Ian Glazer

A member of the Gartner Blog Network

Ian Glazer
Research Vice President and Agenda Manager
4 years at Gartner
16 years IT industry

Ian Glazer is a research vice president and agenda manager on the Identity and Privacy Strategies team. He leads IdPS' coverage for authorization and privacy. Topics within these two main areas include externalized authorization management, XACML, federated authorization, privacy by design, and privacy programs. Read Full Bio

Coverage Areas:

I “like” you, but I hate your apps – Part 1: The nature of relationships

by Ian Glazer  |  January 14, 2011  |  5 Comments

As I sat in my in-laws’ living room on Christmas, I realized that there were far more than just the 17 of us there. Almost everyone of us had our heads down toying with either a computer, iPad, or smartphone. Some of us, notably the teens, were interacting with each other, in the very same room, via one of those devices. Even the little kids were getting in on the action – downloading apps onto their dad’s iPad… an iPad with information about me on it. Hey, wait! I didn’t give my consent to this 4 year old to share information about me with unknown 3rd parties. (And until someone makes a unicorn and fairy version of the Fair Information Practices good luck trying to explain disclosure minimization to a 4 year old, but I digress.)

The apps we use introduce strangers into our daily lives. We, as a society, are not equipped to handle these strangers. If we do not address these strangers, we will transform ourselves from consumers into products, from upstanding citizens into unwitting informants.

The bottom line is: although I “like” you, I hate your apps.

In this three-part post, I am going to explore the situation we find ourselves in. We must first compare the nature of our relationships without apps to the nature of our relationships with these apps. Next I’ll consider what we want with respect to our relationships. Lastly, I’ll explore the kinds of controls we need and will also look at emerging technologies to help us out.

Why hate apps?

Before diving into the nature of our relationships, I want to provide a quick snippet as to why I hate your apps. Your apps, whether they are running on a smartphone or have been added to your social network profile, have access to a variety of pieces of information. Some of this information, such as your location and device identity, is specific to you. But some of this information, such as your contacts and friends, includes me. Your apps are gathering both kinds of information, using it, and sometimes sharing it with third parties. Research into this includes:

  • The Wall Street Journal’s What do the Know series on how apps gather and use information about you and your friends.
  • The ACLU’s and my own research into Facebook has shown how your apps can easily access information about your friends without their knowledge or consent.
  • Examinations of both the iPhone and Android phones with concerning results.

Our relationships

Let us consider the nature of our relationships. The meaningful ones are symmetric and have been established over time. (This is true even if the relationship is between a person and an organization.) This relationship is grounded in at least one set of social norms and subject to at least one set of law. Of course, the relationship might be subject to multiple sets of norms and laws depending on each parties cultural and geographic backgrounds.

When things go well we observe these relationships have three attributes:

  • mutually beneficial
  • mutually acknowledged
  • dignified

These relationships are mutually beneficial, and although the derived benefit isn’t necessarily financial in nature, it certainly can be. The bigger benefits of social interaction and connection often outweigh transactional benefits.

A “good” relationship is mutually acknowledged. All parties understand that they are in fact in a relationship. Acknowledgment of the relationship helps prevent the “dull, pervasive menace” of an asymmetric relationship. (See our freely available report, “Privacy” for more about asymmetric relationships.)

Finally, when things go well, a relationship is dignified. By this I mean, that all parties respect the dignity of the other. This includes treating shared information appropriately.

And when things go turn sour?

What happens when a relationship goes wrong is a fairly regular process. I, as one party in the relationship, can seek redress from you if you mishandle information I shared with you. This redress isn’t necessary financial in nature – sometime an apology is all the redress that is required. The redress process will follow a set of social norms. If you gossiped about me, I can ask for an apology. If the situation requires, we can also rely on a set of legal norms for redress as well. Further, we can use a third party to help mediate the situation. Lastly, either party is free to sever the relationship if they so desire.

Our relationships with apps

Our relationship to apps are asymmetric in nature. I have no idea what apps have added to your social network profile. I am unaware of all your devices that “know” about me. I have no idea what you have “said” to your apps about me. For example, I don’t know what my address book entry looks like in your phone – I might be listed as “Ian Glazer” or “The Hairy Analyst with Odd Socks.” In this regard, there is an asymmetric relationship – your apps have a relationship with me but not vice versa.

Furthermore, you may be just as much in the dark as I. You may (and likely don’t) know what your apps know about your friends. You may (and likely don’t) know what your devices know about your friends. And it is almost certain that you do not know how your apps are sharing this information with third parties.

If things go well in these relationships, then you receive the benefits. These benefits extend beyond just our interactions as your apps can provide an enhanced experience. In fact, these apps can enrich our interactions. Also, if things go well, then I am not negatively affected. I may not reap all the benefits you do, but I am none the worse for wear.

But what about when things go poorly? What happens when one of your apps or devices doesn’t respect my dignity and doesn’t treat information I have shared the same way you would have? You may receive some extra benefit, but I am negatively affected. This could include unwanted or unknown onward transfer for information about me. I could receive unwanted and unsolicited communications from app and device providers. I may also receive unwanted marketing.

In this case I cannot seek meaningful redress. You cannot change the situation if one of your apps mishandles information about me. Since you were not negatively affected, you cannot (and most probably would not) seek redress on my behalf from the app developer. And if you did seek redress from third parties on my behalf, any remediation they offered would likely be of little use to me. Also, I cannot approach the app developers and service providers because the asymmetry of relationships plays against me on a number of levels.

Worse still, I cannot sever my relationship with your apps. I can implore you to remove the offending app, but you likely receive enough benefit from it not to delete the app. I could sever my relationship with you, but I probably wouldn’t. Even if I did terminate our relationship, there’s no guarantee you’ll remove information from me the app and thus the asymmetric relationship between me and the app will continue on.

This is the new world we find ourselves in; there are strangers in our interactions. Apps are privy to information about us without our awareness. Our tried and true social and legal norms have yet to adapt.

In my next post, I’ll examine the desires of all parties involved in this new style of relationship.

5 Comments »

Category: Privacy     Tags: , , ,

5 responses so far ↓