Facebook Class Action Fears: How Deep the Privacy Runs

philbutler
Phil Butler Owner/Partner, Pamil Visions PR

Posted on January 10th 2014

Facebook Class Action Fears: How Deep the Privacy Runs

A new US lawsuit contends Facebook mines users’ private messages for advertisers without those users’ proper consent.

Facebook class action

A complaint filed in California Dec. 30th charges that Facebook “misleads users into believing they have a secure, private mechanism for communication…” The suit is lengthy and detailed, and can be read at length here in a Slideshare from the plaintiff’s attorneys (and below).

This latest Facebook lawsuit brought by two social network users, Matthew Campbell and Michael Hurley, could end in a class action affair involving hundreds if not thousands of plaintiffs if the court in California upholds it. Only a little over a month ago the courts ruled investors could lay claim against Facebook’s $16 billion IPO proceeds, now the world's most visited social site is under further scrutiny.

The plaintiffs have asked for an injunction to stop such practices and damages of $100 a day for each day of violation or $10,000 for each user violated against, in the interim.

 

Occupational Hazards Vs Fair Use

For those of you unfamiliar, Facebook and many other online entities have been at the center of user privacy complaints even before the recent NSA spying revelations. In fact, most of us “professional” users of Internet technologies have been studying such privacy violations and rights issues for some time. Back in the early days of the Internet, the primarily concerned was giving up banking data, or losing funds via credit card fraud, and so on.

Today these fears have been replaced by cases of gross personal data harvesting at worst, and being profiled via predictive analytics in the best case scenario.

Chris Abraham discusses Facebook privacyI tried in vain to reach both the attorney for one of the plaintiffs, Michael W. Sobol (Matthew Campbell’s lead counsel). As for Facebook, I tried yesterday to reach a number of Facebook executives for comment. Early this morning a Facebook spokesperson commented:

"We continue to believe the allegations in this lawsuit have no merit and we will defend ourselves vigorously.”

Turning to a couple of experts at social media for comment I was able to reach Chris Abraham (at left) in Washington to ask his take on the most recent case.

Abraham, a former Edelman PR exec and accepted authority on social media, offered an opinion when asked how he feels about Facebook’s or any network’s privacy invasions: I don't feel any expectation of privacy on these networks. I feel like there's value for value. I trade my ability to get pitched and be pitched in the social sphere (and by proxy, to advertisers).

Abraham goes on:

“We are the aphids, a farm of juicy fat grubs that Facebook can milk for sugar water. While this may seem a crude arrangement, actually we should be grateful because Facebook is awesome for both marketers and consumers alike. If you care about privacy, you should become a mountain man. Free online services are not free. Every person online should ask, 'What is in it for them, how am I paying, what are they extracting?'"

In typical creative form, Abraham expresses the wider view from those immersed in social as a profession. Any self-respecting web expert will advise you to consider nothing privileged online. That said, the average user’s notion of privacy on these social networks ranges in between totally oblivious to very concerned. This 2010 COMPUTERWORLD piece is but one of thousands of such articles bringing to the forefront Facebook’s issues with user privacy. Congress has been keeping a watchful eye, or supposedly has been, since citizens in the US first raised eyebrows.

For many though, the terms or service and legal jargon maze of terms of service (TOS) information provided, is just too onerous and difficult to sort out. And while I agree with Chris on "occupational hazards," our opinions do not reflect the general public's in any way.

In all honesty, circumnavigating Facebook or any social network corporate dogma on user terms is tantamount to going on a quest for the Holy Grail, especially for the average user.

Needle In A Security Haystack

Today I tried the various methods of contacting Facebook people, including trying to “talk to” Erin Egan, Facebook's Chief Privacy Officer for Policy. A word of caution, if I may: reaching a live human being at an Internet company (any) is a bit like talking to God. That link leads to a video where Erin explains some photo privacy fixes.

Facebook Privacy Pages

Along with some good fix info, she also at 4:54 shows how Facebook operatives can often be disconnected from the general user. Typing the url www.facebook.com/about/ads is just not something anybody using this service is going to do to find an address as yet unknown to reach a section of Facebook.

Herein lies a piece of the confusing pie that Facebook, Google Plus, Yahoo!, and virtually all Internet properties confound their customers with: the insider mentality. This is a commonplace mistake for any development or company. Erin Egan hurriedly going over Facebook privacy “how to” alludes to an endemic problem – or perhaps even a lack of prioritization.

The Data Use Policy tells users about cookies to help deliver up ads, like buttons and social plugins; Facebook does as good a job as any network in outlining the impossible to understand. The lawsuit, however, focused on “mining” of user information and data for one thing, but more interestingly on how detrimental loosed user information can be.

Looking over the volumes of privacy, security, and “about” information Facebook has posted on various pages, one thing seems fairly obvious. A lot of attention is paid to showing users how to protect their data and posts from other users, companies, meddlers, etc., but I for one found a lot less regarding when, how, what, and to where my data and “likes” are “used” actually. I say "actually" because we all feel no one can know exactly what any company does with information about us.

What's In the Machine?

This then, is at the crux of the petitioners’ case against Facebook: the question “What are you using my data and profile for, and with whom?” While the Facebook Advertising Guidelines, and Data Use Policy terms and information go very far in some respects, complaints from these plaintiffs bear scrutiny, one set in particular. According to number 27 in section IV of the document, a Cambridge study cited by the plaintiff’s attorneys speaks of the risks of “new methods” of data aggregation. To wit:

“Even very vague signals online, such as liking things on Facebook, can generate a detailed picture. As one University of Cambridge study found, highly sensitive personal attributes, such as sexual orientation, ethnicity, religious and political views, personality traits, intelligence, use of addictive substances, parental separation, age and gender were predictable with high degrees of success just from what people like online….”

The complaint goes on to point to a wide array of user peril hinging upon such unintended use of private information, and especially these types of profiling. Of course it seems highly unlikely any court would hold a social network responsible for profiling methods deployed onto publicly accessible data such as likes. However, the problem Facebook does face here is the very complexity involved in laymen understanding protective guidelines and the complexities of how Facebook empowers advertisers, etc. We cannot delve deep enough here to discuss these issues, but it seems certain the judge in this case is going to have to order a lot of what’s called “discovery” on both sides.

Facebook Ask the CPO

Finally, at the end of this massive trail of user and citizen privacy complaints is an obvious revelation of the underpinnings of personal data use. What I mean is simply this: any reasonable court would seem bound to actually discover not only if, when, and how Facebook stores and uses people’s data, but exactly where and how much. Sometime soon it seems likely regulators are going to set their own super geeks on the task of disclosing what is going on, but more importantly what can go on with people’s privacy. The end of that investigation will probably cure a lot of corporate and personal headaches.

Let’s hear your take on data security, even Big Brother, if you like.

Image credits: Facebook images - courtesy Facebook, Chris Abraham - courtesy Chris's Facebook profile with his permission.

philbutler

Phil Butler

Owner/Partner, Pamil Visions PR

Phil Butler is editor-in-chief of Everything PR and senior partner at Pamil Visions PR. He’s a widely cited authority on beta startups, all things social, search engines and public relations issues, and he has covered tech news since 2004. Phil has covered tech and social for ReadWriteWeb, Mashable, Profy, SitePoint, Search Engine Journal, The Epoch Times, Silicon Angle and many others. Check out Phil's Google + profile too. 

See Full Profile >

Comments

Thanks Phil, with data so easy to access and collected in such large amounts (look at what Google collects as an example of that), I don't see how we are going to live the simple "online lives" we are all living and stay private!

Hey Dan, as you say, "the simple life" may not even be possible if we want to use these social networks for work or play. While lost privacy is a sort of foreone conclusion for those of us who've been playing the game a long time, non-professionals are often unaware of the pitfalls. Think about how long it took some of us to climb the mountainous learning curves.


Thanks for taking the time Dan.

 

Phil

Nice piece outlining the issues - thank you! I have two thoughts -  

1. Facebook has very publicly acknowledged that their raison d'etre is make the world more open and connected. I don't think you can reasonably expect to win a violation of privacy case against a company that has stated they wish to change the view of privacy in the world.


2. Everything that is said on Facebook is said on servers that they own, including private messages. FB has a right to mine their own servers for data, and the TOS is pretty clear that collected data will be used by third party marketers. If users accept that their public statements will be used to be mined for data to be utilized by third party marketers, the same expectation exists for 'private' messages.


If Facebook was/is using the data from private message in a materially different way than they are from public messages, there might be an issue, but someone is going to have to prove actual damages from that to have much of a case.

3rd thought - I wish I had money to spend on frivolous lawsuits.

Hey Mark,


Good points all. As I alluded to in the post, what may be most interesting in all this is what is discovered if the judge allows searching deeper in the mechanisms Facebook deploys for various reasons. The reason I mention this is, for most of us who accept a loss of privacy and know nothing is free, the geek mentality behind these developments is a hacker one. In my informed view at least.

The larger issue for me, concerning the average user, is how reasonably visible the potential for data privacy incursion or damage is. What I mean is, should the law protect people from obscure or confusing language? Are the TOS clear enough, and for whom?

We create TOS for clients sometimes, to be honest the legal mumbojumbo we are forced to use in content is indistinguishable from hyroglyphics for the layman. Point is, "should people be protected from their own impatience?"


Anyhow, this is for the courts to decide. As one person told me yesterday, "this is an attorney gold mine."

Thanks for taking your valuable time to add two cents Mark.

Always,

Phil