Commentary Stemming From NYT Article on Internet Privacy

[GrayAnderson]

The New York Times ran an interesting piece today entitled "The Web Means the End of Forgetting", and I have found this to be true to an astounding degree. For example, I can actually access RP logs posted by a friend some years ago in spite of the site having gone down years back due to the Web Archive/Wayback Machine.

Obviously, there are problems with this. Setting aside out-of-context remarks that get made and flame wars (imagine, if you will, running an SEO operation on this sort of stuff against someone you don't like to see where this could go horridly out-of-control), there is the very real issue of pictures and the like being posted without peoples' consent, and this stuff then showing up when employers do checks online. The article noted the futility of banning such checks (How do you prove that such a search had an impact or disprove that it took place without creating an extreme hassle, at the very least? Such charges would turn every rejected employment application into a potential fiasco.), but that leaves the issue of people having virtually no control over their online profile.

So, I think a good discussion on this matter is something we might consider having. Legal action is almost assuredly needed here in some form, if only due to the fact that most laws far precede the origins of 'Web 2.0'. I will say outright that there are no 'good' solutions, only 'less bad' ones (if good ones ever were possible, I don't know, but I find the prospect to be depressingly dubious). I know there are probably some legally-inclined posters here (SD.net is frankly one of the most well-read boards I've ever been active on), so I wanted to raise a couple of possibilities that leap to mind:

1) Limiting "safe harbor" provisions for social media websites which fail to put in stringent protections on people putting up pictures of others unknowingly. In essence, this would expose Facebook and the like to legal action if they didn't tighten up strongly on privacy protections such as (to offer an idea that comes to mind) notifying people that they were in a picture and giving them the ability to force the picture down; an extension might also require them to bar search engines from picking images up for a period to allow for such vetoes. Pros: Would limit damage from 'surprise' postings, and would certainly act as a deterrent to Facebook's trend towards dumping everything in public. Cons: Hardly perfect. Could kill social media from liability. Could create a First Amendment issue.

2) Expand the DCMA takedown provisions to cover public images of an individual. Basically, create a legal right to control the public image of oneself (waivable in certain circumstances, such as when one goes to an amusement park and the park reserves the right to use your image if they're making a promotional video or taking photos). Further, extend this provision to search engines (and perhaps centralize where such requests/demands can be made in some form, much like the Do Not Call directory). Pros: Better individual control of their image. Cons: Implementation of the second half is a potential nightmare, and implementation of the first half is somewhat meaningless without the second half. Also runs into major identification issues (for example, the sheer number of individuals named "John Smith" out there would make getting the right person delisted nigh on impossible). First Amendment is always a problem, and there is clear potential for abuse (though 'public persons' could have more stringent standards applied as is often the case with existing law).

2a) A lesser version of this would require you to identify the image rather than issuing a sweeping ban. Pros: More narrowly tailored, and addresses an issue. Cons: First Amendment issues rear their head, as do possible abuses. Also doesn't directly deal with the fact that things may be mirrored or archived. And still contains the morass of implementation.

3) Make privacy policies unalterable for content posted during a given period of time without the express and voluntary consent of those who posted it/appear in it. One of the biggest problems with Facebook is the constantly changing terms of service; the site has morphed from your-campus-only (as it was back in 2005) to anyone-in-the-world-can-see with much material now. There have been repeated pushbacks, but the underlying issue has never really been addressed; to build off the Facebook example, they couldn't change the terms for existing content, only for new content, and wouldn't be able to force you to accept the new terms or drop the service. Pros: Easy to implement, and addresses at least one of the problems out there. Fairly narrowly tailored, and probably averts most First Amendment issues. Con: An incomplete solution at best, and could at some point harm the financial viability of some companies.

4) The article suggested the option of enforcing 'expiration dates' on data that is publicly available in some form. This isn't a bad idea, but it strikes me as only dubiously effective if a search engine decides to flout it. So suggest that certain types of data (pictures not from a news source or maintained blog, for example) have to be purged from search engines and some caches after a certain period. Pros: At the very least, you can force material out of circulation after a time. Cons: Doesn't deal with trouble in the interim. Also, can easily be circumvented without laws enforcing it (or at least enforcing the right to have data expire). Finally, can result in "unintended erasures" or "friendly fire" (such as happened with several cell phone messages from my mother when the 30-day period ended and I thought I was copying them over; I was able to save a couple of the messages, but it was a tight call because the "save" function didn't make clear that the saving didn't extend indefinitely).

Again, I'm not saying that any of these ideas are ideal, close to ideal, or for that matter even in the same state as ideal. But it is also pretty clear that from a commercial angle, self-regulation has not panned out (I will refer you to Twitter handing its archives over to the LoC out of nowhere, again to the saga that has been and will continue to be Facebook, and who-knows-what-else is out there) and that this particular aspect isn't going to improve with time. So, thoughts? Comments? Snide remarks (of which I have no doubt there are plenty to be had)?

[ThomasP]

I don't have a lot of comment on your suggestions.

What I will say is that things have changed a lot in the last five years or so, and definitely in the last decade. I remember back in the 90s and even as recent as 6-8 years ago, there as an unwritten rule that if you didn't want people to see it, you didn't put it online. It was pretty much that simple. If you put something online, you'd waived any expectation of privacy.

That seems to have changed with the rise of the social networks, where people will endlessly make updates about all aspects of their personal life and then act shocked when people see it. I'm not sure why people are getting online and expecting that kind of control.

I don't see a problem with reasonable privacy controls built into a network, but I also don't see any point in holding sites and web services liable for any privacy breaches, either. I've seen it suggested by some that we just have to accept that we've lost that expectation of privacy now, between voluntary updates on social media and ubiquitous video cameras. I'm not sure how I feel about that, but I see the point.

It may be that trying to protect privacy is one of those futile battles, and ultimately not that big a deal beyond the usual panic that comes any time some social more changes because of technology.

Interesting discussion in any case.

[Uraniun235]

How likely is it that the trend will continue to the point where companies are unable to find applicants without some form of compromising data on the internet? If the job's got to be done, are they really going to throw their hands up and say "welp, guess we're out of business, America's too loose"?

Trying to hide this data is a step in the wrong direction. We should be shoving it down their throats until they choke on it and learn to not bother with it any more.

[adam_grif]

What I think is going to be hilarious is in 30 years time, when people are digging through Wayback Machine (or whatever replaces it) to find incriminating posts made by candidates for upcoming elections. Fox will be running stories about how Joe Blow presidential candidate confessed to being an Anarchist when he was 16.

[GrayAnderson]

How likely is it that the trend will continue to the point where companies are unable to find applicants without some form of compromising data on the internet? If the job's got to be done, are they really going to throw their hands up and say "welp, guess we're out of business, America's too loose"?

Trying to hide this data is a step in the wrong direction. We should be shoving it down their throats until they choke on it and learn to not bother with it any more.

The problem is that some people are either moderately discreet about what they post (let's face it, a fair portion of what has gotten people in trouble is stuff they put up there themselves) or who at least do a respectable job of keeping the various things they put up harder to connect to them. What we haven't seen is something to the effect of "Mr. Smith sues Mr. Jones after the latter's unauthorized pictures posted on the internet get Mr. Smith blocked from a job", nor have we seen "Mr. Smith sues Mr. Jones for libel over doctored internet photos that got him denied for a job".