I’ll never forget a meal I had with a senior executive at Facebook many years ago, back when I was just starting to question the motives of the burgeoning startup’s ambition. I asked whether the company would ever support publishers across the “rest of the web” – perhaps through an advertising system competitive with Google’s AdSense. The executive’s response was startling and immediate. Everything anyone ever needs to do – including publishing – can and should be done on Facebook. The rest of the Internet was a sideshow. It’s just easier if everything is on one platform, I was told. And Facebook’s goal was to be that platform.
Those words still ring in my ears as we celebrate the 30th anniversary of the web today. And they certainly should inform our perspective as we continue to digest Facebook’s latest self-involved epiphany.
Following my Senate testimony last month, several Senators reached out with additional questions and clarification requests. As I understand it this is pretty standard. Given I published my testimony here earlier, I asked if I could do the same for my written followup. The committee agreed, the questions and my answers are below.
On April 4, 2018, following the public controversy over Cambridge Analytica’s use of user data, Facebook announced several additional changes to its privacy policies. The changes include increased restrictions on apps’ ability to gather personal data from users and also a policy of restricting an app’s access to user data if that user has not used the app in the past three months. In addition, Facebook has committed to conducting a comprehensive review of all apps gathering data on Facebook, focusing particularly on apps that were permitted to collect data under previous privacy policies. Facebook will also notify any users affected by the Cambridge Analytica data leak.
Question 1: What steps can the government take to ensure that there is proper oversight of these reviews and audits?
John Battelle’s response:
I think this is a simple answer: Make sure Facebook does what it says it will do, and make sure its response is a matter not only of public record, but also public comment. This should include a full and complete accounting of how the audit was done and the findings.
Question 2: From a technical standpoint, how effective are forensic methods at ascertaining information related to what data was transferred in these cases?
John Battelle’s response:
I’m not a technologist, I’m an entrepreneur, author, analyst and commentator. I’d defer to someone who has more knowledge than myself on issues of forensic data analysis.
Technology for Consumer Protection
Question 1: Are there any technological solutions being developed that can help address some of the issues of consumers’ privacy being violated online?
John Battelle’s response:
Yes, there are many, likely too many to mention. Instead, what I’d like to highlight is the importance of the architecture of how data flows in our society. We should be creating a framework that allows data to flow ethically, securely, and with key controls around permissioning, editing, validation, revocation, and value exchange. Blockchains hold great promise here, but are still underdeveloped (but they’re evolving rapidly).
Data Retention
Question 1: What should we, as legislators, be thinking about to verify that — when Americans are told that their data has been destroyed — that deletion can actually be confirmed?
John Battelle’s response:
Independent third party auditing services that services such as Facebook must employ seems the most straightforward response. “Trust us” is not enough, we must trust and verify.
Law Enforcement
During the hearing we had a brief discussion on the balance between privacy and sharing data with law enforcement.
Question 1: What should companies keep in mind to ensure that they can appropriately assist in law enforcement investigations?
John Battelle’s response:
This is a delicate balance, as evinced in the varied responses to these kind of cases from companies like Apple, Twitter, Yahoo, and others. Valid search warrants, not fishing expeditions, should be the rule. We’ve got the framework for this already. The issue of how governments and law enforcement deal with encryption is unresolved. However, I fall on the side of enabling strong encryption, as I believe all citizens have the right to privacy. Lose that, and we lose democracy.
Questions 2: As lawmakers, what should we be aware of as we try to strike the right balance between privacy and safety in this area?
John Battelle’s response:
Democracy is open, messy, transparent, and has many failures. But it’s the best system yet devised (in my humble opinion) and privacy lies at its core. That means criminals will be able to abuse its benefits. That is a tradeoff we have to accept and work around. Sure, it’d be great if law enforcement had access to all the data created by its citizens. Until it’s abused, and cases of this kind of abuse by government are easy to find.
Across hearings and questions for the record, members of Congress have raised concerns about the data collection tactics used by Facebook that are not made clear to its users. As I stated during the hearing, I am interested in putting into place rules of the road for online privacy, taking into consideration the European General Data Protection Regulation. During the hearing Mr. Battelle and others offered support for the intent of GDPR, but expressed reservations about the implementation and unintended consequences. I look forward to any further thoughts from the panelists regarding how to implement data privacy rules in the United States.
Question for All Panelists:
Question 1. In addition to any recommendations or comments on what types of legislation or other measures could help protect consumer privacy, what lessons and principles of the California Consumer Privacy Act and the GDPR should Congress consider in privacy legislation?
John Battelle’s response:
Implementation of sweeping legislation like those mentioned above is extremely onerous for small business. Instead of using that as an excuse to avoid legislation, the policy should incorporate remedies for smaller business (IE, enabling federation of resources and response/compliance, enabling trusted intermediaries).
The principle of empowering the consumer is embodied in both GDPR and CCPA. While well intentioned, neither envision how that empowerment will truly be effective in a modern digital marketplace. Take the principle of data portability. It’s one thing to allow consumers to download a copy of their data from a platform or service. But for that data to drive innovation, it must be easily uploaded, in a defined, well-governed, machine-readable format, so that new kinds of services can flourish. Watch how large tech platforms chip away at CCPA and attempt to subvert that ecosystem from taking root. Consider how best to ensure that ecosystem will in fact exist. I’m not a legislative analyst, but there must be an enlightened way to encourage a class of data brokers (and yes, they’re not all bad) who enable re-aggregation of consumer data, replete with permissions, revocation, validation, editing, and value exchange. Happy to talk more about this.
Questions for Mr. Battelle:
Question 2. You have written at length about the influence of Facebook and Google on the advertising and third party data market. In your experience, has Facebook driven the ad market as a sector to more invasively collect data about people? What other changes in the ad market can be attributed to the dominance of Google and Facebook?
John Battelle’s response:
Yes, without question, Facebook has driven what you describe in your initial question. But not for entirely negative reasons. Because Facebook has so much information on its users, larger advertisers feel at a disadvantage. This is also true of publishers who use Facebook for distribution (another important aspect of the platform, especially as it relates to speech and democratic discourse). Both advertisers and publishers wish to have a direct, one to one dialog with their customers, and should be able to do so on any platform. Facebook, however, has forced their business model into the middle of this dialog — you must purchase access to your followers and your readers. A natural response is for advertisers and publishers to build their own sophisticated databases of their customers and potential customers. This is to be expected, and if the data is managed ethically and transparently, should not be considered an evil.
As for other changes in the ad market that might be attributed to FB and GOOG, let’s start with the venture funding of media startups, or advertising-dependent startups of any kind. Given the duopoly’s dominance of the market, it’s become extremely hard for any entrepreneur to find financing for ideas driven by an advertising revenue stream. Venture capitalists will say “Well, that’s a great (idea, service, product), but no way am I going to fund a company that has to compete with Google or Facebook.” This naturally encourages a downward spiral in innovation.
Another major problem in ad markets is the lack of portable data and insights between Facebook and Google. If I’m an advertiser or publisher on Facebook, I’d like a safe, ethical, and practical way to know who has responded to my messaging on that platform, and to take that information across platforms, say to Google’s YouTube or Adwords. This is currently far too hard to do, if not impossible in many cases. This also challenges innovation across the business ecosystem.
Question 1. The internet has the potential to connect people with ideas that challenge their worldview, and early on many people were hopeful that the internet would have just that effect. But too often we have seen that social media sites like Facebook serve instead as an echo chamber that polarizes people instead of bringing them together, showing them content that they are more likely to agree with rather than exposing them to new perspectives. Do you agree this is a problem? And should we be taking steps to address this echo chamber effect?
John Battelle’s response:
Yes, this filter bubble problem is well defined and I agree it’s one of the major design challenges we face not only for Facebook, but for our public discourse as well. The public square, as it were, has become the domain of private companies, and private companies do not have to follow the same rules as, say, UC Berkeley must follow in its public spaces (Chancellor Carol Christ has been quite eloquent on this topic, see her interview at the NewCo Shift Forum earlier this year).
As to steps that might be taken, this is a serious question that balances a private corporation’s right to conduct its business as it sees fit, and the rights and responsibilities of a public space/commons. I’d love to see those corporations adopt clear and consistent rules about speech, but they are floundering (see Mr. Zuckerberg’s recent comments on Holocaust deniers, for example). I’d support a multi-stakeholder commission on this issue, including policymakers, company representatives, legal scholars, and civic leaders to address the issue.
Question 2. In your testimony you discuss the value of data. You stated that you think in some ways, QUOTE, “data is equal to — or possibly even more valuable than — monetary currency.” We in Congress are seeking to figure out the value of data as well to help us understand the costs and benefits of protecting this data. Can you expand on what value you think data has, and how we should be thinking about measuring that value — both as citizens and as legislators?
John Battelle’s response:
Just as we had no idea the value of oil when it first came into the marketplace (it was used for lamps and for paving streets, and no one could have imagined the automobile industry), we still have not conceived of the markets, products, and services that could be enabled by free flowing and ethically sourced and permissioned data in our society. It’s literally too early to know, and therefore, too early to legislate in sweeping fashions that might limit or retard innovation. However, one thing I am certain of is that data — which is really a proxy for human understanding and innovation — is the most fundamentally valuable resource in the world. All money is simply data, when you think about it, and therefore a subset of data.
So how to measure its value? I think at this point it’s impossible — we must instead treat it as an infinitely valuable resource, and carefully govern its use. I’d like to add my response to another Senator’s question here, about new laws (GDPR and the California Ballot initiative) as added reference:
Implementation of sweeping legislation like those mentioned above is extremely onerous for small business. Instead of using that as an excuse to avoid legislation, the policy should incorporate remedies for smaller business (IE, enabling federation of resources and response/compliance, enabling trusted intermediaries).
The principle of empowering the consumer is embodied in both GDPR and CCPA. While well intentioned, neither envision how that empowerment will truly be effective in a modern digital marketplace. Take the principle of data portability. It’s one thing to allow consumers to download a copy of their data from a platform or service. But for that data to drive innovation, it must be easily uploaded, in a defined, well-governed, machine-readable format, so that new kinds of services can flourish. Watch how large tech platforms chip away at CCPA and attempt to subvert that ecosystem from taking root. Consider how best to ensure that ecosystem will in fact exist. I’m not a legislative analyst, but there must be an enlightened way to encourage a class of data brokers (and yes, they’re not all bad) who enable re-aggregation of consumer data, replete with permissions, revocation, validation, editing, and value exchange. Happy to talk more about this.
Question 3. Mark Zuckerberg has said that he sees Facebook more as a government than a traditional company. Among other things, governments need to be transparent and open about the decisions they make. Many large institutions have set up independent systems — such as offices of inspectors general or ombudsmen and ethics boards — to ensure transparency and internally check bad decisions. Facebook has none of those controls. What kinds of independent systems should companies like Facebook have to publicly examine and explain their decision-making?
John Battelle’s response:
OK, this one is simple. Facebook is NOT a government. If it is, I don’t want to be a “citizen.” I think Mr. Zuckerberg is failing to truly understand what a government truly is. If indeed Facebook wishes to become a nation state, then first it must decide what kind of nation state it wishes to be. It needs a constitution, a clear statement of rights, roles, responsibilities, and processes. None of these things exist at the moment. A terms of service does not a government make.
However, all of the ideas you mention make a ton of sense for Facebook at this juncture. I’d be supportive of them all.
Last Sunday was Father’s Day, and I never thought I’d say this, but I was glad to get a tie, because my wife knew I would need it (it’s been literally over a decade since I’ve worn one). Today I was called to testify before a Senate Commerce committee hearing on Facebook and the role of data in society. Apparently they’ve been reading my work and, well, that landed me in DC. My full written testimony, replete with dozens of links to my previous work and coming in at 2500 or so words, is published on Searchblog. Below is what I read into verbal testimony before the Senators got into a couple hours of questioning, which, by they way, I found to be well informed and enlightened.
It’s somehow fitting that today, May 25th, marks my return to writing here on Searchblog, after a long absence driven in large part by the launch of NewCo Shift as a publication on Medium more than two years ago. Since then Medium has deprecated its support for publications (and abandoned its original advertising model), and I’ve soured even more than usual on “platforms,” whether they be well intentioned (as I believe Medium is) or indifferent toward and fundamentally bad for publishing (as I believe Facebook to be).
So when I finally sat down to write something today, an ingrained but rusty habit re-emerged. For the past two years I’ve opened a clean, white page in Medium to write an essay, but today I find myself once again coding sentences into the backend of my WordPress site.
With the launch of 1.1.1.1, Cloudflare thumbs its nose at ISPs and the big platforms (AKA Google), and once again declares itself a business willing to start, and lead, tech’s toughest conversations
Over the past year Cloudflare became best known not for the impressive services it has built in the Internet networking space, but for an action taken by its CEO Matthew Prince during the swirl following Trump’s Charlottesville comments. After initially defending the free speech rights of its neo-Nazi customer The Daily Stormer, Prince finally had enough. When the site claimed Cloudflare secretly supported its hateful philosophy, Prince kicked the site off the company’s network.
“Now, having made that decision, let me explain why it’s so dangerous…You, like me, may believe that the Daily Stormer’s site is vile. You may believe it should be restricted. You may think the authors of the site should be prosecuted. Reasonable people can and do believe all those things. But having the mechanism of content control be vigilante hackers launching DDoS attacks subverts any rational concept of justice.”
Apple has agreed that the encryption keys for iCloud user accounts for Chinese persons will be stored in China, as Reuters reported today.
If you aren’t familiar with Chinese law and the situation around this, this may seem relatively innocuous: a company is doing business in a country, and complying with that country’s local laws. What’s significant about this is that it represents a major change in how legal process works.
Under most countries’ laws, people have some kind of rights around their own information. The government has the right to demand such information subject to things like subpoenas and warrants; those have to be signed by judges, and the recipient of one of them can immediately go to the judge and contest them, as well as contest the use of any evidence derived later based on evidence collected illegally. That is, there’s legal process between governments and people’s data — and companies which deal in user data fight this process aggressively, because their users’ trust ultimately depends on it.
Every year, I make predictions, and every year, I score myself. As I wrote nearly 12 months ago, 2017 felt particularly unpredictable. As it turns out, my musings were often on target. Except when they weren’t…
I’ve played with all manners of scoring over the years, but this year I’m going with a straight zero to ten rating. Zero if I whiffed entirely, ten if I hit it out of the park, and some kind of partial credit in between. Then add ‘em up, divide by the number of predictions, and that’ll be my overall batting average.
So let’s see how I did. I made ten predictions, so to each in turn….
Facebook is hitting the two billion user mark right about now. It’s also in the process of becoming one of the world’s largest censors, as it doubles its staff of “content reviewers” to more than 7000 to try to keep up with a rising tide of illegal, hateful, or abusive posts.
Julia Angwin and Hannes Grassegger of ProPublica take a long, fascinating look at the troubles Facebook is getting into by hiring a deletion army. The company is in effect setting itself up as a quasi-legal authority over expression on its platform — one whose laws are not published, whose enforcers are anonymous, and whose judgments cannot be appealed.
ProPublica got its hands on a set of training slides for Facebook reviewers, and it’s a remarkable find. Among many other things, it highlights how arcane, arbitrary, and in some cases nearly incomprehensible the service’s rules are. It doesn’t help that harried employees then must apply these rules in seconds as they race to meet their quotas.
Apple’s secrecy is a legendary and defining corporate trait. Like the quasi-government the company is increasingly becoming, it has an extensive program to fight leaks. We know that because, well, somebody leaked a recording of an hour-long presentation on Apple’s campaign (William Turton in The Outline). It turns out Apple employs a global team of leak-stoppers that includes former employees of the NSA, the FBI, the Secret Service, and branches of the U.S. military.
The purpose of all this secrecy, Apple execs insist, is “surprise and delight” among customers when they finally learn of some new Apple product or feature at the time of the company’s choosing. That kind of choreographed product launch has long been an Apple trademark, to be sure. But the company’s insistence on secrecy, like the inward-turning design of its gigantic new headquarters, underscores the increasingly insular nature of Apple’s culture.
“We don’t have a Big Brother culture,” an Apple exec says on the recording. Nonetheless, as The Outline puts it, “The presentation makes working for Apple sound like working for the CIA.”
Facebook is giving its content-moderation effort a big injection of artificial intelligence to try to stem the flood of “extremist” material on the social network (The New York Times). For those who are outraged that Facebook and other online platforms haven’t done enough to counter terrorist recruiting materials and organizers, this will be welcome news. But it raises lots of dilemmas for Facebook that we fear the company isn’t ready to resolve, despite VP Elliot Schrage’s admission that this is one of the “hard questions” the company now confronts.
“We agree with those who say that social media should not be a place where terrorists have a voice,” two Facebook managers wrote, explaining company policy. Their post names ISIS and Al Qaeda as examples of groups they’re aiming to limit. But it barely acknowledges the larger issue of defining “terrorism” and “terrorist content” in a more rational, appropriate, and universal way than just “Muslims who bomb people,” or neatly distinguishing between posts that describe terrorist acts and those that promote them.
When Facebook’s social-networking predecessor Friendster had its heyday, snarky users made fun of its binary thinking, which forced you to classify every other human being as “friend” or “not friend.” Facebook’s Boolean terrorism policy today looks just as blinkered. It’s built on an assumption that AI and people, working together, can cleanly classify all content as “terrorist” or “not terrorist.” Global politics and human affairs don’t work that way. Much of the world, including the U.S. government, classified Nelson Mandela as a terrorist for much of his life.
