About Facebook
When one of America's largest electronic surveillance systems was launched in Palo Alto a year ago, it sparked an immediate national uproar. The new system tracked roughly 9 million Americans, broadcasting their photographs and personal information on the Internet; 700,000 web-savvy young people organized online protests in just days. Time declared it "Gen Y's first official revolution," while a Nation blogger lauded students for taking privacy activism to "a mass scale." Yet today, the activism has waned, and the surveillance continues largely unabated.
Generation Y's "revolution" failed partly because young people were getting what they signed up for. All the protesters were members of Facebook, a popular social networking site, which had designed a sweeping "news feed" program to disseminate personal information that users post on their web profiles. Suddenly everything people posted, from photos to their relationship status, was sent to hundreds of other users in a feed of time-stamped updates. People complained that the new system violated their privacy. Facebook argued that it was merely distributing information users had already revealed. The battle--and Facebook's growing market dominance in the past year--show how social networking sites are rupturing the traditional conception of privacy and priming a new generation for complacency in a surveillance society. Users can complain, but the information keeps flowing.
Facebook users did not recognize how vulnerable their information was within the site's architecture. The initial protests drew an impressive 8 percent of users, but they quickly subsided after Facebook provided more privacy options. Today the feed is the site's nerve center. Chris Kelly, Facebook's chief privacy officer, said that when he speaks on campuses these days, students approach him to say that while they initially "hated" the feed, now they "can't live without it."
Still, Facebook hit a similar privacy snag in November after it launched Beacon, a "social advertising" program that broadcast users' profile pictures and private activities as advertising bulletins. When a Facebook user bought a product on one of dozens of other websites, for example, the information was sent to Facebook and distributed across the user's network as a "personal" ad. ("Joe Johnson rented Traffic at Blockbuster," for example.) Many users had their pictures and actions morphed into advertisements without their consent, turning private commerce into public endorsements. That could be an illegal appropriation, according to Daniel Solove and William McGeveran, two law professors who specialize in digital privacy and who blogged about the issue.
MoveOn.org formed a Facebook group to demand that Beacon switch to "opt-in"--a default to protect uninformed users--and allow people to reject the program in one click. The group drew less than .2 percent of Facebook members, far less than during last year's feed protest, but this time MoveOn helped the protest group press specific reforms, generate critical media attention and even rattle some advertisers, who backtracked on using Beacon.
Facebook buckled, agreeing to make the ads opt-in and allowing people to reject the whole program, for now. Facebook founder Mark Zuckerberg apologized to users on the company blog, explaining the problem in the language of the new privacy. "When we first thought of Beacon, our goal was to build a simple product to let people share information across sites with their friends," he wrote. "It had to be lightweight so it wouldn't get in people's way as they browsed the web, but also clear enough so people would be able to easily control what they shared."
Yet both Facebook and its privacy protesters largely operated within the same model of privacy control--opt-in versus opt-out, sharing versus concealing. The traditional concept of privacy was largely absent from the debate: the premise that what people do on other websites should never be anyone else's business. After all, why would people want to browse the web with "lightweight" surveillance broadcasting their pictures and supposed endorsements of products they happen to buy? And why do people continue to give pictures and personal information to a company that reserves the right to use their photos--and their very identities--to sell more advertising, products and market targeting in the future?
Growing up online, young people assume their inner circle knows their business. The "new privacy" is about controlling how many people know--not if anyone knows. "Information is not private because no one knows it; it is private because the knowing is limited and controlled," argues Danah Boyd, an anthropologist and social-networking expert at the University of California, Berkeley, who studied the feed controversy for a forthcoming article in the journal Convergence. Facebook's Kelly also contends that privacy is shifting from an "absolute right to be let alone" to an emphasis on control. "We don't think [users are] losing privacy as long as there's a control machine and access restrictions," he said in an interview.
The feed rankled because it plucked personal details that previously existed in a social context, limited by visitors' interest in a person, and shattered any sense of concentric circles of control by broadcasting them across wider networks. (Students list hundreds of acquaintances as "Facebook friends," assuming that people they barely know don't check their profiles often.) Boyd compares it to yelling over loud music at a bar, only to find the music has stopped and everyone is staring at you.
Neither controversy has slowed Facebook's huge growth. It quadrupled its user base over the past year and is now the most popular website among Americans age 17 to 25. Facebook has achieved near total penetration of the college market, with more than eight out of ten college students registered. Older Americans are also flocking to the site: it draws 250,000 new members every day. Overall, it is the fifth most popular site in the country, ranking just behind YouTube. Young and old use it to divulge loads of personal information, often oblivious to the ramifications and ignorant of the basic features of the technology they use so effortlessly to socialize.
One study at the University of North Carolina, for example, found more than 60 percent of Facebook users posted their political views, relationship status, personal picture, interests and address. People also post a whopping 14 million personal photos every single day, making Facebook the top photo website in the country. Then users diligently label one another in these pictures, enabling visitors to see every photo anyone has ever posted of other people, regardless of their consent or knowledge. Even if users terminate their membership, pictures of them posted by others remain online. But users can't really quit, anyway.
Like guests at the Hotel California, people who check out of Facebook have a hard time leaving. Profiles of former members are preserved in case people want to reactivate their accounts. And all users' digital selves can outlive their creators. As the company's "terms of use" explain, profiles of deceased members are kept "active under a special memorialized status for a period of time determined by us to allow other users to post and view comments."
Facebook's 58 million active members have posted more than 2.7 billion photos, with more than 2.2 billion digital labels of people in the pictures. But what many users may not realize is that the company owns every photo. In fact, everything that people post is automatically licensed to Facebook for its perpetual and transferable use, distribution or public display. The terms of use reserve the right to grant and sublicense all "user content" posted on the site to other businesses. Facebook, a privately held company, rejected a buyout offer from Yahoo! last year and recently sold a 1.6 percent stake to Microsoft, which values the company at up to $15 billion. (Rupert Murdoch's News Corporation bought MySpace, the other leading social network site, for $580 million in 2005.)
Yet the same young people posting all this personal information and relinquishing their photos to corporate control still say they value privacy. A Carnegie Mellon study found that students on Facebook think privacy policy is a "highly important issue," ranking above terrorism, and many would be very concerned if a stranger knew their class schedule or could find out their political views five years from now. Of the students who expressed the highest possible concern about protecting their class schedule, however, 40 percent still posted it on Facebook, and 47 percent of those concerned about political views still provided them. The study concluded there was "little or no relation between participants' reported privacy attitudes and their likelihood of providing certain information."
The second part of this article will be posted tomorrow at TPMCafe's Table for One.
Yeah, there are a lot of privacy concerns with the internet and private corporations. No one likes the picture you've painted, but I'm also bothered by all the information gathered by credit card companies that detail everything I have ever bought with a card. There is a lot of scary shit out there.
But neither Facebook nor Visa can toss me in jail. Neither Facebook nor Visa can prosecute me for anything. Neither Facebook nor Visa can accuse me of being a terrorist or keep me in a secret detention center or subject me to torture.
I have no doubt that we need more regulation of personal information in the hands of private businesses, and I would like to see that legislation. But I'm always going to be more concerned about the government than I am about Facebook.
December 26, 2007 7:59 AM | Reply | Permalink
Except that the government works hand-in-hand with online companies and credit card companies to track you. How much longer before places like Facebook install monitoring software based on logarithms that flag "suspicious" activity which activates more intense surveillance? For all we know, they're already doing it.
December 26, 2007 8:19 AM | Reply | Permalink
Your response doesn't really have anything to do with what I said. You've missed the point. What did you think I meant when I said that I was more concerned about government when it comes to privacy?
If you don't like the fact that facebook monitors your purchases, don't use facebook. pretty simple.
December 26, 2007 12:57 PM | Reply | Permalink
It doesn't miss the point. You say neither Visa nor Facebook can prosecute you, yet they can pass information on to those who can prosecute you, often uses methods that the prosecutors themselves cannot legally (technically, though not practically) utilize. So the difference is merely one of degrees, and it's actually worse, in my opinion, since there's much less oversight of corporate domestic spying than government domestic spying.
December 26, 2007 1:23 PM | Reply | Permalink
It has everything to do with what you said. You said, "But neither Facebook nor Visa can toss me in jail," but that may or may not be true. They won't be the ones to through you in jail, but there's a good chance they'll be happy to turn over your data to the NSA, just like AT&T and the other telco's do. The government needs private corporations to do this kind of monitoring, so, in effect, there's no sense in making a distinction between "the government" and corporations that participate in this kind of monitoring.
December 26, 2007 1:36 PM | Reply | Permalink
Or, I can just shut up and let Jeff do the talking. :-)
December 26, 2007 1:37 PM | Reply | Permalink
Look, when it comes to facebook, this is all a bunch of bullshit. Facebook is a voluntary activity that no one is forced to engage in. It's not like it's email or your cell phone or something similar that is basically essential to modern life.
If we can be certain that the government is not getting access to personal information collected by private corporations, there is very little reason to be concerned about the collection of that information. When it comes to private entities, it is your responsibility to see that the information you don't want released to other people is not released. What we are worried about is when the government gets involved. That was my point. And Jeff came along and said, "Well, we should be worried about the government getting involved." Which is what I was saying. Facebook alone is not a big concern to me because I can manage what information is released to other people.
December 26, 2007 4:22 PM | Reply | Permalink
Facebook is a voluntary activity that no one is forced to engage in. It's not like it's email or your cell phone or something similar that is basically essential to modern life.
I would actually disagree here, especially with young people. Facebook and other social networking sites and applications *are* essential to modern life.
Young people don't use email. They just don't. They text and IM and use Facebook and/or MySpace to interact.
So I think the point of all this is not looking specifically at what is happening today with Facebook, but looking at where things are going. Social networking is really the way people will be interacting online, and as more and more of our lives move online (something that seems unavoidable...), more and more pressure will be placed on companies like Facebook to make our data available to the government. To the point that drawing a distinction between the government and the corporation seems quaint.
What was significant about Beacon is that it was really the first case of us being very overtly aware that we *cannot* manage what information is released to other people. Beacon took that out of your hands -- you rent a movie at Blockbuster, and now all your Facebook friends know you did.
December 27, 2007 7:28 AM | Reply | Permalink
Frankly, I don't understand the appeal of Facebook and MySpace. I signed up for one of them once, but I never did anything with it. I've been invited to join numerous times, and have had numerous people ask to be listed as a Friend - I treat all these requests like Spam.
Then again, I've never watched a "reality" show, either.
December 26, 2007 8:15 AM | Reply | Permalink
But users can't really quit, anyway. Like guests at the Hotel California, people who check out of Facebook have a hard time leaving...
Which is why I never signed up for a Facebook account, but it's hardly consolation. Everything we do today is tracked, marked, cataloged, and data-mined.
I somewhat question the original thesis stated here, that "social networking sites are rupturing the traditional conception of privacy and priming a new generation for complacency in a surveillance society" -- if we're looking for ways the "pump has been primed" in terms of getting to where we are today, I don't think we can talk about a "surveillance society" by focusing on social networking and not mention the larger issue of our government wiretapping our phones and reading our email, and the culture of fear that's been manufactured around the "war on terror."
I think they're two sides of the same coin. We're being lulled into complacency by both the State and the Corporation. More and more they're one and the same, anyway...as Jeff points out above. The NSA doesn't do its spying on its own. It gets help, from AT&T.
December 26, 2007 9:02 AM | Reply | Permalink
Do you think that George knows about all the bumper stickers I've bought? Nah! If he did I'd be in Gitmo right now.
Got to go...the doorbell is ringing...
Jan
December 26, 2007 2:34 PM | Reply | Permalink
If you are planning a trip to Georgia, you might want to fly.
Woman Gets $100 Ticket for BUSHIT Bumpersticker.
A 1991 GA Supreme Court decision struck down the statue against lewd bumper stickers, so the action of this cop was purely personal.
...the delusional is no longer marginal. It has come in from the fringe, to sit in the seat of power in the Oval Office and in Congress. Bill Moyers
December 26, 2007 6:58 PM | Reply | Permalink
The Constitution, despite its checks and balances, still depends on the good faith and integrity of the Government officials. A President who respects and embraces the limits of their own power is going to do far less damage than George W. Bush.
Bush simply assumes that whatever he wants to do is Constitutional. He knows there will be a two-year lag before the courts weigh in, and uses this period as a free pass. By the time the first rulings are issued, the program is up and running and the precedent is established. So the court rolls back 10% of the most egregious illegalities.
But public outrage has died off. So the boneheads in Congress go ahead and authorize the 10% that was illegal, plus an additional 20%. And so it goes. We live in a country where the most intimate details of your life are recorded in somebody's hard drive, and the only thing preventing the government from getting its hands on it is the integrity of the President, who hopefully has the decency to not abuse his or her power.
Elections matter.
December 26, 2007 9:15 AM | Reply | Permalink
As we have learned the hard way in Iraq, hope is not a plan. If we have to depend on the person sitting in the Oval Office to have the decency of a George Washington, then we may as well fold the tent, because people like that are the rare exception to the rule. The Founders knew that -- that's why so many were wary of creating a powerful president in the first place, and why they tried to put so many constraints on that office's exercise of power.
We need for Congress to re-assert itself as an equal counter to the power of the presidency, and we need a Congress that is not afraid of using the tools of impeachment, investigations, denial of confirmations, and veto overrides in order to make that assertion. Unfortunately, I don't see any quick and easy way to bring about such a transformation. But without it, American democracy is in serious trouble.
December 26, 2007 10:35 AM | Reply | Permalink
As a practical point, you can prevent beacon tracking by blocking URLs matching the following patterns:
I use Privoxy to do so, but there are other ways.
I'm ambivalent about Facebook -- it's one of the only places online where I don't use a pseudonym, because their content is not accessible to search engines, and because the privacy settings can be configured to prevent people other than "friends" from seeing any information. It's still essentially public space, but much less so than the rest of the web. True, they can sell whatever information I put up there, but since I talk on the phone and pay for things with a credit card, I don't have much real privacy anyways.
December 26, 2007 9:59 AM | Reply | Permalink
This site shows how to do it with Firefox ad blockers...
I think your comment both proves Danah Boyd's point in AM's article, that privacy is all about controlling your information, rather than no one ever seeing it, but it also proves just how difficult it is for the "average person" to prevent a site like Facebook from sharing their info without them ever realizing it.
If you know what you're doing, Facebook can be mostly private. Or maybe private to the extent you want it to be is a better way to say it. The problem is, most people don't know what they're doing.
I'm torn about ad blockers. I don't like that advertising based on clicks is the value mechanism of the web, and I think that blocking ads is not only a convenience, but can be a political act. (Just think, if we all blocked ads...)
On the other hand, I want my favorite sites like TPM to stay around.
December 26, 2007 10:14 AM | Reply | Permalink
Even people who do know what they're doing have a hard time: it's not as if Facebook advertised this change, and I didn't even know about it until a few vigilant bloggers made enough of a fuss to get it mentioned on Slashdot. So again we have to keep repeating "opt-in, not opt-out" until more people get it.
Regarding ad blockers, Privoxy lets unblock ads on some sites. I do this for TPM and TPMCafe, and maybe a couple of other places. My main problem with online ads is that they are distributed by a very few companies (e.g. google, doubleclick), who gather your complete web history with tracking cookies. Since ad blockers only work well as long as most ads come from a few sources, I don't think we need to worry about the demise of ad supported content. People would just move to hosting their own ads, and tracking would no longer be a concern.
Regarding online privacy in general... It's not so much that we're providing more information online, but that more people can access more of it, and none is ever truly forgotten. Our conversational styles still need to evolve to this new reality.
December 26, 2007 8:11 PM | Reply | Permalink
Hey, thanks for the good tips. Also, you write in passing that Facebook's
Facebook actually did open the site to searches in September. Users must opt-out to avoid being listed. I describe this in part II of this article, (which will be posted here tomorrow). Here's the graph on it, in case it's of interest:
December 26, 2007 2:18 PM | Reply | Permalink
Thanks for the reminder. I'm in the habit of periodically checking the privacy page to see what they have changed, so I disabled this "feature" soon after it came out, and forgot having done so. If they only allow people to find or see your name and picture, it's actually not so bad. And to their credit, at least Facebook lets people turn these things off. That's much better than Google's typical response of "suck it (unless you're China or the pharmaceutical industry)." Still, it does show how we have to remain vigilant.
December 26, 2007 8:08 PM | Reply | Permalink
Hi all --
I've responded to several reader comments in this new TPM post here.
December 26, 2007 2:14 PM | Reply | Permalink
Remember how the old stereotype used to be
japanese tourists with cameras, taking pictures
of everything? Well, now instead of just being
aimed at Ted Koppel, that camera's going EVERYWHERE, shrunk down now to where it fits
in your cellphone, and there's all these businesses that have em, and the government's
got em, cameras cameras everywhere. I guess
you can't afford to be camera-shy in the 21st
century...soon, all things will be CBS...
December 26, 2007 3:24 PM | Reply | Permalink