The way ahead on Facebook
Hand-wringing, toothless warnings and hoping for good behaviour is not the way ahead on social networks’ abuse of data. Interoperability, portability and transparency are.
As you leave home, your aged neighbour gives you the name of a medicine and asks if you could just stop at the chemist and check its availability and pricing. You do that and go on to do your own shopping. As you enter another shop, the shopkeeper asks you if you’d like to switch to a different psychiatrist, who could provide a better treatment for your condition. You’re puzzled, because you have no such condition. Three years later, your daughter is refused a job. Unknown to her, it’s because the employer has secretly concluded that someone in her family suffers from a mental health issue that may have a genetic component.
That’s an old visualization, translated to in-real-life (IRL, as the kids call it), of what a privacy disaster on the internet could look like. That nightmare has now been updated. Here’s the new one: 1.4 billion people, about 60% of the connected part of humanity, are on a single social network. The ONLY way this social network has of making money is to play fast and loose with their data, and to let pretty much anything be done with it, leaving you wrestling with arcane legal questions—what is a data breach and what isn’t. The fact is that, as far as it is known, Facebook has never suffered a data breach. From influencing elections down to the most mundane selling of trinkets, all the data that it and its “partners” are using has been in accordance with their “data policy” that users sign off on.
What we are realizing now is these “data policies” are about what data is collected, and not what is done with it. Even if one reads the data policy, it’s hard to understand what will eventually be done with your data when Facebook says these things: “We also collect content and information that other people provide when they use our Services… We collect information about the people and groups you are connected to and how you interact with them … We collect information when you visit or use third-party websites and apps... We receive information about you and your activities on and off Facebook from third-party partners...”
However, one can be quite sure that these phrases will come as a surprise to most Facebook members. No one ever reads terms and conditions. Facebook’s T&C and associated documents are about 6,000 words and those of all the internet-based services you use could add up to more than the total number of words than you have read in years. Reading and understanding these documents and then acting upon that understanding is clearly beyond the capability of almost any user of such services.
It’s self-evident that this situation calls for regulating social networks and similar services. The conventional approach to such regulations would be that governments would make some rules regarding how data must be captured, kept and used. Facebook and others would promise that they now follow rules. Perhaps some data auditors appointed would occasionally make entertaining visits to Menlo Park and watch a few presentations. Ordinary users around the world still just have to just trust the networks and hope that everyone behaves themselves. At regular intervals, Mark Zuckerberg and other bosses would apologize for regrettable misjudgements, becoming better at such public performances as they gain experience.
Instead, a much better outcome for the users of internet-based services would result if the regulations just enforced the principles of interoperability, portability and transparency. Interoperability would mean that users should be able to communicate with those on a social network without being part of it. This is something that almost all modes of communications already have. You send mail from your Outlook account to a Gmail account. You can call a Vodafone number from an Airtel one. This didn’t happen because these businesses have goodness in their hearts. It happened because someone set a standard and it would be commercially and/or legally suicidal to try and close one’s customers off from other networks.
There’s no technical or legal reason why the same cannot be enforced for the individual services that make up all the social networks. Just like emails and phones, regulations should force common standards and interoperability so that WhatsApp, Instagram, Snapchat, Twitter and others can accept and send messages to other similar services. Moreover, it should be possible for users to migrate their entire social presence to another, rival network, without losing their identity or linkages. These are not hard tasks technically, but these networks will have to be forced to do so.
The second aspect of reining in these networks would be to enforce complete and continuous transparency for the user. On every page and every screen, there should be, at the end, an automatically generated data declaration that lists out all the data that is being captured, and who all it is being sent to, plus an easy link to all entities with whom it has been shared in the past.
Portability and interoperability, coupled with transparency, would provide users with both the reason and the means to escape from an abusive network. Today, the only way users have of escaping is to delete their identity, in effect, to commit online suicide. An opening for transparent and interoperable social networks would create a powerful incentive for those abusive networks to reform themselves. It would also create a whole new playing field where next generation decentralized social networks based on blockchain technologies would get a start, but that’s a whole different story by itself.
Vivek Bhatia uses and thinks about technology a lot. Like Mark Zuckerberg, the webcams on all his devices are covered with tape.