Note from Beth: As I listened to the NPR story this week about online privacy, it is becoming very important for us to understand the implications.I really wanted to attend the "Social Networks Friend for Foe?"at UC Berkeley earlier this month, but unfortunately had a conflict. Fortunately, my colleague, Aspen Baker, was attending. Even better, she agreed to share a blog post about what she learned on this blog.
Barely a week goes by that I don’t see at least one status update or tweet from a nonprofit colleague lamenting a hacked personal account, including email, Twitter and Facebook. According to John Carlin, the Chief of Staff and Senior Counsel to the Director of the F.B.I, who gave the keynote speech at UC Berkeley’s conference on law, ethics and technology, “Social Networks: Friends or Foes?,” complaints of hijacked accounts increased by one-third from 2007 to 2008. Yikes. Organized crime, Mr. Carlin, says is selling our information and making some very serious money.
Of course, as soon as you have a couple of big time FBI guys and former federal prosecutors who worked on cyber-crimes speaking, there is going to be plenty of information to scare you away from ever posting anything remotely interesting about yourself online. And for good reason. Only a very small amount of data is needed to produce quite a lot of information about each and every one of us and the law is so far behind the times that according to Facebook’s Deputy General Counselor, Mark Howitson, the social networking website aggressively invites litigation because they need new case law to set precedent. The conference, according to Jason Schultz, Co-Director of the Samuelson Clinic for Law, Technology and Public Policy, was designed as “a chance to address the ramifications of what happens when people write permanently to a giant network.”
As nonprofit organizations increase their use of social media tools, including social networking, to spread their message, gain new supporters and serve clients, it’s important for us to understand – and address - the risks we’re taking on organizationally, as well as the risks of our people, from employees and volunteers to donors and clients. I’m not a lawyer. I’m the Executive Director of Exhale and I attended the conference to increase my own knowledge and awareness about how these legal and ethical issues around social networking may affect our work online with women who have had abortions.
Here is what I found to be the most relevant and interesting to the nonprofit sector:
Collecting Evidence Online
Is it ethical for a prosecutor to “friend” a defendant (with a real or fake profile) to find out potentially incriminating evidence about their whereabouts, friends, or behaviors? Can the lawyer of an accused rapist subpoena the private network of the accuser for evidence to place doubt on her story? Can a judge and a lawyer be “friends” and do they need to “un-friend” each other if they’re working the same case? What if the government created a third-party widget that asked people a range of personal questions that they then data-mined and used to find criminals or criminal behavior?
While the overwhelming consensus was that such behavior isn’t right, there are few laws on the books to address these scenarios. Lawyers’ associations, such as state bars, attempt to address such behavior through Codes of Ethics, however government officials are not bound by these rules. Government officials may use deception in undercover work and such practices have been ruled acceptable in cases related to intellectual property infringement (where investigators act as members of the general public seeking to make a purchase) and discrimination cases (housing discrimination against people of color, for example).
Thinking about all the potential ways the legal system already has to blame rape survivors for the crime perpetrated against them, its hard to stomach the idea of defense lawyers legally snooping around a victim’s private networks to gain personal information to use against them. These questions remain undecided and any group that works with victims of violence or communities targeted by law enforcement will pay close attention.
There were a lot of big questions around what defines “content.” Is “content” what you write on your wall or post on your friends page, or is it also “transactional,” the information collected about your use of the social network: what did you search for? What pages did you visit? Most of the panelists thought everything should be deemed content and should therefore be considered, and protected, as private communications.
It was also noted that social context is incredibly important to our ideas of privacy and that privacy has a lot to do with expectations. We may not expect what we post on a friend’s wall to be private, but we probably expect that sending a private message will. However, according to Paul Ohm, Professor of Law at the University of Colorado Law School, email services such as Gmail are changing our expectations of privacy, as we find tailored advertisements in our internet browsers. If we are comfortable with getting advertisements for running shoes after emailing a friend about our trail run, what legal implication does this have for future expectations of privacy?
The issue of privacy is of huge importance to my field of sexual and reproductive health as well as anti-violence work. Will people be more or less likely to visit an online social network for domestic violence survivors, and who will find out if they do? It’s not too hard to think ahead and realize that if domestic violence is a pre-existing condition for health insurance that somehow an insurance company will find a way to gain access to this type of information. Now does this issue of what is private content online not only affect a woman’s personal privacy, but her rights and access to health care?
The Buyer Beware Argument
One of the more interesting debates that took place throughout the day and over several panels has to do with a question of Informed Consent. The Buyer Beware Argument basically posits that social networking is about sharing and if you don’t want to share, then you shouldn’t. Sharing, it should then be assumed, is necessary for building trust and real relationships, online or offline, and like in the real world, there are reasonable and unreasonable expectations for your information staying private. If you tell your friend known for gossiping a secret, you can expect that your secret might get around. Same with social networking, you should expect that your private information may end up somewhere you didn’t intend. Therefore, this argument goes that “buyer beware” and it is not the responsibility of each social network to defend or protect your privacy. It is the individual’s responsibility to understand the risks of participation and make personal choices about when and how to participate.
Not to mention that writing something online provides a permanent record that can be stored indefinitely is incredibly different than a known gossip’s spoken word, this argument did not fly with me on two levels:
1. Social networking will soon no longer be a choice, it will be a requirement to participation in modern life. Strangely, Mr. Howitson from Facebook used the telephone as an analogy to Facebook (you expect your telephone calls to be private and there is a clear process to follow if the government seeks to listen in) several times and yet repeatedly said things like “if you don’t want to share, then you don’t go on there.” If Facebook and other social networking sites are like the telephone, then I argue that very soon it will become a critical part of how people communicate and it will cease to be a choice. You could easily refuse a telephone in 1949 and not be too crazy, but this is not true by 2009. And, as we all know, technology is moving much faster now so the idea that you could refuse to participate in social networking without having any real personal or economic consequences will be unrealistic in the near future. If this is the case, then we, the users, not only need to beware of the consequences of our participation, but most importantly, we need to be consumer advocates who fight for our own protections and demand legal, and wide-ranging respect for our privacy online.
2. The Buyer Beware Argument is victim-blaming instead of proactively protecting. Mr. Carlin began his keynote speech by taking us back to a pre-Giuliani New York City where people were told not to look strangers in the eye as they walked by them on the street. If someone was attacked, the first question they were asked was typically, “well, did you look them in the eye?” suggesting, only half-joking, that it was their fault. Of course, anti-rape advocates know this line of questioning all too well (was your skirt too short? Did you have a drink?), and we also know that while certainly there are things each of us can do to protect ourselves, it is not our fault if we are attacked – the attacker is the one who bears responsibility. Ashkan Soltani, a Masters of Information student at UC Berkeley’s School of Information brought up the important point that there are real limits to what most users can understand about the full scope of risk they are taking on with their online participation. It’s almost impossible to decide for ourselves when the true extent of what websites are collecting about our participation is hidden and/or when websites don’t give users full access to control what is collected about our individual use.
Lessons for the Nonprofit Sector:
Social media and social networking are amazing tools for mission-minded organizations to spread our message, gain new supporters and serve our clients in innovative ways. We can be simultaneously inspired by its potential and feel challenged by the need to not only integrate these strategies into our traditional fundraising and communications strategies, but also to adapt the way we work in this modern, digital, ever-evolving age. We need to see the benefits of what these tools can provide, and we must also educate ourselves about the potential consequences of participation for our employees, volunteers, board members, donors, members and clients, especially for those of us who work on stigmatized, marginalized or taboo issues. On the Exhale talkline, we often hear from women whose privacy was violated in some way and the information that they have had an abortion has been used to target or harass them in their workplace, church, or with their own family members. If it takes very little data to reveal quite a lot of information about any given person, we must understand how data-collecting and online privacy may impact our supporters and potential supporters.
Most of the conferences and workshops I attend about nonprofits and social media address the digital divide, but mostly I hear it referred to in regards to who has access to technology. Rarely have I heard these discussions to include the digital divide between those who know the risks of online participation and can protect themselves and those who cannot. This seems like an incredibly important part of how we think about the cost and benefits of social networking in our organizations, communities and towards our social change missions.
To stay updated on how the legal landscape develops, follow the Samuelson Law, Technology and Public Policy Clinic blog at UC Berkeley Law. The Electronic Frontier Foundation is a nonprofit legal organization which defends free speech, privacy, innovation, and consumer rights. TechSoup works with nonprofits to increase their access to, use of, and knowledge about technology and ZeroDivide knows that access to technology is just the starting point, and education and knowledge are critical to effective, informed use.
Aspen Baker is executive director and founder of Bay Area-based Exhale, the nation's only pro-voice organization dedicated to promoting post-abortion health and well-being.
Update: More on Social Privacy