read a Case and answer 2 Questions
emma_94
PortfolioCaseChapter4.docxFacebook Troubles with User Privacy
On Christmas 2012, Randi Zuckerberg posted a photo of her family to her private Facebook page. Unfortunately, the privacy settings on Facebook can confuse even the company’s top executives. Randi, the sister of Facebook founder Mark Zuckerberg and a former senior Facebook executive, soon found that her photo had leaked to the general public and had been tweeted to thousands of people. Randi tweeted Callie Schweitzer, Director of Marketing at VOX Media, who had first posted the photo to Twitter: “Not sure where you got this photo. I posted it to friends only on FB. You reposting it to Twitter is way uncool.”
This incident came only 11 days after Facebook had released new privacy controls meant to help Facebook users understand who is able to see the content they post. A new shortcuts toolbar allowed users to control “Who can see my stuff” without having to go to a new page. The new release also offered in-product education. Messages explained how content that users hide in their timelines could still appear in their news feed and on other pages. Evidently, these controls did not go far enough to protect Randi Zuckerberg’s privacy.
In fact, since Facebook was launched, it has had ongoing issues with addressing the privacy concerns of its users. In late 2011, Facebook settled a suit filed by the Federal Trade Commission (FTC) that charged Facebook with deceiving its customers about privacy issues since 2009. (The FTC regulates companies that take credit card information from consumers.) Facebook claimed that it would not share personal information with advertisers, that third-party applications would only be given the information they needed to function properly, that no one could access photos or videos from deleted accounts, and—perhaps most relevant to Randi Zuckerberg’s experience—that information posted to an individual’s Friends List would remain private. The FTC found that the company had not delivered on any of these claims. As part of the settlement, Facebook agreed to stop these practices until they had a better disclaimer and opt-out procedure. Mark Zuckerberg also issued a statement saying that, over the course of the previous 18 months, Facebook had introduced 20 new tools to address these and other privacy related concerns.
However, by August 2012, the FTC had launched a new investigation into Facebook privacy practices. Facebook had partnered with Datalogix—a company that collects credit card purchasing information, such as where users are shopping and what they buy. Facebook users were included in Datalogix advertising research although they were not informed of this. Moreover, if Facebook users did, in fact, find out about the use of their private data, they could only opt out of the research by going to the Datalogix homepage.
Facebook has also had privacy problems arise with its subsidiaries. In September 2012, Facebook acquired Instagram, a social media application that allows users to upload photos for long-term storage and sharing. Instagram boasted a user-base of 100 million users. On December 17, 2012, Instagram posted a privacy notice claiming the right to sell all photographs posted to its site without compensation to the user. The company further claimed that it could sell any other metadata associated with the photo, such as usernames, gender, addresses, mobile phone number, and email addresses—all information users were required to provide when setting up an account. Instagram asked users who did not agree with the notice to remove their accounts within a few weeks. The new policy would go into effect for all users who accessed their accounts after January 19, 2013.
The announcement garnered a great deal of public resentment. On December 18, 2012, Instagram cofounder Kevin Systrom clarified that, despite the notice, the company had no current plans to sell users’ photos. He explained that the company would be redrafting the privacy notice. In the meantime, competitors like Flickr have picked up a larger market share as a result of Instagram’s privacy misstep.89
Facebook is a powerful tool for communicating and reconnecting with friends and family. The service it provides is so valuable that users continue to flock to it. However, with every step forward, Facebook seems to take one or two steps backward in its protection of user privacy. Whether at the hands of the FTC or the competition, Facebook will no doubt continue to face repercussions for its decisions.
Although Randi Zuckerberg may have blamed Callie Schweitzer for poor online manners, it is likely that most of the billion Facebook users would prefer to rely on some mechanism beyond social media etiquette to protect their photographs and private information.
Discussion Questions
1. Do you think that Facebook or careless, uninformed users should be held responsible for privacy issues related to using Facebook? Explain.
1. Describe a privacy issue so serious that it would cause you to stop using Facebook.
Sources: Terri Schwartz, “Randi Zuckerberg’s Family Photo Leaks Because of Confusing Facebook Settings,” Zap2it, December 27, 2012, http://blog.zap2it.com/pop2it/2012/12/randi-zuckerbergs-family-photo-leaks-because-of-confusing-facebook-settings.html; Debra Donston-Miller, “Facebook’s New Privacy Policies: The Good News,” InformationWeek, December 14, 2012, www.informationweek.com/thebrainyard/news/social_networking_ consumer/240144443/facebooks-new-privacy-policies-the-good-news; Thomas Claburn, “Facebook Settles FTC Charges, Admits Mistakes,” InformationWeek, November 29, 2011, www.informationweek.com/security/privacy/facebook-settles-ftccharges-admits-mist/232200385; Jeff Goldman, “Privacy Concerns Raised Over Facebook-Datalogix Partnership,” eSecurity Planet, September 25, 2012, www.esecurityplanet.com/network-security/privacy-concernsraised-over-facebook-datalogix-partnership.html; Charles Arthur, “Facebook Forces Instagram Users to Allow It To Sell Their Uploaded Photos,” The Guardian, December 18, 2012, www.guardian.co.uk/technology/2012/dec/18/facebook-instagram-sell-uploaded-photos; “Humbled Instagram Backs Down on Controversial Changes to Serve User Photos As Ads,” Independent.ie, December 21, 2012, www.independent.ie/business/technology/humbled-instagram-backs-down-on-controversial-changes-to-serve-user-photos-as-ads3333391.html.
Google Collects Unprotected Wireless Network Information
Google’s Street View maps allow users to zoom into a location on a map and view actual images of houses, shops, buildings, sidewalks, fields, parked cars, and anything else that can be photographed from the vantage point of a slow-moving vehicle. It’s a remarkable tool for those trying to find an auto repair shop, a post office, or a friend’s house for the first time. Google launched Street View in a few cities in the United States in May 2007. It gradually expanded to additional U.S. cities and then to other cities around the world. In August 2009, Google began collecting data for Street View in several German cities. Germany, however, has stricter privacy laws than other countries, and prohibits the photographing of private property and people unless they are engaged in a public event, such as a sports match. As a result, Google had to work closely with the country’s Data Protection Agency in order to comply with German laws in the hopes of getting its Street View service for Germany online by the end of 2010.
In April 2010, a startling admission by Google provoked public outrage in Germany and around the world. It resulted in government probes in numerous countries, as well as several class action lawsuits in the United States. In response to queries by Germany’s Data Protection Agency, Google acknowledged that, in addition to taking snapshots, its cars were also sniffing out unprotected wireless network information. Google reported that it was only collecting service set identifier (SSID) data—such as the network name—and the media access control (MAC) address—the unique number given to wireless network devices. Google’s geo-location services could use this data to more accurately pinpoint the location of a person utilizing a mobile device, such as a smartphone. The company insisted that it was not collecting or storing payload data (the actual data sent over the network).
The German Federal Commissioner for the Data Protection Agency was horrified and requested that Google stop collecting data immediately. Additionally, the German authorities asked to audit the data Google had collected. Google agreed to hand over its code to a third party, the security consulting firm Stroz Friedberg. Nine days later there came another admission: Google had in fact been collecting and storing payload data. But Google insisted that it had only collected fragmented data and made no use of this data. A few days later, Germany announced that it was launching a criminal investigation. Other European nations quickly opened investigations of their own.
By early June, six class action lawsuits claiming that Google had violated federal wiretapping laws had been filed in the United States. In its defense, Google argued that collecting unencrypted payload data is not a violation of federal laws. Google explained that in order to locate wireless hotspots, it used a passive scanning technique, which had picked up payload data by mistake. The company used open source Kismet wireless scanning software that was customized by a Google engineer in 2006. Google insisted that the project’s managers were unaware that the software had been programmed to collect payload data when they launched the project. Finally, Google argued that the data it collected was fragmented—not only was the car moving, but it was changing channels five times per second.
However, a civil lawsuit claimed that Google filed a patent for its wireless network scanning system in November 2008 that revealed that Google’s system could more accurately locate a router’s location—giving Google the ability to identify the street address of the router. The more data collected by the scanning system, the lawsuit contended, the higher the confidence level Google would have in its calculated location of the wireless hotspot.
In the fall of 2010, the U.S. Federal Trade Commission (FTC) ended its investigation, deciding not to take action or impose fines. The FTC recognized that Google had taken steps to amend the situation by ceasing to collect the payload data and by hiring a new director of privacy. But by that time, 30 states had opened investigations into the matter. During the course of these and other investigations, Google turned over the data it had collected to external regulators. On October 22, the company announced that not all of the payload data it had collected was fragmentary. It had in fact collected entire email messages, URLs, and passwords. In November, the U.S. Federal Communications Commission announced that it was looking into whether Google had violated the Federal Communications Act.
Some analysts believe that Google’s behavior follows a trend in the Internet industry: Push the boundaries of privacy issues; apologize, and then push again once the scandal dies down. If this is the case, Google will have to decide, as the possible fines and other penalties accrue, whether this strategy pays off.
Discussion Questions
1. Google states that its intention in gathering unprotected wireless network information was simply to be able to provide more accurate location data for its Street View service. Can you think of any reason for Google to have gathered this data? Is there any potential service Google could consider offering with this additional data?
1. Enter the street address of your home or place of work to find what photos are available in Street View. Comment on the accuracy of Street View and the content of the photos you find. Does this sort of capability delight you or concern you? Why?
Sources: Jeremy Kirk, “Germany Launches Criminal Investigation of Google,” PCWorld, May 20, 2010, www.pcworld.com/article/196765/germany_launches_criminal_investigation_of_ google.html; Andrew Orlowski, “Google Street View Logs WiFi Networks, Mac Addresses,” The Register, April 22, 2010, www.theregister.co.uk/2010/04/22/google_streetview_logs_wlans; Google “Data Collected by Google Cars,” European Public Policy Blog, April 27, 2010, http://googlepolicyeurope.blogspot.com/2010/04/data-collected-by-google-cars.html; Google, “WiFi Data Collection: An Update,” The Official Google Blog, May 14, 2010, http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html; Kevin O’Brien, “In Europe, Google Faces New Inquiries on Privacy,” New York Times, May 20, 2010; Robert McMillan, “Google WiFi Uproar: Six Class Action Lawsuits Filed,” TechWorld, June 4, 2010, http://news.techworld.com/networking/3225722/google-wifi-uproar-six-class-actionlawsuits-filed; David Kravets, “Packet-Sniffing Laws Murky as Open Wi-Fi Proliferates,” Wired, June 22, 2010; Tom Krazit, “Deciphering Google’s Wi-Fi Headache (FAQ),” CNET, June 1, 2010, http://news.cnet.com/8301-30684_3-20006342-265.html; Google, “WiFi Data Collection: An Update,” The Official Google Blog, May 14, 2010, http://googleblog.blogspot.com/2010/05/wifi-data-collection-update.html; Gregg Keizer, “Google Wants to Patent Technology used to ‘Snoop’ Wi-Fi Networks,” Computerworld, June 3, 2010, www.computerworld.com/s/article/9177634/Google_wants_to_patent_technology_used_to_snoop_Wi_Fi_networks; Matt McGee, “FTC Ends Google WiFi Inquiry, No Penalties Announced,” Search Engine Land (blog), October 27, 2010, http://searchengineland.com/ftc-ends-google-wifi-inquiry-nopenalties-54058; Tom Krazit, “Connecticut Heads Up 30-State Google Wi-Fi Probe,” CNET, June 21, 2010, http://news.cnet.com/8301-30684_3-20008332-265.html; Alan Eustace, “Creating Stronger Privacy Controls Inside Google,” Google Public Policy Blog, October 22, 2010, http://googlepublicpolicy.blogspot.com/2010/10/creating-strongerprivacy-controls.html; Chloe Albanesius, “FCC Investigating Google Street View Wi-Fi Data Collection,” PCMag.com, November 10, 2010, www.pcmag.com/article2/0,2817,2372498,00.asp; Tom Krazit, “Deciphering Google’s Wi-Fi Headache (FAQ),” CNET, June 1, 2010, http://news.cnet.com/8301-30684_3-20006342-265.html.
