CH_6
Social Networking: The Case of Facebook

THE CREATION OF ONLINE PERSONALITIES

As baby boomers move from middle to old age, the defining characteristic that confirms their status as seniors surely is that they can tell the millennium generation that they remember a time when the Internet did not exist. During the boomers’ coming of age during the 1960s, 1970s, and early 1980s, the global information environment revolved around sovereign states, bounded by territorial borders and often by language. With each new technological development, countries were confronted with both the desire to pursue the latest technologies associated with modernity and the need to control them in order to maintain their monopoly on authority and power. This is no less true for the Internet than it was for previous technological developments such as the printing press and the radio. The proliferation of technologies that enable information dispersal greatly enhances access to information, which, as earlier chapters argue, is critical to democratic governance. In this regard, the development of the Internet is critical to the cause of democratization of authoritarian regimes as well as the engagement of citizens in liberal democracies. As Deibert and Rohozinski observe:

There is no doubt that the Internet has unleashed a wide-ranging and globally significant shift in communications — a shift that has led to the empowerment of individuals and nonstate actors on an unprecedented scale. . . . Just as with previous technological developments, as the Internet has grown in political significance, an architecture of control — through technology, regulation, norms, and political calculus — has emerged to shape a new geopolitical information landscape.¹

The debate over autonomy and control of the Internet hinges on the issues of censorship (in particular with respect to pornography and social norms) and state security (terrorism and cybersecurity). Where one stands in the debate over control of the Internet reflects one’s views on the proper balance between the rights of the individual versus the rights of the group within which the individual lives. As we shall see in the following, it also relates to how one perceives the proper balance between the rights of access to information versus the rights of the individual to personal privacy.

It is beyond the scope of this book to provide a discussion of the huge issue of control of the Internet. This chapter confines itself to an analysis of Facebook, a popular social networking site that has gained notoriety over its privacy practices. The issues surrounding access to information and privacy protection with respect to this particular social networking site provide a snapshot of a much larger debate. More importantly for our purposes, Facebook illustrates the huge impact that electronic information has had on our ability to both obtain information and to protect our personal autonomy.

Social network sites are a relatively recent addition to the Information Communications Technology (ICT) landscape. Boyd and Ellison define these as “web based services that allow individuals to (1) construct a public or semi-public profile within a bounded system, (2) articulate a list of other users with whom they share a connection, and (3) view and traverse their list of connections and those made by others within the system.”² The first social networking site, Six-Degrees.com, was conceived in 1997. Building on the idea that everyone is connected to everyone else through six degrees of separation, this site allowed users to send messages and post to a bulletin board. Seven years later, students at Harvard created Facebook to encourage networking among their peers. The site quickly became a huge success, and by September 2006 the site was opened up so that anyone over the age of thirteen could join.³

Social networking sites such as Facebook allow the user to create an online personality through the creation of a profile that contains basic personal information such as his or her name, birthdate, current city and hometown, contact information, schools attended, employment information, interests, and political and religious views. The profile includes places to post picture albums, videos, links, favourite sayings, books, and movies. It also includes a “wall,” where the user can post “status updates”— messages that range from the profound to the mundane. Users become “friends” with other users through mutual consent; friends can view each other’s profiles and post messages on each other’s walls. They can identify friends in their photos by “tagging” them so that when a viewer runs his cursor over the person’s face, the person’s name appears. Once a photo is tagged, it is posted on the friend’s wall and friends of both the tagger and the tagged are alerted to its presence. Users can invite others to events or find like-minded “friends” on the Facebook network by starting up an event page or a group page. The critical point about social networking is that it allows online interaction among various people that is visible. The introduction of the “news feed” in 2006 increased this visibility when interactions (such as status updates and tagged photos) were listed in an easily scrollable page that enabled the user to track the activities of their Facebook “friends.”

By 2010, the number of people using Facebook had skyrocketed, reaching half a billion users midway through the year. This achievement made Facebook the most widely used social networking site in the world. While the primary users at its inception were college students, the age of the fastest growing demographic of new users continues to increase, with some studies reporting that it is now over fifty-five. Contrary to the popular belief that young people do not care about their privacy, a study released in 2010 by the Pew Internet Organization shows exactly the opposite: young people between the ages of eighteen and twenty-nine are more concerned about and sophisticated in managing their “digital footprint” than are those thirty years old and older. This includes taking such measures as limiting the availability of their personal information online, changing privacy settings in social networking sites, deleting comments that appear on their profile, and removing their names from photos posted online. The report notes that “compared with older users, young adults are not only the most attentive to customizing their privacy settings and limiting what they share via their profiles, but they are also generally less trusting of the sites that host their content.”⁴

The popularity of social networking sites is explained by the connectivity they provide — in particular, the access that they afford by allowing individuals to easily connect to others they know, or would like to know. Recent acquaintances use Facebook to get to know each other better by perusing their online profiles. For others, it has been used to reconnect with old friends. A fifty-year-old has only to type in the name of a person he attended middle school with to find his best friend from thirty-five years ago. Similarly, a student who goes to college in the town where she attended her first few years of primary school can reconnect with the little boy who befriended her on her first day of grade one. Facebook is also useful for groups: organizations or individuals can create a page for like-minded individuals to gather to promote a particular issue or cause. But the greatest impact of social networks will arguably be their impact on the creation of virtual communities. These communities take many forms; they can be social, political, or professional in nature. A characteristic of all of them is that they have changed the speed with which information can be shared and how people connect with each other to share common interests.

THE POWER AND PERILS OF VIRTUAL COMMUNITIES

Much has been written about the use of wireless technologies and the Internet for the mobilization of those with common interests. Knowledge about particular issues and events circulates easily using these new media; sharing information facilitates both social and political engagement. With information dissemination comes the dispersal of power. As explained by Manuel Castells:

Control of information and communication has been a major source of power throughout history. The advent of the Internet and of wireless communication allows the development of many-to-many and one-to-one horizontal communication channels that bypass political or business control of communication. Therefore, new avenues are open for autonomous processes of social and political mobilization that do not rely on formal politics and do not depend on their framing in the mass media.⁵

These communications can result in a “flash mob,” the seemingly spontaneous coming together of people in a public place to perform an act (such as freezing in place for a specified amount of time, dancing, singing, etc.) and then dispersing as quickly as they gathered.⁶ These mobilizations have occurred in countries all over the world, including Singapore, Canada, Ukraine, Sweden, South Africa, France, Australia, Japan, and Israel. Flash mobs are organized by individuals using peer-to-peer communications technologies (such as the Internet and cellphones), effectively bypassing traditional means of communication that are slower and more likely to be centrally controlled. While these mobilizations typically are conceptualized as apolitical pranks (albeit sometimes on a large scale involving thousands of people), they have also been seen as a new form of sociability that can inspire new forms of political protest.⁷

Whether flash mobs are a political statement, a marketing tool, or the mass mobilization of fun, the phenomenon results from the ability of large numbers of individuals to connect with each other; they engage each other and share information in an online public forum. Social network sites provide a quick and easy way to access information that is of relevance to the user. Groups created on social network sites for collective action can be frivolous (a simultaneous pillow fight in twenty-five cities around the globe) or very serious, such as the group One Million Voices Against FARC (Revolutionary Armed Forces of Colombia — People’s Army), which is dedicated to stopping the guerrilla group deemed responsible for holding 750 hostages in the jungle.⁸ Facebook groups have even been used to put pressure on Facebook.com itself to pursue a particular policy direction. For example, the Greenpeace International page, which claims to have mobilized four hundred thousand members in six weeks, wants Facebook to reverse its February 2010 decision to build a data centre in Oregon that is powered by coal, which environmentalists say is the dirtiest form of energy. Or, witness the growth of the group “Petition: Facebook, respect my privacy!” that gathered a hundred thousand members in just over a week. When combined with “tweets” and cellphone text messages, these pages provide a powerful “word of mouth” venue where like-minded people can gather in cyberspace.⁹

The use of social networking sites to disseminate information and mobilize international support is particularly significant in countries that use oppression to stifle dissent. In Myanmar (Burma), government forces brutally suppressed the so-called Saffron Revolution in 2007; this protest included the participation of Buddhist monks wearing their traditional saffron robes. While the Burmese government was successful in blocking access to the Internet within the country, it was unable to prevent activists outside the country from using the Facebook page “Support the Monks’ Protest in Burma” to mobilize the Global Action Day for Burma on 6 October 2007.¹⁰ The event “went viral” (that is, news of it circulated at an explosive rate), ultimately involving demonstrations in almost one hundred cities located in thirty countries. The site itself features posts from supporters around the world, including links to newspaper articles in their home countries and videos smuggled out of Burma.

A similar tale unfolded in Iran’s controversial presidential elections in June 2009. Some referred to this as the “Green Revolution” because of the opposition party’s use of green as its official colour, but many dubbed it the “Twitter Revolution.” Many Iranians disputed the legitimacy of this election, and attempts by the government of Iran to suppress dissent failed. This was largely due to the use of cellphones to send instant messages containing locations of protests and the use of social networking to post information, including videos taken from cellphones. A dramatic example of a cellphone video that galvanized support for the dissidents is one that shows a young woman dying after being shot in the heart. Neda Agha-Soltan had been caught in a traffic jam caused by a protest. At the time of her death, she was standing beside her music teacher on the side of the road watching events unfold.¹¹ Opposition forces claimed that a government Basij militia sniper killed Agha-Soltan. This gruesome video also went viral, quickly circulating on the Internet and appearing on news networks worldwide. In response to the proliferation of texts and images that discredited its regime, the Iranian government created a “cyber army” that went on the counterattack using the same tools as the dissidents. The cyber army sought to block opposition communications and to track down opposition members through their use of the web. In this particular conflict, control of the web was deemed critical by both sides.¹² The Iranian attempt to shut down social networking was emulated by Egypt in 2011 when it was dealing with its own internal strife.¹³ Control of the web means control of information, once again highlighting the importance of information access to governance.

The power of social networking sites to engage citizens in the political process is becoming increasingly important in liberal democratic nations as well. President Barack Obama’s 2008 campaign capitalized on the significant change in media consumption habits over the past decade, specifically the decline of TV and newspapers as a source of news for many Americans and the subsequent rise in importance of the Internet. His campaign made extensive use of social networking, including niche market pages targeting particular groups on Facebook, including women, gays, and students. Obama’s emphasis on organizing from the grassroots upward proved to be a natural fit with new peer-to-peer technologies that emphasize decentralized engagement. According to the Pew Internet and American Life Project nearly one-fifth of Internet users in 2008 posted comments on a blog, social networking site, website, or other online forums. The study also discovered that two-thirds of Americans between the ages of eighteen and twenty-four with a social networking account participated in some form of online political activity.¹⁴ Should these trends continue, one would expect that social networking will become critical in the dissemination of information and the engagement of citizens in the political process.

The preceding illustrates the tremendous effectiveness of online social networking for peer-to-peer communication and for allowing access to particular forms of information. In that sense, networking is an important new tool in the access-to-information toolkit. But social networking also poses huge challenges for the protection of personal information. Facebook has recently gained much bad press because of changes to the site that facilitate the tracking of user activities and the sharing of this information without express consent. While the site does have privacy controls, they are so complex that most users are easily thwarted from protecting their personal information, if they are even sophisticated enough in their understanding of the issues to be paying attention. Threats to privacy on Facebook were exposed as early as 2005; two students at MIT conducted a comprehensive study of the privacy implications of Facebook as a class project. At that time, Facebook was confined to post-secondary students. They astutely noted: “Privacy on Facebook is undermined by three principal factors: users disclose too much, Facebook does not take adequate steps to protect user privacy, and third parties are actively seeking out end-user information using Facebook.”¹⁵ These three issues are interconnected. While many users are very careful with respect to what they post, more still are not, forgetting that what they post is seen not just by the particular person to whom the post was directed, but also by everyone who is their Facebook friend. Moreover, if they have not set their privacy settings to limit who sees their accounts, their information could potentially be seen by anyone with an Internet connection.

Overexposure of personal information on Facebook takes many forms. Many users include their birthdate in their profile, as Facebook will then send a reminder to their friends to wish them a happy birthday. Yet a birthdate (including the year of birth) is a key piece of personal information that is very useful to identity thieves; if they can combine it with a name and a postal code, such thieves are able to compromise bank accounts and credit cards. Similarly, many users do not limit access to their Facebook photo albums. Posting photo albums is a very convenient way to share pictures with family and friends who may live anywhere in the world. The tag feature is a quick and easy way of alerting friends to photos that would be of interest to them. But most users are unaware that Facebook’s default for photo albums is “global”; anyone with access to a particular picture has access to the entire album. Access typically comes when a friend tags a person in a photo; the tagged photo is posted on the wall of the person who is tagged. Anyone who has access to the tagged person’s wall can simply click on the photo, and unless the privacy settings in the album have been changed from the global default, the other pictures in the album are also accessible. The ability of Facebook users to see information provided by their friends has become an invaluable way to connect, reconnect, and maintain and deepen relationships among people. But it also has the potential for exposing personal information to complete strangers and to others who might use it for nefarious purposes.

Sharing of information with strangers is not the only problem, however. A Facebook “friend” can refer to a whole range of relationships, including family members, friends in the traditional sense of the term, acquaintances, classmates, and colleagues. It can also refer to a person with whom a person shares a common interest — be it a hobby, a religious commitment, or a political belief. Profile pages can be useful for networking purposes, and events are easily organized through the creation of a page that can serve not only to provide information but also to issue invitations. Profile pages are also used by organizations for a multitude of purposes. A university program might post a page to market itself or encourage interaction among its students. A politician might maintain a page in order to get her message out to supporters. An environmental lobby group might use its page to alert members to upcoming events in their community. The possibilities are endless in terms of the types of profiles that can be created; information can be circulated easily and without cost beyond the small investment of time it takes to create the page. Given the many advantages with respect to information access, transparency, and fun, it is little wonder that the popularity of social networking tools has exploded.

But consider for a moment the the case where a college student drinks too much one night and the event is caught in a photo. The photo is posted to Facebook and tagged so that it shows up on the student’s profile page for all to see. The student might think that there is no problem — she is a new user and thus has a small circle of Facebook friends, only six in fact. Those six friends happened to be with her in the bar, so her cyberfriends are already aware that she had too much to drink that night. But the person who posted the picture has a far larger circle of Facebook friends (say, over two hundred), which might include the student’s employer, a professor, or her aunt. The photo appears in the poster’s news feed, making it accessible to her two hundred friends. To make matters worse, if the poster has not taken any of the steps necessary to limit access to the photo album from that night, a far greater number might have access to the photo. If the photo poster has tagged the other five friends who appear in photos in the same album, these photos will appear in the news feeds of not only the five tagged friends but also in the news feeds of all of their Facebook friends. Assuming the five friends have two hundred friends each (with no common friends), the tagged photos will be featured in the news feeds of an additional thousand people. Any of these people can click on the photo to gain access to the entire album, enabling them to view the action in the bar that Friday night. If they wish, they can download interesting photos to their desktops and send them to their contacts as email attachments. Moreover, if any of the picture poster’s friends post comments on the wall of the picture, their comments will appear on the news feeds of all of their friends. These friends will now have access to the photo album: if five of the poster’s friends comment on the wall of the photo and each of them has two hundred friends, another one thousand people will have access to the photos. As is often the case with the “friends of friends scenario,” if the poster’s two hundred friends, or the tagged friends’ one thousand friends, or the five commenters’ one thousand friends happen to include a someone who is also a Facebook friend of the college student’s mother (like the student’s aunt), the student might find herself explaining to her parents why she was photographed half-naked crouched over a toilet bowl. What boggles the mind even more is the realization that these numbers are based on users having two hundred Facebook friends; many young adults have double or triple that number.

It is not only college students, however, who are sometimes guilty of such indiscreet behaviour. Often unwittingly, parents follow suit. For example, many Facebook profiles feature photos of a new baby or young child posted by a proud mother, who tags a friend who happens to appear in the photo. The picture is just one of many in an album of photos that the mother has posted to her Facebook account; it hasn’t occurred to her to change the default privacy setting for photo albums. Many of the mother’s friends have already viewed the photo album and have posted comments on the mini-walls under the pictures, identifying not only the baby but other children who appear in the family photos. In addition, some posts mention the city in which the family lives or, for instance, the name of the elementary school that the baby’s older sister attends. The proud mother wants one of her friends to see the picture, and she happily tags the friend so that the picture will be posted to the friend’s wall. But does she really want the friends of her friend looking at the picture? Does she really want people she has never met downloading the picture simply by dragging the picture onto their computer desktop? And what if the friend allows global access to his or her account, allowing anyone with a Facebook account to see the picture and indeed the entire album? One challenge with privacy protection is that often people do not even realize that their privacy has been compromised.

The irony of this scene is that it is played out daily by parents who dutifully warn their children not to talk to strangers while walking down the street, who keep the family computer in a central location in order to monitor its use, and who block their children’s access to particular websites in order to keep them safe online. But many of these same parents think nothing of posting pictures of their children to an online environment, accompanied by revealing information that makes these children vulnerable to predators. More fundamentally, however, a picture of a child posted on a parent’s Facebook page immediately robs that child of a degree of personal autonomy. That is, a very young child does not consent to having his picture posted online; this choice is not his to make. Once the picture is posted it becomes the property of Facebook; even if the parent deletes the picture, the album, or even the entire account, Facebook retains the rights to that photo. As such, the child will never regain control of his image and must live with the lifetime consequences of his parents giving away his information when he was a minor. Those who have access to the photo can easily download it. As the default for photo albums is “everyone,” many parents are in fact sharing this photo with anyone who has an Internet connection; it can be used for whatever purpose the downloader decides is appropriate. Obviously if the downloaders happen to be pedophiles, their definition of what is “appropriate” may not align with the person whose image they now have in their possession.

Online communities constitute another form of engagement: they provide social and political outlets that were not possible before the invention of the Internet. They also allow for new forms of political and social engagement that are not subject to control by gatekeepers who exercise power in a vertical, top-down fashion. The interests of the user determine who users interact with. But the very power of peer-to-peer relationships should give pause to those engaged in them, as sometimes this engagement comes at great expense to personal privacy. This is not to say that an individual should avoid participating in social networking activities, only that the individual should consciously choose what personal information to reveal to the world. Though individuals might not realize it, through the release of this information the individual is creating a digital identity that once formed can be difficult to change.

DIGITAL IDENTITIES, THE COMMODIFICATION OF PERSONALITY, AND THE BACKLASH

Social networking involves the creation of an online identity that is accessible to a variety of people for a variety of purposes. Users create online identities for the purposes of meeting others with similar interests, for dating or companionship, for sexual encounters, or for professional promotion. The types of information posted on these sites will vary according to the purpose of the poster and will be used according to the needs of those who access it: the wealth of information on these sites is an extremely valuable commodity for companies to use for marketing purposes, for law enforcement agencies, and for others. Few people who post information on these sites read the “terms and agreement” section of the sign-up page, nor do they read the site’s privacy policy. Thus they remain ignorant of how social networking sites use their data. In addition, they may not have put much thought into which users should have access to their digital identity and what the negative aspects are of losing control of this identity.

Studies indicate that men and women use social networking sites differently. Women typically use social networks to share personal information, discuss day-to-day activities, and to deepen relationships, while men use them to promote themselves and to share ideas for the purpose of self-advancement. Women are more likely to feel vulnerable to stalkers and abusive ex-partners, and, predictably, studies indicate that women are more concerned than men about how personal information might be used in ways that compromise their safety. In other words, they are generally more risk-averse.¹⁶ Facebook’s recent trouble with its privacy policy has led to the assertion that “Facebook Is a Feminist Issue.” As one writer pointed out on the Geek Feminism Blog, unless you run your own server, using social media requires you to store personal information on someone else’s server.¹⁷ The owner of that server determines how your information will be used. By extension, the owner of that server also has control over that part of your digital identity that is stored on the server. As mentioned previously, anything posted on Facebook becomes the property of Facebook, whether or not the user deletes it from her account. Thus the issue of control of a person’s digital identity is not one that is limited to the “now” but extends indefinitely into the future.

New Facebook procedures and changes to its privacy policy have provoked a huge backlash among users. Initially, the site allowed access to a user’s information only to members of groups specified by the user. Over the years, however, Facebook has incrementally chipped away at privacy. Defaults that were initially set as “friends only” were changed to “everyone,” the option to keep certain information private was taken away, and user-controlled privacy settings became increasingly complex and difficult to use. Whenever privacy changes provoked user anger, Facebook acknowledged the dissatisfaction by restoring privacy, but never quite to the same level as it had been previously. This reflects a growing trend toward the commodification of identity for profit. Personal information is a valuable resource that, when sold to advertisers, can generate unimaginable profit for those who control the information. As one technology blogger lamented:

What we are seeing now is a result of the commodification of personality which, in late capitalism, creates value for corporates. We are all unpaid labourers in the social media industry, whose lives are fodder for the accumulation of capital. Facebook profits from our sociality.¹⁸

What this blogger does not mention is that the social network’s unpaid labourers give up their information willingly, even enthusiastically. With almost half a billion users in 2010 providing a virtually limitless source of information, it is worth contemplating that when Facebook CEO Mark Zuckerberg was asked in 2003 why fellow Harvard students would willingly send him four thousand emails, pictures, address, and Social Security numbers, he allegedly responded in an instant message session: “I don’t know why. They ‘trust me.’ Dumb f**cks.”¹⁹ Facebook does not deny the authenticity of this widely reported exchange, which was reputedly leaked by a Silicon Valley insider. Zuckerberg has been heavily criticized for his cavalier attitude. If Zuckerberg did in fact say this, it would seem that Facebook’s CEO is a typical digital native — one who, now in a professional position, may wish he had exercised more discretion when using instant messaging technologies at the age of nineteen.

The commodification of information is particularly noticeable with Facebook applications that allow third party access to the personal information of the user. Applications, or “apps,” are installed by the user and take the form of quizzes, games, polls, booklists, friend and car pool organizers — the list is endless. Games such as Zynga’s “Farmville” and “Mafia Wars” are big business: the company boasts 235 million monthly active gamers and 65 million daily gamers.²⁰ Facebook provides the platform to play the Zynga game. In May 2010, Zynga and Facebook announced a five-year “strategic partnership” that would see gamers able to use Facebook credits in Zynga games. While games can be played for free, progress in the game depends on virtual money that is either earned through the user’s activity in the game or purchased with a credit card. Acquiring virtual money is where gamers expose themselves to risk — they may find that the survey they took to win currency subscribes them (for a monthly fee) to a horoscope service, or they may find that accepting a gift or responding to a request exposes them to hackers or viruses.²¹ But most unsettling for those who wish to maintain control over their personal privacy is that when a user installs applications, Facebook allows the same access rights that the user set for other users accessing his account. If these access rights were left at the “everyone” default, the user gives the applications access to all of his personal information. As of spring 2010, Facebook’s privacy policy was almost 6,000 words long and users needed to look at 50 different settings and chose among 170 options to change Facebook’s latest default settings. Users can control what data an application can access, but it is a complicated task and for the vast majority of users is not easily accomplished. Moreover, many users do not realize that Facebook has changed its privacy settings, or if they do, they may not fully grasp the implications of the change.

What is particularly troubling, however, is that Facebook gives applications access to the gamer’s friends’ information as well. So, while a particular user might not expose his information by using Facebook applications, he must also set his privacy settings to prohibit the sharing of his information with applications. If he does not do this, his friends who take quizzes, sign up for polls, and play online games put his information at risk. Many Facebook users complained when the news feed was introduced because it broadcast their network activities to all of their friends; some did not wish to have their activities tracked and publicized. Later, users began to object to the large volume of information they were receiving in their news feeds from their friends who are heavy users of applications. Users’ broadcasted activities include things such as progress on various games or the results of the quiz they just took. The constant updates are not only a source of irritation, they also leave the friend of the heavy user wondering if the gamer/quiz taker has larger problems that are morphing into social networking addiction issues. One advantage of the news feed, however, is that it provides information as to which of a user’s friends most frequently engages in activities that could compromise a user’s online privacy.

In April 2010, Facebook created Community Pages, which are devoted to a particular activity as opposed to being connected to a particular organization. Users can create their own community pages; however, Facebook created the vast majority of these pages using Wikipedia entries as placeholders. Fields in user profiles are automatically linked to these community pages. So, for example, many users include in their profiles their hometowns, current city, schools attended, employers, and interests. These are automatically linked to the associated community page and the user will be listed on this page as liking the organization, activity, or place. Facebook states that the goal of the community pages “is to make them the best collection of shared knowledge on a topic.”²² But what this means for many users is that, unbeknownst to them, they may be listed as “liking” a community page that they did not know existed because they listed an interest on their profiles. One telling example of this is the honour roll high school student whose parents are worried about the amount of time he spends playing video games. Poking fun at his parents’ concern, the student lists “And Play Video Games, I’m a Terrible Person” under “interests” on Facebook. The student is listed as liking the community page “And Play Video Games.” The student might not object to this, as he does indeed enjoy playing video games. But he probably would not like the fact that he is also listed (along with his profile photo) as liking the community group “I’m a Terrible Person,” which features a news feed of status updates from a variety of people who appear to have problems with depression. Here again, the changes that Facebook made to its layout and to its privacy policy are not well understood, despite the vociferous backlash that erupted prompting well-known technology luminaries to delete their accounts.

The development and linking of community pages to user profiles reflects a trend toward privacy erosion that has been consistent since Facebook’s inception. In 2005, Facebook assured users that their personal information would be available only to those users belonging to specified groups. The following year, the default of “specified groups” changed to users’ schools, local area, and other “reasonable” communities. The next year, a specified group was expanded to a network that included “friends of friends.” By 2009, the default had shifted from privacy to access. In the words of Facebook, the “everyone” default was designed

to make it easy for you to share your information with anyone you want. Information set to “everyone” is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations.²³

The following month, Facebook announced that certain categories of information (such as name, gender, geographic location, and fan pages) would be made publicly available and as such would not be subject to privacy settings. Additionally, it announced that user information would be shared with selected third parties. This culminated in the 2010 announcement that various bits of information contained on a user’s profile would be transformed into “connections” to community pages, as would clicking the “like” button on a webpage, thus causing it to appear on the news feeds of the user’s friends.²⁴

The uproar over Facebook’s privacy policy prompted US senators to petition the Federal Trade Commission to provide guidelines for social networking sites. According to a press release from the office of Senator Charles E. Schumer, the appeal to the FTC followed reports that

Facebook has decided to provide user data to select third party websites and has begun sharing personal profile information that users previously had the ability to restrict access to. These recent changes by Facebook fundamentally change the relationship between the user and the social networking site. . . . And there is little guidance on what social networking sites can and cannot do and what disclosures are necessary to consumers.²⁵

The senators’ intervention followed a complaint about Face-book’s privacy policy to the Federal Trade Commission by ten organizations concerned about online privacy, including the Electronic Privacy Information Center, the Electronic Frontier Foundation, and the American Civil Liberties Union.

The senators were not the first to complain about Face-book’s privacy policies; in fact, the United States is a latecomer to the party. In August 2009, the Canadian Internet Policy and Public Interest Clinic made a detailed complaint to Canada’s privacy commissioner concerning Facebook’s complex and convoluted privacy policies that spoke to issues of data retention, security safeguards, and whether users were provided with sufficient information to give informed consent. After conducting an investigation, the commissioner dismissed some parts of the complaint, but did find Facebook to be in contravention of Canadian privacy law:

Facebook did not have adequate safeguards in place to prevent unauthorized access by application developers to users’ personal information, and furthermore was not doing enough to ensure that meaningful consent was obtained from individuals for the disclosure of their personal information to application developers.²⁶

The commissioner proposed corrective measures, and in August 2009 the investigating officer for the case reported:

Facebook is promising to make significant technological changes to address the issue we felt was the biggest risk for users — the relatively free flow of personal information to more than one million application developers around the world. . . . Application developers have had virtually unrestricted access to Facebook users’ personal information. The changes Facebook plans to introduce will allow users to control the types of personal information that applications can access.²⁷

Six months later, the privacy commissioner was investigating the privacy implications of Facebook’s introduction of Community Pages because of another complaint.

On 21 April 2009, Mark Zuckerberg once again raised eyebrows when he stated at the F8 Developer Conference that Facebook is “building a Web where the default is social.” As one technology commentator observed: “To our ears, that sounds like ‘a Web where exposure is the norm.’”²⁸ The following month, the Article 29 Data Protection Working Group (comprised of the European Union’s data protection agencies) sent a letter to Facebook that said: “It is unacceptable that the company fundamentally changed the default settings on its social-networking platform to the detriment of a user.” The group sent similar letters to twenty other social networking sites that are signatories to the “Safer Networking Principles for the EU.” In its letters, the group emphasized the importance of gaining the explicit consent of social networking users before sharing their information with search engines or with third-party application developers. The Canadian privacy commissioner also waded into the fray, openly musing about a fresh Facebook investigation. A spokesperson for her office complained, “Although they’ve done some things right, in a few areas, they seem to have gone in the opposite direction and that’s been disappointing.” These events led a Canadian research chair in Internet and e-commerce law to observe in 2010: “This is getting ugly. Facebook badly overreached last December and they have been very slow to respond to the mounting criticism. I think we will see regulatory and court actions in multiple jurisdictions by the end of the year.”²⁹

At the outset of this discussion, it was observed that few social network users understand the implications of a poorly managed digital identity. This is understandable given the complexity of the privacy policies of social networking sites like Facebook. It is even more understandable given that a Facebook account is only one component of a person’s digital identity. This identity is comprised of a multitude of other components that are created every time a consumer buys something online, blogs, tweets, or posts a comment on a discussion board. These data can be matched with other data, creating a composite picture of a person. The question for privacy advocates is: How and by whom should this identity be controlled?

THE FUTURE OF FACEBOOK

The jury is still out with respect to how Facebook will respond to its critics. It is also anyone’s guess as to whether or not Facebook users will “vote with their feet” by quitting the site altogether. To this end, two Canadians started a website “quitfacebook.com” wherein users commit to deleting their accounts on 31 May 2010. In less than a month, the group reported over twenty thousand members. This number is a fraction of the almost half a billion Facebook users, but the speed with which the twenty thousand users were mobilized once again demonstrates the ability of the Internet to connect people with issues. In its May 2010 survey of visitors to its site, the UK-based security firm Sophos reported that 60 percent claimed that they were considering quitting Face-book because of privacy concerns. By its own admission, the Sophos poll is biased toward those who already are sensitized to privacy and security issues by virtue of the fact that they were visiting the Sophos website. Nonetheless, even those who work at Sophos seemed surprised by the results. One of its senior technology consultants opined:

I think for people who work in the IT security field, it’s becoming harder and harder to justify being on Face-book. . . . The number of privacy problems are making more people realize that it may not be where they want to be. Of course, some people may simply reduce the amount of data that they publish on the site rather than quit. The average guy on the street, meanwhile, will probably need a bigger push to quit the site.³⁰

While it is impossible to know how many people will eventually quit the social networking site, in May 2010 Google Canada reported that the most widely used search term in relation to Facebook was “delete account.” Statistics from Google also showed that, internationally, the number of users looking for information regarding deleting their accounts had jumped by 3.6 million in the space of only three days.³¹ Given that Facebook and Google are in a pitched battle for dominance of the web (with hits to Facebook surpassing those to Google for the first time in March 2010), one might question the accuracy of these numbers, given that Google produces them. As was noted in the previous chapter, Google is also in the spotlight with its own privacy scandal after it was discovered that the cameras collecting pictures for Google Street View were accidently collecting personal data from unsecured home WiFi networks as well. Presumably, then, any opportunity for Google to divert attention to the privacy woes of another major online service provider would be welcome. That said, there is no doubt that in the spring of 2010 the web was abuzz with chatter about alternatives to Facebook such as Diaspora, an open-source personal web server.

What one is left to conclude from this brief overview of Facebook is that online communications are profoundly changing not only the way in which we communicate but also the value of personal identity. Peer-to-peer communication places a premium on personal autonomy — it allows users to communicate independently and to form and re-form messages according to users’ perceptions and values. This breaks down hierarchy by allowing a bottom-up construction of social and political reality, as opposed to relying on traditional sources of news where power is concentrated at the top and communication is disseminated downward. As Manuel Castells notes: “The wide availability of individually controlled wireless communication effectively bypasses the mass-media system as a source of information, and creates a new form of public space.”³² These observations are equally applicable to social networking.

New public spaces are increasingly virtual; they are places where like-minded individuals from all over the globe can meet, communicate, and strategize. As such, social networking provides an important tool for accessing the information that is so critically important to democratization efforts. The ability to mobilize large numbers of people quickly has been demonstrated in a variety of jurisdictions; these mobilizations have even been successful in countries where repressive regimes have gone to great lengths to block communication through social networking. One only needs to look at Burma, Iran, and Egypt for evidence of the difficulties encountered by centralized authorities in trying to stifle the dissemination of information by individuals to a global audience using peer-to-peer technologies. The election of President Obama also illustrates the utility of using peer-to-peer technologies for grassroots mobilization in support of a politician.

Like the medical information and surveillance technologies that were discussed in previous chapters, social networking presents serious challenges for the protection of information privacy. In the case of social networking, the problem is compounded by the fact that the organizations gathering the information are in the private sector, and as such, this information (and indeed, personal identity) is an important commodity that is worth a substantial sum of money. Moreover, social networking is such a new phenomenon that the average person really does not understand the implications of its use for personal autonomy. Nor do most individuals understand how their information can be used for profit or for fraudulent purposes. Even individuals who understand the complex issues around privacy are hard pressed to exercise their freedom to quit using social networking tools. As James Grimmelmann notes:

Facebook provides users with a forum in which they can craft social identities, forge reciprocal relationships, and accumulate social capital. These are important, even primal, human desires, whose immediacy can trigger systematic biases in the mechanisms that people use to evaluate privacy risks.³³

Moreover, more and more individuals and organizations are using tools like Facebook as the communicative vehicle of choice. In the very near future, deleting a Facebook account may become akin to committing social and professional suicide — with consequences similar to those for the North American family that chooses to possess neither land lines nor cellphones. A generous view of this family would categorize the parents as anti-social; a less generous view would claim that the parents are behaving irresponsibly in voluntarily cutting themselves and their children off from the rest of the world.

If it is indeed true that social networks represent “public space” then very careful consideration needs to be given to who controls that public space and how the power within that space is exercised. Returning to the central theme of this book, the essential questions become: What should the balance be between the right to privacy versus the right to access personal information? Is social networking sufficiently important to both personal autonomy and to larger society that it should not be left entirely up to either market forces or individual choice? Is there a place for government intervention or even control of social networking sites? If this is the case, what limits should be put on public intervention?