“Zucker Punch” by Surian Soosay.
Last November, the Federal Trade Commission reached a settlement with Facebook over charges that the social media titan had misled users in terms of how the company handles their private information.
At the behest of watchdog groups representing growing public concern, the commission contended that Facebook had repeatedly made changes to their default privacy settings, making information previously deemed private (such as a user’s list of Facebook friends) open to the public without any notification.
In their settlement, the company was barred from any further misrepresentations and required to get users’ consent before changing privacy settings. Other provisions included preventing anyone from accessing Facebook accounts 30 days after they are deleted and mandating routine, independent audits of their privacy program to insure they complied with current regulations.
For those watchdog groups focused on the issue, the agreement was at least better than the likely alternative.
“They could have done nothing,” says David Jacobs, Consumer Privacy Fellow for the Electronic Privacy Information Center (EPIC).
Though as expected, there are loopholes.
“While we’re pleased to have a settlement in place, overall, this agreement falls short,” says Jacobs. “The language in it could deal with the frequent issues we’re seeing, but doesn’t do so explicitly. For instance, we’re asking the FTC to push against Facebook tracking users’ activity after they logged off, which currently isn’t covered.”
Even more recently, EPIC has called on the Department of Justice to better investigate Google for illegally using “Street View” vehicles to collect personal data from private home wireless networks in passing neighborhoods. The equally prescient search engine’s history for flouting privacy concerns is almost as deep as Facebook’s, even if the consequences for their actions have been less enforced. In response to the “Street View” allegations, the FTC slapped Google with a paltry $25,000 fine.
“What does it say about the two most powerful names in the internet when they both have to operate under FTC agreements?” asks John M. Simmons, Privacy Project Director for Consumer Watchdog. “If they really valued the privacy of their users they would provide an opt-in to these services, not go running activities behind the public’s back.”
Whether or not either company offers such simplified opt-in controls over their privacy settings, the public’s outrage over such discrepancies hasn’t deterred their participation in these services. Since Facebook first weathered a network-wide pushback against the premier of their News Feed function in 2006, the company proved a typically business-crippling public relations scenario wouldn’t halt their growth.
Some have looked at Facebook’s continued popularity as tacit ignorance of these concerns by the general public. However, research over the years of controversy reveals that users have since acclimated their social media accounts into a culture of careful, measured revelation of personal details.
From the beginning, Facebook fascinated scholarship by being the first network to successfully get users to identify themselves by their full name, which was a significant personal revelation back in the age of Myspace. In 2009, a study conducted by the University of Ontario using a communications class as their survey pool found that students were becoming increasingly aware of privacy issues as Facebook became less of an exclusive “walled garden,” and began taking calculated steps to ensure their security.
“I think the number one thing we demonstrate from the report is that students are not as naive as everyone makes them out to be,” says Alyson Young, co-author of the study. “They are concerned about their privacy and they make conscious efforts to protect themselves by employing a number of different strategies in addition to use of the default privacy settings.”
Among the most popular protection strategies employed by those surveyed in the University of Ontario study were changing default privacy settings or excluding information entirely. More recent research has concluded that, contrary to popular belief, general awareness and concern for privacy has only heightened in congruence the media coverage of Facebook’s lack of transparency — even if that may or may not be the cause for such concern.
In analysis of over 1,000 first-year students enrolled at the University of Illinois, Chicago, 53 percent of frequent Facebook users were found to have modified their settings four or more times in 2010 – a stark 25 percent increase in such activity from 2009. Yet, in both cases, fears of “unwanted audiences” gaining access to sensitive information were stipulated more by an aversion to stalking and stranger danger than corporate malfeasance.
In the University of Illinois study, co-author Danah Boyd acknowledged being unable to objectively find a reason for the spike in the frequency of privacy setting modification by respondents between 2009 and 2010. Among that admission were other looming questions facing future scholarship on the topic:
“While helpful in recognizing general trends regarding young adults’ approaches to their Facebook privacy settings, there are limitations to what questions our data allow us to answer,” writes Boyd in conclusion. “Future research and policy discussions should take these limitations of our study into consideration. For example, while we know that most of our respondents have changed their privacy settings at one point or another, we do not know the extent to which they understood the changes they were implementing.”
Yet for awareness groups and privacy advocates, the fact that the image of the creep next door scoping one’s Facebook page inspires more direct and conscious action from consumers than the threat of corporate inequity represents the latest challenge in achieving their goals for increased transparency.
“The public shows support for our initiatives in surveys, but we haven’t done a good enough job of courting that,” admits David Jacobs. “Consumer protection and privacy awareness groups could do better job lobbying for privacy protections into something more substantial.”
That said, Jacobs notes that the 501 (c) 3 tax status of nonprofit organizations like EPIC keep them from petitioning the public to take direct political action.
“We can’t say, ‘Contact your congressman!’” he laments.