Facebook’s Internet.org initiative is running into vicious criticism for allegedly stomping on developers’ privacy rights for its new vision to connect the poorest parts of the world to the Internet.
The major criticisms we have seen come from privacy extremists — what we call “privacists” — jumping to a faulty conclusion: Facebook is a for-profit company that uses data for advertising; and some companies use data to generate profit without full disclosure to users; therefore, Facebook must be doing a bad thing.
First, let’s address Facebook’s motives. Facebook may be doing this to make money – money now or money long into the future. The Internet.org initiative, according to this line of reasoning, simply cannot be a purely charitable endeavor, despite how Zuckerberg may try to market it.
Perhaps. Yet we are not living on Orwell’s Animal Farm. Seeking to make profits is not sinister, especially when the user or consumer understands the clear purpose of the product on offer.
Executives of public companies have a legal duty to spend shareholders’ money to benefit the company and its shareholders. We all know that corporate social responsibility initiatives help market a company’s brand value. If they did not, companies would offer an annual charitable dividend to shareholders so the shareholders individually could decide which, if any, charities they wish to support. Internet.org aligns with Facebook’s interest in growing the universe of potential Facebook users. It also aligns with advancing the cause of global connectivity – the driving ethos behind the creation of the Web, and the Internet before that.
Facebook announced the initiative as “an open program for developers to easily create services that integrate with Internet.org. We’re also giving people more choice over the free basic services they can use. … Our goal with Internet.org is to work with as many developers and entrepreneurs as possible to extend the benefits of connectivity to diverse, local communities.”
Immediately, Facebook, and Zuckerberg personally, were attacked, including, in a widely shared article (on Facebook) entitled “Facebook Opens Up Internet.org Platform, Tramples All Over User Privacy”. The article reminds us that Zuckerberg is a billionaire and that “overpaid Facebook employees” are behind this initiative. If Facebook were still a fledgling startup and Zuckerberg poor, would Facebook still be an enemy? There is an anti-corporate animus to some of this chest-thumping over the importance of what these critics consider “privacy” to be on the Web.
So what does privacy on the Web actually mean? If it is going to mean anything in the future, privacy advocates are going to have to stop crying wolf and to resist becoming privacists.
We have been involved in both offline and online privacy and freedom issues for over 30 years, both as lawyers and businessmen. One of us was the founding Chairman of the Privacy Committee of the B.C. Civil Liberties Association, which challenged the sharing, among pharmacies only, of patient drug prescription data long before the Internet was a twinkle in Al Gore’s eye. The association wrote a report challenging fingerprinting of mere arrestees for minor crimes and putting those prints into a national police-access only database. Freedom of government information laws now seem so antiquated, but they were new once. One of us was a Director of the Freedom of Information and Privacy Association, which helped write critical parts of the initial laws, upon which other laws were based, so that personal private information of individuals submitted to government stayed private.
Yes, Facebook has done some controversial and questionable things in the past without express user consent (remember Facebook’s advertising flap, Beacon?), but the current attack on Facebook is over the top.
Have no doubt: Internet.org introduces challenges, but “privacy” is not the issue.
In the modern era, precisely defined, “privacy” should mean user-consented data rights or data security. There are various contexts. While “privacy” used to be a black and white term, such a binary definition, with the advent of the Internet, and especially with the rise of social media, is not appropriate now in many Web contexts.
With Internet.org, as far as is publicly known, no personally identifiable information (“PII”) is collected. Even if it were, all such PII would be consent-based. The purpose of the initiative is clear; it is so abundantly clear, in fact, that some telecom companies and other organizations are loathe to participate – and may critique it. As Facebook is funding the initiative, it can set the rules, which Zuckerberg expanded upon here.
Privacists argue that because Facebook invites consenting app developers to build on its unencrypted site to improve Internet access for the world, the platform becomes a privacy nightmare. This is where the logic fallacy begins.
The underlying purpose of data rights protection is to benefit Internet users. By this measure, the initiative is a clear pareto-optimal move.
The initiative is unencrypted. That is distracting a lot of critics. All the reasons for the lack of encryption will come out – but the issue of encryption is not immediately relevant to the question of data rights protection.
Media sites are not encrypted. Do the end users of the very media sites hosting such hostile attacks on Facebook ask all users visiting their sites to consent to receiving ads? Do they warn all users that comments on these sites are potentially subject to data mining technology – used by for-profit third party companies – for consumer intelligence? Do some of these media sites hosting criticisms of Facebook sell cookie-based data that can be used by for-profit companies for ad retargeting? When they do, are users always told as much in advance of this possibility?
Facebook is becoming the favorite whipping boy of privacists. Privacists now define privacy arbitrarily. If they don’t like what Facebook is doing, they define it the way they want to. It’s a slippery word subject to manipulation, and, simultaneously, it’s a “suitcase” word into which privacists manage to pack anything they want.
“Privacy” must adhere to a balanced approach. If the privacists do not see this issue in a nuanced manner, nobody will take them seriously on things that do matter very much. Like the hacking attacks on Sony. Or Anthem.
If Internet.org is violating “privacy,” where does “privacy invasion” end?
Encryption matters, of course, but the express purpose of the Internet.org platform is not to deliver confidential information such as banking information, which requires encryption. Zuckerberg has made the purpose clear, notably, to make the Web freer and more accessible. Whether Facebook has some future hidden agenda is a distinct matter. If any such nefarious agenda emerges, Facebook users will fight back against the company, just like they did in the Beacon controversy, and the company abandoned it.
Attacking Internet.org is like attacking open source software. Heck, it’s like attacking the Internet itself. The overriding goal of the Web is more freedom and connectivity. That is a good thing. Ask the Web-disenfranchised people around the world if you want to confirm that. That’s 60 percent of the world. Shouldn’t we give them the very same right as you to criticize Facebook on a media website?
Neil Seeman is founder and CEO of The RIWI Corporation, a global Internet data collection company, and is a Senior Fellow at Massey College in the University of Toronto.
Bob Seeman is Chair of RIWI, Chairman of the Advisory Board of EOPN, a secure encrypted email company, an engineer and former Head of Strategy for Microsoft Network, UK.
Both Neil and Bob are both non-practicing lawyers.