By: M. Ryan Calo

Professor Patricia Sánchez Abril opens her article, Private Ordering: A Contractual Approach to Online Interpersonal Privacy, with a profound insight: online interpersonal privacy suffers from a case of broken windows.[1] By “broken windows,” Professor Abril refers to the well-evidenced phenomena that instances of minor disrepair can promote an overall environment of antisocial behavior.[2] Just as a building with one broken window will almost certainly have many more, so could other contexts degenerate if small infractions go visibly unaddressed.

There may be times when upholding an agreement of confidentiality is not in the public interest and even the mantle of law is overkill. For instance, what if a student’s use of a social network reveals that she is a danger to herself or others, but her peers have all contracted not to say anything?

Professor Abril invokes the metaphor of broken windows in the context of online interpersonal privacy to illustrate “the role of norms vis-à-vis legal rules in shaping human behavior.”[3] Specifically, she believes that some combination of four factors—the dominance of sharing-culture, the lack of close-knit groups, the dearth of opportunities for user control over data, and the misapplication of contract law—“conspire to create a public perception of ambivalence toward breaches of interpersonal privacy, perpetuating social disorder.”[4] Professor Abril ultimately “calls on the power of contract to create context and thereby address many online interpersonal privacy concerns.”[5]

I agree with much of Professor Abril’s sophisticated reframing of the problem.  I also see promise in her proposal to leverage contracts to combat a perception that “anything goes” on the Internet.[6] In particular, I appreciate the role Professor Abril has in mind for contract law: not just to create enforceable rights, but more importantly, to signal the solemnity of the transaction.  In her words: “Even when not readily enforceable by legal means, the mere existence of a contract serves the important role of expressing and establishing social norms.”[7]

Indeed, one way to challenge Professor Abril’s argument is to question whether contracts formed in the way she describes will carry any legal water at all.  Arguably, they will not.  Creative Commons gains force from copyright law, which provides an affirmative right that the right holder may then pare back or renounce.[8] The same is not true where, as in interpersonal privacy, there is no underlying statutory right.[9]Even if we agree that opening an e-mail or accepting a friend request can constitute both consideration and assent for purposes of contract formation, it is hard to imagine how damages might be calculated.  Professor Abril concedes at length that damages may prove an insurmountably high hurdle to recovery of a successful claim.[10]

In many ways, observing that a system of interpersonal contracts may in practice be unenforceable misses the point.  What Professor Abril seems to be after is “a new set of norms;”[11] she wants to leverage the formality of contract law to “create context.”[12] Regardless of whether a court would permit recovery for a breach of Professor Abril’s protocol, the very use of that protocol—its mere existence—tends to combat the prevailing cavalier attitude toward interpersonal privacy that we see today.[13] It helps mend the broken windows.

But this observation raises a second question: if all we are doing is signaling, ought we not to prefer a nonbinding, norms-based approach to online communication such as that championed by Jonathan Zittrain and Lauren Gelman?[14] These authors eschew the use of law per se in favor of a model based outright on principles of neighborliness.  There may be times when upholding an agreement of confidentiality is not in the public interest and even the mantle of law is overkill.  For instance, what if a student’s use of a social network reveals that she is a danger to herself or others, but her peers have all contracted not to say anything?[15]

Both models suffer, incidentally, from a common limitation.  No matter how user-friendly the signal is, when faced with too much signaling, users may begin to tune it out.  What effect will a sea of icons, or the need to click assent for every bit of content, have on the average user?  Judging by the literature on information overload generally, and “wear out” specifically, there is a danger users will become inured to even a standardized system of online communication.[16]

This brings me to a final point about how best to improve a social environment.  What is interesting about the broken windows theory is not necessarily that vandalism influences norms; presumably there are many phenomena that influence norms.[17] It is that broken windows are features of the physical environment—they are a form of architecture.[18]

Professor Abril is hardly unaware of the importance of design, as evidenced by her condition that user-to-user contracts be “user-friendly” and “standardized.”[19] Importantly, she is also aware of the existence of literature in psychology suggesting that the form of social interactions helps dictate its content.[20] She nevertheless underemphasizes what I consider to be a crucial point: the very design of a website has a powerful effect on user experience.  Many of the problems we face online result directly from design decisions that we could—and in some cases, ought to—revisit.

Consider the broken window of oversharing.  Design is instrumental both to promote and to combat this ostensible problem.  Social networks in particular are built to make sharing as attractive as possible.  Status-update fields loom large at the top of the screen, beckoning participation.  Comment fields are prepopulated with the user’s picture as though she has already begun to comment (might as well do so!).  These design decisions are not accidental.[21] Meanwhile, sharing content online has immediate, positive effects, whereas the downsides to sharing are not immediately felt.[22] The undergraduate deciding to share pictures of last night’s party probably has his fraternity brothers, not prospective employers, in mind.  He experiences positive feedback in the form of comments and “likes”; he may never know why he did not get that job.

Or consider the insight that people are more likely to disclose personal details to websites that are casual in design, as opposed to formal.  In a study by Leslie John and her colleagues, subjects were more likely to admit to controversial conduct when the study was presented in a silly, playful format.[23] This insight has policy repercussions.  We are ostensibly most concerned with the online disclosure behavior of children, for instance, so much so that we have a special law around it.[24] And yet what are the most casual websites on the Internet, including with respect to online forms that collect information?  The kids don’t stand a chance.

A more direct and potentially more effective way to address online privacy’s broken windows is to examine the design of websites themselves—windows, in a sense, onto the Internet.  What we need in privacy, I believe, is a set of architectural values—both aesthetic and systematic—capable of transforming the web experience in ways that promote public policy goals such as privacy and security.  In the 1970s, architect Oscar Newman revolutionized public housing by introducing the concept of defensible space.[25] We need an Oscar Newman for online privacy.

How might the design of websites, phones, energy meters, and other products help provide the user with an accurate mental model of data practice?  How might we empower users to frame their content in ways that limit abuse without recourse to contracts or even words?  These are the challenges that Acquisiti, Nancy Kim,[26] Woodrow Hartzog,[27] and others have started to address in their work (and which underpin my own notion of nonlinguistic or “visceral” notice).[28] In a sense, this Article is not a response to Professor Arbil’s thought-provoking and well-argued article.  It is an invitation.  Professor Abril ought to take her own metaphor more literally.

[1]. Patricia Sánchez Abril, Private Ordering: A Contractual Approach to Online Interpersonal Privacy, 45 Wake Forest L. Rev. 689, 690 (2010).

[2]. Id.; see also id. at 690 n.11 (citing evidence of the broken windows phenomenon).

[3]. Id. at 691.

[4]. Id. at 694.

[5]. Id.

[6]. Id. at 695, 719, 726.

[7]. Id. at 707.

[8]. 17 U.S.C. § 106 (2006) (granting various exclusive rights in copyrighted works to the copyright owner).

[9]. Federal and state law protects privacy not through a single, baseline statute, but in piecemeal through a series of sector or activity-specific statutes, common law torts, and constitutional doctrines.  See, e.g., Privacy Laws, California Office of Privacy Protection,
_laws.htm (providing a list of some of the state and federal privacy laws of the United States).

[10]. Abril, supra note 1, at 716–19.

[11]. Id. at 723.

[12]. Id. at 691, 694.

[13]. Id. at 719 (“Although the ideal would be a legally enforceable contract, not all promises of confidentiality must be formal contracts in order to effectively safeguard privacy and counteract an ‘anything goes’ attitude toward online privacy.  Sociolegal scholarship indicates that the very existence of a promise or obligation can change social norms.”).

[14]. See Lauren Gelman, Privacy, Free Speech, and “Blurry Edged” Social Networks, 50 B.C. L. Rev. 1315, 1342 (2009) (suggesting “a tool for users to express and exercise privacy preferences over uploaded content.  It would permit users to express their intentions by tagging any uploaded content with an icon that immediately conveys privacy preferences to third parties.”); Jonathan Zittrain, Privacy 2.0, 2008 U. Chi. Legal F. 65, 106–09 (discussing the application of “code-based norms” to privacy).

[15]. Professor Abril assures us that her system, though it restricts information flow, “will not chill speech.”  Abril, supra note 1, at 722.  It may promote interpersonal intimacy, but it will also invoke the force and solemnity of law to limit sharing.  Id.

[16]. See, e.g., Christine Jolls & Cass R. Sunstein, Debiasing through Law, 35 J. Legal Stud. 199, 212 (2006) (describing “wear out” as the phenomenon “in which consumers learn to tune out messages that are repeated too often”).

[17]. For a detailed discussion, see Lawrence Lessig, The New Chicago School, 27 J. Legal Stud. 661 (1998).

[18]. Id. at 663.

[19]. Arbil, supra note 1, at 720.

[20]. Id. at 699 n.74.

[21]. Nor are they intrinsically harmful.  The point of the service is, after all, to communicate.

[22]. Carnegie Mellon Professor Alessandro Acquisti evidences this phenomenon in forthcoming work.

[23]. Leslie K. John, Alessandro Acquisti & George Loewenstein, Strangers on a Plane: Context-Dependent Willingness to Divulge Sensitive Information, 37 J. Consumer Res. 858, 868–69 (2011).

[24]. See Children’s Online Privacy Protection Act of 1998, 15 U.S.C. §§ 6501–6506 (2006).

[25]. Oscar Newman, Defensible Space: Crime Prevention Through Urban Design (1972) (arguing that architecture and urban design influence negative social behavior).

[26]. See, e.g., Nancy Kim, Online Contracts: Form as Function (2010) (unpublished manuscript) (on file with author); cf. Nancy Kim, Website Proprietorship and Online Harassment, 2009 Utah L. Rev. 993, 1014–17 (2009) (describing contractual and architectural techniques to constrain online harassment).

[27]. See, e.g., Woodrow Hartzog, Promises and Privacy: Promissory Estoppel and Confidential Disclosure in Online Communities, 82 Temp. L. Rev. 891, 907–08 (2009); Woodrow Hartzog, Website Design as Contract, 60 Am. U. L. Rev. (forthcoming 2011).

[28]. See, e.g., Steve Lohr, Redrawing the Route to Online Privacy, N.Y. Times, Feb. 28, 2010, at BU4 (“M. Ryan Calo, . . . at the Center for Internet and Society at the Stanford Law School, is exploring technologies that deliver ‘visceral notice.’  His research involves voice and animation technology that emulates humans.”).