Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Facebook, Privacy and Contracts
Mark Rasch, 2009-04-08

On February 4, the social networking site Facebook made a minor change to its terms of service — the online contract that every user must agree to when they create an account.

Facebook was trying to solve a legitimate problem: People who deleted their accounts did not realize that information that they shared with other users would persist on their Facebook friends' accounts. Thus, they needed some way of telling users that the information might remain. The proposed change in the contract noted that:

You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof. You represent and warrant that you have all rights and permissions to grant the foregoing licenses.

Essentially, according to these new terms, if you created a Facebook page, posted content on one, created a link from one, or allowed someone else to do so, you had transferred the intellectual property rights to the content to the company, subject to your privacy settings.

The change set off a firestorm, with customers worrying that Facebook was laying claim to every little thought, dialog and memo that the user posted to the company's service. Many people organized and threatened to leave the social networking service.

Facebook executives quickly disavowed any nefarious intent. The CEO pointed out that the language change was merely made to reflect the reality that, when a user deleted a Facebook account, links to the account and comments made about them remained active on the website and accessible. He explained:

Our philosophy is that people own their information and control who they share it with. When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they've asked us to share it with. Without this license, we couldn't help people share that information.

In fact, the grant of license is subject to the user’s own privacy settings, which can limit who has access to the content they post. In other words, what Facebook is saying is "trust what we tell you, not what we wrote."

The Facebook privacy kerfuffle — and it is merely a kerfuffle — reflects a more significant problem concerning privacy, ownership and online contracts. The essential balance between a user's rights and those of the corporation or Internet site are described in a contract. There is generally no statutory right to privacy, particularly in the social networking arena where the information is usually posted for any or all to see. Even person-to-person communications on such a site — the equivalent of e-mail — is not really "private" or "secure" since it is subject to the recipient’s discretion, the potential for electronic discovery as well as disclosure under the terms of use.

These privacy rights by contract are in turn dependent upon the precise words of the the terms of service. The lawyers who draft them are charged with protecting the rights and interests of the company that employs them, and therefore use broad and expansive language. This is why you get language like "irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license…" rather than, "if you post something on Facebook, others can see it and use it as you intended."

Lawyers are paid to think of the worst-case scenario and to protect the company from that possibility. That is why, among other things, by using Facebook you agree not to "do anything that . . .could expose . . . Facebook . . . users to . . . liability," even if that liability is justified. In fact, as the Facebook CEO pointed out: "Our philosophy that people own their information and control who they share it with has remained constant. A lot of the language in our terms is overly formal and protective of the rights we need to provide this service to you."

Story continued on Page 2 



Mark D. Rasch is an attorney and technology expert in the areas of intellectual property protection, computer security, privacy and regulatory compliance. He formerly worked at the Department of Justice, where he was responsible for the prosecution of Robert Morris, the Cornell University graduate student responsible for the so-called Morris Worm and the investigations of the Hannover hackers featured in Clifford Stoll’s book, "The Cuckoo’s Egg."
    Digg this story   Add to del.icio.us   (page 1 of 2 ) next 
Comments Mode:
Friends 2009-04-17
Anonymous (1 replies)
Re: Friends 2009-05-02
kodos


 

Privacy Statement
Copyright 2010, SecurityFocus