Data Portability – the need for DRM

So Robert Scoble got his Facebook account disabled for running a script that scrapped his account for names, email address and birthdays and load the data into his Plaxo account – so that he could match Facebook names with names in Plaxo’s database. On the surface this is no different from Facebook’s own importer – which lets you enter your email address and password for, for example, your GMail account – so that your contact details can be loaded into Facebook (which BTW is a very bad idea).

Facebook GMail upload

It’s worth remembering that what we’re talking about here is basic contact information – the script didn’t try to grab any information from Scoble’s Social Graph – no friends of friends data, not people’s interests, nothing like that – nor did Plaxo sign up those users to its Social Networking application Pulse. Despite that the general feeling out there is that Plaxo are evil and neither Plaxo nor Robert had the right to run the script. I suspect that this is mainly because the early version of Plaxo made it very easy to email everyone in your address book with a request to join Plaxo, this was a bit rubbish and got Plaxo a bad name for spamming folk. Quite right too although its worth noting that this hasn’t been a problem since they rewrote it last year.

But if you step away from people’s prior poor experience with Plaxo what they and Scoble tried to do was no different from what Facebook does. The difference is one of reputation. All Plaxo are trying to give their users are tools to get data into their database. This is harder with Facebook because it’s a walled garden and walled gardens, as the name suggests, makes too tough to get data out. The pertinent question then is who owns the data – is it Facebook, Robert Scoble or each ‘friend’?

I know that, as far as I’m concerned, it’s not Facebook. You should be able to move your data between systems. The DataPortability folk have got the right philosophy:

As users, our identity, photos, videos and other forms of personal data should be discoverable by, and shared between our chosen tools or vendors. We need a DHCP for Identity. A distributed File System for data. The technologies already exist, we simply need a complete reference design to put the pieces together.

Unfortunately as the Scoble-Facebook story illustrates access to our online identity is often effectively controlled by others. Robert Scoble has access to 5,000 people’s contact details plus a good chunk of their social graph via Facebook. So while Facebook is wrong to lock your data away behind a walled garden, Scoble or anyone else might do the wrong thing if they export the social graph and profile information of their contacts (not that he did in this instance).

What we also need, in addition to data portability, are privacy controls. As Jason Kottke puts it:

[what’s needed is]…Facebook inside-out, so that instead of custom applications running on a platform in a walled garden, applications run on the internet, out in the open, and people can tie their social network into it if they want, with privacy controls, access levels, and alter-egos galore.

Or as Robert Scoble suggests a DRM for your personal data:

COMPLETELY OPEN: You’re allowed to take anything on my profile page and import it, use it, copy it, print it, import it.

EMAIL ONLY: You can only take my name, and email address to other systems.

EMAIL PLUS CORE PERSONAL INFO: In addition to email address and name you can also take my birthday and phone number to other systems.

CUSTOM: You choose which fields can be exported or used on other systems.

NAPKIN ONLY: You can use anything you want, but no automated systems, you’ve gotta manually copy everything over by hand.

PUBLIC ONLY: Only data that I put on my public profile can be used elsewhere.

FAN ONLY: I only wanted to see your social network and behaviors here, I don’t want to give you access to mine.

Clearly what I’m suggesting (and I assume so is Scoble) is a rights management system which would be respected by the various social networking applications, not a solution that would encrypt your data into a binary file that required your approval to unpackage. In other words a system that would give you control over your data and allow you to decide how it was shared with others who may or may not be using the same social networking application as you.

Link for 2008.01.04

» Facebook disabled Robert Scoble’s account – ?because he was screen scraping contact or activity data [scobleizer.com]He’s under an NDA at the moment so can’t go into the details but he was running a script on the site that broke Facebooks’ Terms of Use. It looks like the account has been deleted taking with it all his data. This is why walled gardens are bad.

» Promoting ‘Data Portability’ standards [dataportability.org]As a result of Facebook’s decision to delete his account Robert Scoble has signed up to this. Which is good news. Data portability between systems is the key to Web 2.0. If you can’t point to a resource (outside a walled garden) and use it then it’s not a web 2.0 citizen. And if data is about you then you should have control – it is yours after al.

» Frameworks exist for conceptual integrity [204 No Content Blog]When someone uses a framework what they are doing is delegating decision-making to someone else – having too many options in this situation is a bad thing. Frameworks that give developers too many options hoping to maximise code reuse are misguided. Software reuse is not an end. Reuse is a means, and if the available means don’t meet your ends, then find other means.