"Here's my number, so call me, maybe": Why your Contacts list is an ethical issue

Around July or August 1986 I took the Tube to Covent Garden and went to a small, specialist stationery shop on Henrietta Street to buy a Filofax. It was cutting edge personal information technology at the time and it lasted me a long time, until I could afford a Psion 3a in 1994, the first of a long series of 'Personal Digital Assistants' or PDAs that I have owned. Thanks to the magic of .csv, I was able to export contacts across all of them and eventually to my smartphones. I built a very large Contacts database, but I have now deleted almost all of it. Why have I done that?

Let's think back to the pre-digital days. Then your contact information - home address and landline number - were publicly accessible. They were printed in a phone directory: a copy for the local area was sent free to every house and the national ones could be accessed in public libraries. It was possible to go 'ex-directory', but few did.

What was the meaning of giving someone your number in such an information context?

Well, it did save them a little effort, perhaps a bit more if you weren't local. It might avoid confusion if you had a common surname-initial pair. However, its greatest significance was ethical: it was a way of giving that person permission to call you. Of course, they could probably just look up your number anyway, but there were complex social norms around calling strangers (which children flouted for amusement by calling numbers randomly selected from the phone directory). If your phone rang, it was by and large either someone you had a relationship with which gave permission for them to call, or it was a stranger who knew enough about you to be confident that their call was in your interest.

Thus giving someone your number was rich in the ethics of interpersonal relations.

What about storing the number once received?

Easily accessible personal storage - an address book - was time-saving. But there were still ethical, other-directed norms about doing this. The address books with that information were something each person kept and maintained for themselves. In shared houses or offices there were often communal ones, but the background idea about permission to use that information was still present. A shared address book would often contain contact details for people you did not have permission to contact unless it was an emergency, and that would be respected enough to substantiate my claim that the ethical norm of permission permeated how we viewed contact information.

There was also the cultural phenomenon of the 'Little Black Book', a secret address book associated with the power, and abuse, of secret knowledge. The ethically shady nature of many cultural expressions of this phenomenon can often be traced to the fact that the Little Black Book contained contact information where permission to use it had not been granted or had expired (as relationships moved on).

How did technology change this?

90s and 00s saw popularisation of digital versions of the paper address book. This seemed at the time an entirely innocent move. Personal address books existed for convenience and this increased the convenience without shifting the normative framework in any noticeable way. But at the same time there was another change which did begin to subtly shift that normative framework: publicly available contact information withered away. Partly this was to do with cost and the increasing competition in the landline market, but also because they didn't include mobile numbers.

This made it in many ways more obvious that having someone's phone number (or address) was part of a personal relationship and an expression of how that relationship grounded permission to contact that person. It also meant that careful storage of that information was more important - if you lost it, that risked losing contact with someone and thus weakening or undermining the personal relationship. It was more than just convenience: losing someone's number could be interpreted as not placing much value on the relationship and deleting their number a form of 'closure'. Which in turn lead to a tendency to keep that information 'just in case', even when the relationship with the person no longer made it necessary or useful, and perhaps the permission had expired as the friends drifted apart.

While the permission and the information had previously been largely independent, they were now intertwined. But the permission element was still visible: how you used or shared someone's contact information was subject to ethical norms and depended on your relationship with that person. As such the address book maintained its symbolic role in our personal lives.

The toxic effect of social media

As with so many aspects of our interpersonal relations, the advent of social media created a massive shift we didn't fully understand at the time. Social media companies needed to exploit network effects to build their user base and increase engagement. (To some extent, the old printed phone directory was also doing these things, or at least the latter.) This meant that people's personal address books had commercial value, for probably the first time in history.

These network effects were also important to users of the social media services, because they made them a better, more interesting and enjoyable experience. This alignment of interests in turn made it easy for the commercial organisations to ask for access to our 'Contacts'. And in so doing, they muddied the long established norms around permission to use the information about other people stored in your personal address book. Just a decade before, few would have willingly shared their personal address book with a business without thinking carefully about whether that would be welcomed by the people whose contact details were included.

One can see how this happened. By sharing our Contacts with an 'app' we saw ourselves as simply offering a new communication channel to people who had given us permission to contact them, much like telling your friends you had a new mobile number. That is certainly how the decision was presented to users by those who stood to profit from it. They continue to present themselves as the 'middle-man' in a familiar process as old as long-distance 'tele' communications itself.

But Contacts data is more than just data. It is also an object embodying ethically rich relations with other people, each of which may have an ethically different character. So by sharing that data as a lump, you are flattening out those relations and their ethical complexity.

Here is an exercise to demonstrate the point: go through your full Contacts list - probably several hundred entries - one by one and ask yourself about each person or organisation on that list 'If I changed my number would I want them to know? Would they want me to contact them out of the blue and tell them?'.

So how should we think about 'our' Contacts in the new, privacy-aware, highly connected, data thieving environment?

Any way of thinking about this issue needs to start from a recognition that owning anything is really just having certain permissions or rights over its use. Certain political philosophies fetishize the more absolute forms of ownership where the owner has almost total rights over the use of the item concerned, but in real life such instances are few.

So when someone gives you their contact information, what they have actually given you is permission to use it in certain ways and probably not in others. Consequently, what you do with that information should - ethically speaking - always respect their intentions. What is interesting about data, and has led to so much misuse of data in the past decade, is that abuse those intentions, using it in ways for which no permission was given, is likely undetectable. Where it is detected, the harms seem so slight or diffused that ethical condemnation looks to be excessive.

A consequence of this is to recognise that adding someone to your Contacts is done solely for your benefit. In most cases, perhaps almost all, the person will be comfortable with that choice of yours. They probably expected it and may even, if it is a close relationship, find it odd if you did not. Yet there will be cases, and also reasons for making that choice, where the person whose information it is would be uncomfortable with your choice.

Some examples

1. The Enthusiast - Suppose you really like social media technologies and every time a new app or platform is launched, you sign-up and upload your contacts to see 'who is there'. Even if you have a carefully pruned Contacts list, limited to people you have current permission to contact, this seems to go beyond the permission they have given, because you are not giving them the choice about whether they want their data shared with that app/platform. They may want to read the Privacy Policy first, or have views about how that platform handles moderation and government censorship. Thus you risk exceeding the permission granted.

2. The Nostalgic - Suppose you are pretty systematic about adding people to your Contacts when you have any form of repeat contact, even if for a specific purpose and limited time, such as a stranger who is part of a one-off group activity. If you choose to keep such people in your Contacts for the pleasure of browsing through the list and reminiscing, then that too would exceed the permission given for using the information you have acquired. (If you are just lazy or indifferent so these Contacts persist long after permission has expired, that is a different matter. Until you share it.)

3. The Collector - Suppose your phone rings with an unknown number and you answer. After a brief but confusing conversation, it becomes apparent this was someone called Jo trying to ring their friend Chris, neither of whom you know. You could, in such a situation, add that number to your Contacts, perhaps under 'Jo friend of Chris'. That would be creepy and clearly exceed the permission given for using the information you have acquired.

Reflections

What is going wrong in these examples and many others is that the person with the Contacts has prioritised their interests over those of the people whose information it is. I have tried to give examples where this is clearly wrong, but there will be many complex, grey areas. That is because when we give someone permission to contact us, we also give them permission to store the information they need in order to contact us. And that permission brings a clear benefit of convenience. But once the information is stored, it can bring benefits other than mere convenience, both to the person who stored it and to the bodies they interact with.

In all three examples, we can be sure that many people would be unhappy to know their contact information was being used like this and would object that they never gave permission. Notice how this ethically significant judgement is independent of whether they are harmed. In fact, only if there are further wrongdoings is anyone likely to be affected at all by the behaviour of the The Collector and The Nostalgic. And the harm The Enthusiast causes may be miniscule and perhaps largely just an insult to the autonomy of others.

These two points draw attention to the fact that the ethical issues here cannot be understood in terms of a calculus of harms and benefits. Rather they are issues of respecting other people and in particular, respecting their rights as the source of this information to say what others may and may not do with it. These can be understood as a form of ownership right, but that only tempts us to misconstrue The Collector, The Nostalgic and The Enthusiast as thieves. There are data thieves in the world, and The Enthusiast may be handing his friends' data to them unwittingly, but that is not the only possible wrong in this space.

In practice, the process of thinking about other people's privacy has changed my habits. I don't share my Contacts with apps and I use Android's Work Profile to keep a separate Contacts list of just the people who insist on using WhatsApp. I am cautious about who I add to my main Contacts and delete people when I no longer think they should be there. This takes a bit of effort, but after a while, respecting other people's digital privacy becomes as natural as respecting their physical privacy by e.g. not staring or shoulder surfing.