Facebook has a privacy problem. Two infographics tell the whole story. Matt McKeon's damning diagram shows how Facebook's default settings have changed over time: from close control over personal information in 2005 to widespread distribution in 2010. And the New York Times's labyrinthine chart maps Facebook's 50 privacy settings and 170 options, scattered across at least seven different web pages. Taken together, these two pictures show how Facebook brilliantly manipulates its users while claiming to offer them privacy "choices." In theory, it does. But in practice, Facebook picks a highly permissive default -- share almost everything with everyone -- and then forces users to go through a complicated, confusing, and constantly shifting interface if they want to do anything else. This is the forced "choice" of a skilled magician: somehow you always end up choosing the three of clubs.
Facebook has faced mass protests over privacy missteps before, such as 2006's introduction of real-time-surveillance News Feeds; 2007's Beacon, which told your friends what you bought on other web sites; and a botched terms of service update early 2009. Its most recent changes, though, have touched a nerve. In April, Facebook launched the innocuous-sounding Connections, which turned information on your profile--high school attended, favorite bands, hometown, and the like--into public hyperlinks. If you list "cooking" as an activity on your profile, not only does the word "cooking" become a hyperlink to a "Cooking" page on Facebook -- but also vice versa. (Shades of Yakov Smirnoff: "On the web, you link to your favorite things. On Facebook, your favorite things link to you!") Facebook now treats these connections as "publicly available," which means it reserves the right to show them to everyone in the world. The only way to opt out of sharing this information is to delete it from your profile, becoming a faceless Facebooker.
Online civil liberties groups have objected. The Electronic Frontier Foundation has documented what its calls Facebook's "Evil Interfaces." The Electronic Privacy Information Center led a coalition of fourteen consumer and privacy groups in filing a scathing complaint with the Federal Trade Commission. They've been joined by four senators, who wrote their own letter to Facebook expressing concerns.
It is time for the FTC to think carefully about whether Facebook's frequent and poorly explained redesigns should be considered an unfair trade practice. While Internet companies require substantial freedom to innovate and to experiment in improving their services, Facebook's actions seem deliberately calculated to deceive and confuse its users. In a forthcoming article, Privacy as Product Safety, I offer a possible model for the FTC to draw upon: the tort law of products liability. If manufacturers are liable when they sell physically unsafe products, perhaps Internet companies should be held accountable for designing their software to be unreasonably dangerous to personal privacy. Facebook's case offers a good opportunity to start that conversation.
