By Meg Roggensack,
Senior Advisor, Business and Human Rights Program
Organizers of mass protests against repressive governments in Tunisia and Egypt relied on Facebook to get the word out. Photos of protestors in Egypt showed posters with Mark Zuckerberg as their hero. And then the government turned off the Internet.
While Facebook has allowed users to organize, there are serious questions as to how far the company is willing to go to protect the privacy of its users--including those screaming for freedom. Today is data privacy day, an international effort to raise awareness about the importance of protecting personal information online. To mark this day, Facebook announced on its blog its "continued commitment to security"--including a new range of features geared to protect information from malware, hackers, and viruses.
These security measures are welcome and important but a little off the mark for this occasion. "Security" and "privacy" are not exactly the same thing.
Of course, talking privacy to Facebook is a bit ironic in and of itself. Facebook's entire business model is based on aggregating and sharing user information. Facebook and Mark Zuckerberg have taken the position that sharing of information and connectedness is the new social norm, and that privacy is outmoded.
The "open" approach has left Facebook trying to innovate its way around a human right that the company has a responsibility to respect -- privacy. Until Facebook takes that responsibility seriously, it will continue to let down its users.
The truth is that many repressive governments take advantage of Facebook's open platform to spy and censor, or to identify "enemies of the state," such as individuals who "like" a particular politician, or to track activists they don't like by identifying who is a "friend" of government critics.
The government of Iran might well be interested in a list of everyone living in Iran who is "likes" Mousavi, a reformist politician there. And Egyptian President Mubarak could take interest in those who liked any of the pages or organizers of today's protests. The list goes on.
This surveillance is possible because Facebook's policies make the pages that users like public by default. Users have to "opt-in" for privacy, when it should be the opposite.
That's why tweaking Facebook's security settings--while welcome--misses the more fundamental point. So long as Facebook bases its privacy policies on the belief that privacy is an outdated notion being replaced by a principle of "openness," it will continue to put its users at risk and will play a dangerous role in degrading a fundamental human right that, in many countries, has life or death consequences.
Recent and ongoing protests only underline how critical these questions are becoming for Facebook. Navigating the law, user expectations and -let's face it, the desire for financial profit--can be a challenge, but it's one that must be met.
And it can be.
Facebook could start everyone's account with the most restrictive privacy settings and make any additional sharing require a user opt-in. It can be more transparent--by communicating any changes to its policy onto users' wall or into their inbox, and making them also opt-in.
Facebook could increase its transparency and review of cases where governments ask for information about user information. Twitter just set an example by alerting certain users that the U.S. government had requested information of those suspected of involvement in WikiLeaks for example.
Facebook is not alone in needing to set policies and practices to protect user privacy. In fact, there's a group of companies called the Global Network Initiative (GNI), who are committed to working together to discuss challenges and find solutions to protect and advance privacy and freedom of expression. Facebook is not at the table.
Companies that "go it alone" and attempt to address challenges after the fact, as Facebook is doing, risk not only their reputations, but the privacy rights of their users. As one of the activists we work with in Belarus has eloquently said, for companies, this might be a question of business, but for activists, it's life or death.