of didn't like this. 00:06:47.837 --> 00:06:50.294 They said, Well, there is an implied contract 00:06:50.294 --> 00:06:52.457 between the original manufacturer and each step in the chain 00:06:52.457 --> 00:06:54.060 of distributions until to the ultimate consumer 00:06:54.060 --> 00:06:56.732 does not need to be in contractual privity 00:06:56.742 --> 00:06:58.076 with the original manufacturer. 00:06:58.076 --> 00:07:00.094 Which is the fancy way of saying: 00:07:00.099 --> 00:07:01.881 We are going to say that there is an implied contract 00:07:01.881 --> 00:07:03.749 that runs all the way through all these steps in the middle. 00:07:03.749 --> 00:07:06.175 And when you finally buy that can of coke, 00:07:06.175 --> 00:07:09.232 you get an implied contract from Coke. 00:07:09.254 --> 00:07:12.009 Finally a court in California said, Enough, is enough. 00:07:12.009 --> 00:07:14.169 We are done pretending, we are done making up 00:07:14.176 --> 00:07:15.802 these implied contracts. 00:07:15.802 --> 00:07:18.416 We are just gonna say strict liability applies 00:07:18.430 --> 00:07:21.679 if you make a product and you put it out in the universe. 00:07:21.683 --> 00:07:23.352 You have a reasonable understanding 00:07:23.352 --> 00:07:25.288 that if somebody gets hurt by that product 00:07:25.288 --> 00:07:26.661 they are going to sue you. 00:07:26.661 --> 00:07:29.469 We can do the exact same thing with privacy. 00:07:29.469 --> 00:07:30.776 If you join a social network, 00:07:30.776 --> 00:07:33.257 Facebook, Twitter, Google+ 00:07:33.257 --> 00:07:36.655 and you join that network knowing that there are privacy settings 00:07:36.655 --> 00:07:40.313 and knowing that other people are sharing information with you, 00:07:40.328 --> 00:07:44.167 but at the same time prohibiting other people 00:07:44.167 --> 00:07:45.749 from accessing that information. 00:07:45.749 --> 00:07:49.395 It's a violation of whatever you wanna phrase it as. 00:07:49.395 --> 00:07:51.809 Wouldn't that person's expressed understanding 00:07:51.838 --> 00:07:53.923 that they would only share the information with you 00:07:53.924 --> 00:07:55.425 if you didn't re-share it. 00:07:55.425 --> 00:07:58.039 Now, we can get there without waiting, for example, 00:07:58.039 --> 00:08:01.907 Facebook could put a little lock or a hash icon on every post 00:08:01.909 --> 00:08:05.060 on every element of Facebook that's been shared with you 00:08:05.067 --> 00:08:07.580 that would let you know whether or not it was public, 00:08:07.580 --> 00:08:09.014 whether or not it was OK to re-share. 00:08:09.014 --> 00:08:10.407 Twitter already does this. 00:08:10.407 --> 00:08:13.341 You can not one click re-tweet a protected tweet. 00:08:13.341 --> 00:08:17.646 And Craigslist has code-matching that will actually look at posts 00:08:17.656 --> 00:08:20.392 you've previously made and if you're re-posting 00:08:20.392 --> 00:08:21.910 similar content it will stop you. 00:08:21.910 --> 00:08:24.407 Facebook and Twitter could do the exact same thing 00:08:24.413 --> 00:08:27.048 if they see you trying to use copy and paste 00:08:27.048 --> 00:08:28.567 to get around these mechanisms. 00:08:28.567 --> 00:08:30.001 The other thing they could do is, 00:08:30.001 --> 00:08:31.420 we could amend our terms of service, 00:08:31.420 --> 00:08:33.213 we could make an expressed term of service 00:08:33.213 --> 00:08:36.804 to re-share information that is not supposed to be re-shared. 00:08:36.804 --> 00:08:39.351 Like on Google+, where you can actually click 00:08:39.351 --> 00:08:41.483 "Disable re-sharing" and then no one else can. 00:08:41.483 --> 00:08:44.605 So there is a sense that we can get there. 00:08:44.605 --> 00:08:47.978 We also can maybe get there in law. 00:08:47.978 --> 00:08:49.788 It won't necessarily happen 00:08:49.788 --> 00:08:51.553 right away, but in a recent case 00:08:51.553 --> 00:08:53.899 the Supreme Court is starting to go there. 00:08:53.899 --> 00:08:56.930 In the Jones case, which dealt with GPS. 00:08:56.940 --> 00:08:58.822 Just the sort of you know, maybe it's time 00:08:58.822 --> 00:09:02.767 that we start to rethink this notion 00:09:02.767 --> 00:09:04.460 that if you share something 00:09:04.460 --> 00:09:07.161 with one person it is no longer private. 00:09:07.161 --> 00:09:10.567 Because our societal expectations have changed. 00:09:10.584 --> 00:09:13.837 We've moved from law to norms. 00:09:13.837 --> 00:09:19.122 The norms of not-cool-bro-to-re-share are how we now think about privacy. 00:09:19.134 --> 00:09:21.850 And as a result our law is lagging behind a little bit. 00:09:21.850 --> 00:09:24.904 And although we are not there yet with our laws, 00:09:24.904 --> 00:09:27.339 we have inter measures we can use from CoE. 00:09:27.350 --> 00:09:31.227 So the interesting thing to see is where we head 00:09:31.227 --> 00:09:33.529 now that we are a society of norms 00:09:33.529 --> 00:09:36.295 and when we think about privacy as norm-based. 00:09:37.483 --> 00:09:39.895 (Applause)