ANALYSIS:It is questionable if Facebook users know what they are signing away when they join the site, despite reassurance from data commissioner
TO THE uninitiated, social networking sites make little sense. Why share the inanities of your life with hundreds of “friends”, most of whom you have limited, if any, contact with in the real world? But the 800 million registered users of Facebook – of which about two million are based in Ireland, and about half of whom log in every day – would beg to differ. The typical Facebook user now spends hours a day – both at their PC and on their mobile – communicating with their friends, uploading photos, reading news articles and engaging in the myriad activities that the social networking giant continues to add to its site.
For a company that was founded in a Harvard University dorm room in 2004 and is still in private hands, Facebook has managed to become a trusted custodian of massive amounts of highly personal information in an astonishingly short period of time.
While conspiracy theories abound about the service and its backers – including the evergreen one that the CIA has direct access to all your data – yesterday’s publication of a comprehensive audit of Facebook by the Data Protection Commissioner found that the company broadly values its customers’ privacy but has areas where it needs to improve.
In summary, the report says Facebook is not doing anything that is not legitimate and its activities seem to comply with Irish and European laws. But this conclusion applies only as long as Facebook users are fully aware of how their data is being used to provide them with targeted advertising.
There really is no such thing as a free lunch on the internet. Facebook is expected to generate more than $4 billion (€3.1 billion) in revenues this year and is on course for a stock market flotation next year that could value the company at $100 billion.
The core business model is simple. Users of the site share personal data – date of birth, relationship status, where they live, where they went to school and college, their political views – because they want to make it easy for their real friends to find them, but also because the Facebook page has become the default online identity for the majority of the population under 40.
Facebook uses this data to deliver highly targeted advertising to its members. For example, a florist can very quickly target all female users in Ireland who are engaged to be married, based on information they have given to Facebook, and be sure its message is reaching potential customers.
In its audit, the Data Protection Commissioner concludes “this basic ‘deal’ is acknowledged by the user” when they sign up to Facebook and agree to its terms and conditions and that the practice is “legitimate”.
But it really is questionable if Facebook users have any idea of what they are signing away when they click “I Agree” to join the site. This involves agreeing to a 3,100-word statement of rights and responsibilities that by the standards of the tech industry is written in something that approaches plain English.
Despite this, most users are probably not aware they have given Facebook “a non-exclusive, transferable, sub-licensable, royalty-free, worldwide licence to use any IP content you post on or in connection with Facebook”. In other words any intellectual property (IP), such as photos and videos, can be used as Facebook sees fit unless the user makes changes to Facebook’s notoriously opaque privacy settings or deletes their accounts.
The commissioner has made a number of recommendations about how privacy policies can be improved so that users can “make their own informed choices based on the available information”.
The cynical might ask if it really matters whether Facebook stores information on who “poked” who, what ads they clicked on, or who rejected their friend requests. That would be taking a very narrow and outdated view.
In the five years that it has been open to the public, it has become a microcosm of the internet at large. Unlike the internet at large, which is not controlled by a central entity, Facebook is entirely controlled by a commercial entity headed by its 27-year-old founder Mark Zuckerberg.
It is now standard practice for employers to check the Facebook pages of job applicants and even to keep tabs on employees when they join a firm. In 2007 an intern at Anglo Irish Bank’s US office became the subject of international ridicule when he asked for leave to deal with a family emergency but subsequently posted a picture of himself in a tutu at a Halloween party.
The same year a Fianna Fáil councillor in Wexford was forced to apologise after completing a joke Facebook quiz, called “What Drug Are You?”, which proclaimed to his friends and the internet at large that his personality type was comparable to cocaine.
But even more importantly, social media, including Facebook, played an important, if sometimes overstated, role in helping spread the message about the Arab Spring uprisings. In cases such as this, information on Facebook’s servers could potentially be the difference between life and death.
The Data Protection Commissioner made a number of recommendations about how Facebook should handle requests for information from law enforcement agencies or governments, but found that its approach was close to best practice.
As Google has found in China, there can be a high price to be paid for applying western standards of democracy in regimes with lower standards of human rights. Whatever about the outrage European internet users may feel about having their personal details shared with advertisers (which Facebook was cleared of), it is to the young company’s credit that it is taking a mature attitude to requests that could threaten people’s lives.
But, while the company’s intentions are good, it does not always deliver. Only last month a bug in the software behind the site exposed photographs that Zuckerberg had posted to the site but had marked as private. Last year, a Wall Street Journal investigation found unique user information from some of the most popular Facebook apps was being passed to advertisers in breach of the site’s own rules.
On a broader level, the attitude of Zuckerberg to privacy has been embedded into the way Facebook operates and it's a view that jars with mainstream notions of the term. Fortune magazine journalist David Kirkpatrick has had more access to Zuckerberg and other senior Facebook executives than any other journalist in the course of writing The Facebook Effect,which chronicles the rise of the company and the impact it is having on the world.
In a telling passage, he outlines how Zuckerberg believes privacy is an outdated concept and how the world would be a better place if all our personal details were in the public domain. Is it any wonder that, with each new feature or update, Facebook’s default is that you share all information with everyone
Sociologists already talk about “digital natives”, those aged about 30 and below who have grown up in a world where the internet was taken for granted. It shapes the way they consume media, interact with their friends and form their world views.
It is clear there is now a subset of that group emerging – the Facebook generation, led by their philosopher king Mark Zuckerberg – which believes society benefits by all information being accessible by everyone. The whistleblower website WikiLeaks is the extreme conclusion of that thinking as evidenced by its publication of sensitive diplomatic cables without blacking out the names of informers or others whose lives could potentially have been put at risk.
As that generation gets older, we will find out if this is simply an idealistic approach or whether, in the age of ubiquitous digital networking, our current notions of privacy are no longer fit for purpose.