Stolen Data About India, The United Nations, and The Dalai Lama Traced To China
Brokerage Fined For Data Breach

What Would Thomas Jefferson Do With Facebook?

[Editor's Note: Today's blog post is by guest author R. Michelle Green, the Principal for her company, Client Solutions. She is a combination geek girl, personal organizer, and career coach. She has studied what makes some individuals embrace or avoid information technology. (She’s definitely one of the former.) Michelle helps others improve their use of technology in their personal or professional life. Here's her take on privacy policy changes underway at Facebook.]

By R. Michelle Green

While pundits and politicos often mention Thomas Jefferson’s contributions to politics (or to Hemmings), I had to see the HBO series on John Adams to learn that he was an avid correspondent. More than 150 letters between the two presidents have provided historians with fascinating insight into life and politics during America’s infancy.

If Jefferson were alive today, would he share those thoughts with hundreds of Facebook friends (and their friends)? Or would he reserve his musings for Adams alone, friends so close even death could not part them for long? Regardless of his decision, I’ll bet all of Jefferson’s marbles that he would have made the decision knowledgeably, not by default – an informed population could appropriately protect its rights and monitor its government. Will informed decision-making be enough when it comes to Facebook (FB) and the like?

I like FB, but I’m no power user. I typically don’t stay logged on more than an hour or so, and I might actually post a status update twice a month. I don’t play the games, I don’t buy things, I don’t use the invite features or the birthday greetings – you see where I’m going here. On the other hand, I am old enough and gregarious enough to have many sets of FB friends: from lifetime buddies to people who don’t know my first name. Past employees, maybe future bosses and clients are on FB with me. So FB’s structure, rules and organization are relevant to me.

I know there’s data out there with my name on it under scrutiny somewhere, whether I like it or not. People who rail about privacy losses or who expect someone to sort it all out have missed the point. Unless you and your bicycle are willing to go cash only and crash at your friends’ houses forever, you’re leaving a data trail. The best you can do is be forearmed and knowledgeable.

Reading the documents made me more aware of the scope of FB operations. Developers, applications, business pages, fan pages, mobile devices, Facebook connect partners – there are a great many all coming to this one entity to gorge themselves at the data trough. Understanding your relationship to this and other giant aggregators of data and connections is IMHO per se important, whether your definition of privacy connotes concerns for secrecy or the ability to control.

Facebook has recently proposed changes to two major governing documents: their Privacy rules, and their Statement of Rights and Responsibilities (SRR -- formerly Terms of Use). If you plan to read them all, ratchet up the font size, find a comfy chair and get your favorite caffeine hit before you start. The best place to look at existing, proposed and marked up documents is here, a link conveniently provided in a summary of key changes by FB Deputy General Counsel Michael Richter.

I make no claims on thoroughness – these are things that I noticed or found interesting. You may want to check yourself to see how FB relates to you, particularly if you are a developer, a frequent app user, a FB page administrator, or a mobile user.  I am currently none of those things, and possibly (probably?) nodded off reading those paragraphs.

I found some of FB’s changes to be simply blunter expressions of their original statement. With your privacy settings, for example, the new text makes it clear that ‘everyone’ means the set of all people who use the net – FB users and non-users. At your request, FB will delete questionable content that had been marked ‘everyone.’ FB has no control over the search engines that have likely indexed and cached that content, however. And while you can delete a post you make, you can’t delete a message you send.

The Facebook Connect process was new to me, though I had begun to see its presence on pages I visit. It permits you to register for a site using your FB credentials, ‘freeing’ you from the drudgery of establishing a new profile and password. In payment for that freedom, you gave that site access to “General Information” about you, defined by FB as, "you and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting.” Under the right circumstances, you’ll also be sharing your and your friends’ location or age. And if you post content from that site to FB, its privacy settings, not yours, are in play.

This is also true with mobile devices. When you post to FB from your smartphone, that device’s privacy settings are in play, not yours. Where are those settings? Are they in the phone, or on the SIM card? Inquiring minds would want to know. One of the new paragraphs in the SRR targets mobile users, saying, “You provide all rights necessary to enable users to sync their contact lists with any basic information and contact information that is visible to them on FB, as well as your name and profile picture.” And don’t forget communication is two-way: I can have def con 1 privacy settings, but if I post to your wall, my post is now governed by your privacy settings.

So let’s play out a scenario. I have multiple e-mail accounts, many if not most of us do. Maybe I have an ‘anonymous’ e-mail account that I used several years ago to contact you. Maybe you put it in an address book and labeled it with my name. You used Friend Finder when you first joined FB, so FB harvested your address book for contacts. And you’re a busy guy, so you haven’t done the work to change the default privacy settings on your FB account. FB has your permission to send out an invitation to yet a third party, who might know my friend, adding that you might also know these other people. Now my profile picture is associated with my anonymous e-mail address, and I - never - even - know.

It is still puzzling the ways information associated with me behaves. It’s one of those things where the more you know, the more you don’t know. I found an interesting FB page called my invite history: “See your entire history of invitations, including who has joined because of you.” Go to "Invite Your Friends" and look for the "View All History" link to the right. I did not knowingly make some of those requests. Most names or email addresses I recognized, some I do not. Meanwhile the list erroneously showed some current FB friends as not on the network. I found that FB will let me delete my name from future invite suggestions, though I don’t know how well or quickly it will work.

Despite the comments above, I am impressed with the public lengths FB has gone to establish positive relationships with its member base. It speaks to Facebook’s understanding of privacy as control. If you want to voice your opinions on the running of the platform, you can become a fan of the Facebook governance page. As a fan, you will receive notices of changes to governing documents. I liked the redline documents best – this shows the original text and the altered text of the SRR in a PDF with changes highlighted. If a suggested change gets more than 7,000 comments, FB will offer alternatives that users can vote on. If 30% or more of registered users vote, the vote’s result will be binding on the company.

That’s a hell of an approach for a corporation, particularly a privately-held company. The cynic in me that wants to call this hype still recognizes it’s pretty damn substantive hype. It does give Facebook leave to say, however, that whatever happens to your data depends on you, the enlightened citizenry of the Facebook Republic.

© 2010 R. Michelle Green. Reprinted with permission.


Feed You can follow this conversation by subscribing to the comment feed for this post.

The comments to this entry are closed.