Tuesday, April 27, 2010

Senators call on FTC to tackle social-net privacy

This represents some real good news (possibly anyway). Last week I wrote about the recent study by researchers at UC Berkeley and the University of Pennsylvania indicating younger adults DO want increased privacy and have views similar to those of their elders, even with social networks encouraging them to share more online.

Perhaps this new information has been helpful in giving some legislators the cover they need to start making social networking sites like Facebook address the myriad of concerns, and violations if you ask me, of user privacy.

Before I get to the article about a new effort by some Democratic Senators to regulate these sites, let me highlight another recent study that tells the story about what Facebook, and other social networking sites are doing to undermine privacy (and which could be stopped immediately without effecting the general enjoyment one gets from using them).

The study found that the 43 leading sites made privacy control settings difficult to find and to understand; and the defaults were almost always set to allow maximum dispersal of data.

Privacy expert Bruce Schneier recently summed up the problem in Forbes:

In January Facebook Chief Executive, Mark Zuckerberg, declared the age of privacy to be over. A month earlier, Google Chief Eric Schmidt expressed a similar sentiment. Add Scott McNealy's and Larry Ellison's comments from a few years earlier, and you've got a whole lot of tech CEOs proclaiming the death of privacy--especially when it comes to young people.

It's just not true. People, including the younger generation, still care about privacy. Yes, they're far more public on the Internet than their parents: writing personal details on Facebook, posting embarrassing photos on Flickr and having intimate conversations on Twitter. But they take steps to protect their privacy and vociferously complain when they feel it violated. They're not technically sophisticated about privacy and make mistakes all the time, but that's mostly the fault of companies and Web sites that try to manipulate them for financial gain.


Here's the problem: The very companies whose CEOs eulogize privacy make their money by controlling vast amounts of their users' information. Whether through targeted advertising, cross-selling or simply convincing their users to spend more time on their site and sign up their friends, more information shared in more ways, more publicly means more profits. This means these companies are motivated to continually ratchet down the privacy of their services, while at the same time pronouncing privacy erosions as inevitable and giving users the illusion of control.


Facebook tried a similar control grab when it changed people's default privacy settings last December to make them more public. While users could, in theory, keep their previous settings, it took an effort. Many people just wanted to chat with their friends and clicked through the new defaults without realizing it.

Facebook has a history of this sort of thing.
In 2006 it introduced News Feeds, which changed the way people viewed information about their friends. There was no true privacy change in that users could not see more information than before; the change was in control--or arguably, just in the illusion of control. Still, there was a large uproar. And Facebook is doing it again; last month, the company announced new privacy changes that will make it easier for it to collect location data on users and sell that data to third parties.

So now that we have an idea why Facebook - and sites like it - need to abide by some agreed upon rules when it comes to sharing our data, let's go to the article in C-Net detailing the proposals being made by various Senators, particularly Sen. Schumer:

A press release from Schumer's office announced that he has written to the FTC to ask that the agency "examine the privacy disclosures of social-networking sites to ensure they are not misleading or fail to fully disclose the extent to which they share information...(and) provide guidelines for use of private information and prohibit access without user permission."

This was prompted by the new products and services unveiled by Facebook CEO Mark Zuckerberg at the social network's annual developer conference, which took place in San Francisco last week. The big showcase at F8 was the "Open Graph," which aims to forge firmer channels of communication between multiple social-networking sites. In conjunction, Facebook rolled out something called "Instant Personalization," which lets users easily share the bulk of their personal profile information with third-party companies.

According to Schumer, frequent changes to social-networking privacy policies can be extremely confusing for users, and that the FTC currently does not regulate this at all.


"...As these sites become more and more popular, however, it's vitally important that safeguards are in place that provide users with control over their personal information to ensure they don't receive unwanted solicitations. At the same time, social-networking sites need to provide easy-to-understand disclosures to users on how information they submit is being shared."


Schumer's press release explains that "if the FTC believes it does not have the tools or authority to issue guidelines on privacy disclosures, he would be willing to offer legislation."

Is this the last straw? Security advocates and the occasional lawmaker have been complaining about Facebook's continual changes to its privacy controls for ages now, and yet the social network continues to forge ahead. It does, however, make changes here and there: late last year, controversy over Facebook's decision to make users' friends lists public resulted in a complaint to the FTC and ultimately a modification on Facebook's behalf.

Click here to read more.

In case you want a bit more information that proves Facebook and sites like it need to be regulated, consider more of the record. The company has been criticized for not allowing people to permanently delete their accounts and personal information from the site as well as their use of "Beacon" (no longer in use) - a technology that tracks user's online purchases and informs their friends.

Next, they released their new privacy settings, that were new, but were actually less private. There's more "publicly available information" that you can't control, there was the official "recommendation" that users should loosen their privacy settings, since Facebook's recommendations are less private than the previous default settings, most users have to click through to another page of privacy controls in order to strengthen their settings, and finally, the default settings are all set to the LEAST private setting

Even if your Facebook profile is "private," when you take a quiz or run any other application, that app can access almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. And these apps may have access to most of the info on your friends' profiles too—which means if your friend takes a quiz, they could be giving away your personal information, even if you've never used an app!

The privacy settings that address this issue remain buried behind too many layers of menus and the new controls still fail to explain what applications can really see.

Then there's government and law enforcement access. Facebook reportedly receives up to 100 demands each week seeking information about its users

Facebook’s draft privacy policy states that we'll be able to opt-out of third party sites that they have chosen to share our information with. But by default, we're all in. Seems a bit inconvenient, no? Another immediate question I had was what personal information are they sharing?

Add it altogether, and there's a real strong case to pursue the kind of legislation, or action from the Federal Trade Commission.

1 comment:

Lisa Valentine said...

I agree that Facebook's continued opt-on scheming is sneaky.

And anything that gives companies more excuses to simply block employee access to social media apps is counterproductive.

Here's a helpful resource if your company is blocking. It's a whitepaper called To Block or Not. Is that the question?”


It has lots of insightful and useful information about identifying and controlling Enterprise 2.0 apps (Facebook, Twitter, Skype, SharePoint, etc.)

Share it with the IT Dept.