Washington, D.C., and Facebook Inc. took part yesterday in another round of what we might call "working on their relationship." But that we're fixated on specific privacy violations rather than the day-in-day-out use of our personal data lets us know that there's a limit to the conversation in which they're engaged.
What happened is this: The Federal Trade Commission (FTC) reached a settlement with Facebook that requires the company to stop engaging in privacy-violating practices and to participate in regular third-party privacy audits for the next 20 years. The agreement, prompted by a complaint by privacy-advocacy groups, is meant to address several places were Facebook was found to have gone astray in recent years—not truly deleting deleted user accounts, sharing friend lists that had been marked private, and changing privacy settings without really telling anyone. The agreement still needs to be approved by FTC commissioners at the end of December, after a period of public comment. But the deal is largely done. "I'm the first to admit that we've made a bunch of mistakes," wrote CEO Mark Zuckerberg in a post on Facebook. Politico's Tony Romm has more details on the agreement.
Now, a day like this, when his company is getting slapped by federal regulators, might seem like one when Zuckerberg might change his status to "too sad to kill my own bison for dinner," or some such thing. But the truth is that an outcome like today's isn't entirely unwelcomed by those in the tech industry. Focusing on troubling privacy breeches means that we're not paying attention to something more sensitive for Internet companies: the nuances of selling user data that makes these companies as valuable as they are. It's why ITIF, an industry-affiliated think tank, sent out a release saying that the settlement shows that "the U.S. has a healthy self-regulatory privacy system in place that protects consumers while still allowing for innovation." Facebook takes its lumps for being clumsy. But there's no deeper discussion of why it might be laughable for Google's Eric Schmidt to complain about how unreasonable it is for him to be hauled up to Capitol Hill when the company's products are largely free. "I mean, it’s fine. It’s their job," Schmidt told The Washington Post last month. "But it’s not like we raised prices. We could lower prices from free to … lower than free? You see what I’m saying?"
Facebook is free, too. But somehow Zuckerberg is likely to soon be worth a post-IPO few billion dollars. (Here's a context-setting experiment: go to Facebook, and click Home, then Privacy Settings, then Apps, and then Edit Settings. Explore the "Last Data Access" entries. Then wonder why an app like the document embedder Scribd, which recently sucked up from my account details on where I live and what books, movies, and music I like, should be able to do so.)
There's a reason that the tech world doesn't want to let Washington get too close to the details of specific technologies: They're not particularly good at doing it, as the ongoing debate over DNS filtering legislation reveals. The way things are now, there's little framework for understanding what Facebook (and Google and others, to be sure) are doing with the digital data we generate. That's why, for example, the back-and-forth Representative Ed Markey and Amazon had earlier this month over the integration of the Silk browser reads like two people talking past each other. "As long as they don’t go out of their way to lie about what their doing with consumer data," the Center for Democracy and Technology has written, "companies can do whatever they want with their customers’ information, without their customers’ understanding or consent." CDT has pushed for baseline privacy legislation, which would set expectations on transparency, specifying the uses to which our data will be put, and more.
That's one approach. But getting to an agreement about what we're willing to have done with our data probably requires that we—Washington, the tech industry, and especially consumers—start talking not only about privacy violations but about the very real, and valuable, data transactions that are occurring every time we log into Facebook.