Facebook, Privacy, and Social Norms


| 4/6/2012 1:28:00 PM


Tags: Facebook, privacy, password, social norm, Supreme Court, Congress, Electronic Communications Privacy Act, Department of Homeland Security, Sam Ross-Brown,

 Lock and Safe 

In July 2010, Pew Research Center released a report on the online habits of Millennials. The experts involved in the study, who were mostly academics and leaders at companies like Google and Microsoft, concluded that social networking will only grow in importance despite privacy concerns. In particular, many argued that sites like Facebook had created new social norms around which the barriers between “public” and “private” information were being recast. The study echoed a controversial statement by Facebook founder Mark Zuckerburg made earlier in 2010—that, among young people, privacy is no longer a “social norm.”  

That argument may be a little harder to make today. In addition to debates over Facebook privacy settings, over the past several weeks, controversies have erupted in a number of states over employers and schools asking for Facebook passwords from applicants, employees, and students. And while everyone seems to agree that those employers are overstepping their bounds, actually doing something about it is tougher than you might think.

For one thing, legislation is woefully outdated, says the Electronic Privacy Information Center, or EPIC. The closest thing to a law protecting online privacy is the Electronic Communications Privacy Act, which was passed in 1986—a good 10 years before widespread Internet use, not to mention smartphones and other new media. So most of the law’s provisions apply only to landline phones and physically stored data, rather than the smartphones, social media, and “cloud” storage that have become such a large part of 21st century life. For something like email, the rules are complex and cumbersome, reflecting an early understanding of the technology, says the Center for Democracy and Technology. If you happen to store your email on a home computer, it is fully protected and requires a warrant to be searched. But if you use a cloud computing service (say, Gmail), anything you store online can be accessed without a warrant. That includes webmail, photo sharing sites like Flickr, spreadsheets and documents on Google Docs—basically, much of what now makes up many people’s personal and professional lives.

The rules for social networking sites are even more complicated. While law enforcement generally needs a search warrant to access a suspect’s social network account, they can do so without the knowledge of the suspect, reports GOOD. Facebook actually seems to be alone on this policy, as Twitter and Google have their own rules about notifying their users of law enforcement action. In fact, Twitter had to fight for its notification rule against a federal court ruling in Virginia. And, according to EPIC, at the same time, the Department of Homeland Security has an ongoing program of setting up fictitious user accounts on Facebook and Twitter to follow suspects’ posts (also without their knowledge). 

Whether or not the DHS program is legal or constitutional is not all that clear. Without more relevant legislation, no one really knows where to draw the line—high courts being no exception. In 2010, the Supreme Court heard two cases on email privacy, and both times, they chose not to address constitutional privacy issues, reports the National Legal Research Group. Wrote Anthony Kennedy in the first case’s majority opinion: “The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.” The implication apparently being that until innovation stops and lets us take a breather, we should be careful about fleshing anything out too much.