Law in the Internet Society

Facebook Applications and Minor Users: The New Danger of Facebook?

-- By HeatherStevenson - 11 Nov 2009


The Perceived Problem

According to Facebook's own statistics, the social network has over 300 Million "active users." Users upload over 2 billion photos and 14 million videos each month. Given the enormous amounts of data published on Facebook, the stories of public humiliation that has occurred when information was intentionally shared but inadvertently made accessible to the wrong person, are hardly surprising. Running a Google search for the term "Facebook privacy" links to articles such as "10 Solid Tips to Safeguard Your Facebook Privacy,"which provides suggestions on topics like how to prevent your pictures from appearing in advertisements. Still, it seems that these suggestion, as well as Facebook-related public humilition, are only a small piece of a more complex issue. "Privacy" in the sense of preventing an unwelcome viewer from seeing a photo of an adult Facebook-user engaged in activities that he believes only the people present will ever see, can be easily protected by refraining from posting embarrassing photos and information, and by becoming "friends" with only people with whom the user is willing to share personal information. The public conversation about Facebook and privacy has addressed only part of the Facebook-based privacy problem.


Facebook Applications and Minor Users

A significant but less obvious danger is that by partnering with various other companies, Facebook will learn so much about its users that "privacy" becomes a thing of the past. This problem is magnified by the fact that children may join Facebook, potentially creating records of their behavior and preferences over many years before they are adequately equipped to make the decision to share such information. Because users voluntarily share so much information with Facebook, and because there are some apparently convenient reasons for allowing other sites to link to Facebook, Facebook has great potential to destroy what’s left of our private lives. The most dangerous aspect of Facebook as it relates to privacy may not be Facebook per se, but the multiple information gathering applications that run on Facebook. Facebook could know where and when a user goes out for a run, which high school seniors schools in the NCAA are recruiting, every action that a user makes while on Amazon and where users plan to travel on spring break. As the data analysis technology behind each of the companies that links to Facebook becomes more sophisticated, the information that the companies' applications share will reveal increasingly personal information. Consider Amazon - currently the site creates recommendations by filtering and matching "each of the user's purchased and rated items into a recommendation" list (see: www.cs.umd.edu/~samir/498/Amazon-Recommendations.pdf), rather than by comparing users to other users(78). Eventually, however, it seems likely that a program will be developed that can combine the current item-to-item matching with other factors such as timing of various purchases, location of purchaser, and other factors.

Other way around. Amazon used to provide such information to customers, through affinity "circles," so you could see what books the people who worked for your company or who lived in your neighborhood were buying. People got panicky, and they backed off publishing that information, though of course they mine it for themselves, and sell it to book publishers and other merchandisers.

In the case of Amazon, this would mean that both Amazon, Facebook and any third parties with whom either of the first two companies shared information could eventually make near perfect predictions about what a user would and would not like to purchase. This is a useful marketing tool, but is also information that could potentially be used to determine a user's political affiliations, lifestyle choices, hobbies, career path, etc. As the information available from these applications increases, Facebook will own information providing an increasingly complete picture not just of what a person looks like or does (as can be found from Facebook without applications) but also of formerly "private" aspects of a person, such what a person dreamed of doing with his life when he was young. Currently, Facebook is allowed to access to an extensive database of information because many individual Facebook users grant it permission to access their data. This means that young users, deemed "minors," and prohibited from making many important choices for themselves, may give away their privacy before they realize what sharing certain information may ultimately mean.

Though the Children's Online Privacy Protection Act protects children under 13, it does not cover minors ages 13 to 17. Under COPPA, websites may not collect "personal information," including "hobbies, interests and information collected through cookies or other types of tracking mechanism" about children under 13 without parental consent. However, the five years during which a child is minor but not protected by COPPA provide ample time for him to share information over which he may later regret having lost control.

I'm not sure why "being a minor" is the relevant category here. From 0-13, one set of rules, from 13-18 another, and then "adulthood"? Seems to me the questions are, when can one teach people how to make such decisions, how should one teach people to make such decisions? But we cannot answer those questions until we decide how we want people to answer those decisions. If our view is that we want people to behave as consumers subjugated by personal debt, we will prefer the current population to one more educated and empowered.


One Potential Solution

The easiest solution to these Facebook related privacy problems is simple - get off of Facebook (or at least restrict younger users). However, given that millions of users continue to voluntarily share personal information with Facebook, both directly and through third-party applications, another solution is necessary. I would propose a legislative solution whereby Facebook is prohibited from directly providing information to or receiving information from other websites about its minor users, including those age 13 to 17. Users under 18 should not be able to waive this right by allowing Facebook and other companies to share their information directly (though nothing is to stop users from posting similar information directly into their profiles). By preventing the sharing of user-generated personal information between Facebook and other companies, this legislation could protect users from giving away more than they mean to - which happens when small pieces of information combine over the course of years to create a bigger, clearer picture that is greater than the sum of its parts. Of course such legislation would face challenges: users might find build applications that circumvent Facebook controls, the legislation might not be popular because it's seen as impeding free speech or business development, or, perhaps most significantly, the legislation might fail because from a practical point of view, websites have limited abilities to identify users' true ages. However, such legislation would at least slow the speed at which Facebook youngest users' privacy is completely eroded, possibly providing them with enough time to realize how much they might ultimately lose by sharing personal information.

Heather,

This is a really interesting topic. We've talked a lot in class about the privacy implications of Facebook on adults, but I never really stopped to think about the ramifications for minors--a group which is obviously much less informed and/or concerned about their privacy.

I think your legislation solution has a lot of merit, although I think that if such legislation did come about, it would be motivated not by strictly by privacy concerns (i.e. not by concern for Facebook selling information), but by child safety concerns from online predators, etc. In any case, the result would be a very good one I think.

-- EdwardBontkowski - 23 Nov 2009

Heather,

Thank you for your comments on my essay.

After reading your essay one issue that comes to mind is how you would verify age. Simply relying on the user to correctly identify his age would probably not be effective. If users were required to verify age through presentation of a government issued ID or credit card that would add an element of inconvenience for all users. That verification process itself would also require the disclosure of additional personal information by all users. I like your proposal and unfortunately I don’t have a lot to add; however, that is one question that occurred to me.

-- BrettJohnson - 24 Nov 2009

Yes, I agree with Brett. The age verification process would probably be very similar to the process used by pornographic websites and online gambling sites. At the moment, these processes are incredibly ineffective. Adding in the contradictory tension of having to provide personal information in order to prevent others from obtaining it only makes it that much harder in this case.

-- EdwardBontkowski - 24 Nov 2009

Heather,

I think you've got a good idea here. My only suggestion would be to tie in or reference COPPA, the Children's Online Privacy Protection Act, since it seems directly on point. Nothing else from me, nice work.

-- BrianS - 24 Nov 2009

Thank you all for your comments on my essay. You are likely correct both that age verification would pose a large obstacle to my proposed legislation and that if such legislation were to pass, it would not be in response to privacy concerns. I've attempted to include both of these issues (though unfortunately only briefly due to the short length of this paper). Brian, thank you especially for pointing out the importance of COPPA. Bringing in COPPA suggest the particular importance of my argument for teenagers between 13 and 17, and I'm glad I was able to address that point!

-- HeatherStevenson - 25 Nov 2009

Heather, your proposal seems completely reasonable -- and actually possible because people can get roused to action to "protect the children."

However, concentrating on children may cede the adult battlefield...and when you think about it, do adult Facebook users really have any idea of the privacy implications of what they're doing when they first sign up? Drunk co-eds who post incriminating pictures of themselves need protection too!

-- GavinSnyder - 30 Nov 2009

I feel like getting people to vote for such legislation would be incredibly difficult if not impossible. Furthermore, even if this kind of voting were possible, it seems like to the degree that this were possible, voters would already be aware of the dangers of giving away their information and, consequently, such legislation would not be that helpful.

Users do not have a good idea of what they're giving away. Facebook & Friends have every incentive not to tell them. These companies have incredible lobbying power. If voters could be convinced to elect politicians who would enact such privacy-protecting measures, they would be demonstrating an unusually keen awareness to the dangers of giving away their information. In that case, they would probably be able to protect their children without government interference.

-- StevenWu - 30 Nov 2009

I would consider that children have the right to give away their personal information regularly. They have undisputed rights to write their dreams on pieces of paper, submit them to schools, do show and tells, make videotapes, and even to distribute these things themselves, or allow others (such as a school) to distribute these things on their behalf. They are further allowed to do this with very little information (I have no idea what happened to any project/presentation/paper I did when I was in elementary school, but I would not be surprised if they're kept somewhere on file by strangers, or even shown to strangers as examples). Theoretically, such things may also last forever even without the internet and our control over them exist only theoretically, but never practically.

I don't think the internet provides a new problem here, but just pushes the distribution method to the extreme. If the information is the same, how much must we be told about what it's used for? How much do we have to understand? There's a transaction cost underlying all regulations, and I would bet that even if children were forced to take classes before signing up for facebook/myspace, 90%+ of their actions would not change. The same principles apply to any contract, and that hypothetical 10% would always be screwed, adult or child, internet or papers, taking out a mortgage or signing up for facebook.

-- JakeWang - 05 Dec 2009

Heather,

Here's a new FTC study I ran into today that you might find relevant:

FTC Report Finds Sexually and Violently Explicit Content in Online Virtual Worlds Accessed by Minors - Recommends Best Practices to Shield Children and Teens

"The FTC surveyed 27 online virtual worlds – including those specifically intended for young children, worlds that appealed to teens, and worlds intended only for adults. The FTC found at least one instance of either sexually or violently explicit content in 19 of the 27 worlds. The FTC observed a heavy amount of explicit content in five of the virtual worlds studied, a moderate amount in four worlds, and only a low amount in the remaining 10 worlds in which explicit content was found. ...

The Commission makes five recommendations to virtual world operators to reduce the risk of youth exposure to explicit content:

- Use more effective age-screening mechanisms to prevent children from registering in adult virtual worlds;

- Use or enhance age-segregation techniques to make sure that people interact only with others in their age group;

- Re-examine language filters to ensure that they detect and eliminate messages that violate rules of behavior in virtual worlds;

- Provide more guidance to community enforcers in virtual worlds so they are better able to review and rate virtual world content, report potential underage users, and report any users who appear to be violating rules of behavior; and

- Employ a staff of specially trained moderators who are equipped to take swift action against rule violations.

The report recommends that parents and children become better educated about online virtual worlds, and affirms the FTC’s commitment to ensuring that parents have the information they need to make informed choices. A consumer alert, Virtual Worlds and Kids: Mapping the Risks, is available at www.ftc.gov/bcp/edu/pubs/consumer/alerts/alt038.shtm.

The Commission vote to approve the report was 4-0. The full text of the report can be found at http://www.ftc.gov/os/2009/12/oecd-vwrpt.pdf."

-- BrianS - 10 Dec 2009

I'm sorry, I missed the part where you explained why there's a first amendment exception for information about children. Why people can be prohibited from exchanging information they have legitimately acquired because that information concerns a child I, with my primitive free speech sensibilities, am unable to comprehend.

Why not take a position that children should be taught by careful parents and responsible schools to see the issues for themselves? There are private conversations, like phone and IM, and there are public places that you get to by crossing the street in the real world, or being in the web. In public places, we don't give out information about our private selves; we have a name we use in that place, and that name is all we tell people about ourselves. People who ask for more than that about us in public are being disrespectful, and we politely ignore them. By explaining behavior in the net the same way we explain behavior in the "real world," we can teach children to think wisely about the choices they make. Naturally they do not make all the choices adults make. They do not have credit cards and they do not buy things to be delivered, which removes the links that tie an online identity firmly to a located identity in the "real world." But they do have room within which to exercise their facility for choosing. As a child I made choices about my relation to the world--including choices about my life with computers, and choices about working, in real jobs for actual money. I was given both information about how to make choices and the freedom to make my own. The liberty of children is more important than the liberty of adults, because all human beings know of freedom they learn when they are children. Too bad it receives in general so little respect.

Everything children need to know to make themselves sensible users of their part of the web could be taught interested twelve-year-olds in a day. We should do it.

 

Navigation

Webs Webs

r22 - 25 Jan 2010 - 22:49:47 - EbenMoglen
This site is powered by the TWiki collaboration platform.
All material on this collaboration platform is the property of the contributing authors.
All material marked as authored by Eben Moglen is available under the license terms CC-BY-SA version 4.
Syndicate this site RSSATOM