Sunday, May 9, 2010

Facebook: Too Intrusive Even for Me

I've resisted a very small urge to blog for years, so why would I start now? Simply put, I'm divorcing Facebook, so I need a new place to bloviate.

I should start by saying that I'm a huge fan of Facebook, and that I have long thought it was one of the best things on the net for promotting happiness and improving the human condition. It broke my heart, at least a little bit, when I decided yesterday that I could no longer tolerate their ever more outrageous privacy policies. This excellent article from Wired pushed me over the edge.

So, I posted what will probably be my last Facebook status update, a pointer to that article and the simple text:
"This is a good explanation of why I've mostly stopped using Facebook. I'm far from being a privacy nut -- I believe privacy is an obsolete concept -- but Facebook has gone way too far."
That was hardly a profound addition to the Wired article, but it set off a small flood of messages -- the magic of Facebook, of course! -- including some from people I hadn't seen in as much as a decade. It felt like everyone was suddenly waking up to the same conclusion -- Facebook's turned into a bad guy, and we can't live without it, and we have no more trusted alternative. Like abuse victims, we still love our abuser and we don't want to divorce it, we just want it to change. But it won't change. Our privacy *is* Facebook's product, and it will milk us for as long as it can, until it is stopped either by competition or by regulation, neither of which are likely any time soon.

I've spent my whole career telling people that privacy is, regrettably, dead, and that the only useful response to the death of privacy is to practice and teach tolerance. (If everyone with something to keep private respected everyone else's similar wishes, then technology's effect on privacy would be much less worrying.) Now, all of a sudden, I've become a privacy nut? Or, as my friend Carlyn responded to my Facebook post, "Quite a comment coming from such an exhibitionist as yourself!"

I think what's bothering me is that my lack of faith in technological protections for privacy doesn't translate to a lack of belief in basic human decency. Sure, social networking technology opens up huge areas for "monetization," but some of them, to my mind, are downright unacceptable. There need to be limits, and Facebook shows every sign of having decided to push as far and as fast as it can and let external forces set those limits -- if they can.

Are government regulators even within light-years of addressing problems like this? When I recall that we can't even agree not to sell guns to people on the terrorist watch list, it's hard for me to be optimistic.

A lot of my friends seem to be buzzing, cautiously, around the idea of an open alternative to Facebook. Their idea, more or less, is to design open protocols for social networking (based, I would hope, around OpenSocial as a starting point), Such protocols would follow traditional Internet engineering principles and allow multiple services that interact to create a "federated" social network, and can offer alternate privacy policies (and other terms) to their subscribers. And, of course, the system would be implemented as open source software.

My concern is that the biggest cost of this kind of service won't be the software. I'm all for open source, but I bet Facebook spends way more running its service than on writing and evolving the code. A large-scale service like Facebook requires serious infrastructure. There have been a few non-profits, but the vast majority of such services have been delivered by for-profit corporations, and for a good reason: they require the complex marshalling and management of a significant number of expensive resources. Those are precisely the skills at which busineess majors excel.

It would be fun to try building a more open and privacy-friendly facebook alternative, but you'd need an institutional home. Unless you could convince investors that there are enough privacy-conscious citizens to make your service profitable as a new enterprise -- and I'm skeptical -- it might be smartest to do it under the sponsorship and protection of an existing relevant non-profit such as ACLU or EFF.

Ultimately, however, I must annoy my conservative friends by saying that the best answer is probably government regulation. The fact is, we're all upset beacuse Facebook is acting like corporations have nearly always acted in the absence of any relevant legal constraints. Dare I suggest that the solution might be legal constraints, as it has been every time a new industry has emerged, matured into a near monopoly, and become abusive?


  1. At this point, I am going to annoy my nationalist friends and suggest that the solution might be found in neighborhood ownership of communications and transportation between households, municipal ownership of the same between neighborhoods, then counties, then states, then countries, then regional federations, then a free world federation. Economically, we are dealing with an area which is a natural monopoly so that the people are best represented by their elected government at each level, as opposed to the governments of Facebook (or Google :) ).

  2. I'd like to try to challenge you a bit on the prospects for an "open" alternative to things like Facebook.

    I think that your argument could be not too unfairly paraphrased this way:

    1) The software might be a little bit large, but is basically easy. [I agree with that.]

    2) Expensive, large, complicated computing facilities are needed to host services like Facebook. [I agree with that.]

    3) Regulation of a service like Facebook is well beyond the realistic regulatory capacity of our government (Al Franken notwithstanding). [I agree with that.]

    4) Therefore, if it is to be done, it ought to be done as an initiative by some big, progressive, non-profit rights org like ACLU or EFF. [I don't quite agree but I think such orgs can help.]

    Now, haven't I just entirely agreed with your argument?

    No, I have not. In particular, I think you have two implicit points underlying that:

    5) Regulation as pertains to something about Facebook must be primarily about the technical details of something like Facebook. [I strongly disagree but this is a somewhat abstract point I'll have to unpack below.]

    6) The main question about something like Facebook is "who is in charge" - a for-profit firm like Facebook or a public interest non-profit like EFF or ACLU? [I strongly disagree, as I'll explain, because I think the right answer is that "nobody" is in charge.]

    The key element that I think you're overlooking is the market-driven motion towards genuinely commodity computing at scale. What do I mean by "commodity computing" and "at scale"? By example I mean the Amazon services like EC2, S3, SimpleDB, and so forth - but only if you imagine such generic platforms to exist in a market that treats those facilities as commodities. By "commodity" I mean that other companies are offering the exact same APIs and so forth, and that migration among competing providers is relatively seemless and can be quite fine-grained.

    For comparison: in some (most) areas in the US I have a choice about long-distance calling plans on a POTS land-line. Another comparison: if I need to move a shipping container from point A to point B, often that's a competitive market in which sellers are offering trivial substitutes for one another's implementation of the basic service.

    Amazon gives a good picture of what it might look like.

    Now, I claim that social networking functionality like Facebook can be quite well implemented atop such a commodity platform in a distributed and decentralized way. This is a bit like telephony. You might buy your phone service from firm A, our friend from firm B, and I from firm C -- but we can do a long distance conference call (often enough) just fine.

    How can that help with privacy concerns? Such an arrangement decentralizes decisions about what to share with whom and how, in the first instance of sharing. In subsequent instances of sharing, peering groups get to make decisions collectively - much as how cliques of NNTP peers can decide whether or not to keep certain newsgroups just among themselves or to share them more broadly.

    How does that help with regulatory concerns? By treating simple utility computing infrastructure as the platform, asking users "pay as they go" for the utility - the regulatory problem is simplified. No longer does Al Franken need to wrestle with the privacy policies of Facebook, then Flickr, then LinkedIn, then .... Rather, regulation can concentrate on just a finite set of core commodity computing facilities. Just as we have POTS (for telephony) we can have POCS (for computing).

    To Facebook and their ilk, I say: a POCS on your house!

    Where orgs like ACLU and EFF can help is in solving chicken and egg problems (getting it going), and in being proactive in influencing the definition and regulatory environment of POCS.

  3. Boy am I behind in this discussion. Just trying to set up
    my first Facebook account and hadn't a clue.

  4. I question whether any regulation of companies has really ever worked. When companies would "behave" without it, regulation doesn't really work. When companies want to "misbehave", they influence the regulators so that what they do is not counted as misbehavior and remains unchecked.

    What I was suggesting in my brief Federalist Populist rant above was that network authentication and privacy and applications could follow jurisdictional, federal boundaries rather than the anonymous and amorphous model of the world wide web. The bulk of this work is thus governmental and would be aided by federal standards (something that level of government is naturally good at) and decentralized ownership and operation. Facebook made the first step in this direction by, initially at least, limiting its membership to alumni of various schools. I would consider it an improvement in a social networking application installed in Grinnell, Iowa, for it to be limited to residents of Grinnell, Iowa as verified by the town or the college. Since it is a government application running on your town's servers, it is far more accountable and accommodating to your individual privacy concerns than a commercial enterprise, however high the hopes of regulation in the case of the latter.

  5. Mr. Klapper,

    Not to be a pill but do you think that local jurisdictions as you are drawing the boundaries have the capacity for that kind of thing? It seems to me that towns are having greater than ever trouble keeping pot-holes filled and that outsourcing stuff like web services is quite common. So, then you wind up back where you started with Mark Zuckerberg as CEO of a company servicing lots of smaller jurisdictions, but now a big chunk of his revenues includes tax payer dollars.

    My utility computing solution is similar but different. You still have big centralized entities (e.g., Amazon) but their technical role is finite and relatively well defined and more easily monitored - which simplifies the regulatory climate down to something closer to the POTS level - a level where its easier for ACLU and EFF to hang their hats. Abuses still happen (e.g., the famous wiring closet case) but then folks like EFF can step in and have stepped in.

    I like the "federation" concept, quite a bit. I see that as implicit in my push for distributed/decentralized. I'm just suggesting using utility computing as the field of play and letting the federated entities self-form and self-regulate in that market, rather than equivocating them with existing jurisdictions and organizations.

  6. It's funny, people who are promoting something don't ever have any concern about being too intrusive. So Facebook should be a win for people who are carrying out a deliberate strategy of careful cultivation of their online image.

    The risk is that only a handful of people have the right neurons firing to understand what all of the possible implications that there are of an action on Facebook. Writing this essay is hard at least in the sense that it takes lots of fine motor control to do. Hitting the "Like" button on a Facebook post is much worse, since you hardly need to even twitch to make it happen, and that doesn't give your brain enough time to flash the danger signal to make you stop.

    I am reminded of a quote from the short lived late 90s era magazine (In)formation: "Every day, computers are making people easier and easier to use."