Facebook privacy isn’t the issue

|

All of this Facebook discussion around privacy, security, and architecture has me giddy. To put it in Matrix terms, Facebook was an inevitability. Where we are with Facebook would have occurred even if Facebook didn’t blaze the trail. Where we are is the natural path of a “free” business model for a communication system.

First thing to get straight, Americans do not have a right to privacy. Not in the Bill of Rights or the Constitution. Citizens of other countries have different rights, but I’m no expert on international privacy law.

Second, Facebook doesn’t have your criminal records, medical history, recordings of your phone conversations, or myriad other types of sensitive information. Of the sensitive information that they do have they have because you gave it to them!

Paul Carr has a hilarious, blunt piece on the entitled whining of Facebook users. While I strongly agree with the notion of personal responsibility, Steve O’Hear wisely points out that it doesn’t excuse Facebook duping users. While I don’t what Facebook is doing as strongly as duping users, I *do* think people don’t understand the privacy changes, what the implications are, or how to manage their privacy today.

Facebook is communication, not media

People expect a reasonable amount of privacy from postal mail, phone and email conversations. Outside of someone reposting your private content, being investigated by the police, or having your account hacked; providers of the aforementioned channels don’t expose your messages to anyone you didn’t route them to. This is markedly different than our expectations from blogging and Tweeting. We fully expect those conversations to be public. Yes, I know people can make their Twitter accounts and blogs private, but that’s no where near the majority.

Facebook feels much like the personal conversations we share in channels like postal mail, phone, and email. So, many people assume that content is private. That’s compounded by the fact that those conversations were, in fact, more private on Facebook in the beginning.

So, much of the lamenting and hyperbole around Facebook stems from a disconnect between the expectations users have toward media and communication. To clear up this confusion (again), we pay for private communication.

Suddenly realizing the cost of free

Facebook is a business. They are in the business of offering free services to users in exchange for capitalizing on their use of the system. More explicitly, they make money off of your communication by monetizing it as media. That’s what pays for the cost to store, deliver, process, and present data. It’s the “free” business model that has powered much of the web’s startups since the Web 2.0 era began in early 2000. People have been trying to talk about the cost of free from some time, but we’re just now in the midst of a great awakening to the pros and cons of the cost of free (thanks to people finally feeling the pinch from their tradeoff). To call this moment anything less than exciting is to miss the larger point of the moment in history we’re having.

In a free market economy, ownership goes to whoever picks up the bill. And, whoever is the owner, makes the rules. Do you want to make the rules? Then pay for your Facebook account! Oh, that’s right. You can’t.

Alternative business models

“Free” is not really free. In the case of Facebook, you are paying for the use of your account by giving data to Facebook that it can monetize. You still pay, just not with money. Here are a few cost models that could support social networking:

  • “Free” – Payment by the transference of ownership rights
  • Paid – Paying with money
  • Revenue sharing – Payment by sharing ownership rights and the revenue that comes from it
  • Open – Standards based social networking that can be supported by multiple cost models

So who is offering an alternative to Facebook’s price? Ning, a site that allows you to create a social network, has recently decided to stop offering free accounts in favor of a paid model. Skype has free and paid services that allow users to communicate with each other. I haven’t seen any revenue sharing models. Anyone know of one?

Network effect handcuffs

Simply suggesting that users could move off of Facebook to another platform downplays Facebook’s network effect. In short, you can’t network with people on Ning who don’t have Ning accounts. Does your family belong to Ning? Would they pay to join?

The harsh reality is that we’re in network effect handcuffs to Facebook, or at least it feels that way. All of us could take personal initiative to motivate our closest contacts to move to a system that allows us to own our data in whole. Then again, we could all eat right, exercise, and get enough sleep too. Facebook is enjoying their position because there really is no desirable alternative. Not yet anyway.

Facebook’s future is our historic moment

If all of this digital privacy, security, ownership type stuff feels overwhelming; it’s because we’re the first humans to have to manage our digital data. Our parents and grandparents didn’t have to consider what data to publish about themselves, nor did they have provide cultural traditions to guide us through choosing the right personal policies for managing our data.

What we’ll see now is the market’s appetite for paying for communication services with their privacy. If users are truly fed up, then another model should have no trouble overtaking Facebook. If managing our privacy is really a matter of personal responsibility, then we’ll see users continue to use Facebook along with personal discretion about what to post.

In the mean time, take Scoble’s advise and don’t get all worked up about Facebook. If you think Facebook privacy is the real issue at play, then you’re underestimating the significance of people learning for the first time to be stewards of their data. Truthfully, I think we’re in the early stages of a *much* larger trend. Privacy is just a part of it. Security is a piece. Over the next 5 years a winner will emerge from the social media platform wars (post coming on this), which is a pre-cursor to another still larger event, which is the subject for another post, or rather a book (hint hint).

  • Hephaestus

    i want anyone reading this post to read all of section 2, 4, and the “Limitations on removal” paragraph in section 7. additionally, to wrap up this collage of legal information, read “To respond to legal requests and prevent harm” as the last title under section 6.
    in summary, section 2 in PP entitles FB to gather information you or your friends post on FB. this could be anything from your profile information to pictures, videos, posts, events, poking, statuses, relationships, pages, applications (platforms), ip address, browser info and location, type of computer (or phone), and pages you visit. lets also not forget that it gathers any information yours friends put on FB about you.
    before moving onto sect. 4, note that platforms (indp. of FB) and ads (even w/o clicking on them) can gather any information on you. however FB put in legal statement restrictions to prevent limitless information absorbing under penalty of losing partnership (this doesn’t stop them however once the deed is done)
    section 4, at the beginning allows websites you visit or applications your run to access your general Information. i bet the average (or below average (but aren’t they all?)) FB user doesn’t know this. intended or unintended information is being sent out to every website and application in existence regarding (or without regard to?) the users.
    now sect. 7 and then i have something that will blow your top off in sect. 6. “Limitations on Removal” clause allows FB to “retain certain information to prevent identity theft and other misconduct” after the request for account deletion. but isn’t that ambiguous? any information you put on FB can deter indentity theft like a freaking barcode! this allows FB to store any info indefinitely. but let us not forget that FB is greedy and is mutually partnered with ad campaigns and platform designers. FB subtly included a clause at the end of 7 that allows them to retain any info they have gathered about the user, this not only, but websites that already have your general information, LIKE YAHOO!!
    now for the section 7 center ring, keeping in mind all the powers listed previously. FB although american born feels like it has an obligation to other national powers. i quote: “We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters)…This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. This may include sharing information with other companies, lawyers, courts or other government entities.” So those of us with citizenship can have FB unknowingly disclose their information to foreign entities at their own discretion.
    i have presented the facts. but what harmfull things have/will happen/ed under FB legal PP jurisdiction? wider access to general information by stalkers, social engineering malware/spyware/viruses, direct lines of investigation by foreign powers (or any entity FB deems as necessary to have your personal information *cough* (blackmail or personal information bidding?))

  • Pingback: Do you worry about your privacy? — The AboutUs Weblog

  • Pingback: Do you know what Facebook's "Like" really means? | Taylor Davidson (@tdavidson)

  • Justin Kistner

    Kelvin, that’s great info. I’d still argue that privacy is established by case law as a privilege and not a right, but as Dave pointed out, I’m not an expert. :)

    I think your point about unilaterally changing the TOS is what has the government’s attention. They do have and have had a clause that says they reserve the right to change their policy and that they would provide notice. I guess the question is, is that kind of clause legal? Assuming it is, then it’s a matter of consumer appetite for that kind of contract volatility.

  • http://www.webtrends.com Kelvin Choi

    Justin,
    You are correct that the 14th Amendment does not explicitly mention privacy. However, the Supreme Court has explicitly recognized that privacy is a “fundamental” right that arises logically from the Due Process clause (this is what is meant by a right “emanating” from a clause). Again, I point you to the legal reasoning behind Roe vs. Wade. To expect that a “fundamental right” is only safeguarded from the overreach of government is also untrue; else any organization could violate such rights with impunity.

    That being said, it does not invalidate your point that the true question is how we manage our digital data, and how much of it we chose to reveal. We should recognize that Facebook has decided to make many of those decisions for us.

    I suspect that one source of discontent revolves around another issue that is explicitly mentioned in the Constitution, which is the sanctity of contracts. Terms of Service Agreements (or a EULAs for that matter) are typically seen as “contracts”. When Facebook changes their TOS, or the privacy provisions in their TOS, they are unilaterally changing a contract. Yes, users are free to cease usage of the service. And all TOS agreements typically state they have the right to change the TOS at any time. But if their data is part of the contract (a type of currency in fact), does Facebook have an obligation to refund this currency, and in fact stop using it by withdrawing such data from use, including its use by parties external to the contract from which Facebook derives further value? Can users trust Facebook to do exactly that? I don’t believe it’s possible for them to do this, which is…unsettling.

    At least Facebook bothered to give their users fair warning. I’m certain that part of their TOS includes language about them being able to change any and all provisions of the Terms at any time, with no warning. In short, they have the ability to change how much of your data they use, how they use it, etc., entirely at their discretion. Which is something we should all be aware of, as users, prior to deciding which of those little boxes to fill in. So again, we circle back to one of your points, that this is the first time we have been asked to manage our digital data. I would love to manage it. However, I would also like to be able to have more granular say in how such data proliferates in the cloud. It’s something of value, after all.

  • Ben Fogarty

    Great conversation going here. People definitely value their privacy. Many people I know have closed their account. Mainly because they no-longer trust Facebook. They WANT to share their likes and dislikes with friends. As Marko said, they don’t want Target have access to their friends data because I liked a Dr. Dre album on their site.

    This trust issue could be a huge freaking deal. And I have to wonder if that doesn’t bode well for Facebook. How valuable will their data be if the number of profiles slowly erodes?

  • http://north.com Dave Allen

    Justin, re: the 14th amendment, I never knew you were a constitutional lawyer.. ;-)

  • Justin Kistner

    Kelvin, the 14th Amendment doesn’t mention privacy or anything like it. It does mention due process, but that simply means that the government can only use it’s legal enforcement mechanisms (police, courts, etc.) for laws that exist, which isn’t about privacy. It’s about protecting citizens from abuse of power by our government.

  • Kelvin Choi

    Mr. Kistner,

    A small correction. There absolutely IS a constitutional right to privacy. It emanates from the due process clause of the 14th Amendment, and is the basis for the Roe vs. Wade decision. This may not substantively change your opinion, but it is important to note.

  • Justin Kistner

    Dave, I actually think we agree here. I do think people care about privacy (myself included) and that’s why people are upset with the changes Facebook is making. And, being upset about it is making us talk about it. That has the potential to make us ask about what to do.

    The fact is that no other company has the level of data richness that Facebook has. Investors were hoping for a cookie jar like this. And now it’s here. Is it reasonable to expect a free service not to capitalize on the very system they built to capitalize?

    Now that it’s happening, we’re seeing impacts from it that are troubling. Now that we’re felt that pain, people are asking themselves critical, introspective questions about how much they want to be jerked around by policy changes. But, without feeling that pain, would people be willing to talk about other models to pay for the service Facebook provides? I don’t think so because we were came like lemmings to this point.

    I think we’re experiencing a systemic result of a free account model for a communication system. Society will now decide to either put pressure on Facebook to adopt a privacy policy that works for them with the threat of leaving, or we need move to another service with a different cost model.

  • http://north.com Dave Allen

    Justin, nicely put, but I think you’re glossing over the issues. As danah boyd said at SXSW 2010

    “No matter how many times a privileged, straight white male technology executive pronounces the death of privacy, Privacy Is Not Dead. People of all ages care deeply about privacy. And they care just as much about privacy online as they do offline. But what privacy means may not be what you think.”

    http://madebyfight.com/2010/03/social-networks-privacy-and-the-new-obscurity/

    So she agrees with you about what “privacy” means, but she points that most of us, as do I “care deeply about privacy.” Facebook does offer me ways to protect my details from being public, so the savvy can fix that up. Problem is, it seems that everyday those geniuses come up with a way to abuse us. What do you think of the new “Info” page takeover? I think it’s handcuffs and it pisses me off.

    Yes, it’s a free service and they want to monetize it on the backs of us users and the data we supply, but that doesn’t mean we are all dupes.. There are many free services out there on the web but I don’t know of many that deliberately push that idea that “privacy is extinct” on the web, or that “privacy is some sort of privilege” that we should “get over.”

    Their actions do not bode well for the future of the web.

  • http://www.ethanbauley.com Ethan Bauley

    Here’s some thoughts:

    1. Are there any other institutions that have ever been able to unilaterally make decisions that erode a group of people’s expectation of privacy?

    Only one I can think of is gov’t (Bush wiretapping, etc).

    I’m not sure that there are any precedents on this issue, but I do think it underscores the inherent tension between Facebook’s priorities and users control of their information.

    2. The business model they appear to be pursuing makes Facebook’s interest to erode/obfuscate privacy *just* to the marginal point before which there would be a mass exodus. No more “privacy”, no less.

    3. I think the network effects are generally overestimated, too. Is facebook *that* much better than email, IM, sms? Not really. Ergo, switching costs are actually pretty low…the people you *only* communicate with on facebook (and not any of those other media) are probably very low quality relationships.

    Anyways. Gotta run.

  • Justin Kistner

    Marko, I’m suggesting that it required a pain point from the free model to make us think about the value exchange. By no means do I think we should merely take what is doled out to us. Facebook is simply the catalyst to a very important discussion that society has needed to have for quite some time now.

    I think you’re on the right path when you say, “…as a marketer I certainly don’t want data about people who haven’t consented to sharing it.” We need to usher in an era of permission-based social media marketing much like what the double opt-in process did for email marketing.

    I am curious to see how it will play out. I wonder if Facebook will need to drive support for double opt-in social media marketing to survive or whether Scoble is right when he says, “Isn’t this the fifth time Facebook has pissed off pundits? What happened the previous four times it pissed off people? Oh, yeah, it saw huge growth.”

  • http://blogs.webtrends.com Marko Z Muellner

    Justin,

    You’re factually right — we’re locked-in, we “pay” with our personal data, Fb’s in control, etc…

    But let’s be clear, Fb is not moving us towards a world where we get to be stewards of our data (or our friend’s data). I don’t understand how this can be good news, how/why we should sit by and accept it as inevitable. I’m not convinced they need to push this far to be successful, and as a marketer I certainly don’t want data about people who haven’t consented to sharing it.

    Facebook is not blazing the path towards consumers managing their data, they’re moving in the opposite direction.

    To put a hypothetical point on it — I’m not worried about being stupid in public, if you’re not crafting every email (or Fb post) you write as if everyone in the world might read it, you’re dumb. But that’s different than giving Target access to my friend’s profile data because I liked a Dr. Dre album on their site…