Privacy

In a recent article published by News:lite, the GCHQ, England’s version of the NSA, has stated that they can not track communications through services like Facebook and Skype. While privacy advocates are probably praising this admission, security experts are really beginning to worry.

For years intelligence agencies have relied on traditional forms of communication breaking to hack into suspected wrong doers lives. As more and more bad guys are turning to the internet to communicate spy agencies are having a tough time keeping up.

Britons head code breaker, Sir David Pepper, went on record as saying: “The Internet uses a very different approach to communications in that, rather than having any sense of fixed lines like that, there is big network with a number of nodes.” I have no fear that intelligence agencies will find a way to track those who don’t want to be track, but I find it ironic that Facebook is being mentioned as being too secure.

It seems Facebook can’t quite catch a break when it comes to the issue of security. If they are not getting hounded for giving away users data they are getting called out by spies for keeping too much data secret. What I really think is going on here is basically the name game, on all sides of the argument.

Facebook is providing a service, a service that people are unsure of at times. Instead of finding solutions to security problems people are finding scape goats. I know we have asked this before, but how do you feel about Facebook’s security level? Do you think evil doers could use it to communicate with fellow evil doers? Let me know.

I recently posted a story out of Canada discussing the legal issues of posting the names of youths who have been accused with a crime in Canada. As I am an American my education in the realm of Communication Law has only extends to the laws of the United States where I helm my professional career. That being said I am forever interested in legal cases that pertain to Comm. Law anywhere in the world.
Read more

I would have thought that the Facebook drama would have ceased by now but it has instead continued to drag on. Will this drama kill Facebook Beacon? I’m not quite sure but what I do know is that bloggers have suddenly become obsessed with the topic. Erick Schonfeld has called Facebook’s policy of sending data from Beacon partners to their site whether you are signed in or not unacceptable. I couldn’t agree more. I have a funny feeling that Beacon is going to get shelved until they can redesign the service.

Passing personal data between sites is an extremely risky procedure. Additionally, any site that embeds Facebook Beacon is forced to provide personal data anytime a Beacon enabled page is loaded. There is no way around this currently unless Facebook were to develop a Beacon development library to the participating site. Perhaps that is what will have to happen in the end: a Facebook Beacon API. If a user isn’t logged into Facebook, the participating company doesn’t send data to Facebook and vice versa.

I honestly can’t think up any other solution. This whole Beacon experience has brought to light the larger issue of individual privacy rights on the web. I have to wonder if the same critics of Facebook Beacon have held other services such as Google Adsense and Google Analytics to the same type of scrutiny. I know that I haven’t and I don’t have the technical capacity to do so either. This is not to suggest that Beacon has not crossed into new territory but I don’t recall other services being held under the microscope.

The practice of thoroughly analyzing each of these products is a great one and I only hope that the same level of scrutiny is held for all other services. Additionally, I am beginning to wonder if Beacon is the primary service that Mark Zuckerberg believes will justify Facebook’s ridiculous valuation. If so, they may want to reconsider their business model. There are a number of other services that Facebook could begin to offer that would truly begin to provide value for the users rather than simply serving their commercial interests.

Do you think Beacon was supposed to be Facebook’s future source for revenue or simply an experiment with horrible results?

Nick has written a lot about Beacon and seems keen on a global opt-out. That would help the user experience, but to the privacy campaigners the ability to turn it off is not crucial – having it turned on in the first place, without being properly notified, is what really riles them. And quite right too.

Some commentators have unhelpfully suggested that if you don’t want to use Beacon, just don’t use Facebook. That works… but in the arrogant aftermath of “there’s no opting out of advertising”, users weren’t given any warning to make a run for it.

If Facebook insists that the cost of using the service is full participation in Beacon, then that’s fine. But give us more than 40 seconds of screen-corner popup to make up our minds. Anyway – whoever heard of a form that disappears? You were always supposed to visit the bathroom while Overstock streams your credit card across the internet, but you can’t risk that anymore.

Are they afraid that users might not be interested in using it? Maybe so, and they should feel free to insist that their users participate. Just don’t blink after 40 seconds. Designing the system to trip users into it is unfriendly.

Now we know what Facebook want to charge users for their site, how should they go about collecting their dues? Ever pragmatic, might I suggest a possible user interface component, that Facebook could display when you visit the site following a Beaconed purchase:

I’d be clicking “Yes”, by the way. But thank you for asking.

On Monday I argued that Facebook would soon change Beacon to provide a global opt-out feature. According to Business Week, “Executives of the three-year-old company were in deep talks over proposed changes late into the afternoon on Nov. 28, according to a person familiar with the matter. At issue is the Beacon program, which alerts members’ Facebook ‘friends’ to purchases and other activities on third-party Web sites.”

Following the rumored discussions last night, Paul Janzer of Facebook, posted on the MoveOn.org Facebook group that is petitioning against Facebook Beacon privacy violations:

Thanks for your feedback about Facebook Beacon, it has definitely helped us make some changes to the product that we hope will provide you with a better experience on Facebook. Beacon was designed to help you share all the interesting things that you are doing outside of Facebook with your friends. Just like you have full control over your information on Facebook, you decide whether or not you want Beacon stories to be published and from which site.

Your feedback has made it clear that Beacon can be kind of confusing. To fix this, we are clarifying the way we inform you about a Beacon story before you decide whether or not you’d like to publish it on Facebook. We’re also working on making the sites that offer Beacon more visible to you, both on Facebook and through visual cues, so you can determine which specific sites you can publish stories from. Also, we’re providing more information on how Beacon works through a new tutorial and expanded help pages.

We’re sorry if we spoiled some of your holiday gift-giving plans. We are really trying to provide you with new meaningful ways, like Beacon, to help you connect and share information with your friends. Thanks for taking the time to express your opinions about our products. Please keep the feedback coming as we continuously work to improve your Facebook experience.

The response by Janzer fails to mention anything regarding a global opt-out feature that many have been calling for. While Facebook may argue that users have agreed to the Beacon service by becoming members of Facebook, opting-in users by default is not only controversial but it’s wrong. It sounds as though Facebook will be changing the design of the Beacon alerts so that they are more obvious. I think this is a great first step but Facebook needs to suck it up and add the global opt-out feature. What do you think about Janzer’s comments?

Caroline McCarthy has posted about a second offensive being launched by MoveOn.org. Apparently their statements last week were not enough. After Caroline wrote about MoveOn.org’s post, Facebook posted a response stating:

Facebook is listening to feedback from its users and committed to evolving Beacon so users have even more control over the actions shared from participating sites with their friends on Facebook. Facebook already has made changes to ensure that no information is shared unless a user receives notifications both on a participating website and on Facebook.

What this sounds like is that Facebook will soon respond by making changes to Beacon. MoveOn.org immediately responded stating that Facebook has not actually changed anything to Beacon. While they haven’t, I’d be willing to bet that Facebook is going to add the global opt-out option that was present on early screenshots of Facebook Beacon.

While most users haven’t been overly vocal about the Facebook Beacon service, bloggers definitely have. I can guarantee that the bloggers are not going to shut up until Facebook either makes Beacon an opt-in service or adds a global opt-out option. Do you think Facebook should change their Beacon system?

This afternoon, Peter Kafka proposed how to solve the Facebook Beacon issue. In order to solve a problem, you first need to assume that a problem exists. I for one, think that there is somewhat of a problem that exists. The problem is not Facebook Beacon though. The real issue is privacy. The web has forced upon us a new system in which you can be completely transparent or completely closed off. Fortunately there are some areas that reside in between but that area is for those that understand the tools they are using and have some common sense.

Ultimately, I have no idea how the Facebook Beacon situation is going to end up but what I do know is that Facebook is at the forefront of testing the limits of individuals’ privacy. This is a delicate issue and I’m starting to believe that it may in fact be a dangerous one. At what point do we really say enough is enough? Ultimately we have the ability to turn off the computer, put down the video camera or turn off any other technology that can be used to monitor ourselves.  The issue becomes blurry though when it comes to those that don’t understand the technology that they are using.

If my mom goes and makes a purchase at Amazon.com and her purchase, is there a guarantee that it won’t show up in my newsfeed? Currently there isn’t. There is also the chance that my mom didn’t choose to not have the purchase displayed. While Chris Kelly, Facebook’s Chief Privacy Officer, says that a box appears after individuals make a purchase, that box can disappear. I have already spoken with a number of individuals who have made purchases and the box didn’t show up (or at least they didn’t see it). If you make a purchase, don’t see the Facebook alert notification and suddenly your friends are notified, is that acceptable?

This accidental problem is going to be one that Facebook will be forced to resolve whether they like it or not. Peter Kafka suggests making the entire system opt-in. I’m not quite sure that will work but I’m also not sure what will. We are witnessing a test of individuals’ privacy limits and there are a few people that (as I have interpreted) are telling others to basically sit down and shut up. This will blow over they say.

While I don’t necessarily think that Facebook’s Beacon program is the ultimate test of individual privacy, I do believe that we are rapidly moving in a direction where some of us need to stand up and ask where the line will be drawn. While I will not suggest where that line falls in this post, we do need to figure it out. Otherwise we will sit down and watch someone else make that decision for us, the same way we so frequently (in this country at least) allow others to make major decisions that we aren’t happy with. The implications of a lack of privacy are significant and slightly frightening.

For Facebook Beacon, I think the question is: does this really makes our life better? Facebook in general has made most of our lives better. We all love connecting. Developers have enjoyed developing. Now marketers can enjoy marketing … in a pretty controversial way. Is this something that you want? Ultimately, the users can decide.

Caroline McCarthy has posted a great story about MoveOn.org’s launch of an anti-Facbeook Beacon campaign. The campaign consists of a paid ad campaign on Facebook protest group and an online petition. Just yesterday I was speaking with a journalist who pinged me for more details about Facebook’s Beacon system. He had purchased a new pair of shoes for his daughter at Zappos.com and that purchase was transferred to his Facebook newsfeed. If this purchase had been intended as a gift, his daughter would soon know about it thanks to the new Beacon service.

The biggest contention surrounding Beacon is the default opt-out setting. If you shop at a participating partner’s site, your Facebook account will automatically be notified. You have to then proceed to Facebook where you will have to opt-out of alerts being sent to your firends. If you don’t opt-out, your friends will soon be alterted to your purchase. The same thing goes for a few select game sites on the web where alerts of your gaming activity are inserted into your personal newsfeed.

This is ultimately a test of the limits of privacy on the web. Facebook started testing those limits with the launch of their newsfeed last year which resulted in a PR disaster. Our lives are becoming increasingly trasparent on the web and the real question is where will the line be drawn? We have gone pretty far down the path of transparency but I’m not quite sure that we’ve gone as far as we can go. You can bet that Facebook will be at the forefront, testing the privacy limits of their users.

Thanks to a Channel 4 viewer, Facebook is now facing an investigation by a U.K. privacy watchdog. The story of the viewer resembles many others. After using Facebook, the user decided that they wanted to disable their account and no longer use the site. Not a problem on Facebook, simply login to the site, click on “Account” and then click “Deactivate.” Your done! Well, you are done as long as you don’t mind Facebook retaining all of the data you’ve ever created on the site. Wall posts, photo uploads, profile data, friends, group memberships and more are all kept on Facebook’s servers just in case you ever decide to return to the site.

If you want all of that data to be removed you need to go through and manually delete all of that data. Remove every friendship, unjoin every group, remove every wall post you’ve made, delete every photo you’ve uploaded and more. This can take days or even weeks if you are as active as I am on Facebook. According to a Channel 4 article, this Facebook policy “could violate the UK’s Data Protection Act.”

Facebook has been facing scruitiny regarding their policies including the new Social Ads system which may in fact violate a New York privacy law. In both instances, Facebook has denied that they are in violation. Whether or not they are violating the law, Facebook has been put on the defensive and chances are the public allegations won’t be going away anytime soon.

With the blog chatter surrounding privacy issues of Beacon, it makes me think back to my earlier post: perspective. As Caroline McCarthy pointed out earlier this morning, Facebook SocialAds may not be “kosher.” Sure, there are some slippery slope questions to be answered about the rights of fans consenting to pages and the direct/indirect consequences following a Page addition but this shouldn’t be our primary focus in the early days of the Facebook internal testbed for advertising monetization. Over the next few months, perhaps Q1 2008, Facebook will begin to roll-out the international platform with Microsoft’s help.

I feel we are experiencing the privacy woes of Gmail all over again. A friend of mine in law school made an interesting argument:

“It’s borderline whether or not FB is violating its users’ right to publicity and there certainly a lot of arguments that it isn’t technically doing so [read: consent to FB's Terms of Service] but the obvious question is if it is borderline why alienate your users by doing something that they perceive violates their rights, regardless of whether a court perceives it in the same way?”

I’m a Facebook user because I trust what their doing in Palo Alto. Once it’s gone, the social graph breaks down and users will undoubtedly leave.