When one of America's largest electronic surveillance systems was launched in Palo Alto a year ago, it sparked an immediate national uproar. The new system tracked roughly 9 million Americans, broadcasting their photographs and personal information on the Internet; 700,000 web-savvy young people organized online protests in just days. Time declared it "Gen Y's first official revolution," while a Nation blogger lauded students for taking privacy activism to "a mass scale." Yet today, the activism has waned, and the surveillance continues largely unabated.
Generation Y's "revolution" failed partly because young people were getting what they signed up for. All the protesters were members of Facebook, a popular social networking site, which had designed a sweeping "news feed" program to disseminate personal information that users post on their web profiles. Suddenly everything people posted, from photos to their relationship status, was sent to hundreds of other users in a feed of time-stamped updates. People complained that the new system violated their privacy. Facebook argued that it was merely distributing information users had already revealed. The battle--and Facebook's growing market dominance in the past year--show how social networking sites are rupturing the traditional conception of privacy and priming a new generation for complacency in a surveillance society. Users can complain, but the information keeps flowing.
Facebook users did not recognize how vulnerable their information was within the site's architecture. The initial protests drew an impressive 8 percent of users, but they quickly subsided after Facebook provided more privacy options. Today the feed is the site's nerve center. Chris Kelly, Facebook's chief privacy officer, said that when he speaks on campuses these days, students approach him to say that while they initially "hated" the feed, now they "can't live without it."
Still, Facebook hit a similar privacy snag in November after it launched Beacon, a "social advertising" program that broadcast users' profile pictures and private activities as advertising bulletins. When a Facebook user bought a product on one of dozens of other websites, for example, the information was sent to Facebook and distributed across the user's network as a "personal" ad. ("Joe Johnson rented Traffic at Blockbuster," for example.) Many users had their pictures and actions morphed into advertisements without their consent, turning private commerce into public endorsements. That could be an illegal appropriation, according to Daniel Solove and William McGeveran, two law professors who specialize in digital privacy and who blogged about the issue.
MoveOn.org formed a Facebook group to demand that Beacon switch to "opt-in"--a default to protect uninformed users--and allow people to reject the program in one click. The group drew less than .2 percent of Facebook members, far less than during last year's feed protest, but this time MoveOn helped the protest group press specific reforms, generate critical media attention and even rattle some advertisers, who backtracked on using Beacon.
Facebook buckled, agreeing to make the ads opt-in and allowing people to reject the whole program, for now. Facebook founder Mark Zuckerberg apologized to users on the company blog, explaining the problem in the language of the new privacy. "When we first thought of Beacon, our goal was to build a simple product to let people share information across sites with their friends," he wrote. "It had to be lightweight so it wouldn't get in people's way as they browsed the web, but also clear enough so people would be able to easily control what they shared."
Yet both Facebook and its privacy protesters largely operated within the same model of privacy control--opt-in versus opt-out, sharing versus concealing. The traditional concept of privacy was largely absent from the debate: the premise that what people do on other websites should never be anyone else's business. After all, why would people want to browse the web with "lightweight" surveillance broadcasting their pictures and supposed endorsements of products they happen to buy? And why do people continue to give pictures and personal information to a company that reserves the right to use their photos--and their very identities--to sell more advertising, products and market targeting in the future?
Growing up online, young people assume their inner circle knows their business. The "new privacy" is about controlling how many people know--not if anyone knows. "Information is not private because no one knows it; it is private because the knowing is limited and controlled," argues Danah Boyd, an anthropologist and social-networking expert at the University of California, Berkeley, who studied the feed controversy for a forthcoming article in the journal Convergence. Facebook's Kelly also contends that privacy is shifting from an "absolute right to be let alone" to an emphasis on control. "We don't think [users are] losing privacy as long as there's a control machine and access restrictions," he said in an interview.
The feed rankled because it plucked personal details that previously existed in a social context, limited by visitors' interest in a person, and shattered any sense of concentric circles of control by broadcasting them across wider networks. (Students list hundreds of acquaintances as "Facebook friends," assuming that people they barely know don't check their profiles often.) Boyd compares it to yelling over loud music at a bar, only to find the music has stopped and everyone is staring at you.
Neither controversy has slowed Facebook's huge growth. It quadrupled its user base over the past year and is now the most popular website among Americans age 17 to 25. Facebook has achieved near total penetration of the college market, with more than eight out of ten college students registered. Older Americans are also flocking to the site: it draws 250,000 new members every day. Overall, it is the fifth most popular site in the country, ranking just behind YouTube. Young and old use it to divulge loads of personal information, often oblivious to the ramifications and ignorant of the basic features of the technology they use so effortlessly to socialize.
One study at the University of North Carolina, for example, found more than 60 percent of Facebook users posted their political views, relationship status, personal picture, interests and address. People also post a whopping 14 million personal photos every single day, making Facebook the top photo website in the country. Then users diligently label one another in these pictures, enabling visitors to see every photo anyone has ever posted of other people, regardless of their consent or knowledge. Even if users terminate their membership, pictures of them posted by others remain online. But users can't really quit, anyway.
Why would young people publicize the very information they want to keep private?
Critics argue that privacy does not matter to children who were raised in a wired celebrity culture that promises a niche audience for everyone. Why hide when you can perform? But even if young people are performing, many are clueless about the size of their audience. That's because the new generation is often proficient with technology it doesn't fully understand. The Carnegie Mellon study found that one-third of students don't realize that it is easy for nonstudents to access their Facebook profiles. And 30 percent of students did not even know they had an option to limit access to their profile.
Most people don't use the privacy settings to limit access to their Facebook profile. Four out of five simply accept the default setting, which allows their whole network to see the entire profile. In the UCLA network, that's 50,400 people. The Boston network has 312,404 people. For comparison, the city's tabloid, the Boston Herald, has a circulation of 201,503. Users may think they're only sharing with the friends they can see, but they're actually publishing with the reach of a newspaper.
Social networking sites also induce users to disclose information in order to be part of the site's culture. "Allowing users into your circle allows them to track your moves on Facebook and vice versa," explains technology writer Michael Hirschorn. "Even more compellingly, it allows you to track, if you wish, their interactions with other users, all from your own user page. You can play with your privacy settings to prevent this, but as you become acculturated to the site, you realize that you have to give information to get information."
Facebook's Kelly argues that the trend is broader than a single website. People know their actions are tracked online, he says, just as they're tracked on streets filled with surveillance cameras, "whether privately controlled through an ATM or publicly controlled [for] legitimate anticrime or anti-terrorism purposes." In an era of massive top-down surveillance, posting information on a website may feel downright redundant. Just as most consumers have acquiesced to companies collecting loads of data and private information about them, many Facebook users seem resigned to the company's aggressive use of private information.
In September Facebook launched a "public search" feature to list users' profiles on search engines like Yahoo! and Google. The move could fundamentally shift the site from a (relatively) closed social network to a more exposed public directory. Students originally joined Facebook as a private campus hub, but now it touts some of their profile information to the world. (Diligent users can opt out, and visitors still need to be Facebook members to view people within networks.) The massive search function might one day make Facebook an indispensable part of Internet commerce--creating the "Google of people," as blogger Jeff Jarvis puts it. The potential loss of privacy could ultimately beat the feed controversy by several orders of magnitude, but there has been no backlash so far.
Ultimately, these privacy concerns do not turn on the decisions of one social networking company like Facebook, or what its future owners may do. The architecture of these sites already facilitates all kinds of surveillance of unsuspecting users by the public. Employers check Facebook to vet job applicants, for example, and some have advised users to change their profiles or photos during the application process, as the Stanford Daily reported last year. A 2005 survey found that one out of four employers has rejected applicants based on research via search engines. Campus police increasingly review social networking sites to investigate crimes. Arkansas's John Brown University expelled a student after administrators discovered Facebook pictures of him dressed in drag last year, a violation of the school's Christian conduct code. And a Secret Service officer paid a dorm visit to University of Oklahoma sophomore Saul Martinez based on a comment he posted on the Facebook group Bush Sucks.
Even if this generation of Internet users is truly developing a "new privacy" concept that prioritizes nuanced control, they largely fail on their own terms. Most users do not exercise any real authority over their information; they accept default exposure settings, post to huge networks and transfer ownership of their social media productions to entertainment businesses. Thus "control" devolves to the thousands of people in their networks and the business models of ambitious companies. The entire social network ecosystem, with its detailed records, pictures and videos of formative years, can completely change on a company's whim. Most users are left relying on the kindness of strangers and the benevolence of business.
A simple way to address one of Facebook's privacy problems is to ensure that users can make informed choices. Taking a page from the consumer protection movement, Congress could simply require social networking sites to display their broadcasting reach prominently when new users post information. Just as the government requires standardized nutrition labels on packaged food, a privacy label would reveal the "ingredients" of social networking. For example, the label might tell users: "The photos you are about to post will become Facebook's property and be visible to 150,000 people--click here to control your privacy settings."
This disclosure requirement would push Facebook to catch up with its customers. After all, users disclose tons of information about themselves. Why shouldn't the company open up a bit, too?
Facebook's invisible audiences should also stop hiding. Responsible institutions that choose to monitor users (and minors) on the site, such as schools and employers, have a special obligation to inform users and parents of the practice.
In the end, social networking sites are wildly popular precisely because they disseminate information so effectively. Posting to a network is easier than e-mailing individuals, and usually more fun. One bright side is that these sites' popularity dispels the recurring complaint that the web is merely an incubator for like-minded people to isolate themselves, associating only with the people and ideas that confirm their beliefs. Young people are doing just the opposite. Their favorite websites are about real people in the real world--not just their like-minded best friends but hundreds of acquaintances from different facets of their lives.
The problem, of course, is that playing with reality online is riskier than playing with video games and anonymous screen names. Young people are recording their lives in minute detail, enabling unprecedented experiences, exposure and evidence that will outlast their youth. Social networking is a free service, but abdicating control of personal information, photos, writing, videos and memories seems like a high price to pay.