Fast & Loose: The Facebook Way
To most developers, folks in the technology space or frankly anyone remotely aware of Facebook’s operating model & need to collect user data to make it work, the Cambridge Analytica data leak should come as little surprise. Facebook has always played loose with users’ data, often without their consent. It’s noted in the company’s evolving mission statements and countless declarations from Zuckerberg himself open open networks.
In 2010, I along with two other NYU classmates, penned a paper about the growing distrust of facebook’s 500 million active users when it came to the collection and usage of their personal data. Facebook at the time was both actively attempting to build itself into a platform, opening up to developers and publishers to create new applications, while also in the early stages of creating one of the most successful advertising platforms in history.
What I couldn’t fully understand at the time was how necessary the data was NOT for building its advertising business but actually for achieving Zuckerberg’s ultimate dream of turning Facebook into a platform. That dream was never fully realized, but relied heavily on trading FB user data in exchange for app developers building on the platform. On this subject, it is also worth reading: James Allworth describes Facebook’s pursuit to of the Gold Standard platform business in “What the F*** Was Facebook Thinking?”
I’ve posted a few selections from that college essay as I found it incredibly interesting how the challenges Facebook was facing eight years ago and the strategic decisions the executive team were making then have very clearly perpetuated these issues.
This will very likely not be the “end of facebook” but it is an important and serious blow to the perception of their two most important stakeholders, users and advertisers, who have always been at odds through Facebook’s meteoric rise.
Facebook: Escalation of Privacy Issues (2010)
Facebook was facing rapidly growing distrust of users as they abruptly changed their privacy policy and user controls, leaning heavily towards making more user information public by default from 2005–2010.
From its start in 2004, facebook promoted itself as protecting the privacy of its users. It focused on two core competencies: an individual should have control over his/her personal information and an individual should have access to the information others want to share. These principles determined the type of information facebook would collect and the ways in which they could use this data.
Mark Zuckerberg, founder and CEO of facebook, has often claimed to be a champion of privacy, promising; “We will never sell your information” (“Mark Zuckerberg). Recently, however, Mark Zuckerberg was also quoted saying privacy is no longer a ‘social norm’. Users names and profile pictures, along with basic information about them, had been made visible to the public. Users are angry that Facebook has taken advantage of them by sharing personal information in new ways without prior permission. The company has consistently pushed its users to make more personal information public over the last several years especially to advertisers.
Zuckerberg has always had a somewhat utopian view of users openly sharing their information on Facebook, without ever really acknowledging that it was also Facebook’s responsibility to protect their users, particularly from the unknown unknowns of the Internet. Even Sheryl Sandberg in 2010 was pensive about Zuckerberg’s vision.
At the very beginning of facebook, Zuckerberg made sure that privacy was a core component of the company; however, there is growing pressure to increase revenue from shareholders and partners. The platform has become more open to the public and Zuckerberg’s belief of privacy has changed. This change of thought has come at the expense of the users who feel their information is at stake. However, Sheryl Sandberg, Chief Operating Officer, views the privacy concern differently from Mark.
She states:
“Mark really does believe very much in transparency and the vision of an open society and open world, and so he wants to push people that way. I think he also understands that the way to get there is to give people granular control and comfort. He hopes you’ll get more open, and he’s kind of happy to help you get there. So for him, it’s more of a means to an end. For me, I’m not as sure.” (Carlson)
The conflict between users and advertisers and Facebook’s ability to target users based on personal data added to Facebook along with data collected through 3rd party apps has been a consistent theme since the early days of Facebook. The FTC has been playing catch-up to the unprecedented collection and distribution of user’s private data (anonymized or not).
Recall in Nov/Dec of 2007, when the Beacon feature was set on as default when Facebook changed its privacy setting. Beacon was a part of Facebook’s advertising platform, sending information from third party sites to Facebook for targeted advertisements while letting users share their activities with friends. In late 2007, a class action lawsuit was conducted based on the legality of Beacon publishing information without the user’s knowledge and the fact that Facebook did not inform its users about the new way of collecting information. The lawsuit ended in a cash settlement where facebook paid $9.5 million to create a privacy foundation to educate users about privacy. This event led to the beginning of facebook’s conflict between user’s interests and its own business interests.
Privacy laws do exist to deal with these issues but the basis of these laws is criticized as being inefficient and incomprehensible. The Federal Trade Commission created Fair Information Practice Principles which serves as a guideline regarding privacy information for Internet companies. The principles emphasized are: notice, choice, access, integrity and enforcement. Individuals should be notified about the way a company collects data and given a choice to share data. Not only do individuals need access to information, but also to verify its correctness. Collectors need to ensure that information collected is secure and accurate and there should be better enforcement measures.
Privacy concerns have been an escalating issue that facebook has encountered during its growth. In particular, making users’ private data available to third-party applications has seen the biggest scrutiny. Zuckerberg clearly undermined what the company was actually doing. This set a precedent for the company’s position on privacy; they either do not understand it or they simply do not care.
Since its start, facebook has made a number of changes to its privacy policy and the privacy settings that allow users to control how much information is shared. In 2009 Facebook made two separate adjustments to privacy settings. Each separate development has actually made privacy more difficult to control. According to Ginger McCall, staff counsel for the Electronic Privacy Information Center, “There are a lot of people unaware of the amount of information Facebook is sharing. Most people are under the impression that when they set the privacy setting it won’t change.” However, Facebook has changed its privacy settings twice since the summer of 2008. Both times, some of users’ privacy settings have defaulted back to the public options (Christian Science Monitor).
There were so many warning signs and growing concerns for privacy within Facebook’s ecosystem, it’s almost hard to fathom how its users, our legislative bodies, and Facebook itself let it get this bad for this long. One such example, described below, demonstrates the ease by which Facebook was willing to share data without their users’ consent.
Presently, facebook users are expressing two main concerns about the misuse of their information that they have or have not chosen to share on facebook with their friends, networks, or everyone. The first concern is facebook’s ability to data mine. The issue is warranted by the fact that facebook actively scans the internet for blogs, news articles, etc. to supplement user’s profiles with additional information that they may not have been willing to share over their social network. There have also been instances where private individuals not affiliated with Facebook have been able to infiltrate the system to download the profile information of thousands of users. One such case occurred in 2005 when two MIT students used an automated script to download over 70,000 private profiles (Jones). The most pressing issue in regards to data mining, however, is the ability of facebook to share or sell private information to third parties. Third party developers are not screened or restricted from accessing profile information. Moreover, the use of this information is not protected by facebook, leaving its users at serious risk.
Finally, it’s worth noting, and I’m sure entire books will be written on this subject alone, that Mark Zuckerberg has always played fast and loose with user data, growing the “platform” and then ultimately an advertising business at the expense of data security. This is reflected in Facebook’s evolving mission statements, starting with connecting people through a social network and morphing into making those social networks more and more open. Given the state of the internet even back in 2008–2010, the average user had very little understanding just how much data was being collected and the value that advertisers, developers, governments and other 3rd parties would extract from that data, often without permission.
A closer examination of facebook reveals that the viewpoints of Mark Zuckerberg in regards to the expansion of facebook as a global company do not necessarily align with the beliefs of other employees or facebook’s users. The changes made to facebook’s mission statement over time reflect the vision that Zuckerberg has for his company. In 2007 the mission statement was as follows: “Facebook is a social utility that connects you with the people around you.” The purpose of facebook was to share photos and videos with friends and family, while controlling information online. However, since then, there has been a noticeable digression away from privacy in favor of a more idealistic vision where users openly share all of their information, connecting their entire social graph. From 2008 to 2009, the mission statement changed from “Facebook helps you connect and share with the people in your life” to “Facebook gives people the power to share and make the world more open and connected”. Ultimately Zuckerberg is attempting to create a completely open network at the expense of users privacy.
