Monday, August 9, 2010

How Facebook Betrayed Users and Undermined Online Privacy

Facebook has collected loads of private information about their users -- information that is being sold to marketers.
By Allan Badiner, AlterNet
Posted on August 5, 2010

In just six years Facebook has crossed the threshold of 500 million users. In the past nine months it has doubled in size and is now the number one most visited Web site in the world, surpassing Google. Facebook’s motto is “Making the world open and connected,” where a lone voice can have a powerful impact, as evidenced this year by one activist’s post on Facebook that sparked a demonstration of 12 million people against the Revolutionary Forces of Columbia (FARC), which had been terrorizing Colombian citizens for years.

But along with its policy of openness and potential for social change, Facebook has repeatedly come under fire for its lax policies toward the privacy of its members.

Behind the Wall

Facebook members have a “wall” where they can post pictures and information (essentially their own web page), chat with each other, and read the latest on everyone in “The Feed.” But behind the wall, users are creating a cumulative data repository of all the relationships in the entire world and the intimate details of everyone’s lives. The databases and algorithms employed at Facebook to store, crunch, and make inferences about you are far greater holders of data than any government agency.

Facebook founder and CEO Mark Zuckerberg has often claimed to be a champion of privacy and promised, “we will never sell your information.” Nevertheless, many users were shocked to discover late last year that their names and profile pictures, along with basic information about them, had been made public. At the heart of the storm is not the complexity of controls on Facebook, although that was an issue. The anger was about Facebook sharing personal information in new ways without prior permission from its users.

Ironically, Facebook has made an international impact it had not intended. German officials launched legal proceedings against Facebook over its policy of saving information about people who aren’t members of the social network but have various details posted on it thanks to their friends on Facebook. Following an investigation by the Canadian Privacy Commissioner, Facebook implemented new privacy policies. In the U.S., members of Congress and the Federal Trade Commission called for more regulation and Zuckerberg was all but forced to agree to more privacy controls. In June, four U.S. senators wrote to Zuckerberg telling him they were concerned about Facebook’s privacy practices.

The Beacon

Fastbook first aroused controversy on its violations of privacy with its use of web beacons. Web beacons are tiny image files that, when combined with small text files called “cookies,” will track your activities on other sites and automatically send information about you, including keystrokes, to the originating Web site. Facebook designed them to broadcast back to users and their friends what actions Facebook members took on participating Web sites. Users were not informed that data on their activities at other sites was flowing back to Facebook, nor were they given the option to block that information from being transmitted.

Lawsuits were filed, and even MoveOn moved into the issue. Facebook announced that it would allow people to opt out of the use of beacons, and Zuckerberg apologized for the controversy. Facebook ultimately settled a class action lawsuit and announced it would completely shut down the beacon program.

Instant Personalization

But the storm was only beginning to build. The controversy rose to a roar in May, centered on unilateral and sudden changes to Facebook policies that severely limited what users could keep private. The Instant Personalization pilot program that Facebook created spins users’ personal interests into public Web sites that are searchable and available for the world to see, and share their data with other Web sites such as Yelp, Microsoft and Pandora.

Facebook not only forced users to opt out rather than opt in if they wanted their information shared, but required users to delete information from their pages if they didn’t want to share it publicly. Adding injury to insult, embarrassing technical glitches came to light that exposed the personal messages of some users.

After considerable clamor, Facebook allowed you to opt out of Instant Personalization. But it isn’t simple and it requires you to delete all of your biographical information containing your general preferences about ideas and products, i.e., all of your “likes.”

Asked why Facebook doesn’t simply make such pilot programs as Instant Personalization usable on an opt-in basis, Zuckerberg dodged the question and said only that doing so would create “a lot more friction.”

Open Graph

At a developer conference, Zuckerberg recently announced the end of Facebook’s policy of not allowing third-party sites to store and cache any data for more than 24 hours. This led to a discussion about what Facebook calls the Open Graph, through which Facebook plans to connect disparate corners of the web with the preferences of its users. “If you mapped out all the connections between people and the things they care about,” says Zuckerberg, “it would form a graph that connects everyone together.” “Yelp will map the part of the graph relating to small businesses, Pandora will take on the music part, and Microsoft will handle document sharing,” Zuckerberg said. And Facebook owns the graph.

All partner sites can use “social plugins” that record the “likes” of users and their friends, and make the data available to advertisers. For example, you can click the Like button on a movie at the Amazon-owned Internet Movie Database, and your preference will be stored on your Facebook profile. The profiles or identities of Facebook users slowly cease to be just what they constructed on Facebook, and are shaped by their behavior elsewhere on the web. Web sites will begin to tailor themselves to individual users.

Not everyone is complaining about the lack of privacy on Facebook. NPR reported that credit collection agencies start their pursuit of debtors with the most promising source of all the information they need: Facebook. They search the Open Graph for keywords or “friend request” until they have access to a subject’s inner circle.

Additionally, 30 percent of employers have rejected applicants because of things they’ve found on Facebook and other social networks, according to David Kirkpatrick.
In fairness, Facebook has done a good job with ads—they are minimal in number and unobtrusive. But these ads are only foot-soldiers for the advertising invasion they have been planning.

Facebook's True Face

Facebook is both an infomediary and an intermediary. It occupies a pivotal position as the preeminent hub in the new information economy, and it is also the primary custodian of more information than has ever before been collected about human beings. As intermediaries and hosts for our communications with lovers, family members, friends, and colleagues, social network providers have access to extremely sensitive information, including data gathered over time and from many different individuals.

Despite Homeland Security, Google Analytics, and Facebook’s Data Team, people still hold to the ideal that they are free and have choice in their own lives. It is reasonable to expect Facebook to respect this democratic ethic and voluntarily assume a kind of fiduciary duty to its users. This kind of duty has to come before the realization of Facebook’s dreams for reengineering mobile communications and the web to become a more people-centric and integrated community. The Facebook motto, “Making the world open and connected,” may need to be thought through more carefully in terms of how they “make” it happen, and in what ways the citizens of the world want it to be “open” and “connected.”

While Mark Zuckerberg may believe in a concept called “radical transparency,” Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation, has called for Facebook “to stop acting as if they have a mission to make all of our private lives public.”

Electronic Frontier Foundation is also promoting a Bill of Privacy Rights for Social Network Users, including the right to be clearly informed about the options for privacy, what information is being shared to whom, and notified when any legal entity requests information about them. The bill also declares that users retain control over the use and disclosure of their data, and that they should have the right to have all personal data removed from social network servers if they decide to leave the service.

The Future of Facebook

And leaving the service is what a small but growing number of people have in mind. “Quit Facebook Day,” an online protest started by Canadian users, took place a few weeks ago—and there may be more. Over 35,000 Facebook users have pledged to permanently erase their profiles from Facebook’s database. They cannot, however, take their data with them. It was only last year that Canada asked Facebook to cease holding on to personal information from deactivated accounts, which is illegal under Canadian law. The changes that Facebook is making to quell the outcry, inadequate as they may seem, are possibly more a result of pressure from foreign governments than anything else. There has been “unusually strong international pressure from policymakers to force Facebook to change,” says Jeffrey Chester of the Center for Digital Democracy.

Will this upset over privacy slow down the meteoric growth of the company? It is interesting that Facebook gained only 320,000 new U.S. users in June after a blockbuster gain in May of more than 7.8 million. And a new report from the American Customer Satisfaction Index ranks Facebook in the bottom 5 percent of social media sites. In the survey, users complained about privacy concerns, interface changes, navigation problems, and aggressive advertising.

Mark Zuckerberg takes it all with a smile and does not seem overly concerned about the ruckus, or the severity of Facebook’s PR debacle. Zuckerberg and Facebook have been the focus of at least two books and are now the subject of a film, The Social Network, directed by David Fincher and based on technology reporter David Kirkpatrick’s account of the Facebook phenomenon. Zuckerberg says he doesn’t read a lot of the press, books or articles about Facebook and does not plan to see the movie. To the great modern prophet of staying connected, being disconnected sometimes is a good thing.

“Over time,” says Zuckerberg, “people will remember us for what we build and how useful it is to them.” Looking at the low number of actual defectors and the onrush of new users, Zuckerberg’s confidence is not misplaced. But, sooner or later, Facebook will have to learn that disclosure of our most personal information should be on an opt-in rather than opt-out basis. As blogger Chris Messina stresses, your identity is too important to be owned by any one company.

In fact, most users of Facebook are hoping that the company will act wisely and in a fashion that demonstrates a respect for user privacy. The challenge is that Facebook is on a firm trajectory of personalizing the web, which by nature requires information from users. At the same time, advertisers have ceased to be interested in buying space on Web sites—and now want to access user profiles. While not exactly locked in, users have invested Facebook with a great deal of data, and they tend not to want to close their accounts. This fact is not lost on Facebook.

Way Forward

Privacy is on the front burner for a reason: social network providers are eager to have the income from marketers and advertisers that help them sell their products in the most efficient way possible. This means that the data users are so eager to keep private has value. The Faustian bargain people make with social networks—your personal information for a platform to share it on—has been changing. Facebook and other networks are collecting far more information about their users than ever before.

That information, and aggregated versions of it, can and is being sold to marketers one way or another. Once you share your data on a network—even with your friends—you cease to own it. The social networks are scrambling to provide clever “products” and ways for you to input more and more personal information on their servers. In the scale of what they are collecting, the benefit to users who have given up most of their privacy is negligible.

Why should users give Facebook their information, preferences, relationship flow chart, and the ability to infer what it isn’t told directly? Users have almost no control over how information about them is used, or who ends up with the rights to use it in the future. But imagine how much users would share if they were building for themselves an income stream with their data. Imagine if Facebook revolutionized the industry and partnered with users to monetize their personal information, and in so doing the users took a share of it.

Trust is crucial for the sustained success of social networks. It may seem to Zuckerberg that Facebook users are tolerating the erosion of it well and keeping their accounts. But as soon as a viable alternative begins to pick up momentum, a mass exodus could ensue. Facebook could easily and quickly become the new MySpace. First, the early adopters achieve a critical mass at another new networking site. Then, the next wave of the techno savvy looking to bail start to migrate. And a little while later, only mom and dad are left on Facebook wondering where the kids went.

Viable alternatives are already springing up. A new network has been touted in the media that allows users to fully control the information they share by setting up their own personal servers, called “seeds.” Raphael Sofaer, co-founder of Diaspora, says that centralized networks like Facebook are not necessary. “In our real lives, we talk to each other,” he said. “We don’t need to hand our messages to a hub.”

Facebook’s growth curve is so strong that the recent privacy flaps seem not to have affected the numbers, but that can be deceptive. The biggest threat to Facebook is what Augie Ray, senior analyst at Forrester Research, calls “death by a thousand privacy cuts.” Messages about how Facebook has turned on its users and betrayed their trust are flooding the feed, and a new application called PrivacyDefender, a tool that automatically configures your Facebook privacy settings, is doing brisk business. The accumulation of lawmaker concerns, high-profile deleters, organizations raising consumer awareness, and security bugs (such as those found in Yelp) can create growing and important problems for Facebook.

Facebook is working on plans for its one billionth user celebration, projected to take place before the end of 2011. What better way to celebrate than for Facebook to announce a new philosophy for its relationship with its users: one of real partnership and respect. A plan could follow that specified how users will participate financially from the use of their data. Share personal information? No problem. Opt in? No problem. Facebook will be doing things differently, and it will get very different results.

No comments:

Post a Comment