The complaint has over 150 numbered paragraphs, runs 38 pages, and includes a lot of legalese. But the basic claim is simple: Facebook pulled a “privacy bait and switch.” They told users to sign up and provide personal information under one set of privacy policies, and then they changed the policies. It’s like if someone offered you a new car, took your money, and then delivered a used car. We need the FTC to act in such situations to protect consumers and ensure fairness. Otherwise, markets spiral out of control.

So says Marc Rotenberg of the Electronic Privacy Information Center in a Q&A with Nisha Chittal. Check out The Case for Staying With Facebook.

Another way of looking at it from Anil Dash: I’m really enjoying seeing the public dialogue reimagine Facebook as the world’s most elaborate phishing scam. #phishbook

Also see: Pushing Back Against Facebook’s Privacy Practices

In a country where about one-third of the population regularly goes online, the internet gives women “a place to vent out our frustrations and our dreams,“ said Reem Asaad, 37, a professor of banking and finance in the Saudi port city of Jeddah who blogs at reemasaad.blogspot.com.

This reminds me of danah boyd‘s research into teenagers’s use of social sites such as Facebook and MySpace. She has suggested teens use these sites for identity formation and community connection in the way they used to do in malls, parking lots and other public spaces that we’ve collectively chased them out of. Given Saudi Arabia’s severe restrictions on women in public spaces, I think a similar phenomenon is happening here.

If you’re not listening from the CBC‘s Search Engine podcast, shame on you. It’s a kick ass show that looks at technology and culture, globally, but with an emphasis on Canada and the United States.

Episode 25, “CCTVs, biometrics, and self-destructing data,” is particularly good. It’s an interview with Canada’s information and privacy commissioner, Ann Cavoukian about online privacy and using a combination of technology, law, and ethics to protect citizen and customer data.

What stood out for me was this point made by Cavoukian (at about the 6:30 mark):

Your ability to control the information you have shared with others and their subsequent control of that — that’s when everything falls apart. You may be able to restrict the information to five people. But what you can’t do is — you have no ability to control what they do with your information. And that’s when things get weakened in terms of the weakest link of the chain, in terms of security.

I have run into this a few times with my Twitter friends. I have a private feed, largely to keep it from being Googled. I understand that “private” online is not really private — and despite my propensity to overshare, there are some things I just won’t tweet. Yet I am still uncomfortable when items in my feed are retweeted, or captured in a screen shot and reposted. My feed is protected, dang it! If I wanted my content to be Googled or re-contextualized, I would have blogged it or published to my public stream.

As J.Brotherlove pointed out in a (protected) Twitter posting, however:

I see your tweet re: your issue with SNS. this isn’t new though. we’ve had this issue with email.

I’ll argue, though, that email (and instant messaging for that matter) are conceived of as a one-to-one conversation, rather than a one-to-many conversation. It’s true that you can copy-and-paste an IM or email into another medium. But our behavioral norm is that these messages should not be re-shared without explicit permission. It’s the same from a technical standpoint, yes, but not a social one.

When it comes to tweets, Facebook data, or Flickr photos, however? As a community, we clearly have different expectations for privacy on social network sites. As thatblackchick put it (in a protected Tweet):

The nature of social networking means that it’s a one-to-many conversation, therefore, the sharing rules are different (IMO)

And what’s compounding the problem? Jason says:

Twitter, however, and it’s tools, don’t value or promote privacy. I can’t tell by glancing at tweetdeck which people in my stream are private.

He isn’t entirely right. Twhirl differentiates between protected and unprotected feeds. Twitter does too, though design changes would make those differences clearer. [Jason corrects himself in the comments: "Twitter does value privacy. The lock icon is clearly seen on the site, protected tweets don't show up in RSS feeds, you can't deeplink to protected tweets and make them accessible to non-permissioned users." I DO think that some UI changes would make it clearer, however.]

The obvious answer to all of this, of course, is don’t tweet / post / publish that which you do not wish to be reshared. Still, I’d like a higher degree of informational self-determination and awareness on all sides.

I think Cavoukian and data privacy researchers are on to something with this idea that rules for data use are embedded in and travel with the data. Going forward, I would like to see tools, APIs and user interfaces that enable and encourage people to respect public/protected settings, or enable users to opt-out of certain privacy-eroding features.

Embedding data rules in Twitter posts (or Facebook pages, Flickr photos, etc.) may be technologically unfeasible if not overkill. But how about allowing users to make their posts unavailable to the API? How about interfaces (for desktop clients and the web) that alert users they are about to retweet an item from a protected twitter feed? How about letting users opt out of being retweeted? How about ultra-granular, per-tweet privacy controls (a la Plurk)?

None of those is perfect, of course, but they can encourage a culture in which people are more conscious of and respectful of other users’ controls.

Related here:

• What I’m reading: Privacy, security, pervasive technology and society
• Ethics, friendships and Flickr (or “Why I don’t drink around some folks”)
• Plurk.com: “Karma” and Community
• My Love Life. Online.
• On Twitter-ing
• Who do you trust more: Corporations or Government?

Related elsewhere

• “Social Media is Here to Stay… Now What?” by danah boyd
• “Getting Smarter About Twitter” by Jason Toney
• “What is YOUR use for Twitter” at MrTweet
• Podcast #26: how Spybots can fire you, and is “SmartData” personal DRM?
• “Privacy by Design” by some smart Canadians
• “How I use Twitter” by jbrotherlove
• “Blogging With Split Personalities” by Sarah Dopp