Thursday, May 27, 2010

Facebook and Privacy: The Opt-Out versus Opt-In Debate

When it comes to privacy, May has been the month of Facebook (tomorrow's post to tackle Google's "WiSpy" Scandal!). In just the past couple weeks we’ve seen the social networking giant taken to task for its increasingly outrageous anti-privacy policies by a growing number of interests.

Senator Chuck Schumer has initiated action in the Senate, and the ACLU have urged members to demand the company address their privacy concerns (more than 80,000 people have signed the ACLU's Facebook petitions), over 162,000 Facebook users have joined the group “Facebook: Respect My Privacy”, the San Francisco Chronicle wrote a blistering editorial entitled “Unfriendly Facebook”, and The Electronic Privacy Information Center (EPIC) – along with a host of other consumer and privacy groups – filed a complaint against the company with the Federal Trade Commission (FTC), demanding that Facebook cancel new features introduced in mid-April that compel users to share more information than before.

Similarly, new tools are now available, “Reclaim Your Privacy” in particular, for the sole purpose of protecting user privacy from the never-ending Facebook assault.

It wasn’t always this way. As noted by the Chronicle, Facebook initially branded itself as the "safe" choice for people who wanted to stay in touch with their friends without blaring their information all over the Internet. After an endless series of changes to its privacy policy to "encourage" users to share information, very little about Facebook seems safe at all.”

In fact, as detailed by the Electronic Frontier Foundation , Facebook has continually changed and weakened its privacy controls and policies since its inception. Privacy violation highlights include:

  • Made users' friends lists public - resulting in a complaint to the FTC and ultimately a modification.
  • Refused to allow people to permanently delete their accounts and personal information from the site.
  • Installed "Beacon" (no longer in use) - a technology that tracks user's online purchases and informed their friends without permission.
  • Released new privacy settings that are actually less private – allowing more "publicly available information" that can't be controlled, making it easier for it to collect location data on users and sell that data to third parties, including your list of friends and their information, as soon as you visit their websites—without asking your permission, recommending to users to loosen their privacy settings, default settings are all set to the LEAST private setting and remain buried behind too many layers of menus, and the new controls still fail to explain what the applications can really see.
  • Facebook reportedly receives up to 100 demands each week from government agencies seeking information about its users.
  • Even if your Facebook profile is "private," when you take a quiz or run any other application, that app can access almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. And these apps may have access to most of the info on your friends' profiles too—which means if your friend takes a quiz, they could be giving away your personal information, even if you've never used an app.
  • The company recently admitted that in some circumstances – in direct contradiction to its promise – it sent the user name of Facebook members to its advertising partners. This in turn can be used to glean a person's name, interests, and list of friends.
  • Some people report that they are able to see the public "events" that Facebook users have said they will attend – even if they person is not a "friend" on the social network.
NetworkWorld summarizes some of the FTC complaint Filed by EPIC:

Facebook violated its own privacy policy by making user information publicly available with changes introduced the week of April 18, 2010, the complaint alleges. Facebook is now making information such as a user's hometown, education, work, activities, likes and interests public, whereas previously such information could be hidden, the complaint states.

"As a result of these material changes, Facebook requires users to designate personal information as publically linkable 'Links,' ‘Pages,' or ‘Connections' or to no longer make such information available,” the complaint states. Many Facebook users previously restricted access to this profile data, which includes users' friends list, music preferences, affiliated organizations, employment information, educational institutions, film preferences, reading preferences, and other information."

When the changes went live, Facebook presented users with a pop-up screen compelling them to link their profiles to various pages selected by Facebook based upon content entered manually into the user's profile. The user could either link their profiles to all selected pages, choose pages individually, or click the "ask me later" button.

If the "ask me later "option was chosen, users were later presented the same screen with only the "link all" and "choose individually" options. If they click "choose individually", they are taken to a page with a series of pre-checked boxes, forcing them to uncheck all boxes if they don't want their profiles linked to every page.

Facebook: The Embodiment of the Opt-Out Principle

The Facebook flap represents a landmark privacy debate with broad implications. The company has been actively undermining user privacy in the name of the almighty dollar for years now. Its opt-out model embodies the current debate over privacy in the information age.

The real question that must be answered is whether the individual owns his or her private information, or do companies like Facebook? If our personal information is truly "ours", then anyone wanting to use it must come ask us for it first (Opt-In), just like when somebody wants to use something else that we own.

This growing privacy debate is all the more important because the public is entrusting increasing amounts of private information to websites and online social networks.

Yesterday, in the face of this massive public outcry, Facebook CEO Mark Zuckerberg admitted he’s made mistakes and announced a new plan for protecting user privacy.

But once again, he refuses to stop giving away users' information without first asking permission. Making privacy controls less confusing, isn’t real privacy protection, and only reinforces the very Opt-Out principle that needs to be abolished.

As the San Francisco Chronicle editorial noted,Opting in is always better than opting out. Facebook's privacy policy is 5,830 words of legalese - longer than the U.S. Constitution (minus amendments). It's cruel and unrealistic to ask more than 400 million users to navigate it; far better would be to allow people to "opt in" to data sharing.”

No comments: