Tuesday, April 27, 2010

Sens. press Facebook on giving data to advertisers

From the Washington Post's Cecila Kang,
Sens. Charles Schumer (D-NY), Michael F. Bennet (D-Colo.), and Al Franken (D-Minn.) plan to send a letter today to Facebook, urging the social networking giant to change the way it gives user data to third-party advertisers.

Last week, changes at Facebook made data from its users available to third parties unless a user opted out, the lawmakers said. That means, they said, the default for most users is for private information to be available to advertisers and other third parties.

"Social networking sites are a Wild West of the Internet; users need ability to control private information and fully understand how it's being used," the lawmakers wrote in a news release. They will hold a news conference at noon Tuesday and release a letter they will send to Facebook asking for changes to the site's privacy policies.
As we discussed yesterday, Facebook has again appeared to increase its sharing of its users data with third parties. Over the past two years Facebook has pushed more of its users data into the open. First with the infamous News Feed, then with Beacon program, followed by its recent redefinition of publicly available information which allowed for Google to crawl Facebook, and now with this new program that shares data with a growing list of third party providers.

We discussed repeatedly in class that privacy is properly defined as the ability to control how your data is used. It seems clear that Facebook is pushing the limits of its users privacy by removing an individual users ability to control how his or her personal information is shared with and used by third parties. Sadly, Facebook could avoid many of its impending perception and potential legal problems if they simply adopted an opt-in policy instead of forcing user data into the public domain and only allowing users to opt-in after it may be too late.

16 comments:

BloggerWannabe said...

I think that it is very interesting that politicians are now getting involved in the Facebook privacy issues. It could be an attempt to appeal to young voters who are probably use the service the most. I have noticed just using Facebook recently that more and more advertisements are geared towards what might be considered by interests based on my Facebook activity, for example advertisements for events in the Washington, DC. I recently read an article about the new problems that are developed from the Graphic API that Facebook now has. It there is a API Hole in which if you search a person on Facebook you can find out all of the events that they are 'attending' or 'maybe attending' despite if the person has on the maximum privacy settings on Facebook. Here's a link to the article for more information:

http://www.switched.com/2010/04/27/facebook-api-hole-displays-user-events-to-the-world/?icid=main|main|dl8|link4|http://www.switched.com/2010/04/27/facebook-api-hole-displays-user-events-to-the-world/

The article also has a tag or link to another website that allows you to test what comes up if someone searches you or your alias on Facebook. I used the mechanism to see if people could find any information about myself through a public search on Facebook and I did not get any return results. Which either means that I the API hole does not affect my profile or that the search engine may be faulty. I think they should create an opt-in/opt-out feature similar to the how Google created more features to 'turn off' Buzz and your profile after the Google Buzz controversy.

Christopher Butterfield said...

I personally am encouraged by the Senate’s attempt to get involved in the Facebook privacy debate. As is evident by the hundreds of “We Hate Your Changes, Change Back!” groups, Facebook is not easily manipulated or influenced by users. In fact, with so many users now online, a million member group against a privacy change like this is an easily ignored drop in the pond. We could use a senator or two as advocates, and the cyber-security of millions of Americans seems a better use of government time than Senator Arlen Specter’s attempt to re-write history and get 2006 Super Bowl rings for the Philadelphia Eagles.
Facebook seems to have quite simply lost touch with their users. When I went ahead to “opt-out” of my new privacy setting, Facebook sent me this wonderfully naïve warning: “Allowing instant personalization will give you a richer experience as you browse the web. If you opt-out, you will have to manually activate these experiences.” Imagine that. Me having to manually hand over my personal information? What a travesty. And since when is knowing what my “friends” are viewing on the Washington Post a “richer experience?”
Of course, Facebook is kind enough to share with you, even after you “opt-out,” that you haven’t really “opted-out.” The end of the message is “Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application.” Basically, Facebook is telling me that I can pretend to be more private, but its kind of useless because they’ve already opened the floodgates through all my hundreds of Facebook friends, many of whom aren’t friends to begin with. I think its high time the Senate gets involved, how else can we expect Facebook to sit down in front of its users (or the twelve users who watch CSPAN) and explain why they’ve become so share-happy with our information.
In fact, I’d like to see a Senate commission rip the Facebook executives to shreds like they tore the Goldman Sachs pricks to pieces yesterday. Privacy on Facebook? Talk about, as Senator Carl Levin from Michigan said so many times to the fat cats, “a shitty deal.”

Allison R said...

I think it is extremely necessary that our representatives are now taking political action to uphold our privacy. This is after all why we elect them right? To uphold the constitution, which has come to include our right to privacy. In the most basic sense, privacy is our right to control our information and how it is being distributed. It seems to me that facebook's control of our information has the potential to committ all sixteen types of privacy harms within the taxonomy of privacy. As if they did not already have enough information about us, a site like facebook leads to the aggregation and secondary use of our "private" data.

Now that I have taken Into to Information Privacy I realize how unsafe my information is anywhere let alone on social networking sites. Like most others who are on these sites, before this class I was naive enough to think that if i pressed the button that made my profile private, It actually would be private.

Something must be done to restrict these social networking sites because not only do they cause privacy harms, but they facilitate cyber crime. When criminal creates botnets they often bring the information through these social networking sites before returning to the host. These sites have such heavy traffic that the criminal's ip address is practically undetectable, so they use these sites to send their commands and controls to various bots within the system.

Social networking sites have opened the floodgates to privacy harms, whether directly through aggregating their users data, or indirectly by giving criminals a secure connection through which they can establish holds on computers to create a botnet. I am encouraged that in this new age of techonology, our representation can see that there will be a new set of harms to our privacy that they must act upon to protect the people.

Unknown said...

I think what this situation boils down to is an all-around ignorance among the American people about how the Internet works and the very real privacy dangers of having your information floating around the Web. In fact, I would argue that this is the entire reason why the Internet is such a lawless place—that it’s not because the idea of privacy laws in cyberspace doesn’t make sense (it makes a lot of sense), but that our lawmakers don’t understand how the Internet works enough to figure out how to craft laws that would fit. After all, if lawmakers don’t have a clue how the Internet works, they won’t be able to create laws that adequately anticipate the way future privacy violations will occur on the Internet—and a law without at least some foresight, particularly in the rapidly changing cyber landscape, is essentially useless. Because for every offense you put down on paper, without foresight, people will just find their way around it, leaving you perpetually stuck several steps behind. In the end, you’ll be left with a law that does nothing but punish specific violations without protecting the larger rights it was designed to safeguard (not unlike the whole video rental privacy law we talked about in class).

So for instance, if a law had been passed about privacy on social networking sites prior to this latest Facebook incident, there’s a good chance Facebook might have been able to get itself off the hook by saying that the content on The Washington Post website did not constitute data sharing, but was just Facebook renting out new space on another website—and, after all, you said Facebook could have your info. So in this particular instance, we would have needed a law that had some foresight and would have contained some terms anticipating just this sort of violation. But especially in the context of the Internet, foresight requires knowledge and information that I’m willing to bet our lawmakers don’t have.

Marisa said...

I see this as an incredibly difficult impasse - where to draw the line between convenience and privacy? Thrown together with an eye for the bottom line and ignorance on the part of a good percentage of those hundreds of million Facebook users, the issue becomes more complex. As soon as we discussed the issues in class, I opted out of everything possible. However, to play Devil's advocate, it can be informative to have features tailored to individual interest. Just today, I read an article in the NYTimes (http://www.nytimes.com/2010/04/29/sports/29mudder.html) for a new adventure racing company that has attracted legions of fans with a small budget via Facebook - "The Web site went online in early February, and $8,300 was spent on Facebook ads aimed at specific demographics — young professionals, runners and extreme athletes, police officers and firefighters, and those in the military who lived in the vicinity of Allentown and within 50 miles of New York and Philadelphia."
Arguably without sharing of this data, users would miss out. At some point though, the issue of disclosure and permissions does become an issue. as it seems Facebook is constantly making these changes. We discussed the red line in class, which these Senators say has already been crossed - has it? Does establishing this line encourage other social networks to extend the envelope when it comes to sharing user information?
In other Facebook-is-becoming-ever-creepier news, has anyone else noticed we can no longer hide our super-old posts on others' walls?

K Garcia said...

As Cecila Kang describes it, Facebook certainly can be considered a ‘Wild West of the Internet’, but as an internet using community, we must realize that with greater freedom will always come greater risk. Facebook, like almost any other social networking website is a business, and they make their money through advertising. So in order to appease the majority some must be put at risk. The internet is slowly becoming a more competitive market and, and in order to increase revenues, facebook must take preference to the financial concerns of their marketing clientele over their casual profile clientele. Certainly their are points when the exploitation of privacy has gone beyond acceptability, and hence is when the government needs to take control and and set restrictions. Based on the very limited range of information that Facebook profiles contain about their users guidelines for privacy intrusions can be easily set. For the most part, Facebook profiles may have your birthdate, friends, interests, and general area of residence (If one chooses to input these things), but its not necessary or typical that one would give very personal or potentially jeopardizing information to a social networking site ( though these things can be jeopardizing at times). Really, we create our own amounts of risk, based on what we input in the network. With government guidelines and online safety tutorials the general integrity and security of most people (not all) can be protected. Such need to be instituted as soon as possible.

Julia said...

http://scitech.blogs.cnn.com/2010/04/29/50000-websites-like-the-new-facebook-button/?iref=storysearch

http://www.cnn.com/2010/TECH/04/29/cashmore.google.facebook/index.html?iref=allsearch

It really feels like the beginning of an action movie, if I am honest. The two main players, facebook and Google, fight for the control over the world. (well, virtual world for now)Furthermore, nobody is really doing anything against it. The point I want to make is that this is like the "silence before the storm". Throughout history nothing bad happened as long as there was a balance between powerful players. The moment one powerful player dominated he misused his power. However, the main difference was that this always happened on a political level and was limited by country/continent limits. But the virtual world is not limited to any geographical or political boundaries. The more those two players dominate the social network world (facebook and gmail/gchat) the more power they gain. Furthermore, both already started to influence other regions of the internet. Business is the main one. I think the government should have reacted earlier! Those are both American companies. Moreover, both companies went into the international virtual world and do whatever they want there. It becomes more difficult to exist in our society without a virtual presence. I personally do not know anybody, who does not have a facebook account.
They are not even able to take care of their own security and protection of the data, they are saving. I really do not think that they have the right to collect and distribute our data in the first place. But both have been already hacked and infected. This means that they are not able to take upon them the responsibility of protecting the data they collect without permission. As far as I remember there existed the concept of “informed consent”. Some actions cannot take place without the “informed consent” of the parties involved. There need to be laws in every country, but also internationally, which prohibit data collection without the “informed consent” of a party.

Daniel L said...

I don’t have a problem with Facebook’s business model. Companies need to make money somehow. However, they should be held accountable for failing to inform people of their privacy policies in a concise and accessible way. In fact, they often mislead them, using dense legal jargon that is difficult for anyone without a law degree to understand.

Companies tend to present privacy settings/policy changes as giving people more privacy when in fact the opposite is often the case. Last December, Facebook’s founder Mark Zuckerberg sent an open letter to the Facebook community announcing new privacy settings (http://blog.facebook.com/blog.php?post=190423927130). Not surprisingly, he billed it as an example of how much Facebook cares about empowering their users to have more control of their personal information. While some of the changes were improvements, most of them, as the Electronic Frontier Foundation noted (http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly), actually further threatened users’ privacy.

It is also concerning that despite outspoken resistance from users, privacy advocates, and now lawmakers, many of these companies simply don’t seem to really care. They continue to persist in gradually (and underhandedly) chipping away at our privacy. It would be refreshing to see more companies be upfront about what they do with our information. As Ned noted in a blog post earlier in the semester, Backupify.com is an exception with a clear policy that others would do well to follow. Unfortunately, most social networking sites and other Internet companies seem to want to have it both ways. They like to present themselves as being for “the little guy” while at the same time having complete control over our information. Though it may not “be evil,” it sure isn’t honest.

Unknown said...

It is unreal how much Facebook has exploded in the last few years. From being a small website being run in a dorm room, to expanding out and making connections with The Washington Post and CNN. "These new products and features are designed to enhance personalization and promote social activity across the Internet while continuing to give users unprecedented control over what information they share . . . All of Facebook's partner sites interact with a user's consent," Schrage wrote. Unfortunately for the public, these new products and features were done without the consent of the users. Ben made a very good point in his post relating how it is easier for these companies to just come out and apologize for the inconvenience of the public, rather than inconveniencing them by asking for consent beforehand.
The fact that Facebook has swelled to the magnitude of having major politicians use it to rope in the young voters is ridiculous. Facebook has slowly taken away near all of the privacy settings that made it an attractive site for new users. That was years ago, when individuals were trying to ease their way out of the grasp of MySpace. Now these two websites are nearly the same. The privacy of individual user’s information just does not seem nearly important enough to the companies exploiting it.

Alejandro said...

Although political action would be an important first step towards ensuring our privacy on the internet, some of the damage is already done. As we have seen in class, once date is floating around the internet it is virtually impossible to eliminate it. For this reason, the idea to have an opt in option rather than opt out of sharing users' information seems like most sensible way to protect privacy since by the time people realize a change of policy, such as this one, as taken place, their information has already been release without them having any control over it, and making the odds of controlling the information any further extremely low.

Thus, I agree that legislation needs to be created to in order to ensure the privacy of individuals online. At a moment in which people put increasing amounts of personal data online, without realizing the risks, as well as using the internet to connect with their family and loved ones all over the world, the protection of privacy online is only going to increase in importance; additionally, as we have seen, we cannot rely on companies to monitor themselves since they keep pushing the borders of what they can get away with in order to gain a bigger market share.

Deven said...

I think Marisa brings up such a good point that others tended not to focus on: we like the fact that facebook and gmail target us with advertisements that appeal to our interests. This company mentioned in the NY Times article Marisa shared was taking advantage of an open marketplace. Should companies be able to look into the preferences of a user?

I say, if someone is willing to have a facebook profile decked out with personal information, they should be comfortable with that information being sold. There is a ton of risk setting up an account. I didn't even realize how much I was selling my personal information until after taking this class. But while I do have a slightly harsher opinion of ignorant users not realizing how exposed they are, I'm not willing to give up the fun of facebook. It is incredibly scary that third parties know what kind of music I like or what articles I read on cnn.com (thanks for that tip, Ned!). But I like the convenience of facebook.
After testing out the Graphic API site, I discovered that my profile picture is the only thing visible. Not so bad, right?
If I hadn't taken this class, it wouldn't have crossed my mind how my posts on friends' walls and events are much more open since I am not controlling THEIR privacy settings.
What bothers me about FB is how they constantly change privacy settings and then inform users after. They should learn from Google Buzz backlash that opt-in is so much better than opt-out.

Google rolled out Buzz and all the sudden, relationships, connections, and message threads were all visible without the consent of the user. Public blacklash changed Buzz...can the same be done for FB, or are people too oblivious/obsessed?

Katherine Scholle said...

You guys have probably heard about the tweet by a technology blogger for the New York Times about Zuckerberg's stance on privacy..

“Off record chat w/ Facebook employee.. Me: How does Zuck feel about privacy? Response: [laughter] He doesn’t believe in it.”

Facebook has been pretty quiet about this, but even thought it's an 'off record chat', throughout the past two years or so, Zuckerberg has already made it pretty clear that he feels this way about privacy.

Zuckerberg has continually defended Facebook's invasion of privacy by claiming that notions of privacy are changing. It's funny that through all of this he doesn't seem ready to take responsibility for Facebook's role in this.

I think people are generally starting to accept that if they want to participate in Facebook, they need to sacrifice their privacy. With everyone and their mother on Facebook today, it's hard to be a non conformist and refrain from participation. Not that it would matter once you have an account, because as we know, once you join Facebook your information is in their database forever.

When I checked out Mark Zuckerberg's fan page- his 'About Me' section reads:

"I'm trying to make the world a more open place by helping people connect and share."

I think it's pretty obnoxious that Zuckerberg continues to pretend he has this noble goal. Last week Wired posted an article entitled 'Today Facebook, Tomorrow the World' which I think does a good job of summing up Zuckerberg's intentions! (http://www.wired.com/epicenter/2010/04/facebook-becomes-web/) The author writes about how Facebook is aiming to make itself 'the center of the internet, the central repository and publisher of what users like and do online.' If Facebook can explode as much as it has in the last several years, I'm quite afraid of what comes next.

Daniel L said...

I don’t have a problem with Facebook’s business model. Companies need to make money somehow. However, they should be held accountable for failing to inform people of their privacy policies in a concise and accessible way. In fact, they often mislead them, using dense legal jargon that is difficult for anyone without a law degree to understand.

Companies tend to present privacy settings/policy changes as giving people more privacy when in fact the opposite is often the case. Last December, Facebook’s founder Mark Zuckerberg sent an open letter to the Facebook community announcing new privacy settings (http://blog.facebook.com/blog.php?post=190423927130). Not surprisingly, he billed it as an example of how much Facebook cares about empowering their users to have more control of their personal information. While some of the changes were improvements, most of them, as the Electronic Frontier Foundation noted (http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly), actually further threatened users’ privacy.

It is also concerning that despite outspoken resistance from users, privacy advocates, and now lawmakers, many of these companies don’t seem to really care. They continue to persist in gradually (and underhandedly) chipping away at our privacy. It would be refreshing to see more companies be upfront about what they do with our information. As Ned noted in a blog post earlier in the semester, Backupify.com is an exception with a clear policy that others would do well to follow. Unfortunately, most social networking sites and other Internet companies seem to want to have it both ways. They like to present themselves as being for “the little guy” while at the same time having complete control over our information. Though it may not “be evil,” it sure isn’t honest.

Unknown said...

Taking into account what Katherine said about Zuckerberg's claim that notions of privacy are changing, I think it's interesting to note the generation issues at play here. The current generation of kids and young adults has grown up almost as computers and the internet have grown up. We have had computers around for the majority of our lives and we've seen the internet go from creeping slow dial-up lines to the point where if a page takes more than 5 seconds to load or Google takes more than 0.786 seconds to complete a search, something has gone drastically wrong.
As we've discussed in class, the world has become more interconnected as the internet has gotten faster and computers have become more ubiquitous, and our generation has grown up watching this. I fear that as our generation has grown up seeing this, we have also grown up with a breakdown in privacy. Sadly, since we've grown up with the walls of privacy crumbling, we're OK with it, like if we grew up down the block from an abandoned airfield that got more and more overrun by weeds and turned into a junkyard. When a neighborhood council met 20 years down the line, people in the neighborhood who'd grown up looking at the airfield as an eyesore would be heavily in favor of building a new strip mall on the site rather than leave it looking like a dump. Then, only after the project has been nearly completed, one of the young hotshot council-members listens to the wise old man down the street who tells him that that plot of land was the take-off point for Charles Lindbergh's first solo trans-Atlantic flight.
In this metaphor, I'm substituting an historic landmark for the idea of privacy to show that as generations change, our concept of privacy has been altered as our cultural focus has shifted. It seems like Facebook, MySpace, Twitter, and everything else that is supposed to "connect" people has simply ushered in an era where privacy matters little and making yourself visible matters most.
My mother and aunt have long told me to be careful of what I put online because you never know who can see it. And this is coming from two women, now in their 50s, who use computers for the bare essentials- word processing, some banking/online bill-payment, checking stocks, and emailing with people who refuse to communicate any other way. However, they have both gone through their fair share of job interviews, and they know that the less personal information about you that is publicly available, the better, and they are wary of the privacy issues represented by the internet.

Unknown said...

I think what will ultimately become of privacy is what you make of it. Eventually, you're going to have to learn to educate yourself on privacy policies and what you can do to protect yourself. I suppose that's what this class is all about. It's easy to say this coming from the socioeconomic class we're from, at the elite university we're attending, but there doesn't seem to be much recourse otherwise. I've gone through my friends' facebook profiles only looking at the amount of information they tend to put on their public profile, and there is a marked difference in those who are comfortable/uneducated with the privacy of their pictures, posts, etc., and those who hide. There doesn't seem to be much in between - either they're as protected as they can be, or most of their information is still open to the public. It's not going to be easy to educate the public on protecting their information, and I feel like a lot of it is going to be trial and error - people will learn only after their information has been stolen and/or taken advantage of.

What's really interesting to me is what this deluge of privacy means for corporations and marketing. There is so much information about people, their wants, needs, etc., completely for free and at their disposal. How is this going to revolutionize commerce and the financial industry?

Jessica Hardy said...

Upon looking at the Facebook Privacy Policy, I was fascinated to find how vague and carefully worded it was. In order to see what information Facebook was able to provide to third parties I thought it was interesting that the title of the section was called "Information YOU Share With Third Parties" instead of "Information WE share." This is already insinuating that the user has made a conscious decision to share their information with any of Facebook's "authorized" third parties. There is no mention of how this authorization works and what standards Facebook believes a third party should uphold. In the Facebook Platform it states "Prior to allowing them to access any information about you, we require them to agree to terms that limit their use of your information. Looking at this I thought "If I am the only one who is "sharing" this information (as so explicitly stated in the title) then why is it Facebook's job to agree to the terms? Shouldn't I get a say in what the terms are before my information is seen on any third party that can get their hands on me? I then looked into Facebook's Statement of Rights and Responsibilities in order to see if I had any control over the terms that were given, and once again I saw vague specifications. They use terms such as a "reasonable amount of time" or "respectful usage" in order to basically say that you aren't sharing your information for the amount of time that you choose to be on Facebook, but you are actually giving your information for an unlimited amount of time and there is nothing you can do about it. They say at the bottom of these so called "rights" that they "appreciate feedback and suggestions about Facebook, but you understand that we may use them without any obligation to compensate you for them (just as you have obligation to offer them)." Well thank you Facebook for that appreciation, but I'm pretty sure that that could have read more like "We are going to take what you do, what you say, and who you are, and do anything we want with it. We have no obligation to you because you are the one to be on this site." To me these almost seem like fighting words and I have a feeling that Facebook is going to continue to exploit information regardless of the "suggestions," and there are going to have to be some pretty big legal fees to change their minds.