Facebook and Privacy

James Grimmelmann of New York Law School has published an article on law and policy related to privacy and social network sites using Facebook as its principal example. He argues that people's framing of privacy problems, and most of the solutions that people have in mind, are bad fits for social networking services.

* Attitudes toward privacy are outdated, he says, looking at individual versus the state or a corporation rather than the peer-to-peer violations that are common on social networking sites. He continues that peer-to-peer violations aren't the fault of the system, rather they are a result of the system, just as the system's "good" effects of allowing for peers to communicate exist. In his words, "Facebook isn't a privacy carjacker, forcing its victims into compromising situations. It's a carmaker, offering its users a flexible, valuable, socially compelling tool."

* The Facebook system has "an admirably comprehensive privacy-protection architecture" yet it is nearly impossible to translate ambiguous and contested user norms of information-sharing into hard-edged software rules. The privacy protections don't match up with social dynamics.

* The information about a user is immense. The first layer is a user's profile which contains educational, occupational, and relational information. There are also lists of favorites, sexual orientation, religious affiliation, and more. The next layer is the friend list. The next layer is wall postings, gifts, photos, causes, events attended, group membership, applications, and more. Grimmelmann asks why people would give this much information about themselves away on a website. The answer is for social reasons and motivations.

* Understanding of the privacy settings is low. "Surveys show that many users either don’t care about or don’t understand how Facebook’s software-based privacy settings work. One study by the UK Office of Communications found that almost half of social network site users left their privacy settings on default. Another study, by a security vendor, found that a similar fraction of Facebook users were willing to add a plastic frog as a contact, thereby leaking personal information to it. A study of college students found that between 20% and 30% didn’t know how Facebook’s privacy controls worked, how to change them, or even whether they themselves ever had."

Two of the CITS research affiliates, Miriam Metzger and Andrew Flanagin, have done research on privacy online, looking at online information disclosure to commerical websites. In this study, Metzger found that differences in online information disclosure depend on the characteristics of Internet users and the type of information requested of them. She also found that trust and past online behavior were important predictors of disclosure of personal information to a commerical website.