Illustration of Privicons, icons intended to increase privacy in electronic communications
Illustration by Andreas Braendhaugen

It’s a fairly common 
story. Mark writes an e-mail to Stephen about their weekend plans and, in a postscript, includes some choice comments—meant to be kept private—about their mutual friend Lisa. Stephen, not getting as far as the postscript, forwards the e-mail to his girlfriend and before long the e-mail gets passed on to Lisa, to Mark’s chagrin.

The Privicons project at 
Stanford Law School’s Center for Internet and Society (CIS) was created to address an underlying problem in stories like the one above: Readers and writers are often more careless with e-mail than with other forms of correspondence. The project team formed when CIS Director of Privacy and Robotics Ryan Calo partnered with a talented group of computer scientists, designers, and privacy scholars based in Europe and at Stanford (primarily at the law school but with valuable input from faculty and students in engineering, computer science, and design). The Privicons project formally began in 2009 as a response to the observation that e-mail users don’t always fully understand other users’ expectations and desires about privacy.

We are interested in these cases of e-mail carelessness and misunderstanding, not in malicious or intentional privacy breaches. Thus the privacy violations on which we focus have nothing to do with a user’s violation of computer code or even law; they’re primarily violations of social norms.

Privicons’ approach accordingly depends on understanding the difference between the technical aspects of privacy—which rely on code and engineering to protect users’ data—and the social aspects—whose roots are in norms that, for example, stop us from revealing secrets that our friends entrust to us. The team recognized early that purely code-based strategies, like e-mail clients that refuse to allow certain messages to be forwarded or printed, can be overbroad and paternalistic and are often usable only on certain programs or platforms.

Another solution that seemed obvious at first was to use law to protect users. But as it turns out, confidentiality notices and the like are not generally binding on recipients unless specifically agreed upon by contract—a rarity in your average e-mail conversation. Law also enters only as a remedy, after the damage has been done. The team at Privicons wanted to stop the problem before it could reach that stage.

We began, therefore, with social solutions, rooted in what Harvard Law professor Jonathan Zittrain (who is a returning visiting professor to Stanford Law School) has called “code-based norms” that are grounded in users’ understanding and appreciation of “neighborliness,” as discussed by Lauren 
Gelman, a former CIS director. We 
decided to use code not to limit users but to help them make their privacy expectations clear and understandable. This clarity can help prevent innocent misunderstandings about privacy and encourage less innocent users at least to reconsider the choices they make about other peoples’ data.

To achieve this kind of clarity about privacy, we created a simple “vocabulary” of icons that indicate users’ 
privacy expectations for their communications—one for “Don’t Print,” another for “Don’t Forward,” and so on. The icons are meant to be attached to any sort of electronic communications, as a form of social signaling that gently clarifies the sender’s privacy expectations. Users can, of course, choose to disobey Privicons, but our point was never to solve privacy breaches by making them technically impossible (though developers can choose to make an instantiation of Privicons work this way). Allowing Privicons to be overridden empowers users to take control over their speech, even when slippage occurs.

The team has completed early versions of plug-ins for Firefox and Chrome, which will allow Gmail users to insert Privicons seamlessly into their e-mails. While we continue to develop these plug-ins for larger-scale public consumption, we are also preparing to publicize Privicons through a variety of media channels. Since Privicons is of interest to both academics and popular journalists, we hope to see a great deal of public interest in our project.

A significant part of our public relations strategy is the fact that Privicons is an open project. Users interested in developing their own instantiation of Privicons can do so with our RFC as a guide (available at or they can simply apply the icons themselves to different communications platforms. As Privicons spreads through academic and tech circles, gaining popular traction alongside similarly user-focused privacy movements like Privacy by Design and Do Not Track, we hope that more developers will incorporate Privicons into their products, thereby helping it grow and turning it into an everyday solution for privacy miscommunications. SL

Learn more about privicons.

Ethan Forrest, JD ’12, is a Center for Internet and Society Student Fellow at Stanford Law School, where he is also on the board of the Stanford Technology Law Review. Ethan is interested in privacy law, civil liberties, and intellectual property.