Facebook is at it again: Here are our new privacy settings. Trust us, we will take care of you.
After its privacy practices have been roundly criticized by the New York Times, a chorus of users, Silicon Valley insiders and privacy advocates, Facebook doubles down its privacy bet with Open Graph, their new service that makes it possible to share your profile and friends with any website, anywhere, anytime. Forget the prior privacy fiasco of their Beacon service -- boy, do we have a deal for you! By clicking on the "Like" button, you can let your world -- and a zillion marketers know -- what you like. It is "open" so that means it should be good, like in "open source," what the good guys do to make software a transparent public good. Right?
Hardly. This is a company that does not have your best interest at heart, despite what CEO Mark Zuckerberg said in his recent PR-laced op-ed. Not that sharing information and connecting with online "friends" is not a good thing. But the way Facebook does it has a price: your privacy. The Faustian bargain is simple: You relinquish any effective control over your personal information, and hence your digital life and identity, and in turn, you can do all these cool things.
Privacy-shmivacy. "Who cares?" says CEO Mark of Facebook and CEO Eric of Google. Trust us. To paraphrase Google's Eric Schmidt, if you don't trust us, then you were probably doing something you shouldn't. We want all the information we can get from you because that is how we make our billions. Just let go and go with the flow. Don't be anti-social. This is social media. Be social. SHARE.
But who can blame them. It is a simple matter of THE BUSINESS MODEL. This is how they make money -- selling information about you to "advertisers." Who would want to deny Silicon Valley entrepreneurs their natural right to make as much money as fast as they can?
But there really is a problem. It is the Goldman Sach's problem, so exquisitely played out in the morality tale of their fateful congressional testimony last April. You couldn't script it any better with the Fabulous French Fab and a CEO and CFO so embedded in their bubble of self-interest and self-importance that they make Marie Antoinette look like a social worker.
It is the business model, stupid. The more we know about you and the less you, our customer/client, knows about us, the more money we make. We "short" our customer because we are betting that they aren't savvy enough to protect their own interests; the client, the user, is not so much a customer, as a "mark." Goldman says they have "sophisticated" customers who know the risks. Yeah, state pension fund employees and fund manages that get paid a fraction of their salaries with a fraction of their analytic resources, data, and street smarts.
The same asymmetry of information exists in the social media space. According to a Pew poll, 23% of Facebook users don't even know about privacy settings -- period. What about the Power Users of social media? Well, there is no better exemplar of the informed, seasoned, savvy Power User than Andrew McLaughlin, current Deputy Technology Officer of the USA, former Head of Global Policy and Government Affairs at Google, Yale Law School grad, and former Senior Fellow at Harvard's Berkman Center for Internet and Society. (Full disclosure that is also where I reside as well.) McLaughlin got himself in deep, deep water when he exposed his trusted Gmail account to Google's "revolutionary" service, Buzz, designed to enable many of the same great things that Open Graph promised. Out leaked his contact list to the world at large, and more specifically, to eager Republican watchdogs such as RedState.com, who gleefully raised all sorts of embarrassing questions about whether McLaughlin was using his Gmail account for White House business and whether he was inappropriately communicating with his old Google colleagues. Cries were made for full disclosure, invocation of the Freedom of Information Act, comparisons made to Dick Cheney's protected list of White House visitors. If McLaughlin had it to do over again, I doubt he would have clicked on Buzz. But there are no do overs -- what is out is out. And that is the point of privacy leakages. When damage is done, it cannot be undone. And if an Andrew McLaughlin can be tricked and trapped, there really is no hope for the rest of us.
The issue is not with social media. Social media is great and here to stay. Moreover, when it goes mobile, it will only get more powerful and more useful. But it also could become easily Orwellian through the exploitation of personal information. It could become a means for total surveillance where the costs and impacts of today's breaches are a trifle by comparison. Think medical information, DNA, all financial and commercial transactions, what you do, where you are, and whom you talk to every minute of the day.
The problem is that information marketing companies should not be like some banks and the credit card companies that make money by tricking and trapping, obfuscation, and betting against their "customers" under the guise of acting in their interest. This is not to say that information marketing companies should not make money off of social media and customer data. They should. Indeed, by providing the proper safeguards, checks and balances, more money can be made off of sensitive data, because it will be trusted and more readily shared and relied upon.
What is needed is a kind of Glass Steagall Act for the collection, use, storage and sale of personal data, which prohibits those banks entrusted to safeguard commercial accounts from also trading in those accounts. Fortunately, the FTC, the White House, FCC, GSA, and DoD, and several credit service providers, telecom carriers, and others are showing more foresight in appreciating the importance of user control and the commercial value of trust and privacy than many financial service and social media companies. But even with their efforts, technology, the market and the money are moving faster than they are.
Now is the time to get the rules of the road right so that is possible to both protect and share valuable and sensitive information. This does NOT require government micro-regulation, but it does require SOME thoughtful regulation, principles and architectures that create the right checks and balances and the incentives to reward a race to the top rather than one to the bottom. One can look to the new White House National Strategy for Secure Online Transactions currently under development as the beginning of a new privacy framework that thoughtfully tries to resolve the paradox of having both privacy and sharing in a way that is cognizant of current technology trends and new business models to advance rather than undermine the public interest.
John Henry Clippinger is co-director of The Law Lab, Berkman Center for Internet & Society at Harvard University and author of A Crowd of One: The Future of Individual Identity