Reckoning with Facebook’s power
When the government broke up the telephone system in 1984, the fact that AT&T could count most citizens as customers and that it was arguably the best-run telephone company in the world was not deemed compelling enough to preserve its monopoly power. The breakup would unleash a wave of competition and innovation that ultimately benefited consumers and the economy.
Facebook seems to be in a similar position today — only with far greater global reach than Ma Bell could have imagined. Facebook’s two billion monthly active users, and the way those accounts are linked and viewed by users and by third parties, have made it the most powerful communications and media company in the world, even if its chief executive, Mark Zuckerberg, insists his is a technology business.
And that power is being abused. As The New York Times reported last week, Facebook shared data with at least four Chinese electronics firms, including one flagged by American officials as a national security threat. We learned earlier this week, thanks to a Times investigation, that it allowed phone and other device makers, including Amazon, Apple, Samsung and Microsoft, to see vast amounts of your personal information without your knowledge. That behavior appears to violate a consent order that Facebook agreed to with the Federal Trade Commission in 2011, after Facebook was found to have made repeated changes to its privacy settings that allowed the company to transfer user data without bothering to inform the users. And it follows the even darker revelation that Facebook allowed a trove of information, including users’ education levels, likes, locations, and religious and political affiliations, to be exploited by the data mining firm Cambridge Analytica to manipulate potential voters for its Republican Party clients.
Throughout its history, Facebook has adamantly argued that it treats our data, and who has access to it, as a sort of sacred trust, with Zuckerberg & Company being the trustees. Yet at the same time, Facebook has continued to undermine privacy by making it cumbersome to opt out of sharing, trying to convince users that we actually do want to share all of our personal information (and some people actually do) and by leaving the door unlocked for its partners and clients to come in and help themselves. Those partners have included 60 device makers that used application programming interfaces, also known as A.P.I.s, so Facebook could run on their gadgets.
In Facebook’s view those partners functioned as extensions of the Facebook app itself and offered similar privacy protections. And the company said that most of this intrusive behavior happened a decade ago, when mobile apps barely existed and Facebook had to program its way onto those devices. “We controlled them tightly from the get-go,” said Facebook’s Ime Archibong, vice president for product partnerships, in a response to The Times’s article. Yet a Times reporter was able to retrieve information on 295,000 Facebook users using a five-year-old BlackBerry.
A consortium of consumer and privacy organizations, including the Center for Digital Democracy, has already asked the Federal Trade Commission to investigate whether Facebook violated the consent order after the Cambridge Analytica disclosures. Facebook’s failure to protect users’ basic information from outdated devices is only more evidence that the company either can’t manage its data or can’t manage to care, despite Mr. Zuckerberg’s congressional testimony to the contrary. “I say this gently,” said Senator John Kennedy, a Republican from Louisiana, to Mr. Zuckerberg during his testimony. “Your user agreement sucks.”
Mr. Zuckerberg told Mr. Kennedy that he should have “complete control” over his data. The senator is willing to turn that into law. He and his colleague Amy Klobuchar, a Democrat from Minnesota, have proposed rules to codify the right of consumers to opt out and keep their information private while giving them more control over it. More important, the senators’ bill would require “plain language” so there’s no confusion — not a big request, since the insurance industry did so years ago without any apparent harm.
The European Union has passed such legislation, called the General Data Protection Regulation, or G.D.P.R., which forces companies such as Facebook to do a better job shielding individual data. Facebook says it is willing to extend the G.D.P.R. to anyone who asks for it. Though why should we have to ask for what ought to be ours to begin with?
Competition might change the game. That so many internet users are concerned about their privacy may serve as an invitation for another company to challenge Facebook. T-Mobile and its renegade chief executive, John Legere, proved that the wireless phone hegemony could be attacked by a smart rival that sells transparency along with cellphone service. Prices for phone service retreated; service improved. Everyone still makes money. Some company ought to do Facebook the same favor.
At some point a government agency might be willing to break away some of its components and chop it down to size. After all, it’s happened before.