Six lessons from Facebook’s privacy wars
It’s notable that in the past week or so the murmurs about Facebook’s slack approach to privacy have gone from a whisper to a scream. And at least some of the noise has been coming from very select members of the digerati; Wired, Gizmodo, danah boyd, Jeff Jarvis, and David Weinberger have all joined in. They seem to be playing to an enthusiastic crowd. But why now, when Facebook’s slackness on privacy has been known for years (it’s one of the reasons I’m not a member)? I think it comes down to two things: firstly, speed of change, and secondly, scale.
For anyone who’s missed the story, Wired probably has the best summary: Facebook realised sometime last year that it had enough users and knew enough about them to transition itself from a social networking site to the place where its users kept their online identities – clearly a more valuable commercial proposition. But to do that, it needed to turn personal data into public profiles:
So in December, with the help of newly hired Beltway privacy experts, it reneged on its privacy promises and made much of your profile information public by default. That includes the city that you live in, your name, your photo, the names of your friends and the causes you’ve signed onto. This spring Facebook took that even further. All the items you list as things you like must become public and linked to public profile pages. If you don’t want them linked and made public, then you don’t get them — though Facebook nicely hangs onto them in its database in order to let advertisers target you.
There’s a great visual summary of how quick and how dramatic this change has been by the IBM researcher Matt McKeon. And at the same time, it’s become much more complex for users to manage their privacy settings; it’s one of those things that’s mostly possible in theory, but difficult and time-consuming in practice. It’s worth checking out an application called openbook which searches profiles and demonstrates how people saying unwise things in their status updates are – probably unwittingly – broadcasting them to the internet. As openbook puts it:
Facebook helps you connect and share with the people in your life. Whether you want to or not.
Facebook’s been playing loose with its users’ privacy settings pretty much ever since it moved out of its original student user base. The company’s publicly stated view is that attitudes and values about privacy are changing and it is merely responding to these changes (but then, it would say that, wouldn’t it?). Its founder Mark Zuckerberg made a speech in January this year in which he said that “Privacy is dead”. (Whether he believes it or not, and there’s some evidence that he might, it’s a convenient point of view if billions of pounds are riding on it). And Zuckerberg has played fast and loose, pretty much with everyone, ever since he started along the Facebook route, as Jason Calcanis has pointed out.
The internet and privacy
It’s true that the internet does test ideas about privacy. Google’s had a number of problems here as well, most recently when it launched Google Buzz without thinking it through. At the SXSW conference this year, the researcher danah boyd picked up on both companies in a presentation. As she wrote later, in a blog post that’s the best single introduction to the Facebook privacy question, the response was instructive:
My SXSW used a bunch of different case studies but folks focused on two: Google and Facebook. After my talk, I received numerous emails from folks at Google, including the PM in charge of Buzz. The tenor was consistent, effectively: “we f*cked up, we’re trying to fix it, please help us.” What startled me was the radio silence from Facebook, although a close friend of mine told me that Randi Zuckerberg had heard it and effectively responded with a big ole ::gulp:: My SXSW critique concerned their decision in December, an irresponsible move that I felt put users at risk. I wasn’t prepared for how they were going to leverage that data only a few months later.
When you’re in a hole, I suppose, the best tip is to stop digging. And we don’t yet know how this will play out. Facebook has got huge critical mass; when I talk to some of my younger colleagues, they feel locked in. They’re aware of Facebook’s behaviour and increasingly bad reputation, but their life and their social networks are mediated through Facebook. They are the victims of bad timing. Nancy Baym has a good post on her mixed feelings about this; a desire for an ethical Facebook. [And, update, 21/05, O'Reilly has just asked on its blog about people's "Facebook tipping point".]
So here are my six lessons from Facebook.
- If you make changes rapidly, you will cause social contention. It’s never good for business in the short-term. Despite the online noise, Facebook is probably gambling that because people are effectively locked in, most of its users will stay put. The financial prize is worth riding a storm for. I think this is short-sighted; all social networks go through social cycles (younger kids, for example, don’t want to be where their older siblings are), and people do leave. A bad reputation creates opportunities for competitors.
- Online businesses become monopolies much more quickly than offline businesses, because of the economics of “network effects”. We’ve seen this already with Microsoft and Google. Facebook’s privacy changes have already prompted a complaint (opens pdf) about the company’s (alleged) “deceptive trade practices” to the US Federal Trade Commission by the Electronic Privacy Information Center and others. EU data protection regulators are also alarmed. As Microsoft discovered, it becomes increasingly difficult to do business once regulators are monitoring you closely. One of the more unexpected developments was that the US activist site Move On joined the debate, setting up an online petition about privacy, although it has little history of engagement with digital issues. (The picture at the top of the post comes from them). It’s not the sort of organisation you want on your tail.
- The notion that ‘privacy is dead’ in the digital world is fashionable but not borne out by an analysis of social trends. In client work I’ve done at the Futures Company we’ve found that there’s a division between “open engagement” and “reluctant engagement”: the second group are concerned about the negative aspects of the web, whether fraud, identify theft, or undesirably social consequences. The continuing rise in spam and phishing attacks are understood by users. One of the consequences is that companies whose future is bound up with the integrity of the web need to defend it – indeed Nick Carr argued in January that this was the reason that Google had decided to pull out of China. If this is true, Facebook’s strategy – short-term advantage against long-term corruption of the overall operating environment – is a classic example of killing the golden goose.
- There are complex questions are about the nature of the types of public, or publics, which are created in online spaces. The Facebook model is of one large public, but in practice each of us is a member of different overlapping publics. We don’t show all of ourselves to everyone. There’s not space to go into this in much detail, but Jeff Jarvis argued two weeks ago that Facebook confused the notion of a single public – even a ‘public sphere‘ – with the different publics, or communities, that we choose to create for ourselves. Users see Facebook (and Twitter) as a vehicle for the latter, not the former. [Update: And arguably, the "public sphere" can only be created in a public space, not by a private or commercial organisation.]
- We will see new entrants into the social networking space with clear commitment to privacy. One which is getting a lot of coverage at the moment is Diaspora*, an open source network which seeks to place control of networks and content in the hands of its users, and which has raised $180,000 of crowdsourced development finance on Kickstarter – against an target of $10,000. Over at Shareable, Neal Gorenfio wrote what amounted to a manifesto for ‘next generation civic networks’. This is a battle which goes back to the heart of the competing stories (and histories) about the internet, and recurs constantly. But it’s also worth remembering Kim Cameron’s Laws of Identity, which suggest that users engage much more freely in online spaces if they can manage their own privacy settings. This isn’t a tussle of idealists against merchants; it is a central question for online business strategy.
- The web is acquiring the attributes of a utility. We’re moving to a phase in the web’s development where it is increasingly pervasive, moving from ‘installation’ to ‘deployment’. And, certainly in Europe and elsewhere, utilities tend to get regulated to prevent them exploiting their customers. We haven’t yet found reliable methods for managing dominant online entities; mostly, so far, it’s been done through a combination of trade law and competition law. This works, up to a point, but it is a bit ad hoc. But every time a rapacious online player abuses its market position, it makes new regulatory intervention more likely.
My bet, for what it’s worth, is that Facebook has reached the limits of its size and influence. Suppliers and partners are as suspicious of it as its users. The way from here is likely to be down. But it will be a long time falling.