Zuck’s Testimony and Facebook’s Recent Actions Don’t Show a Company that’s Serious about User Privacy
Our new Tech Column was made possible by the fine folks at Mozilla Firefox. The nonprofit Mozilla Foundation believes the Internet must always remain a global public resource that is open and accessible to all. And that’s why we love Firefox.
By Amul Kalia
Guys, Mark Zuckerberg started Facebook in his dorm room, okay? Whenever you find yourself wondering why the biggest social media company keeps constantly jeopardizing user privacy, remember it’s humble beginnings in a dorm room, and don’t mind the billions in revenue each year. How do we know Facebook was started in a dorm room? Because Zuckerberg took every opportunity to bring it up when he testified in front of Congress. Now that we’ve all shared laughs over Zuck memes, what does his testimony mean for our privacy on Facebook? Has Facebook changed and will finally take privacy seriously and stop hoarding our data?
— Mike Tokes (@MikeTokes) April 11, 2018
First, let’s be clear here. Facebook doesn’t deserve the benefit of the doubt anymore: the company has been saying sorry for 14 years for undermining user privacy. Apart from some hilariously bad questions by our elected representatives that betrayed their total lack of knowledge of how Facebook works, the hearings were revealing in how Zuckerberg thinks Facebook should be regulated. When repeatedly pressed by congress members to offer specifics on what kind of privacy legislation Facebook would support, Zuckerberg kept dodging and said he’d have his ‘team follow-up’ or have the ‘team get back’ to the legislators. While it’s not unusual for people testifying in front of Congress to not commit to specifics, Zuckerberg’s tactic here is worth noting given how the company has lately been professing it’s love of user privacy, and how it genuinely wants to fix things and is sorry.
Another talking point that Zuckerberg kept pushing throughout the hearings was that Facebook users have total control over the information they share. Yeahhhh… not true. Because if it was, Cambridge Analytica wouldn’t have gotten 87 million Facebook users’ information without their consent.
During the hearing, several congressmembers promised legislation, but we will have to wait and see what the final proposals look like after tech company’s lobbyists have had their turn. So, this naturally leads to the question, how is our privacy protected on Facebook and online platforms in general? Well, in the U.S., current laws have proven to be inadequate.
On the other hand, Europe has a fairly robust set of protections coming online under a new data protection law called the General Data Protection Regulation (GDPR). GDPR enhances privacy in several ways: it has affirmative consent requirements for when companies can collect user data, transparency on what user data is collected and who it’s shared with, and contains measures to limit the use of user data for marketing, among others protections.
Has Facebook Changed?
Facebook initially refused to commit to applying the GDPR to users outside Europe, then it seemingly agreed to it after facing another cycle of bad news headlines, but now we know exactly how it’s planning on doing so—by making calculated steps to undermine the spirit of the law. Particularly, based on recent reports, it will trick users into continue to give it massive amounts of data, and by taking users out of the law’s reach.
First, as highlighted in a TechCrunch article, the user interface for the new data controls is designed so that Facebook users hit the attractive big blue ‘Continue’, ‘Save’, and similar buttons which give the company more user data, while the options for opting-out of data collection or managing those settings are often in small size font or in a color that makes those settings hard to spot. This is an example of a dark pattern, a user interface technique companies use to manipulate users across the Internet.
Second, the company is moving about 1.5 billion users out of GDPR’s reach by changing its terms of service, so that those users have a relationship with its U.S corporate offices under lax privacy laws, as opposed to the Irish subsidiary which would require the company to apply and follow the GDPR protections for those users.
Given the extraordinary lengths the company is going to avoid applying the stricter privacy standards, it’s supposed newfound commitment to user privacy warrants closer scrutiny. And, probably lawsuits.
The fundamental issue is that we all use Facebook’s services because almost everyone we know also uses them. And Facebook knows it, and aggressively makes acquisitions and copies other companies’ products to further entrench its position in the market.
Sen. Lindsey Graham asked Zuckerberg during his testimony if there was “an alternative to Facebook in the privacy sector?” And, that’s the question that warrants a major discussion. Even more so because two of the biggest social media platforms with no serious competitors—Facebook and Instagram—are under one company’s control. That’s no incentive to change. You don’t have to be the brightest undergrad in the dorm to see that.
PS: it looks like Zuckerberg’s team as of April 25th, still hasn’t got back to Congress….
*The author of this article, Amul Kalia, works for the Electronic Frontier Foundation, although the views expressed here are solely those of the author in his private capacity.