Awash with insightful criticism about his call to President Obama regarding privacy, Mark Zuckerberg has had his communications people release a statement that the conversation was about security not privacy. Does this etymological shell game impress you?
Back to basics, Mr. Zuckerberg. “Security” in this context is a subset of privacy, or the fair information practices that have long stood the test of time for foundational information management. Scholars may slice and dice the concepts, but essentially they break down into four practices:
Notice: that information about an individual is being kept by the entity and that the individual is notified if it is disclosed. “Disclosed” includes data mining for anything more than technical operations; it most certainly includes the sale of data. Has Facebook informed you of sale of your data to advertisers? No, it fails on point one.
Ability to Correct the Record: most times this section is labeled “transparency” but overexposure and politicization of this word prompts me to go back to its original name and concept. Quite simply, it is the ability of the individual to see the information held by the entity and correct any “mistakes.” Originally, it derived from Fair Credit Reporting, in such instances as when names or identities were confused and, for example, a credit rating tanked because the entity had the wrong “John Smith.”
In this case, I will use my own situation. After the fall semester of “Culture, Law and Politics of the Internet” 2008 passed, I wanted to keep in touch with my students, so I fired up a Facebook account. Exhausted by the news feeds and in protest of the Facebook’s practice of switching privacy settings without notice to users (a practice that the F.T.C. later wrote into an agreement that Facebook could do it no longer), I closed my account. (Sorry, students! You can always email me!!!) But it turns out that Facebook still has all the information once held about me. They did not purge the account; they only blocked external access to it. Yet I do not have the ability or right to correct that record.
What if there are postings there that put me in a false light? Are defamatory? I would have to bring a full-fledged legal case to correct. That is not feasible. Nor, under these circumstances, is Facebook’s practice consistent with the “ability to correct the record” principle.
Security: Ah, now we come to the heart of the matter. Security, meaning the administrative, logical and physical rules and technical safeguards to keep the information confidential, with appropriate access controls and with full integrity, is one of the foundational privacy practices. But it in and of itself is not, does not equal, and should not be thought of as synonymous with privacy.
Taking Facebook’s communication’s team at their word, I imagine Mr. Zuckerberg, a brilliant coder to be sure, taking the President’s time to talk about safeguards? I doubt it. That explanation speaks to damage control, camouflage and disingenuousness. How ignorant does he think people are about these issues? Billions of dollars in corporate valuation, not to mention his own bank account, suggests he might not be entirely wrong on that one. But the times may be a-changing … and the pushback over this little brouhaha is an indication that there may come a day when it might be otherwise.