Snitchgate developments

Since I wrote my Snitchgate Blog, things seem to have been moving forward. First of all, I’d like to thank all the people who have read the blog, liked it, reblogged it and commented on it – the fact that there have now been in excess of 125,000 hits on the blog is wonderful, and I can’t help thinking that it must have contributed to the impact.

Yesterday, the story was taken up by the excellent Kashmir Hill (@kashhill) in her blog for Forbes, The Not-So Private Parts. Kashmir got a quotes from Facebook spokesperson Fred Wolens, who admitted that this has been going on – so Snitchgate was definitely real – but suggested first of all that it was for a very limited period and secondly that it was not being used for enforcement purposes. As he put it:

“This was a limited survey we have already concluded… …We are always looking to gauge how people use Facebook and represent themselves to better design our product and systems. We analysed these surveys only using aggregate data and responses had zero impact on any user’s account.”

The suggestion, therefore, is that it wasn’t being used to actually verify real names – or to find users whose names were fake – but just as a survey of people’s behaviour. Kashmir wasn’t entirely convinced – and neither am I. It’s also notable that though Wolens said the survey had already ‘concluded’, he didn’t say that similar tactics wouldn’t be used again. I hope, however, that Facebook were at least partially put off by the publicity – and analysis – that their tactics generated. The way that interest in my blog in particular took off demonstrated to me that there’s a huge amount of concern about this issue – and not just from the ‘usual suspects’ of privacy advocacy.

This morning, the story even made its way into the mainstream – Daily Telegraph blogger Mic Wright (@brokenbottleboy) “Facebook snoopers and the rise of the social network Stasi” starts with a discussion of the snitching issue. It comes at a time when Facebook are under increasing pressure. ‘Bad news’ stories seem to just keep emerging, from the forced abandonment of facial recognition systems in Europe after pressure from the Irish Data Commissioner to the panic over what users believed were private messages suddenly appearing on their walls – and the deep concern over an ad tracking system that will “track whether people who see ads for products on the social networking site actually go out and purchase them in stores”.

Matching the pressure from these ‘bad news’ stories is the need for Facebook to make money, with the stock price still mired… so what can and what will happen? If Facebook continues to push the envelope on privacy, more of these stories will emerge, and there will be more of a reaction – and Facebook will look more and more like the ‘bad guys’, perhaps even starting to lose customers. If that happens, the stock will fall still further.

So what can Facebook do? That’s the real challenge, and I’m not sure Facebook is really up to it. They need to find a way to re-cast their service as a ‘privacy-friendly’ service – but that can’t just be a ‘rebranding’, because the internet has a way of uncovering these things, as the speed with which the Snitchgate story went from being a few tweets to being mainstream news has shown. They need not just to change how they describe what they do, but to change what they actually do – and that’s not in any way easy, either in terms of what might loosely be called the ‘Facebook mindset’, or in terms of building a business model that both makes money and respects privacy. Can it be done? I really don’t know.

Of course in writing this blog I’m being highly optimistic – what’s far more likely to happen is that Facebook will simply ignore all of this and plough on regardless, finding more and more ways to invade our privacy and use our personal information. If so, however, people like me – and most of those who’ve visited this blog over the last few days – will keep on talking, writing, tweeting and blogging about it, and do our very best to be heard. I hope we’ll succeed!

Facebook: snitchgate!

A story about Facebook went around twitter last night that provoked quite a reaction in privacy advocates like me: Facebook, it seems, is experimenting with getting people to ‘snitch’ on any of their friends who don’t use their real names. Take a look at this:

Facebook has had a ‘real names’ policy for a while: this is what their ‘Help Center’ says on the subject:

People in my field have known about this for a long time – it’s been the cause of a few ‘high profile’ events such as when Salman Rushdie had his account suspended because they didn’t believe that he was who he said he was – but few people had taken it very seriously for anyone other than the famous. Everyone knows ‘fake’ names and ‘fake’ accounts – my sister’s dog has a Facebook account – so few believed that Facebook was going to bother enforcing it, except for obvious trolls and so forth. Now, however, that appears to be changing.

Initially, I wondered if this was just a fake – the screenshot could easily have been faked – but there seems now to have been confirmation. It has been covered in the TMP Idea Lab (here), where they say that Facebook has confirmed that they are doing it, and the German online magazine Heise Online (here, in German) where they report that it is a ‘limited test’. Given that this kind of a test fits in with the official strategy, it seems likely that it is indeed true.

So what’s wrong?

There are lots of argument against the whole ‘real names’ policy to start with – it was a trigger for the ‘nymwars’. Many people can only really function online with the ability to remain pseudonymous, from bloggers like Nightjack to whistleblowers, from victims of abuse to people living in oppressive regimes. When their pseudonymity is ‘broken’, the result can be catastrophic – when Nightjack’s cover was blown, his blog ceased to exist and a valuable and entertaining source of information was lost. Mexican bloggers have suffered much worse – a number have lost their lives in the most gruesome way when the drugs cartels have been able to find them. The link between the ‘online’ and the ‘offline’ personality is one that can often need to be protected. When the ‘real names’ policy is enforced, protecting that link becomes much, much harder.

This, of course, is Facebook, which is just one service, rather than the net as a whole – but it’s a crucial service, with close to a billion users around the world, pretty close to ubiquitous. And, just as importantly, where Facebook leads, other services can and do follow. If the ‘real names’ policy becomes accepted on Facebook, it may become the norm. For some people, that sounds like a good thing – catching paedophiles and terrorists, making sure children don’t get access to ‘inappropriate material’ and so forth – but the reality is very different. The real ‘bad guys’ will find a way around the system – as so often, it will almost certainly be the innocent that get caught up in the messes.

Snitching

What’s worse, the whole idea of snitching is highly dodgy. There’s a good reason that ‘telling tales’ is looked down on – and a good reason why it’s generally only been oppressive regimes (both real and fictional) that have encouraged people to report on their neighbours – from the worst of the Roman Emperors such as Tiberius and Caligula to the KGB, the Stasi and so forth. It’s creepy – and it helps build at atmosphere of distrust, breaking down the very things that make social networks good. The social relationships that are the heart of Facebook are meant to do ‘good’ things – not be a route by which bad things are spread.

Taking it a step further, look at the nature of the questionnaire. You’re being asked to report on a ‘friend’. If you say ‘I don’t want to answer’ that will be recorded – that’s the whole nature of Facebook – and it’s not hard to see that there could be a list of ‘people who don’t want to answer about their friends’. Indeed, under the terms of the Snoopers Charter, it wouldn’t just be Facebook who could access this kind of information: the authorities could potentially set up a filter to gather data on people who don’t confirm the names of their friends. It could be viewed as suspicious if you don’t answer – or even suspicious if you are friends with people who don’t answer. Again, this is the nature of Facebook’s social data – and how it could be misused.

And, as anyone who reads what I write about the Snoopers Charter etc will understand, though this may just be set up to catch paedophiles and terrorists, it can equally be used for all kinds of things. Potential employers who want to see whether their applicants are ‘open and honest’. Insurance companies for the same ‘reason’. Facebook is now in a situation where it needs to generate income – the failure of its IPO has made this even more crucial than before – and will be looking for ways to squeeze out as much revenue from their data as possible.

That, ultimately, is what lies behind this kind of thing: Facebook wants to make money. If it knows exactly who you are, it thinks it can make more money from you – by selling things to you, or by selling your details to others, or by targeting you more accurately in some other way. That’s perfectly understandable – indeed, from a business sense pretty much inevitable – but it does have consequences, particularly when the other uses that their data can be put are understood.

Oppressive regimes understand some of those uses – which is one of the reasons that the erstwhile Tunisian government, prior to the revolution, hacked into the Facebook login page in order to be able to access possible revolutionaries’ accounts. They knew how that information could be used…

What should be done?

Well, the first thing to do is make it clear that you don’t like this kind of a system. The whole idea of snitching should not be something that’s encouraged – indeed, the whole ‘real names’ system should be discouraged, but it seems hard to put that genie back into Facebook’s bottle. Ultimately, I suspect there’s only one answer: many people should simply leave Facebook. Find other ways to do the things you want to do, other ways that don’t require ‘real names’ and don’t use such sneaky and creepy tactics as snitching. Communicate by email, by twitter. Share your photos on other photo sites. Play games directly, not over Facebook. There’s always another way.

Privacy for all?

The big ‘privacy’ story this week has been that surrounding the Duchess of Cambridge’s breasts. The coverage it’s been given (and will doubtless continue to be given) has been immense – but the issues that it should raise are far more complex than those that have appeared in the media. A shortish blog post isn’t enough to cover even a fraction of them – but there are a few points that a privacy advocate like me should be highlighting.

This particular intrusion is in many ways a ‘classical’ intrusion: the kind of long-lens photography of a celebrity that has existed pretty much since photography was invented. Indeed, the kind of intrusion that inspired Warren and Brandeis’ seminal piece The Right to Privacy in the Harvard Law Review as long ago as 1890. We can rant and rage about it, put laws in place and try to establish press standards and ethical guidelines as much as we want, but it almost certainly won’t go away – not so long as we’re interested in celebrities, and much though people like me might hope that our celebrity-obsessed culture disappears, I can’t see it happening. However, it does raise some very serious points.

Firstly, from my perspective, it reminds me of an overriding principle: rights, if they are to mean anything, should apply to all. That works both ways in this case:

Even people you dislike, or disapprove of have rights!

Even people that we don’t like, people we disapprove of, should have the right to privacy. In fact, this is one of the biggest tests of any commitment to rights: do we grant those rights to people we don’t like! I’m no royalist – indeed, in most ways I’m a fairly ardent republican – but I do think the Duchess of Cambridge has a right to privacy. Similarly, though I detest his politics, I believe Max Mosley has a right to privacy. They’re human beings – even if they’re ultra-privileged and ultra-rich, even if they ‘represent’ aspects or elements of society that I thoroughly dislike, and institutions that I would much rather don’t exist.

But so do the rest of us!

Just as importantly, it shouldn’t be JUST the Royals and other celebrities that have the right to privacy, and the kinds of protection that this right demands, but all of us. We shouldn’t save our outrage at invasions of privacy for those like the Duchess of Cambridge for whom the privacy invasions are obvious and well publicised – we should be aware of, and oppose, invasions of privacy wherever and however they occur. The threats we face are very different from those faced by the Duchess – I doubt anyone wants to point a telephoto lens at my window – but they’re there, and they’re growing all the time. If we care about privacy – and we should care about privacy – we should care about the way the government is planning to invade our privacy on a systematic and devastating scale with the Communications Data Bill (the snoopers’ charter), and we should care about the way businesses are monitoring our behaviour online on an equally systematic basis.

Privacy is about control

It may not seem the same, but there are more similarities about these two kinds of invasions of privacy. They’re both about control – the Duchess wants to have some control over what images of her are used, and by whom. Invasions of privacy like this destroy that control, and allow the most intimate of information to be spread without her consent or any chance of her control. The kinds of invasions of privacy that we ‘ordinary’ people face also allow the most intimate of information to be gathered about us – whether it’s discovering our sexual preferences by monitoring the websites we visit or our political views by the kind of music we listen to, or even our body shape and size by the products we browse – and allow that to be spread without our consent or control.

Of course the information is spread to different people and for different reasons. The Duchess’s breasts may be shared over the internet for the purpose of titillation or just gossip – our personal details are spread so that businesses can make money from us, insurance companies raise our premiums, employers learn about our personal habits – or authorities learn when and what we might be wanting to protest about in order to stifle that protest.

What is grotesque?

Where is the greater harm? At a personal, immediate and obvious level, the invasion of the Duchess’s privacy is grotesque, and it should be thoroughly rejected. At a societal level – and at a personal level for each and every one of us, the other, systematic, silent, hardly noticed invasions of privacy may be far more dangerous. They have the potential to be truly grotesque – and we should make that very clear.