Facebook sued for being a social-network site

I can't always fit the bottom line of a story in the headline, but this time I could. "Five Facebook users are suing the social network for doing what made it an online superstar – letting members share aspects of their lives on the Web," Agence France Presse reports. They allege that Facebook violates California's privacy laws, reports ConnectSafely co-director Larry Magid in his CNET blog. It's an interesting group of plaintiffs: a woman who joined when Facebook was just a college service suing because it became an open network with 250 million+ members; "a photographer and an actress who contend Facebook is wrongly sharing pictures posted on their profile pages"; and two boys under the minimum age state in Facebook's terms of service. One of the boys, an 11-year-old, "posted that he had swine flu and uploaded pictures or video of 'partially-clothed' children swimming," the AFP cites the lawsuit as saying. Larry adds that "the complaint says that 'upon learning of the Facebook account and the posting of an uncertain medical condition,' the child's parents 'removed the medical condition postings from Facebook' and that 'Xavier O. and his parents have been unable to learn where the minor's medical information may have been stored, disseminated or sold by Facebook'." The AFP reports that "Facebook has steadfastly maintained that its members own information they post to profile pages and control who gets to see it" and recently reworded its terms of service to make that clearer, it told users. Meanwhile, the complaints of Xavier's parents raise a number of questions, e.g., why they didn't just delete his account – why leave the photos of kids swimming in his profile if they're mentioned as objectionable? And Larry asks, "Could [the parents] be implying he was posting child pornography images? If so (and I doubt it), this kid could find himself in juvenile court."

Anyway, lots of kids under 13 lie about their age and set up social network accounts – mostly because they're at an age when life is getting very social and social networking is now part of kids' social lives. Responsible social network sites have the age-13 minimum because of COPPA (the Children's Online Privacy Protection Act), which created that somewhat artificial barrier. But – even with the technology that MySpace and Facebook apply to under-age detection – parents are infinitely better at "detecting" their kids' social-Web activities and deciding what's appropriate. I can't imagine a judge who knows anything about social media saying anything different. Looks like Facebook can't either, because, according to the AFP, the site "has dismissed the lawsuit as being without merit and promised a legal battle."

Terms of use: Social Web bill of rights?

It's a big headache, Facebook's experiment in folding users' input into updating its terms of use, but so is democracy! And by definition - as a user-driven or -produced medium - Web 2.0 is more democratic than any that preceded it. Revising terms of service in this participatory way actually makes them relevant. I wonder why it has taken so long to get here, actually (maybe partly because all eyes were directed to predators by politicians and the news media, with the relentless message that it's entirely up to these social-media companies, like their mass-media predecessors, to control the content they "broadcast"). Now, as my ConnectSafely.org co-director Larry Magid wrote in CNET, Facebook's "officials seem to be trying to figure out what it means to run a company where users, not professionals, provide most of the content. In some senses, Facebook is a media company but unlike newspapers, TV networks and even most blogs, its contributors aren't employees or contractors. It's those 175 million members." Terms of use can no longer viably be written entirely by corporate lawyers "for other lawyers, in the hope that their lengthy recitation of claims leaves no room for a lawsuit," as the Washington Post's Rob Pegoraro put it. Nor can Facebook afford simply to "grind" users' reactions and edits to its proposed user "bill of rights" "into the usual legalistic sludge." Pegararo suggests Facebook should put its draft in a wiki that users can edit as in Wikipedia. The only problem is, Wikipedia doesn't need the input of corporate lawyers on its "encyclopedia" entries. The other problem is what adequate representation is for Facebook's 175 million "citizens." If more than 7,000 people comment on a new policy, Larry Magid points out, "the policy will be put to a vote and the result 'will be binding if more than 30% of all active registered users vote." Thirty percent of 175 million is 53 million. This will be an amazing experiment indeed if that many people vote! In any case, this is a great discussion to be having - it's important to make terms of use relevant. [Here's a transcript of Facebook's 2/26 press conference on this at CNET.]

Facebook's about-face on terms of use

Facebook was smart to go back to its previous terms of use while it conducts this terms-of-use-updating experiment in a spotlighted Petrie dish in what seems like the middle of Mumbai's Victoria Station at rush hour (see CEO Mark Zuckerberg's "Update on Terms"). And this is indeed a giant (global) societal experiment, as we the people (the content producers and distributors) and they the companies (the content co-distributors and hosts) - not to mention policymakers and other overseers and observers - figure out who is responsible and to what degree for protecting the content producer, aka user. Because the social Web is largely a user-produced and user-controlled medium, clearly (to me, anyway) the responsibility is shared. Educating users about that is a challenge all by itself, witness the general lack of close attention to privacy options (see "10 privacy settings every Facebook user should know"), but factor in developing teenage brains learning impulse control and shared responsibility at the same time, and the user-protection challenge grows significantly (see PBS Frontline's "The Teenage Brain").

I said Facebook's smart in my lead up there because, in going back to its previous terms-of-use version, it's buying time for the process of folding user input into the new terms' development process and this giant experiment is also about user (and societal) education. It needs time. There are factors involved that only a few of the privacy bloggers are writing about (e.g., author Daniel Solove), including the tension between consumer privacy pressures and those from law enforcement to hand over as well as retain user data after users have closed their accounts. But time is short, too. Though this social and media experiment - and consensus-building in general - take time, Facebook doesn't have a whole lot, given the climate outside the Petrie dish. The predator panic recently brought into perspective by the Internet Safety Technical Task Force is a good illustration of how worst-case scenarios and fears tend to eclipse the public discussion about the social Web - to the detriment of child safety (see the New York Times and my post on that). Why to the detriment? Because kids usually want to get far away from scared, worked-up parents; they go "underground" online, where parents aren't in the mix. Never the best scenario. [Thanks to UK privacy researcher Tara Taubman for pointing out a few of the links below.]

Here are other reports and commentaries worth reading:

Audio interview with both Marc Rotenberg, head of the Electronic Privacy Information Center (EPIC), and Facebook chief privacy officer Chris Kelly by CNET/CBS tech analyst Larry Magid (Larry is also my co-director at ConnectSafely.org)

A lawyer's view on Facebook's 180 and how enforceable terms of use are anyway (Maxwell S. Kennerly in Philadelphia)

University of Wisconsin information studies Prof. Michael Zimmer's very critical view of Facebook's process

Internet consultant and blogger David Silversmith on the technical and monetary realities and then "plain old reality"

The Guardian on how people definitely do read the "fine print" in social sites (vs. grocery store loyalty cards)

Coverage at the Washington Post and New York Times.

The Internet Safety Technical Task Force report

Facebook, terms of use & privacy

The biggest news over the holiday weekend besides the economy was the buzz about Facebook's recent terms of service update. Facebook said it was all about consolidating and clarifying "what people could and could not do" on the site (see CEO Mark Zuckerberg's blog), but the ruckus raisers said it was about what Facebook could and could not do with users' content, CNET's Caroline McCarthy reports. I think the update and the ensuing flap are much more about what users can do with and for their privacy - and society getting used to a bottom-up, user-driven, user-controlled medium. Here are two important takeaways on user privacy: 1) If you want to delete your own account and all the personal info therein, you can certainly do so, but Facebook can't automatically delete information you post in other people's profiles (because it's on their wall, not yours); 2) if by using Facebook you "license" the site in effect to own and share your content, its use of your content is subject to how you set your privacy settings, so users need to pay attention to and proactively set those privacy options; and 3) that last point is even more true now that Facebook Connect "allows users to 'connect' their Facebook identity, friends and privacy to any site" and Facebook of course cannot control or protect user info in other sites. In his blog post, Zuckerberg wrote, "There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with."

Twitter not upholding Terms of Use: Why important?

Last week I wrote that two cases put the spotlight on sites' Terms of Service, and - whatever legal scholars say (I'll get to that in a minute) - this is a good thing. It's good because it sheds light on one part of the social Web that needs public awareness.

Now a timely illustration. Long-time Twitter fan and blogger Ariel Waldman has shined her own spotlight on how Twitter, another social Web service, isn't enforcing its Terms of Service and to what effect. [For more on the service, see "Do you Twitter?"]

"Overall, Twitter is a great platform to connect with friends and co-workers," Ariel writes. But, she adds, "considering the social-network sphere as it exists today, most people would assume that Twitter would be prepared to react and take action against TOS [Terms of Service] violations...."

The reason why she brings up the site's TOS is because a fellow Twitter user harassed her for months starting in June 2007. The harassment escalated, she says, with the user putting her full name in abusive posts in a public forum. "I would periodically report cases of continuing harassment (some of which spread between Flickr and Twitter). Twitter would take no action while Flickr would immediately ban and remove all traces of the harassment."

This past March, as it continued, she says she wrote to Twitter, including Web pages with examples of the abuse, and asking that the user be removed. Citing Twitter's 4th Term of Service - "You must not abuse, harass, threaten, impersonate or intimidate other Twitter users” - she told them, "Honestly, I believe this harassment has gotten way out of hand for too long. I am writing to you ... to remove this user for consistent long-term harassment."

Twitter's response after three days, she says, was: “Unfortunately, although [this user’s] behavior is admittedly mean, [s/he] isn’t necessarily doing anything against our terms of service.... We can’t remove [this user’s] profile or ban [this user’s] IP address; [they’re] not doing anything illegal.” For some reason this respondent was confusing what's illegal with what violates the site's TOS or community rules.

Ariel writes that she copied Twitter CEO Jack Dorsey on her reply, which said:

“I don’t believe this is a case of illegal activity - this is a clear case of harassment which is outlined in your TOS...."

Dorsey asked for a phone conversation with her (see her blog post for her notes on the call, March 19), at the end of which he asked what action on Twitter's part would make her happy. She answered as before, she writes: that the harasser be banned or at least warned.

"Jack didn’t get back to me until I emailed him on April 9 with eight new instances of abuse that included my full name and email address...." The CEO then did respond, Ariel writes, with this email:

“Ariel, apologies for the delay here. We’ve reviewed the matter and decided it’s not in our best interest to get involved. We’ve tasked our lawyers with a full review and update of our TOS. Thank you for your patience and understanding and good luck with resolving the problem. Best, Jack.” [See the bottom of Ariel's post for nearly 300 comments from readers.]

When she wrote about all this in Twitter's out-sourced customer support forum at GetSatisfaction.com, she did get two more responses from the company, one of which said in part: "Twitter is a communication utility, not a mediator of content." In response to that, Ariel later writes, "A decent portion of Twitter users see the service as a community (similar to Flickr), while Twitter chooses to view themselves as a “communication utility” (similar to AT&T)."

An interesting distinction. Courts actually have put social-networking sites in the same category as phone companies in their interpretations of the Communications Decency Act. And it is true that only the people involved can fully resolve an argument between them, regardless of whether it happens on the phone or in a social-networking site (for one reason, because no matter how many times a site's customer-service department might bar a harasser or take down defaming profiles, more comments or profiles can pop up under a new screenname).

However, let's look at this a little more closely:

1. Even phone companies get involved if customers report being stalked or threatened.

2. Ariel was not asking Twitter to change the harasser's behavior or resolve his apparent problem with her; she was asking that Twitter warn or ban him for violating the site's TOS with public harassment that included her full name and email address.

3. Interestingly, society as a whole - not just users, but parents and attorneys general too - has increasingly viewed and treated social sites as communities that need to be accountable and abide by and enforce their rules of operation as a baseline best practice - even though the US's social-networking industry hasn't yet started a discussion of social site best practices (for the UK's discussion see my posts on the Byron Review and the British Home Office's guidance for social-networking best practices).

Do you think Ariel's view reflects what we have come to expect of social sites, at least where minors are concerned? [I'd welcome your thoughts via anne@netfamilynews.org or posted in the ConnectSafely forum.] I wonder what the reaction would've been if Ariel and her harasser were teens and the site under discussion were MySpace.

Now for the part about what legal scholars are saying

About the Drew indictment, that is. University of Pennsylvania law professor Andrea Matwyshyn told a Wired blogger of her concern that, "if successfully prosecuted, the case [against 49-year-old Lori Drew about her involvement in the Megan Meier case] could set a bad precedent for turning breach-of-contract civil cases into criminal ones."

That does indeed have scary implications and needs consideration. But that doesn't change my view, blogged last week, that in Drew's indictment, "existing law is being unprecedentedly applied in a way that puts the public focus on sites' terms of service as, basically, a set of user safety regs that need to be observed by all as a protection to all." I feel strongly that two things will get us all closer to a safer social Web: 1) greater understanding, scrutiny, and enforcement of site terms of service and 2) better education for all participants about accountable behavior online. So, it's not good to set bad precedents, but it is good to try applying law in a way that strengthens the role of Terms of Use in the online-safety mix.

Related links

The UK Home Office's "Good practice guidance for the providers of social
networking and other user interactive services 2008"

My blog post on the Home Office's best-practices guidance

It's half-a-year old, but here's an interview with Twitter CEO Jack Dorsey.

"Popular blogger ignites uproar over Twitter harassment" in Webware.com

Thanks to tech educator Anne Bubnic of the California Technology Assistance Project for pointing out Ariel Waldman's post.