Nothing that happened Wednesday will satisfy Facebook Inc.’s critics. The U.S. Federal Trade Commission, the nation’s chief consumer privacy watchdog, hit Facebook with a $5 billion fine for violating promises to better protect personal information.
This FTC action kicked off after revelations that a politically connected consulting firm obtained information from tens of millions of Facebook users without their explicit permission. That and other eyebrow-raising privacy missteps or creepy data sharing started an overdue reckoning about how Facebook and other internet companies collect repositories of information on what people do and where they go and too often play fast and loose with that data.
The reckoning won’t stop with the fine from the FTC, which said this was a record for any privacy-related enforcement action. It still won’t make anyone happy. Members of Congress have already said that $5 billion is nothing for a company with $45 billion in the bank.
Leave aside what the FTC should have done with its power under the law. I want to suggest an action that could make Facebook less of a data-privacy horror show: Give people the power to make Facebook collect less data on them. Not fake empowerment, which is too often the case in internet privacy. I’m talking about a real option to force Facebook and the companies with which it works to collect less data in the first place.
This behavior did not originate with Facebook. The internet economy is a game of one-upmanship to normalize ever-more inventive and aggressive human surveillance. Facebook shouldn’t receive all the blame for this. (Although it should get a lot of the blame.) This is how the internet works now, and it’s only going to get worse. It is not OK. It’s time to put roadblocks on history’s largest human-tracking scheme at the hands of internet powers and the many other companies complicit in their behavior. We might as well start with Facebook.
Dina Srinivasan, who wrote a compelling legal paper linking Facebook’s privacy shortfalls to monopoly power, proposed a version of the U.S. “do not call” registry introduced in the early 2000s that stopped many telemarketing calls. The idea applied to Facebook is that people would have the option to make Facebook’s surveillance system end at the borders of its internet hangouts.
Facebook would no longer be able to vacuum information about what people do on websites and apps that aren’t owned by Facebook, or would no longer be able collect the location of people as they roam around the world with smartphones that double as Facebook surveillance devices. Yes, Facebook does all this, although many people are not aware of the scope of the company’s information-harvesting practices.
Facebook users today can check a box — if they can find it and understand the language — to tell the company not to use information about their visits to news websites, medical information apps and their trips to the coffee shop for use in tailoring advertisements bought by Ford or Starbucks. But they cannot prevent Facebook from collecting this information in the first place, and the company even collects information on people who don’t have a Facebook account at all.
Facebook says, in part, that it needs some information such as location to identify fake accounts or other security purposes. But truly, Facebook and other internet companies believe they should gather as much information about people as they possibly can because it might help their business — and hardly anyone has stood in their way.
This is how the internet works. Track everything, break down any semblance of anonymity in online activity to create highly specific personal dossiers. The big lie of Facebook and the internet is that people have knowledge about and control over what happens to their information. They absolutely do not, and people should have a choice to truly opt out of the great horror show of pervasive internet surveillance.
Shira Ovide, Bloomberg