Security Experts:

The Commonalities of Creepiness

Creepiness is a negative visceral reaction, like something crawling on your skin. It can be triggered when you feel your personal privacy is violated. Companies don’t want to make you feel creepy… but they do. And if they do so a lot, you go buy elsewhere. So it’s important not to be creepy. But what is creepy, changes. By comparing what was creepy a few years back with what is creepy today and asking “why the change,” we will see the commonalities of creepiness and lessons for all who wish to make a successful business involving personal information.

Searching for an Ex On-Line Prior to Social Media

Doing a Google search of that high school or college flame before the advent of social networking used to be classified as creepy. The social stigma may have applied ten or so years ago because of the types of information available and the types of information that weren’t. In a world without social media, information came from third parties such as court records, land registry filings, and online newspapers and magazines.

Online StalkingThe key is that your ex wasn’t the publisher and had no control over its accessibility. Others viewing information about you that you have no control over feels creepier than when it’s information you post and decide who can access it. With social media, you are posting more information to a more controlled group. You put it out there so you have a lower expectation of privacy. With that, the stigma of searching an ex has all but evaporated but for the question of why on earth you still care.

The commonality is when working with personal information, the info owner will feel more comfort if they participate in the sharing, know what is being shared with whom, and have control over the process. More control means less creep.

LinkedIn Searches Before a Phone Call

When you’re about to have an initial business call with someone, looking them up on LinkedIn gives you possible connection points. But I never let on when I’ve done the quick peek before a call. Instead, if someone went to the University of Virginia like I did, I find some way to work it into the call in a natural way.

That charade was blown up on a call last week. The guy starts with, “I was looking at your LinkedIn profile and noticed you worked at Arbor Networks. My brother worked there. Did you know…?” He was a little more forward than most. Did I mention he was from New York? But it was the beginning of the end of LinkedIn pre-call screening being creepy, at least for me.

The question then is why. The answer is in the relationship between the parties and balance of sharing between them. Mr. New York was someone I had a relationship with, albeit a short one, I had the same access to information that he did, and we both made it available to the other. The commonality for companies is that a perception of trust and relationship will yield increased sharing of information and less creep when processing that information.

Find My iPhone (or spouse, kids, boyfriend)

With this App, I can see any of my Apple devices with the same Apple ID on a map. Apple devices, like Macbooks, iPads and iPhones are generally with their owner. So that means I know where the people are. My spouse won’t answer the phone when she’s driving or on her bike so if I need to reach her I’ll log in and see if she’s at home where I know she’ll pick up. I explain this to folks and receive a look like I should be wearing a secure ankle monitor.

I also heard of a great break up over this App. Girlfriend surreptitiously enables app on boyfriend’s phone. Boyfriend goes to bar with buddies after work without informing girlfriend. Girlfriend tracks boyfriend, bursts into bar, and gets dumped by freaked out boyfriend. Classic love story with GPS tracking twist.

The difference between the two is notice of use and opt-in. My wife knows about the app and has the same enabled on her phone so she has notice of what information may be accessed by whom. I would not have placed it on our phones without her consent so she has opted-in rather than only been offered an opportunity to opt-out. So the commonality of creepiness is the importance of describing the nature of information used, who can use it, and for what purpose. And, of course, my wife may always change those privacy setting by deleting the app from our phones.

Google Now –Creep Comparison and Analysis

Let’s compare the creep inducing scenarios described above with the current creep of the month: Google Now. It’s an “anticipatory data service” that tracks your web searches, calendar appointments, location via GPS, photos you have posted, flights you are preparing to take, contacts, and more. Then it sends you alerts it thinks you will need before you have to search; such as weather at destination, traffic along the way, when you should leave, and interesting things you might like to see.

We learned from ex searches that a feeling of control over one’s information curbs creepiness. Yet with Google Now one must cede access to several sources of intimate information that will be crunched together to produce alerts. There’s definitely a feeling of loss of control.

We learned from LinkedIn that folks share more data when then are equal footing information wise. Google Now is a one-way street and will have to rely on assuring users of privacy protections to engender a feeling of control.

We learned from Find My iPhone the importance of defined recipients of information and the ability to opt-in and opt-out. Google Now is opt-in because you are choosing to install the app, but though the privacy policy says you may opt out of sharing of your personal information, there is no practical way to do so through your account. Therefore, there is no meaningful way to opt-out of the sharing of your information.

The Commonalities

Our threshold to creepiness keeps going up based on our own level of sharing and the social acceptance of openness. But we are not immune to feeling creeped out. The commonalities of creepiness still emphasize the importance of control over one’s content, the relationship between the provider and user of information, and the importance of opt-in and opt-out when it comes to personal information. Only with these in mind will the users of personal information thrive.

view counter
Gant Redmon, Esq., is General Counsel & Vice President of Business Development at Co3 Systems. Gant has practiced law for nineteen years; fifteen of those years as in-house counsel for security software companies. Prior to Co3, Gant was General Counsel of Arbor Networks. In 1997, he was appointed membership on the President Clinton’s Export Counsel Subcommittee on Encryption. He holds a Juris Doctorate degree from Wake Forest University School of Law and a BA from the University of Virginia, and is admitted to practice law in Virginia and Massachusetts. Gant also holds the CIPP/US certification.