Forgetting: Logging as an ethical choice

I have kind of a weird idea for a database person.

Forgetting should be built into our applications by default. I just spent the weekend at FooCamp, and I held a session to discuss this idea, and some of the possible consequences if it were implemented.

To explain why I think this, I’m going to take an extreme stance for a moment and argue a position that I’d like to see rebutted. So, please have at it! 🙂

For too long we have allowed decisions made by developers – default application settings – to determine what ultimately become surveillance levels.

There are notable counter examples: 4chan intentionally expires postings every few days. Riseup keeps no logs. The EFF documents what we do and do not legally need to keep. These, however, are the efforts of a tiny minority when considered against the rest of the web.

Over time, our conception of what is reasonable has changed around logging and accounting for vast periods of our activities. Never before would a silly recording taken by a 15-year old be stored indefinitely, and then be documented as a watershed event because of how many times it was viewed in a vast global network, rather than for the content of the cultural artifact itself. The log of views themselves were the cultural artifact, and it is celebrated.

Fading away isn’t evil. But we act like it is when we pipe what once was ephemeral into indefinite storage.

Why have we decided to participate in this social experiment? It really wasn’t a collective decision. Some software developers and investors decided that archival on a massive scale was important or profitable. We started calling these things “part of history” and just storing them without thinking about it. Saving became default.

I’m not saying that archiving the internet, search robots or “opting in” are bad things. But those who least understand archiving’s effect on personal privacy may be the ones most likely to suffer in the future.

The ripple effects of the decision to move from “default expire” to “default save” are vast. Consider for a moment if we were to call the ability to intentionally forget on the internet a human right.

Instead, what we’ve done is to say to millions of people – you do not have the right to forget. Companies will take your locations and status updates, and never delete them. And privacy is rapidly becoming a privilege of those who can afford to buy it.

For the sake of argument, consider the difference between narrative historical documentation and collections of “facts.” The narrative is an aggregation, full of embellishments and forgetting and kernels of truth. Facts are collected, supposedly objectively. Both approaches to capturing historical thought suffer from the fallacy that historical “fact” is fixed and doesn’t evolve based on the viewer and reteller over time. How much worse is this effect when our collections of facts are now ballooning to include every blog post, photo, tweet and web access log you’ve ever made?

The point is not that individuals wish to change history or even obscure events which may reflect poorly on them. (Even though we all do!)

We need to give people a real choice – not a set of ACLs and rules. Choice about what is archived about them, control over that process and a clear delineation between personal artifact and public property.

Kathy Sierra deleted her twitter stream and was accused of removing a piece of history, and possibly the worse internet offense – taking away conversations. Taken at face value, isn’t that the point of conversation? That it is ephemeral?

Conversations leave echos in changed thoughts and light or deep impressions in the minds of the participants. Just because Twitter has by default chosen to retain these conversations indefinitely doesn’t change the nature of conversation itself. No one would argue that just because we share our thoughts that we are obligated to share every thought.

In the same way, we are not obligated to maintain a record of our sharing. And if we do maintain and share a record of our own end of a conversation, we still have the right to ultimately destroy it.

Once shared, of course, an artifact of a conversation can’t be taken away from those that have copies. But authors and owners of the original work must always retain the right to destroy.

So, that brings me to what is ethical in our applications. When we say: “we’re keeping your data forever” and “delete means your account will still be here when you come back”, application developers and companies are making an ethical choice. They are saying, “your shared thoughts aren’t your own – to remember or forget. We are going to remember all of this for you, and you no longer have the right to remove them.”

Connectedness is not the same as openness. Storing vast logs of data related to individuals which connect thousands of facts over the course of their lives should be presented as the ethical choice it is, rather than a technical choice about “defaults”. Picking what we decide to log and store is an ethical and political decision. And it should also be possible for it to be a personal decision.

14 thoughts on Forgetting: Logging as an ethical choice

Comments are closed.

  1. This one says it all:

    And yes, I do agree that a lot of what we “contribute” to the ‘net is better forgotten. But I think that there is a distinction between “serious” discussions where you must assume that the participants are well informed and implicitly consent to the indeterminate storage of their contributions, and “mindless chatter” on the other hand.

    I really liked this sentence:

    “Those who least understand archiving’s effect on personal privacy may be the ones most likely to suffer in the future.”

    Every forum admin and moderator should have that one in a frame above the screen. I don’t know if there’s a good resource for media ethics as applied to the Web, but there ought to be one. And that sentence belongs way up there.

  2. Leifbk – that Dr Fun cartoon is one of my favorites. During the session, I made reference to it (but no one laughed! maybe I am getting old!)

    Thanks so much for singling that sentence out. I got a big piece of that thought from danah boyd’s work.

  3. Very nice read, I enjoyed it.

    My immediate reaction is that it is up to the individual to protect their privacy and security themselves. I acknowledge most people do not understand this (why it is not only important, but how to do it).

    But it seems that we live in a common culture to share all information with a 3rd party just for the chance to win a TV or a virtual tractor…

  4. Really it is a matter of scaling. The old rules still apply, never say in public what you do not want repeated in public. The scale of public has become grander though. Where once what you said in the local diner was fodder for discussion in “name your small town”, what you say in a Web forum is now open to the Web. Trying not to be too blunt but, if you want privacy be private; JD Salinger vs Truman Capote. Human nature being what it is if the information put out there up it will be used.

  5. Adrian – yes, but what about what you look at online? Should the rule be “Never look at something online that you don’t want to be public?”


  6. Ideally your footsteps through the Web should vanish and I would like to see that happen. Unfortunately experience has led me to the rule “The good will take care of itself, its the bad you have to plan for”. So my concern is not with the ethical person/site but the unethical one. The only sure way of guarding against that is not to create the footprint in the first place. Bottom line is, once you consign information to the network it is no longer yours. Privacy efforts still depend on someone else doing what they say they will. Not a something I have great faith in.

  7. To follow up. I am not saying the privacy movement is not without merit. It serves notice that people are concerned and watching. As such it serves as a check on the worst abuses. In the end though information will disappear as it has over the ages, through entropy.

  8. I’m so relieved that you’re speaking about this… at Foo and elsewhere. I’ve always felt that we should pick the most appropriate social metaphor for the specific service we’re using, and that our options for “forgetting” what we’ve contributed to that service should more closely fit that metaphor.
    You gave as an example my Twitter experience. Twitter is always described in ephemeral conversational metaphors like “the dinner party” or “the water cooler”… even the most hardcore supporters of its “ambient intimacy” celebrate the casual random-thought nature of the stream. Yet the second I deleted my account, it suddenly morphed into quite a different metaphor: “OMG! YOU DELETED HISTORY!”

    On Twitter, I threw stuff into the conversation stream and–like all water cooler conversation–it later vanished. I’m quite happy with the folks at Twitter for both deleting the account as I requested, and not trying to manipulate me into simply making it dormant. Of course I have no idea if the data is *actually* gone, but Twitter is acting as if it is, so, yay Twitter.

    Blogs don’t have quite the same water-cooler-ephemeral-conversation metaphor, so I’m slightly more understanding of people’s expectations that blog posts stick around, though I still believe authors should have the choice, always.
    Anyway, thanks for this post and your participation at Foo.

  9. Kathy,

    Thanks for providing inspiration for me around this topic!

    People’s response to your choice clearly shows the pressure many people feel to stay connected.

    Talking with you gave me another idea that I’m going to pursue with others I met at Foo to raise awareness about excessive logging. Except, we’re going to make log destruction a little more fun. 🙂


  10. One of the other sessions at FOO was Philosophy and Technology – it didn’t cover this territory but it did remind me technology has very little inherent philosophy in it. It can do anything without bounds to ethics or morality. There’s something idiotic about the the attitude ‘what tools can do they should do’ – simply because something is possible has absolutely no significance in whether it’s good, bad, cruel, unfair, or anything.

    Regarding conversations, the technology itself can’t arbitrate what is ethical, moral, or simply good for us. It’s up to us.

    The better tools/companies/people set expectations up front – you can delete X, but not Y, etc. Some people tell me not to tell them my secrets, others promise to respect my trust.

    And if there are no expectations set, then caveat emptor – anything goes. Like Adrian said, if you say something in public, you are giving up control over it to whoever else is listening. That should be the expectation anyway.

  11. Selena, you’ve got it exactly right.

    As a habitual email saver, I’ve retained a record of my conversations over the years; yet I would never dream of publishing them on the web or elsewhere. If for some reason I decided they’d make for a good memoir, it would be my ethical duty to get clearance from every person whose messages I wanted to include. On the other side of the privacy spectrum, right-wing agitator Andrew Breitbart is offering $100,000 to anyone who will leak the entire archive for a private listserv. Somewhere in the murky middle, Google bought and maintains a permanent archive of UseNet—including all the posts we made in the early 90s when we had no clue about privacy on the internet.

    Most online applications have followed Google’s lead. But ultimately, why should they retain all of this crap? As the internet continues to expand, there is almost nothing worth keeping indefinitely; if a piece of information is valuable (e.g., a french fry recipe), it will not only be retained separately from the “original” source but will also be discovered and shared independently and repeatedly over time and geographical space.

    In other words, there is no such thing as a truly original thought—so why should online applications treat most thoughts as archive-worthy? In my opinion, applications should go beyond allowing users to delete their own data; they should have a retention policy that balances utility with privacy, and should simply delete anything more stale than the policy describes. (Note that “staleness” isn’t necessarily based on age of the data.) Leave it up to the user to archive if they wish—if I want a “permanent” record of this comment, I can email it to myself!

  12. > Once shared, of course, an artifact of a conversation can’t be taken away from those that have copies. But authors and owners of the original work must always retain the right to destroy.

    That highlights a key conflict here. Once you willingly hand over control data to someone else, you can hardly demand at a later time that they destroy their copy.

    If we demand the right to control our data, including the right to remove it from where it’s hosted, then we need to *act* on that. Stop gleefully pouring this data into the hands of others.

    Eben Moglen makes the case in “Freedom in the Cloud” that it’s up to us, as people who can actually create software solutions, to do something about this.

    We need to create solutions that allow people to communicate *without* losing control of their own data. And we have the tools to do it.