The FBI vs the FTC: the battle for user privacy in social media

fbi vs ftc

FBI vs. FTC There’s no doubt about it: The US has mixed motives when it comes to user privacy in social media.

That became obvious this week with the juxtaposition of the FBI voicing its voracious desire to suck up social media data vs. the FTC’s 1) recent bemoaning of Facebook’s and Google’s wanton privacy policy changes and 2) call for a one-stop shop to tweak privacy settings.

On the more-user-data-the-better side is the FBI, which is asking for ideas on developing an application that can sift through social media to feed its intelligence-gathering appetite.

On January 19, the agency put out a Request For Information (RFI) on a data-mining application that could monitor Facebook, Twitter, news and other sites for real-time information.

On the agency’s wish list is the ability to automatically search and scrape social networking and open-source news sites for information about breaking world events. At a minimum, the FBI wants to keep a watch on, and to translate into English, social networking material in 12 foreign languages.

FBI seal As pointed out by InformationWeek’s Elizabeth Montalbano, the FBI is certainly not the first or only US agency interested in mining social networking for breaking news, clues to public opinion or early warnings about global events.

The CIA, the Department of Homeland Security (DHS) and the Intelligence Advanced Research Projects Agency (IARPA) are also researching for better ways to milk the social media cow to further their respective missions – be it surveillance or disaster preparedness.

Why should we care that the FBI wants to better reap intelligence? The agency’s RFI comes swaddled in the dialect of benevolent care for national security. From the document:

Intelligence analysts will monitor social media looking for threatening responses to news of the day such as major policy announcements by the federal government, for responses to natural disasters like an earthquake or hurricane, or indicators of pending adverse events.

Yes, of course we want our intelligence agencies to have advanced intelligence when it relates to terrorism or natural disasters. But do we really want these agencies to have better ways to pinpoint us if they associate our online personas with given keywords, rightly or wrongly drawing assumptions and gathering ever-more information that can and will be used against us in a court of law?

FTC seal On the other side sits the FTC, and thank goodness it’s attempting to act as a counterbalance.

At a talk on Tuesday morning at a cybersecurity forum in Washington D.C., FTC Commissioner Julie Brill took Google and Facebook to task for violating user privacy, saying the companies “learned … the hard way” from the FTC that they should not change user privacy settings without getting expressed, affirmative approval from users.

The FTC last year charged Facebook with unfair and deceptive practices, settling the matter in November by subjecting the company to regular privacy audits for the next 20 years.

The FTC also in the past year charged Google with deceptive privacy practices in its rollout of the Buzz social network, which had baffling privacy controls. Buzz was eventually rolled into Google+, while Google was also given a 20-year privacy audit decree.

In a prepared statement (.PDF), Ms. Brill had this to say about Facebook’s broken promises on user privacy:

We called Facebook out for promises it made but did not keep. It told users it wouldn’t share information with advertisers, and then it did; and it agreed to take down photos and videos of users who had deleted their accounts, and then it did not.

And this to say about Google’s failings:

We believed that Google did not give Gmail users good ways to stay out of or leave Buzz, in violation of Google's privacy policies. We also believed that users who joined, or found themselves trapped in, the Buzz network had a hard time locating or understanding controls that would allow them to limit the personal information they shared. And we charged that Google did not adequately disclose to users that the identity of individuals who users most frequently emailed could be made public by default.

Are social media sites playing fast and loose with user privacy, ignoring even their own policies?

Ms. Brill is calling for a one-stop shop for users to easily control, from one centralized site, their privacy settings.

Would that help if companies such as Google and Facebook have difficulty abiding by their own policies? Especially if such sites don’t even delete personal information in accordance with users’ directions to do so?

I hope Ms. Brill gets her one-stop privacy shop. I hope that it ushers in real power to users to control what they choose to share and keep private. I hope that the settlements with Facebook and Google bring about more faithful adherence to their own policies.

With intelligence agencies eager to data mine our personal lives to ever finer degree while the FTC fights for our rights to keep that information private, there does indeed seem to be some discordance in the US.

Hopefully, such apparent cross-signals indicate the push and pull of a healthy democracy.

But in lieu of a one-stop privacy shop, may we all learn to guard our privacy before the FBI et al. get their hands on ever-more sophisticated means to track us.