Recently, I was notified that I have been on Facebook for 12 years. I joined during my 3L year when you needed an email account associated with a school. Largely, I signed up because I wanted to keep in touch with my siblings and this new platform seemed to be what the cool kids were using. Now, my timeline reports that my user data may have been misused and I should #deletefacebook. Trust has been broken, so why is it so hard to push the “delete account” button? This article will provide an overview of the issues surrounding this current Facebook faux pas, with a focus on what questions lawyers should be asking themselves.
What’s the big deal?
No doubt you’ve had discussions about the “Big Brother” aspects of Facebook. The news that a political analytics firm was using user data from Facebook during the recent elections brought this connection back to mind. The analytics firm said it used the data in keeping with Facebook’s policies. Facebook says otherwise. Regardless, there is no question Facebook was aware and only recently has discussed the issue publicly.
Further, according to the Electronic Frontier Foundation:
“The scale of this violation of user privacy reflects how Facebook’s terms of service and API were structured at the time. Make no mistake: this was not a data breach. This was exactly how Facebook’s infrastructure was designed to work.” (https://www.eff.org/deeplinks/2018/03/how-change-your-facebook-settings-opt-out-platform-api-sharing)
Not only is this a public relations nightmare, it calls for a larger question: should lawyers #deleteFacebook?
What is the draw of Facebook?
The brilliance of Facebook (and other social media platforms) is that they entice us to voluntarily join and willingly become the product. We share our information in the name of connecting with others. It’s free. All our friends and family are there. It’s a great marketing tool. No matter your reason, there are an incredible number of users of Facebook.
As Forbes reported, the main issue is that we users are the product in today’s connected online world. Our habits become known through check-ins and status updates, our faces recognized, information about us is categorized, and, apparently, sometimes sold to the highest bidder. All provided by us, in exchange for using the service.
Many web and software services are built on a “freemium” model, where users are given access to basic features for free and then pay additional amounts for more features. This allows the company to build a larger user base for product testing and development. User feedback is vitally important to the success of any entity, but user data is highly desirable and can command high prices to those who will pay. Ads can be served up relative to your interests, prior searches, and location.
Companies that started using the freemium model may be tempted to sell out their users in exchange for a large payday. Some companies aren’t hiding what they are doing with this data. For example, MoviePass, a growing movie subscription service, has and will use your data, as Forbes reported:
“Then,” [the MoviePass CEO] continued, “Because you are being tracked in your GPS by the phone … we watch how you drive from home to the movies. We watch where you go afterwards, and so we know the movies you watch. We know all about you. We don’t sell that data. What we do is we use that data to market film.”
Ignorance is not bliss (nor an excuse)
Lawyers simply cannot ignore these issues, especially given client confidentiality concerns. How many of us have contacted our clients using our cell phone with the Facebook app installed? Did you know that you may have inadvertently provided Facebook access to all your call and text message data? (https://arstechnica.com/information-technology/2018/03/facebook-scraped-call-text-message-data-for-years-from-android-phones/) It’s, uh, troubling to think that a call you made or received may have been disclosed to, and retained by, Facebook. Oh, and if you and your spouse share contacts (e.g., through iCloud or Google) and you don’t upload your contacts, but he/she does, you may have the same problem.
Let’s say you checked into Facebook while at a courthouse for a client (I’m attending a hearing). On arrival, you called that client on your cell phone to confirm where you are meeting (third floor lobby). It’s not a stretch to say that Facebook could connect the two numbers and provide the identity of your client to your friends list. That’s what Facebook does, right? Facebook is built on providing suggestions of who to connect with and an easy way to do so. What if your client doesn’t want your friends to know he or she was your client (and potentially the reason for being your client)? Something to think about.
It’s difficult to keep up with the various privacy settings needed to control access to and sharing of your information. The settings are different on the mobile application and the full website. When is the last time you read the click agreement instead of just clicking or tapping agree? What information was disclosed before you made the adjustment?
Further complicating matters is the fact that Facebook owns Instagram and a bunch of other companies. Simply changing settings on one platform isn’t enough, especially when the companies are connected. So, what do you do?
If there’s any good news, it’s that we are all in this together. Social media works because of the number of people who are part of these services. That said, take this stuff seriously. Know the limits of what is permissible. Know how to set permissions. Know where to go to get help.
Here are some tips to increase your Facebook privacy: (https://www.macsparky.com/blog/2018/3/three-things-you-can-do-today-to-increase-your-facebook-privacy).
At the end of the day, the users will cry foul (search: Tesla #deleteFacebook) and Facebook will likely adjust its policies to placate the masses. But who really knows? Also, once your info is out, how do you get it back?
Chances are good that at least some of your data has been compromised. Choosing to #deletefacebook is simply a response — a digital protest to bad data privacy practices. Regardless of what you choose, there will undoubtedly be another service that will promise more security and transparency. Guess where I first read about #deleteFacebook? Yep, on Twitter. In the end, we must be aware that we are the product and act appropriately. Be safe out there.
Seth R. Wilson is an attorney with Adler Tesnar & Whalin in Noblesville. In addition to practicing law, he helps manage the day-to-day technology operations of the firm. Seth writes about legal technology at sethrwilson.com and is a frequent speaker on the subject. The opinions expressed are those of the author.