CircleID

In all the recent uproar (New York Times, "Google Told to Turn Over User Data of YouTube," Michael Helft, 4 July 2008) about the fact that Google has been forced to turn over a large pile of personally-identifiable information to Viacom as part of a copyright dispute (Opinion), there is a really interesting angle pointed out by Dan Brickley (co-creator of FOAF and general Semantic Web troublemaker). Dan points out in a blog entry today that while the parties before the court are arguing about whether the YouTube ID is, by itself, personally identifiable information, the fact is that the publicly visible part of this ID in the context of other information on the Web is sufficient to identify a lot about a person, not the least of which is their name. Dan explains:

YouTube users who have linked their YouTube account URLs from other social Web sites (something sites like FriendFeed and MyBlogLog actively encourage), are no longer anonymous on YouTube. This is their choice. It can give them a mechanism for sharing 'favourited' videos with a wide circle of friends, without those friends needing logins on YouTube or other Google services. This clearly has business value for YouTube and similar 'social video' services, as well as for users and Social Web aggregators.
Given such a trend towards increased cross-site profile linkage, it is unfortunate to read that YouTube identifiers are being presented as essentially anonymous IDs: this is clearly not the case. If you know my YouTube ID 'modanbri' you can quite easily find out a lot more about me, and certainly enough to find out with strong probability my real world identity. As I say, this is my conscious choice as a YouTube user; had I wanted to be (more) anonymous, I would have behaved differently. To understand YouTube IDs as being anonymous accounts is to radically misunderstand the nature of the modern Web.

Dan makes a really important point here. One the on hand, the fact that we are all more identifiable as a result of social networks in which we exist suggests that the judge was just plain wrong (even wronger than others have already said) in saying that the YouTube IDs are not personally-identifiable. But on the other hand, to the extent that Dan is correct about the revealing nature of the social web (true for some of us now, more and more in the future), we have to face the fact that merely limiting disclosure of personal information from one source is less and less unlikely to protect privacy effectively across the Web.

Applying this view to the Viacom v. YouTube case suggests that privacy protection has to focus more limiting how people and institutions can *use* personal information even as we recognize that it is harder and harder to protect privacy by access control alone.

Some of my colleagues and I have written about this view of privacy as Information Accountability in last month's Communications of the ACM.

Written by Daniel J. Weitzner, Technology and Society Policy Director. Visit the blog maintained by Daniel J. Weitzner here.

Related topics: Law, Privacy, Web