ESSAY: A story about Facebook went around twitter at the end of last week, a story that provoked quite a reaction: something that I had thought would be of interest only to ‘privacy advocates’ and specialist bloggers turned out to be of much more general interest, writes Paul Bernal. It came in a week where Facebook was under immense pressure – stories about how it had had to abandon its facial recognition system in Europe and how old, private messages were now being made public were just two of the bad news stories, making its already worrying share price fall still further. So what was it all about?
- Paul Bernal (@PaulbernalUK) is a lecturer in the UEA Law School, specifically in the fields of information technology, intellectual property and media law. His research relates most directly to human rights and the internet, and in particular privacy rights.
- Read Paul’s blog at paulbernal.wordpress.com and his original Snitchgate post HERE.
Snitch on your friends
Facebook, it turned out, had been experimenting with getting people to ‘snitch’ on any of their friends who aren’t using their real names. Under the heading ‘Help Us Make Facebook Better’, people were being asked whether their friends really were who they said they were. ‘Is this your friend’s real name’? was the question, and they were given four options:
- Yes
- No
- I don’t know this person
- I don’t want to answer
Facebook has had a ‘real names’ policy for a while. Their ‘help center’ puts it this way:
‘Facebook is a community where people connect and share using their real identities. When everyone uses their real first and last names, people can know who they’re connecting with. This helps keep our community safe.’
People in my field – working with online privacy – have known about this for a long time. It has been the cause of a few ‘high profile’ events such as when Salman Rushdie had his account suspended because they didn’t believe that he was who he said he was – but few people had taken it very seriously for anyone other than the famous. Everyone knows ‘fake’ names and ‘fake’ accounts – my sister’s dog has a Facebook account – so few believed that Facebook was going to bother enforcing it, except for obvious trolls and so forth. Now, however, that appears to be changing – or at least that’s what this story suggested.
Why does this matter?
There are three real issues here: the real names policy itself, the idea of ‘snitching’, and the role that the internet – and bloggers – have in the policing of services like Facebook.
Taking ‘real names’ first, there are a whole set of issues involved, and at the time it was announced there was intense reaction and criticism – it was a trigger for what became known as the ‘nymwars’. Many people can only really function online with the ability to remain pseudonymous, from bloggers like Nightjack to whistleblowers, from victims of abuse to people living in oppressive regimes. When their pseudonymity is ‘broken’, the result can be catastrophic – when Nightjack’s cover was blown, his blog ceased to exist and a valuable and entertaining source of information was lost. Mexican bloggers have suffered much worse – a number have lost their lives in the most gruesome way when the drugs cartels have been able to find them. The link between the ‘online’ and the ‘offline’ personality is one that can often need to be protected. When the ‘real names’ policy is enforced, protecting that link becomes much, much harder.
This, of course, is Facebook, which is just one service, rather than the net as a whole – but it’s a crucial service, with close to a billion users around the world, pretty close to ubiquitous. And, just as importantly, where Facebook leads, other services can and do follow. If the ‘real names’ policy becomes accepted on Facebook, it may become the norm. For some people, that sounds like a good thing – catching paedophiles and terrorists, making sure children don’t get access to ‘inappropriate material’ and so forth – but the reality is very different. The real ‘bad guys’ find ways around the system – as so often, it is generally the innocent that get caught up in the messes. The feedback from my original blog – discussed below – made it very clear that this is not only a theoretical but a real risk.
Snitching
What’s worse, the whole idea of snitching is highly dodgy. There’s a good reason that ‘telling tales’ is looked down on – and a good reason why generally only oppressive regimes (both real and fictional) have encouraged people to report on their neighbours – from the worst of the Roman Emperors such as Tiberius and Caligula to the KGB, the Stasi and so forth. It’s creepy – and it helps build an atmosphere of distrust, breaking down the very things that make social networks good. The social relationships that are the heart of Facebook are meant to do ‘good’ things – not be a route by which bad things are spread.
Taking it a step further, look at the nature of the questionnaire. You’re being asked to report on a ‘friend’. If you say ‘I don’t want to answer’ that will be recorded – that’s the whole nature of Facebook – and it’s not hard to see that there could be a list of ‘people who don’t want to answer about their friends’. Indeed, under the terms of the Snoopers Charter, it wouldn’t just be Facebook who could access this kind of information: the authorities could potentially set up a filter to gather data on people who don’t confirm the names of their friends. It could be viewed as suspicious if you don’t answer – or even suspicious if you are friends with people who don’t answer. Again, this is the nature of Facebook’s social data – and how it could be misused.
Although in Facebook’s terms this sort of thing may just be set up to catch paedophiles and terrorists, it can equally be used for all kinds of things. Potential employers who want to see whether their applicants are ‘open and honest’. Insurance companies for the same ‘reason’. Facebook is now in a situation where it needs to generate income – the relative failure of its IPO has made this even more crucial than before – and will be looking for ways to squeeze out as much revenue from their data as possible.
That, ultimately, is what lies behind it all: Facebook wants to make money. If it knows exactly who you are, it thinks it can make more money from you – by selling things to you, or by selling your details to others, or by targeting you more accurately in some other way. That’s perfectly understandable – indeed, from a business sense pretty much inevitable – but it does have consequences, particularly when the other uses of their data are understood.
Oppressive regimes understand some of those uses – which is one of the reasons that the erstwhile Tunisian government, prior to the revolution, hacked into the Facebook login page in order to be able to access possible revolutionaries’ accounts. They knew how that information could be used…
The role of the Internet
One of the most interesting things about this story has been the reaction to it, and how that has played out. When I first heard this story, I wondered if it was a fake: there are many scare stories about privacy and about Facebook on the internet, this might have been one of them. A little research made it seem almost certain that it was not – a number of different sources confirmed the existence of the survey – at which point I wrote my original blog. I am a specialist blogger, and my blogs have a relatively small audience – 1,000 hits on a blog would be a good result for me. This blog, however, produced an immediate and escalating reaction. It was picked up by a number of other bloggers, and in a single day had more than 100,000 hits. People really seemed to care about this. Their comments were for the most part very positive, confirming much of what I had suggested. They linked to and ‘reblogged’ the blog all over the place – and eventually it hit what might loosely be described as the ‘mainstream’.
First of all, the issue was raised by Kashmir Hill on her blog for Forbes – which induced an official response from Facebook, acknowledging that the reports were true, and that they had indeed been asking people to confirm if their friends’ names were real. Facebook spokesman Fred Wolens said that it was a limited survey that had been completed, and hadn’t been used for enforcement, but only as a survey of people’s behaviour. Kashmir Hill was rightly somewhat sceptical about that response – and it was notable that though Wolens said the survey was over, he didn’t say that they wouldn’t do similar things again.
Next, the issue made it into the Telegraph’s blogs, as the lead story in an article called ‘Facebook snoopers and the rise of the social network Stasi’ which brought a wider perspective to the issues surrounding the encouragement of snitching and related behaviour. This was just three days after the existence of the problem originally surfaced – the Internet, as so often, had worked quickly.
So what happens next?
These kind of stories put Facebook under pressure – and if Facebook continues to push the envelope on privacy, more of them will emerge, and there will be more of a reaction – and Facebook will look more and more like the ‘bad guys’, perhaps even starting to lose customers. If that happens, the stock will fall still further, putting even more pressure on them to find ways to make money from their existing customers.
So what can Facebook do? That’s the real challenge, and it is not at all clear that Facebook is really up to it. They need to find a way to re-cast their service as a ‘privacy-friendly’ service – but that can’t just be a ‘rebranding’, because the internet has a way of uncovering these things, as the speed with which the Snitchgate story went from being a few tweets to being mainstream news has shown. They need not just to change how they describe what they do, but to change what they actually do – and that’s not in any way easy, either in terms of what might loosely be called the ‘Facebook mindset’, or in terms of building a business model that both makes money and respects privacy. Can it be done? It is hard to see how.
Even contemplating this, however, is probably highly optimistic – what’s far more likely to happen is that Facebook will simply ignore all of this and plough on regardless, finding more and more ways to invade our privacy and use our personal information. If so, however, privacy advocates, bloggers, and other people concerned with these issues keep on talking, writing, tweeting and blogging about it, there might be a chance that Facebook actually listen.
If they don’t, there is always the option of leaving Facebook. Find other ways to do the things you want to do, ways that don’t require ‘real names’ and don’t use such sneaky and creepy tactics as snitching. Communicate by email, by twitter. Share your photos on other photo sites. Play games directly, not over Facebook.
There’s always another way.