Q&A: The scary details of what Facebook knows about you
Google and Facebook deal in data. Our intimate data, information about ourselves from sexual quirks to why we hate our boss to our divorce plans. We hand over such secrets willingly and gleefully to online networks and search engines as if it were over coffee with a close friend in our kitchen. Yet within these social networks, which give us the false impression of privacy, many people are watching, analyzing and using the details of our lives. And our revelation has serious consequences.
Europeans can request Facebook to hand over all the information it has on them, sometimes 1,600 pages worth. But Americans have no such right. And it looks like that’s not going to change anytime soon according to Lori B. Andrews, professor of law at IIT Chicago-Kent and author of the book, I Know Who You Are and I Saw What You Did: Social Networks and the Death of Privacy.
SmartPlanet spoke with Andrews to get the details on just how much we are giving up.
SmartPlanet: You’ve mentioned that the magnitude of online information Facebook has about us is stunning. Do we know exactly how much Facebook knows?
Lori Andrews: In Europe people have the right to find out what companies know about them. When an Austrian law student asked Facebook what information they had about him Facebook sent him a CD ROM with over sixteen hundred PDFs on it. So that gives an idea.
SP: But Americans do not have a right to know what Facebook has on us?
LA: Right. Security analyst Richard Power said Facebook will soon have the most private information on a billion people. If the government tried to get that information, like political beliefs, sexual orientation, emotional status, he said it would take money, lawyers, and maybe even guns. But we just turn it all over by posting to Facebook or by doing Google searches and using e-mail.
Ninety-three percent of the time when the government asks Google for information, they turn it over.
SP: How much money is Facebook making off our data?
LA: They make 85 percent of their income, or $3.7 billion annually off of people’s private information by targeting ads to people based on their individual likes, dislikes, and plans. Google makes 10 times that much money by collecting information about people through scanning Gmails and Google searches.
SP: And the upshot of monitoring everyone’s personal information leads to some astonishing outcomes.
LA: Yes. In 2010 Google admitted that when young people revealed on a Google chat board that they were thinking of committing suicide with “x” chemical, ads would pop up with a 1-800 number for that chemical.
SP: How has it gotten so open?
LA: One of the problems is that federal law doesn’t apply when one party consents to providing the information. The courts say that it’s okay as long as one party has given consent.
LA: If the Web site gives consent to tracking mechanisms or if your service provider gives consent, then you don’t have any recourse against the data aggregator.
SP: Has the law just not caught up with the speed of the technology?
LA: There have been various technologies that invaded privacy, like the portable camera, forensic technology, testing technologies, and in every case even though the law initially allowed invasions in privacy, eventually the courts stepped in to protect privacy. But in the case of aggregating data on individuals the courts have thrown up their hands and said things like, “Oh e-mail is like a postcard.” Courts seem to misunderstand how the Internet works. They seem to think everybody should just assume that whatever they do on the Internet is public and not private.
It’s as if there was a part of a city that has a high rape incidence and we say, “Oh women who get raped there can’t prosecute.”
SP: How does data from our online behavior gets translated into targeted ads? Presumably some may argue this is a good thing, to get ads that actually relate to our lives.
LA: Sure, some might be beneficial. If you like certain band you might get an ad about the band’s schedule. Or you might get money off at your favorite clothing store.
But there’s also a dark side. For example, if I reveal over Gmail that I’m about to get a divorce I might be denied a good credit card because that company claims that people who are getting divorced tend not to pay off their credit cards.
SP: This idea of aggregate data sounds pretty dangerous.
LA: There is never a context for the aggregated data. If I’m searching for an illness for a friend or relative, it’s assumed to be information about me.
Then if I later go to a life insurance Web site I may be denied life insurance because it is assumed that I’m sick. Finland actually passed a law that said you can’t Google job applicants. And Germany is considering a law that says you can’t use social network information about job applicants.
SP: How are they going to monitor such laws?
LA: It’s difficult to monitor any employment law such as discrimination against gender.
And think about how many federal laws you’re going to evade as an employer by using social network information. For example, you’re not supposed to be able to ask under the Federal Pregnancy Discrimination Act whether a woman’s intending to get pregnant when you do a job interview. But if you look on her Facebook page and she says, “Hey we just made an appointment with the fertility doctor” or “Got married can’t wait to start a family,” you get that information.
I think that it’s shocking to most people that now seventy-five percent of employers require their human resources officers to look at the online presence of job applicants.
SP: And most of us are posting and searching with a false perception that nothing is being documented, right?
LA: Part of the legal analysis of whether privacy is protected is whether people have an expectation of privacy. Social networks give us an expectation of privacy. You have to “friend” people. You share your most intimate details. You hate your boss, you hate your spouse, you talk about your sex life, your sexual orientation, your political beliefs. It’s all the stuff we routinely protect in other settings. I do think there’s a good case to be made that because of its structure Facebook is a private place, not a public place.
If I had twenty-five or a hundred people over at a party at my home the police couldn’t get in without a warrant, my boss couldn’t attend or monitor conversations unless I invited him. I would like to see a social network be considered our online home and protect it as much as our regular homes.
Justice Alito suggested that by using social networks we’re pulling the rug out from under our own rights because we’re creating the impression that people don’t expect privacy. I think that’s completely wrong.
SP: So everyone should start paying more attention.
LA: Yes, pay more attention to what’s on your Google Dashboard. And check out companies like Acxiom, where you can go on the Web site and put in three pieces of information about yourself and find out what assumptions they are making about you.
SP: What else can we do?
LA: I think we need to push for increased rights to privacy, but I also think that searching in incognito mode or clearing your searches are important.
And then there are also concerns about people cyber-casing people who post their new engagement ring and if the photo is taken at their house, it’s easy to figure out where they are. There were 50 robberies by a New Hampshire gang that just kept track of who was on vacation according to their Facebook status updates.
SP: So we have to be a lot more vigilant.
LA: I just took a look recently at a patent that allows me to hold up my smart phone to a stranger on the street, and it will tell me through facial recognition if that person has a blog, a profile on a dating site, their status, etc. It’s important to know that your digital self is becoming more important than your offline self. Increasingly technologies are being designed with privacy invasion in mind.
[Photos via Elvert Barnes and courtesy of John McArthur]