Friday, December 02, 2011

Who owns the data?

I haven't blogged in a long time.  Various items I want to blog about are in various forms of draft.  But they're all long posts.  So here's a quick one.

It seems that the widow of someone recently deceased would like her late husband's profile removed from Facebook.  Wow, that's complicated.  Me, not being a lawyer, can already see huge problems here if Facebook were to comply with her request.

Facebook is no stranger to privacy kerfuffles.  Note that what I say here is neither for or against how Facebook handles privacy, it is simply stating what is reality. With that in mind, let's look at something that Zuckerberg posted back in February 2009:
Our philosophy is that people own their information and control who they share it with. When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they've asked us to share it with. Without this license, we couldn't help people share that information.

One of the questions about our new terms of use is whether Facebook can use this information forever. When a person shares something like a message with a friend, two copies of that information are created—one in the person's sent messages box and the other in their friend's inbox. Even if the person deactivates their account, their friend still has a copy of that message. We think this is the right way for Facebook to work, and it is consistent with how other services like email work. One of the reasons we updated our terms was to make this more clear.

In reality, we wouldn't share your information in a way you wouldn't want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work. Our goal is to build great products and to communicate clearly to help people share more information in this trusted environment.
Facebook followed through with this philosophy by implementing various privacy features and levels.  More interestingly, they allowed you to download and export all of your data to your harddrive.  If you're able to take all of your data from out of Facebook and download it to your own repository, I think that's a clear statement on their view of who owns the data.  You own it.  Of course, another question arises as to whether it's actually useful or relevant outside of Facebook, but for this discussion that's irrelevant (well, if you're a young legal genius, you might grab some press).

The key point is that if you own the data, then you decide what happens to it.  Other people can't.  So what happens to other property owned by you when you die?  Well, if you have a well-written will, it's clear.  If you don't have a well-written will... well, I'm not an expert on this at all, but some initial reading makes this subject sound pretty complicated and potentially the area of many ugly lawsuits, depending on what property's at stake.  For the sake deciding who gets to own a deceased person's Facebook data, would such ugly lawsuits come into play?  Who knows, some people are strange.

The point is that you own your data, and if you own your data, it's not so obvious to pass own ownership to a specific person.  If that specific person does not have ownership of the data, then how can that person demand that Facebook delete it?  Any holes in my logic here?

Now, let's look at the potential pitfalls of Facebook setting a precedent of complying with this lady's request.

1.  They open up a huge gateway for fraudulent/malicious activity.  Imagine a jealous sibling who always hated the deceased.  This person wants to erase any memory of the deceased.  Would be easy enough to even get all the valid documentation and submit it to Facebook to get someone deleted.  Now imagine it happening by people who aren't even related in any way.  There's lots of documentation these days about social engineering on Facebook to get fake friends for nefarious purposes.  Opening the door would allow all of that malevolent force to do some really nasty stuff.  Ever seen what high school bullies can do to fellow classmates?  To kids who committed suicide because of bullying?  Etc.

2.  You can't delete 100% of the stuff anyway without going against Facebook's own policy (see above).  Facebook made the decision to model their policy based on how the broader Internet works.  So the question is now then is the concern only about Facebook?  If so, why only Facebook?  Why not other channels where information is shared?  Other social networks like Google+, LinkedIn, Twitter?  E-mail?  Online filesharing services?  If you single out Facebook without attacking the others, I think Facebook would have very good legal ground to fend off your attacks.  If you want to include everyone and change up the entire Internet... well, that's not going to happen easily.  It would require rearchitecting decades of Internet technology and policy worldwide for one thing.

3.  What if Facebook ends up becoming legally responsible to retain data for evidence purposes in the future?  E-mail has become such a ubiquitous utility for communication that many companies and e-mail providers are required to submit data to authorities when requested.  Of course, depending on individual corporate policies, they'll also decide whether such information requests are legal and valid.  But the point is, a process exists for this to happen.  In telecommunications too.  Facebook aims to become a global communication utility, that's been Zuckerberg's aim from the beginning.  If they truly achieve that goal (some argue they already have), is it a stretch that Facebook would also have to comply with these types of information requests on a legal basis?  Actually, aren't they already?  And if so, wouldn't allowing 3rd parties to delete someone's data instead of only the owner of that data cause some difficulty in this matter?  What if the deceased were an assassinated mob boss who the police are now investigating?  Would investigations be hampered by Facebook complying with 3rd party requests to delete the data?

4.  What if the guy never wanted his stuff deleted?  He never made it clear.  This is like a digital version of the euthanasia debate.  If he never wanted his stuff deleted, but we can't ask him anymore whether or not he wants his stuff deleted (or if he even cares), then how can we easily decide whether or not we should delete his stuff.  It's obviously not as controversial as euthanasia, but the logical/ethical conundrum is similar.  It's a tricky road to walk, and like any tricky road, decisions shouldn't be made without heavy analysis and debate first; otherwise, you end up with drastically negative unintended consequences.

I understand that this lady may feel anguish whenever she sees this guy's photos, etc.  I'm sorry if this sounds callous, but that also seems a bit immature.  We have photos of loved ones so that we can remember and celebrate their lives.  If this were the 80s, would this woman take all her photo albums and throw them in the trash?  Maybe.  OK, her decision.  But those photos would probably be owned by her clearly, and there would probably be no large ramifications if she threw them out.

Here, we have someone who is unable to deal with her anguish and wishes the pain to disappear by getting Facebook to do something that may not be very good for anybody.  My thoughts are that she should realize that it's precisely because they loved each other that she should keep those photos on Facebook.  That's also a better resolution for everyone else who's on Facebook.  Facebook is constantly pushing the boundaries on what entails privacy, for better or worse.  Remember, I'm not commenting on whether or not I think Facebook's policies are good.  I think there's some good and some bad.  But I hope that nobody thinks poorly of Facebook for turning this lady down.  It would not be a good precedent.

The biggest lesson from here?  Looks like we all need to specify in our wills now who owns our Facebook data.  Then what about my gmail?  Chee, complicated.  @@

No comments:

Post a Comment