by J. Butler, Applecore Content Development Specialist
They say bad things come in threes. In that case, Internet privacy is still waiting for the other shoe to drop.
Earlier this month, Facebook users were appalled to discover that the website’s Terms of Use had altered, basically giving Zuckerberg et al. more freedom in the legal rights they held over their users’ uploaded data, photos and videos.
The missing provision outlined the user’s right to remove their uploaded content at any time, which would also eliminate Facebook’s license to it. Left in its place was new language that gave Facebook full rights to any content uploaded by its users—even if the account it was uploaded to was terminated. The Consumerist, an online blog, was one of the first to point out the change, which superficially amounted to Facebook claiming that they can do whatever they want with your content. Forever.
It took three days and a lot of protest (to the tune of about 100,000 users), but Facebook eventually replaced the original Terms of Service, citing the need to rewrite to clarify exactly what the changes meant. Though the move calmed many critics, some consider that it even happened in the first place a warning sign. Says Marc Rotenberg, the executive director of the Electronic Privacy Information Center in the New York Times:
“This was a digital rights grab…Facebook was transferring control of user-generated content from the user to Facebook, and that was really alarming.”
Scary stuff, considering that according to their own Terms of Service, Facebook is under no obligation to notify changes to their terms—even when existing users are not asked to agree to the new terms.
Then, this past Thursday, the "Internet Stopping Adults Facilitating the Exploitation of Today's Youth Act of 2009," or SAFETY Act, was floated in both the House and Senate. It’s the second time this particular Act has surfaced (the first time being back in 2007). While its goal to protect children online is nothing short of admirable, some of the Act’s provisions have Internet privacy advocates concerned.
An excerpt: "A provider of an electronic communication service or remote computing service shall retain for a period of at least two years all records or other information pertaining to the identity of a user of a temporarily assigned network address the service assigns to that user."
The basic idea is that any Starbucks, university campus, or employer would be required to keep a log of all data related to the IP addresses assigned to its individual users. Everything from email logins to search queries to site history would be retained. For two years.
What’s the current ruling look like? The Electronic Communications Privacy Act of 1986 set the precedent that ISPs based in the United States retain relevant data from a given IP address for at least 90 days—but only upon the formal request of law enforcement.
Though its aim is admirable, the Act inevitably opens a whole can of issues related to privacy laws and the internet. Since it’s grown so fast and so big, drawing the line between public data and private data is blurry at best. This is especially true on a site like Facebook, where individual privacy settings vary considerably from user to user. Case in point—I don’t have my birthday, email address or even my relationship status on my Facebook profile, which is only viewable by people who are already my friends. But I know plenty of people who will not only publish all that data without thinking twice—they even add phone numbers, street addresses and employment locations. So what’s clearly private data for me is loosely-defined public data for someone else.
Want to know more? Here are some great links for further reading:
10 Privacy Settings Every Facebook User Should Know (Allfacebook.com)
Canadian Privacy Law Blog
Internet Privacy Laws in Canada (a brief rundown of current Canadian privacy rights)
Dissecting Facebook's Terms of Use (a detailed and jargon-free rundown of Facebook’s Terms of Use—it’s pretty eye-opening.)
Posts
