How binding is this contract?*

A theme in this morning’s news items struck me:

• Class action lawsuit against Google filed in California over Buzz
• Class action lawsuit against Facebook filed in CA over privacy changes from Nov/Dec.
• New privacy settings for Facebook apps launched today (Facebook’s response to the outcry in November and December).
• Pleaserobme.com, a tool that searches Foursquare posts on Twitter to publicise who isn’t at home.

It’s interesting to me that these issues are based in the same quandry: how do we, as a society, deal with placing the control of our content in the hands of a few big providers?

The writers and the publishers – a contract

User-generated content comes out of a relationship: the writers (us) write things, generate data through web activities, and create links to people, while the hosts (Facebook and Google, here) gather the information and do neat things with it.  They share our posts with our friends, connect us with ads that might interest us, and host our status updates and regulate who sees what we are up to.

The first two links are public retaliations for what the plaintiffs feel is a betrayal of trust by Google and Facebook.  They put their trust in these two tools to safeguard their content. They are unhappy that Google and Facebook changed the rules (or perhaps violated their side of the agreement) with the users by changing the defaults on what information is public.

This, to me, is an age-old “breach of contract” question.  Have Google and Facebook in fact violated the terms of service, to which they agreed when each user opened an account with them?  And if so, what do they owe us?

Making amends

The next story is about Facebook, having heard the outcry (well represented by the aforementioned lawsuit) and attempting to re-establish good will.  Though they aren’t admitting that they have done anything wrong, they appear to be trying to regain some of the trust they lost in November and December by offering users more control over who sees posts from the various applications they use.  (The example cited in the Facebook blog explanation: I’ll let the Someecards app post to my close friends only, but My Causes can post to everyone including the boss.)

As the Facebook announcement says, “Facebook is designed to give you control over the information you share.”  I think they are hoping that even greater control will result in a stronger feeling of contract and trust between the users and their tools.

Be careful what you say…

“The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home.” Pleaserobme.com

Pleaserobme.com is a tongue-in-cheek reminder that all information posted on the web is public.  Also that most posts can be added to other bits of content for more context than we might intend.

Pleaserobme.com takes basic posts to Twitter from the location-based app Foursquare, which announces where a user is when they check in at that location.  As the Pleaserobme site says, “The danger is publicly telling people where you are. This is because it leaves one place you’re definitely not… home.”

There are a number of ways to work out where someone lives, not the least of which is that many homes are being added to Foursquare as check-in destinations. Sure it’s nice to know where your friends are, but this could be problematic!

(Side note: when I added a new location to Foursquare on Tuesday, it offered me the choice to have that location be private among my friends.  It appears that they are already trying to counter this problem.)

But the idea is that, by announcing on Twitter that I have checked in at a location that isn’t home, then all my valuables at home are open for the taking.  Obviously, that’s not good.

As a content-generator in this relationship, I have to be aware of what information I am releasing to my hosting platforms (Facebook, Twitter, Foursquare, Google, etc.) and how that information can be compiled.

Are we making progress?

We can talk at length about the generational change in individual data, and how kids today will grow up happily sharing every last bit of their lives on the Web.  (I’m not convinced of this, by the way- I think they will grow out of a lot of their exhibitionism.  Caution and desire for privacy often comes with age.)

But these stories represent, to me, an ongoing push-me-pull-you tension of expectations and service provision, as the capabilities and they way they’re used continually race ahead of each other.  I think our society and laws will continue to swing back and forth on privacy issues as we re-establish our norms and our expectations for companies that hold our content.

*Photo from http://www.flickr.com/photos/38057014@N05/3542597760/

The document has an interesting list of relevant legislation under appendix B, ‘Related Policy and Guidance’ (cited below).

The principal pieces of legislation that are likely to inform the IA requirements for e-Government service implementations include and are not limited to [links are added]:

• the Human Rights Act and the underlying European Convention on Human Rights set out everyone’s right to privacy in their correspondence;
• the Data Protection Act sets requirements for the proper handling and protection of personal information held within information processing systems;
• the Electronic Communications Act sets the requirements for electronic signatures and their equivalence to conventional signatures;
• the Regulation of Investigatory Powers Act makes it an offence to intercept communication on any public or private network; case and time limited exemptions may be granted subject to warrant;
• the Terrorism Act makes it an offence to take actions which are designed seriously to interfere with or seriously to disrupt an electronic system;
• the Wireless Telegraphy Act controls the monitoring of wireless telegraphy;
• the Police and Criminal Evidence Act defines conditions under which law enforcement may obtain and use evidence;
• the Computer Misuse Act makes attempted of actual penetration or subversion of computer systems a criminal act; the Public Records Act lays down requirements for the proper care and preservation of documentary records of government activities;
• the Official Secrets Act lays down requirements for the proper control of government information;
• the Freedom of Information Act lays down the citizen’s rights of access to government held information.

I’m posting this list because it illustrates what a balancing act information policy is. On the one hand, we fight to preserve open paths of communication to our legislators and civil servants; we encourage all individuals to be involved in their government; we promote citizenship and interaction through digital inclusion of those who might otherwise be marginalised. Similarly, we have charged the same government with protecting us and our communities; we want them to have full access to the ‘bad guys’ and to anticipate — even pre-empt — any threat to us. From those arguments, we should open everything to everyone!

On the other hand, we have agreed that our human rights grant us the freedom to our own confidentiality. We have also agreed, through our democracy, that the government should have some leeway in keeping information from us (particularly about each other) to deliver effective public services to us and our neighbours and to protect us from the bad guys.
Both of these bits of secrecy mean that each party wants to maintain a certain level of control over allowing access into our conversations.

It’s a lot to juggle.

[Consultation on the e-Government framework for Information Assurance runs until 13th March 2007.]

Being a teenager, for me, was largely a trial-and-error process of figuring out how to be an adult. I wanted autonomy, I wanted to succeed, and I wanted to be able to ask for help — but only on my terms. I created a “family” of friends, relying on them for the moral support and frames of reference that I had previously looked to my relatives for. We muddled our way through adolescence, as I imagine most teens do, trying to work out together how to handle our uncertain futures, new relationships and the stress of achieving good grades. We learned together.

Underneath that bonding and grouping, I distinctly remember not just drifting from my family but actively setting up blocks. “I want to do this my way, by myself!” was a big mantra of those years. Supreme Court Justice Louis Brandeis wrote in the 1890s that the US Constitution guarantees “the right to be let alone—the most comprehensive of rights and the right most valued by civilized men”. I was pretty positive Brandeis was writing right to me; as a (self-declared) civilised almost-adult, I thought that right was sacrosanct. I wanted to be let alone with my friends.

Social Networking – the online models of our groups of friends

Social networking platforms like Facebook, Myspace and Bebo allow teenagers to intensify their relationships with members of their group. In creating a profile or home page, they can create and re-create their own identities, experimenting with who they are and how they want to be seen. They get to identify themselves with social groups, be seen as belonging (through displaying their friends) and discover who else belongs with whom. And best of all — the parents aren’t invited. This is a world of their own, ideally suited to the adolescent’s social development.

The tension: Protecting the kids or invading their privacy?

If we can extrapolate my experience to a majority of Internet-using teenagers, social networking sites are supporting them in the social development they’re already doing. The challenge comes in building new relationships, where the lack of context can make it easy for someone with a nefarious agenda to mislead the unsuspecting. (See previous post.) The quick intimacy teenagers build can mask the fact that they don’t actually know who is on the other end of the conversation.

Recent US legislation has attempted to minimise the risks to kids. The Children’s Online Privacy Protection Act of 1998 (COPPA) prohibits site operators from collecting personal data from kids under 13 without verifiable parental consent, and removes their liability for disclosing information to the parent about the child. In a previous post, I have discussed the proposed Deleting Online Predators Act of 2006, and this week the Georgia Senate has begun to consider a bill that would raise the age of parental consent to 18. No minors in Georgia would be allowed to engage in social networks without their parents having full access.

At the same time, the chief privacy officer for Facebook, Chris Kelly, maintains that they are restricted from sharing activity and profile content with parents by federal law. “Under the Federal Electronic Communications Privacy Act, we cannot give anyone access to or control of an individual’s profile on Facebook”, Kelly said. In addition to the overhead if they were required to open up all that data and verify which parent belongs to which kid, the inevitable response would be diminished site activity. If kids knew that Mom and Dad could listen in, they would find somewhere else to talk.

(Facebook of course has an interest in keeping activity levels high and therefore maintaining its revenue stream, which appears to be advertising-based. But it would fall short of its goal of “helping people better understand the world around them” if everyone restrained their contributions to each other’s world views because they felt they were being spied on.)

How do we sort this out?

If we go back to my assertion that social networking is modelling interactions and social development that we all do anyway, then the dangers aren’t actually that new. As an offline teenager, I was certainly taught not to give my address to anyone I didn’t know, and not to talk to strangers. I knew to look both ways before crossing the street. I knew how to listen for conversational cues that I was talking to someone with bad motives, and to recognise that friends of friends aren’t necessarily okay just because they come with a “reference” from somebody I know. All these messages kept me safe in the big bad real world, and I knew them because I was taught.

Teenagers need to form groups, to share information and to grow with their friends. And to establish a bit of independence from their families. Social networking can support this growth, but someone needs to make sure that online safety is included with the “surviving in the real world” lessons every kid gets either at home or at school. Particularly because parents are less involved in the conversation than they were when the children were younger, teenagers must be well prepared to make good decisions on their own. Unfortunately, legislation restricting access or allowing parents to “eavesdrop” won’t teach good judgment. Nor will applying privacy legislation — many kids wouldn’t figure this out on their own. Parents, teachers and role models are still ultimately responsible for these almost-adults, and it should be up to these adults to prepare them properly.