Companies often promote consistent and reliable customer experiences. KLM touts itself as “the reliable airline” while Michelin touts its dependability “because so much is riding on your tires.” And now we have Yahoo, who announced that it will be increasing the social networking functionality in Yahoo Mail. Yahoo has the ability to promote consistency in determining user defaults for sharing information.
But social networking is a product much different than most – it is participatory. Passengers can’t fly airplanes and drivers don’t design tire tread, but social networking users control what and with whom they share information.
So what happens when a social networking service changes functionality or adds new features? How does a company be consistent in carrying-over a user’s preference from the prior version to the new one? What assumptions should it make on user privacy preferences for new features?
These considerations matter whenever an online service tries to increase its social networking functionality. Last week, Facebook unveiled new privacy controls, and we blogged that it was a welcome response to clear-up confusion. In the coming weeks Yahoo will change how status updates work in Yahoo Mail. Michael Arrington’s TechCrunch article describes it well:
[C]urrently to see status updates for others in Yahoo Mail, you have to have a mutual follow, meaning both people have agreed to be “friends.” You can then see that user’s Yahoo status updates as well as updates on third party services that they have added to their Yahoo profile as well. In the new version there will no longer be a requirement for a mutual follow. So, like on Twitter, users can follow whomever they choose. This isn’t actually a dramatic change for Yahoo, since users can follow others in this way already on Yahoo Messenger.
Like Google and Facebook before it, Yahoo is adding features to make its service more “social.” And because of the scrutiny over the changes by Google and Facebook, Yahoo seems to be going out of its way to assure users that they can rely and depend on Yahoo. According to the Yahoo Corporate Blog: Continue reading →
On April 29, I testified before the Senate Commerce Committee’s Consumer Protection Subcommittee on Examining Children’s Privacy: New Technologies and the Children’s Online Privacy Protection Act (COPPA). Today, I filed 23 pages of responses to questions for the Congressional Record from Subcommittee Chairman Mark Pryor (D-AR), touching on many of the concerns and issues Adam Thierer and I developed in our May 2009 paper, COPPA 2.0: The New Battle over Privacy, Age Verification, Online Safety & Free Speech.
At the April hearing, Senators asked whether COPPA could be improved. Today, as in my April oral and written testimony, I again urged lawmakers to “tread carefully” because COPPA, as implemented, basically works. I explained why COPPA’s technological neutrality and flexibility should allow the FTC to keep pace with technological convergence and change without the need for legislative changes. But expanding the statute beyond its limited purposes, especially to cover adolescents under 18, could raise serious constitutional questions about the First Amendment rights of adults as well as older teens and site and service operators, and also have unintended consequences for the health of online content and services without necessarily significantly increasing the online privacy and safety of children.
The Committee’s follow-up questions also inquired about COPPA’s implementation, the subject of today’s FTC Roundtable. I noted that COPPA implementation has gone reasonably well, meeting its primary goal of enhancing parental involvement in children’s online activities, but that implementation has come at a price, since the costs of obtaining verifiable parental consent and otherwise complying with COPPA have, on the one hand, discouraged site and service operators from allowing children on their sites or offering child-oriented content, and, on the other hand, raised costs for child-oriented sites. The FTC could do more to lower compliance costs for website operators, thus allowing achievement of COPPA’s goals at a lower cost for parents and kids in foregone content and services.
Finally, I raised concerns about the FTC’s seeming invitation for changes to the COPPA statute itself. As a general matter, regulatory agencies should not be in the business of re-assessing the adequacy of their own powers, since the natural impulse of all bureaucracy is to grow. Though the agency has done a yeoman’s job of implementing COPPA, ultimately it is the responsibility of Congress, not the FTC, to make decisions about modifying the statute. Continue reading →
While police and prosecutors have encouraged the growth of a surveillance state, they don’t seem so enthusiastic about the growth of a surveillance citizenry. Maryland and other states have recently seen privacy laws invoked to squelch the unauthorized recording of public officers performing public duties in public areas. Until courts put an end to those bogus claims, we should make sure that police officers know that we may monitor traffic stops to protect our rights; I below offer a bumper sticker and magnetic door sign that ought to help on that front.
Radley Balko recently reported on the latest attempt to use privacy laws to punish citizens for recording police misconduct. In this case, Anthony Graber was arrested for posting on YouTube a video he’d captured on an un-uniformed Maryland state trooper, driving an unmarked car, pulling over and rushing at Graber with a drawn handgun. Soon after Graber posted the video, he was charged for violating the Maryland Wiretapping and Electronic Surveillance Act, Md. Code Ann., Cts. & Jud. Proc. § 10-401 et seq. (2010), which basically outlaws secretly recording a private conversation.
Maryland’s police must be feeling a bit testy, these days, about getting recorded on-the-job by uppity citizens. Earlier this spring, an inconvenient video of the beating of Jack McKenna put the lie to the claims of Maryland police that McKenna had provoked the incident by attacking the officers and their horses. State and federal officials have since launched “excessive force” inquiries.
Did that video violate the privacy of the three officers, clad in riot gear and swinging batons, who surrounded and beat the unarmed McKenna? No. Neither did the video that Graber shot of the Maryland trooper strutting towards him with a drawn handgun. Courts have already explained that wrongs under the Maryland Wiretapping and Electronic Surveillance Act require a showing that someone’s reasonable expectation of privacy has suffered violation (
see Fearnow v. C & P Tel. Co., 104 Md. App. 1, 655 A.2d 1 (1995), rev’d on other grounds, 342 Md. 363, 676 A.2d 65 (1996)), and no officer can have a reasonable expectation of privacy while on a public street, performing public duties. Continue reading →
In my recent testimony before the House Commerce Committee on a proposal to require event data recorders in all new cars sold in the United States, I pointed out that the mandate would go far beyond what is needed to ensure safety. Indeed, the cost of EDRs raises the prices of new cars, marginally reducing the pool of used cars and keeping lower income drivers in older used cars which are less safe.
The demand for EDRs in all cars, collecting and transmitting data about all crashes, suggests that something more than statistically relevant safety data is what advocates of this mandate want. I put a finer point on these issues today in answers to questions propounded to me after the hearing.
The proposed EDR mandate includes controls on the use of EDR information, a nominal protection for privacy, but the EDR mandate “sets the stage for migration away from consumer privacy toward serving the goals of government and industry related not only to safety but also to general law enforcement, taxation, and surveillance.”
The bill is H.R. 5381, the Motor Vehicle Safety Act of 2010. Other bills with EDR mandates include H.R. 5169, H.R. 5345, and S. 3271.
Many of my free market friends have been making the case that government action is unnecessary to address the privacy trouble in which Facebook has recently found itself. I agree with them completely. The reason is that I believe that the given choice, individuals acting in the market will act to discipline unscrupulous or stupid companies. This is precisely what we’ve begun to see happen to Facebook.
It therefore bothers me when folks go beyond mere defense of free market to pretending that corporations can do no wrong. Facebook, for example, has committed a terrible breach of trust against its users, and it should pay the price. Still, on the NetChoice blog, Steve DelBianco writes this about Facebook’s new privacy options:
Facebook is making these moves partly to placate a handful of professional privacy critics, as we described on our post this week. But as with most moves made in reaction to critics, there’s a chance Facebook might have moved too far.
As part of this change, Facebook is making it trivial for users to stop applications and websites from knowing anything about you. If lots of users select this option, I’m afraid it could restrict Facebook’s use of targeted advertising (those ads on the right side of your Facebook pages) and their new instant personalization program. Here’s why we should all be concerned if everyone opts-out of sharing anything:
First, we’ll still see ads, only they won’t be so relevant[.] … Second, and far more concerning, is the effect on Facebook’s ad revenue[.]
I’m not a “professional privacy critic,” yet I know I’ll never trust Facebook with any of my data ever again. I hear the same sentiment from many of my friends, acquaintances, and other regular folks I follow online. Sometimes, companies react because they made a dumb mistake (or perhaps in this case a repeated one that makes one wonder whether it’s a mistake at all), not only in response to privacy advocates. I know Steve’s saying Facebook’s only
partly reacting to critics, but I believe that any such fraction is very small. Continue reading →
In a nod to the popular Dos Equis commercials, Steve DelBianco blogs about the new Facebook privacy controls and says “Stay thirsty, Facebook. We need you guys to keep innovating.”
Right now you might not care much about Facebook’s ad revenue. But you might start caring if falling ad revenue forced Facebook to cut spending on things like server capacity and speed, content vetting, quality control, or development of new features and access for mobile devices.
You’d also start caring if Facebook over-reacted to privacy critics by slowing-down its innovation. I’m talking about innovations like “instant personalization“, which helps selected websites customize your content based on your Facebook profile. And innovation like a social plugin for content websites, which makes it so easy for you to refer articles or news to your Facebook friends. Both of these innovations help create a personal, social Internet experience, and they do it though sharing of information.
As I’ve previously blogged, we’re just at the tip of the iceberg when it comes to socializing the web. Whether it’s over beers or on the Internet, users want to be social — even if we’re not the most interesting guy in the world. So keep innovating, Facebook.
Today, Facebook announced significant improvements to its privacy management tools. As explained in the new Privacy Guide, this upgrade allows users to exercise greater and easier choice over sharing of their information on the site and through the site to third party applications and external websites.
By giving users powerful new tools to further protect their privacy, Facebook has employed a potent weapon to deal with marketplace apprehensions: self-regulation. Government intervention stands little chance in acting as swiftly or as effectively to tackle such matters. Rather than short-circuiting the self-regulatory process, we should trust that users are capable of choosing for themselves if given the right tools, and that companies like Facebook will respond to reputational pressure to develop, and constantly improve, those tools. That approach is far more likely to move us towards the ideal of user empowerment than is heavy-handed government regulation, which would override marketplace experimentation and have many unintended consequences for free online sites and services like Facebook.
Today’s announcement represents a major leap forward for privacy controls, but of course the company will have to keep innovating in this area as it does in others. In particular, I hope Facebook and other social networking services like MySpace, Buzz, LinkedIn and Flickr will all work on the next logical step forward: building Applications Programming Interfaces (API) that will allow third party tools to tap into each site’s unique privacy settings so that users can have a single “dashboard” for controlling how they share data across platforms. Continue reading →
Facebook has had a tough month. The site’s latest round of privacy changes, implemented last month, spurred stiff backlash — not just from so-called privacy advocates, but also from several U.S. Senators. Facebook CEO Mark Zuckerberg shot back with an op-ed in The Washington Post, as Braden discussed here yesterday.
I’ve had much to say about Facebook’s past privacy controversies (1, 2, 3, 4, 5), but what really sticks out about the latest anti-Facebook backlash is who’s leading the charge: U.S. Senator Chuck Schumer.
Seriously, of all people, Chuck Schumer should be the
last to criticize Facebook’s privacy practices. That’s because Schumer is leading the push in Congress to establish a biometric national identification regime. If Schumer had his way, all Americans, including U.S. citizens, wishing to legally work in this country would be required by law to obtain a national ID card! Compared to this highly invasive potential exercise of the state’s coercive power, concerns about Facebook’s privacy practices seem downright trivial.
Continue reading →
We had a great discussion yesterday about the technical underpinnings of the ongoing privacy policy debate in light of the discussion draft of privacy legislation recently released by Chairman Rick Boucher (see PFF’s initial comments here and here). I moderated a free-wheeling discussion among terrific panel consisting of:
Here’s the audio (video to come!)
Ari got us started with an intro to the Boucher bill and Shane offered an overview of the technical mechanics of online advertising and why it requires data about what users do online. Lorrie & Ari then talked about concerns about data collection, leading into a discussion of the challenges and opportunities for empowering privacy-sensitive consumers to manage their online privacy without breaking the advertising business model that sustains most Internet content and services. In particular, we had a lengthy discussion of the need for computer-readable privacy disclosures like P3P (pioneered by Lorrie & Ari) and the CLEAR standard developed by Yahoo! and others as a vital vehicle for self-regulation, but also an essential ingredient in any regulatory system that requires that notice be provided of the data collection practices of all tracking elements on the page. Continue reading →
In his op-ed today, Facebook founder Mark Zuckerberg promised further changes to give users better control of privacy settings. It’s a clear signal that Facebook is seeking to meet user privacy preferences while still attracting enough ad revenue to keep the site free for everyone. But will these signals even be heard above all the noise made by Facebook’s critics?
That’s the question posed by my colleague Steve DelBianco at the NetChoice blog:
Radio engineers speak in terms of signal-to-noise ratio when they want to measure usable signals against a background of useless static. There’s been a lot of noise over Facebook recently, driven by a feeding frenzy of technology bloggers and journalists.
Their hyperbole hit a high note when some equated Facebook’s privacy drill to BP’s giant oil spill, while others wrote articles (or op-eds? It’s so hard to tell sometimes) that insult Facebook employees and impugn their motives. Just when you think nothing could rival the noise of Washington’s echo chamber, the technology pundits show us how a real shout-down is supposed to work.
Steve hits hard against the pile-on “feeding frenzy” on Facebook, going so far as to call critics “Chicken Little.” Strong, but also accurate.
While we all support the process of vocal user feedback to improve a product/service, with Facebook there’s more going on. Even Senators with a love for the limelight have jumped on the bandwagon by telling Facebook how to manage a service it gives us for free. Of course, management by Congress is the fastest way to suck innovation and competitiveness out of one of America’s fastest growing industries.
To the extent that productive criticism turns into deafening noise, Facebook’s positive signals will be unfairly distorted.
The Technology Liberation Front is the tech policy blog dedicated to keeping politicians' hands off the 'net and everything else related to technology.