UC Berkeley, School of Information
December 16, 2020
This is a chapter of a published dissertation: Enacting Privacy in Internet Standards.
The initial chapters of this dissertation set out both a theoretical lens and a pair of high-level research questions. First, what are the impacts of multistakeholder techno-policy standards-setting processes on resolving public policy disputes for the Internet? And second, how do the designers of Internet protocols view privacy and how do their views ultimately affect the privacy of Internet users?
The semi-structured interviews I conducted with participants and the quantitative social network analysis I have explored about technical standard-setting bodies provide a plethora of themes of interest; it has been fascinating for me, but not every interesting theme or finding can be included here. Instead, I have clustered themes together and elaborated on those most emphatic in the findings that provide insight for the research questions. There may not be a sharp boundary between those results that speak to the multistakeholder process and its impact on privacy and those that speak to the ethical impacts of engineering and participants’ conceptions of privacy, so each section includes internal references to draw those connections.
How standard-setting process accommodates, succeeds and fails explores themes related to the multistakeholder, rough consensus process of technical standard-setting itself. I lay out different stages of a standard-setting process, each of which can be an area of success or failure depending on one’s goals for the process. The argument in Chapter 1 described the potential for boundary organizations to accommodate diverse perspectives in a productive way and this section shows the challenge and importance of accommodating good and bad faith behavior, antagonism and disputes among heterogeneous participants.
Anti-trust and competition in Do Not Track and setting standards for online privacy elaborates on a particular incident identified in several interviews and supplemented by my own experiences and documents from that time where concerns about competition disrupted a negotiated deal for Do Not Track. Procedural matters are key for how standard-setting can support or inhibit competition and this experience particularly elucidates the different values transparency has and the role policymakers can play in the course of techno-policy standardization.
Individuals vs organizations in standard-setting process recounts the tradition of individual participation in technical standard-setting and illuminates competing views of standard-setting as stakeholder-balancing or technocratic and the individual’s role as representative or expert. This is informed by the engineering ethos and autonomous role of individual engineers laid out in Chapter 2 while responding to the research question of Chapter 1 about how collaborative governance can be inclusive and focus on solving problems.
Who participates and why it matters collects findings and analysis, both qualitative and quantitative, of who participates in technical standard-setting processes in general and the Do Not Track standardization in particular. Participation speaks to access and legitimacy of techno-policy standard-setting processes (as laid out in Chapter 1) but also provides context to who the designers of Internet protocols are and how their particular views will affect the implemented designs (as raised in Chapter 2).
How participants see privacy collects what participants in technical standard-setting processes think about privacy itself. Chapter 3 noted the ongoing and productive contestation of the concept of privacy and this section details the conceptions of privacy shared by participants along several different dimensions. The research question raised in Chapter 2 asks how these individuals’ views of privacy affect the privacy of Internet users. This section explores how participants think about diversity in others’ views and specific cases of considering the privacy of differently situated others, from their own children to Internet users at large.
Based on these themes, I see opportunities and challenges for the larger project of supporting privacy through multistakeholder technical standard-setting processes. Towards integration makes those connections and describes an argument for more nuanced integration of process, work and expertise.