Schneier on the Facebook Riots

Thoughtful article by Brice Schneier in Wired News

As the Facebook example illustrates, privacy is much more complex. It’s about who you choose to disclose information to, how, and for what purpose. And the key word there is “choose.” People are willing to share all sorts of information, as long as they are in control.

When Facebook unilaterally changed the rules about how personal information was revealed, it reminded people that they weren’t in control. Its 9 million members put their personal information on the site based on a set of rules about how that information would be used. It’s no wonder those members — high school and college kids who traditionally don’t care much about their own privacy — felt violated when Facebook changed the rules.

Unfortunately, Facebook can change the rules whenever it wants. Its Privacy Policy is 2,800 words long, and ends with a notice that it can change at any time. How many members ever read that policy, let alone read it regularly and check for changes?

Not that a Privacy Policy is the same as a contract. Legally, Facebook owns all data that members upload to the site. It can sell the data to advertisers, marketers and data brokers. (Note: There is no evidence that Facebook does any of this.) It can allow the police to search its databases upon request. It can add new features that change who can access what personal data, and how.

But public perception is important. The lesson here for Facebook and other companies — for Google and MySpace and AOL and everyone else who hosts our e-mails and webpages and chat sessions — is that people believe they own their data. Even though the user agreement might technically give companies the right to sell the data, change the access rules to that data or otherwise own that data, we — the users — believe otherwise. And when we who are affected by those actions start expressing our views — watch out.

Hmmm… I’ve been looking at the Facebook privacy statement and it seems to me to be more reasonable that I had expected from reading Schneier’s piece. Also — unusually — it is written in plain English rather than legalese.

Nevertheless, I agree with Schneier’s general conclusion:

The lesson for Facebook members might be even more jarring: If they think they have control over their data, they’re only deluding themselves. They can rebel against Facebook for changing the rules, but the rules have changed, regardless of what the company does.

Whenever you put data on a computer, you lose some control over it. And when you put it on the internet, you lose a lot of control over it. News Feeds brought Facebook members face to face with the full implications of putting their personal information on Facebook.