In July 2010, Pew Research Center released a report on the online habits of Millennials. The experts involved in the study, who were mostly academics and leaders at companies like Google and Microsoft, concluded that social networking will only grow in importance despite privacy concerns. In particular, many argued that sites like Facebook had created new social norms around which the barriers between “public” and “private” information were being recast. The study echoed a controversial statement by Facebook founder Mark Zuckerburg made earlier in 2010—that, among young people, privacy is no longer a “social norm.”
That argument may be a little harder to make today. In addition to debates over Facebook privacy settings, over the past several weeks, controversies have erupted in a number of states over employers and schools asking for Facebook passwords from applicants, employees, and students. And while everyone seems to agree that those employers are overstepping their bounds, actually doing something about it is tougher than you might think.
For one thing, legislation is woefully outdated, says the Electronic Privacy Information Center, or EPIC. The closest thing to a law protecting online privacy is the Electronic Communications Privacy Act, which was passed in 1986—a good 10 years before widespread Internet use, not to mention smartphones and other new media. So most of the law’s provisions apply only to landline phones and physically stored data, rather than the smartphones, social media, and “cloud” storage that have become such a large part of 21st century life. For something like email, the rules are complex and cumbersome, reflecting an early understanding of the technology, says the Center for Democracy and Technology. If you happen to store your email on a home computer, it is fully protected and requires a warrant to be searched. But if you use a cloud computing service (say, Gmail), anything you store online can be accessed without a warrant. That includes webmail, photo sharing sites like Flickr, spreadsheets and documents on Google Docs—basically, much of what now makes up many people’s personal and professional lives.
The rules for social networking sites are even more complicated. While law enforcement generally needs a search warrant to access a suspect’s social network account, they can do so without the knowledge of the suspect, reports GOOD. Facebook actually seems to be alone on this policy, as Twitter and Google have their own rules about notifying their users of law enforcement action. In fact, Twitter had to fight for its notification rule against a federal court ruling in Virginia. And, according to EPIC, at the same time, the Department of Homeland Security has an ongoing program of setting up fictitious user accounts on Facebook and Twitter to follow suspects’ posts (also without their knowledge).
Whether or not the DHS program is legal or constitutional is not all that clear. Without more relevant legislation, no one really knows where to draw the line—high courts being no exception. In 2010, the Supreme Court heard two cases on email privacy, and both times, they chose not to address constitutional privacy issues, reports the National Legal Research Group. Wrote Anthony Kennedy in the first case’s majority opinion: “The judiciary risks error by elaborating too fully on the Fourth Amendment implications of emerging technology before its role in society has become clear.” The implication apparently being that until innovation stops and lets us take a breather, we should be careful about fleshing anything out too much.
To be fair, Congress has (half-heartedly) taken up some of these issues. Late last month, Democratic Congressman Ed Perlmutter proposed an amendment to the FCC Process Reform Act called “Mind Your Own Business on Passwords,” says The Atlantic. While the amendment—which was almost immediately voted down—did not address government snooping, it would have prohibited employers from asking for workers’ passwords on sites like Facebook. The strange reality is that, because of the vote and Facebook’s own reaction to the controversy, the social networking site now has stronger privacy rules than the U.S. government—at least when it comes to password protection.
That fact should be pretty alarming. But if we go back to Zuckerburg’s “social norm” argument, it does make some sense. Because technology moves so quickly, and because it has such a big influence over our lives, it’s easy to simply accept new customs and rules without seriously thinking about their impact. The Facebook password cases are unique because they don’t involve government agencies or third parties breaking and entering to access private data. Rather, they involve users willingly giving up their privacy when pressured by people in positions of power.
The real danger here is that social media are still very new, so if a practice like that became more accepted, it could be difficult to undo. Laws and court rulings can be repealed or overturned, but social norms can be much more permanent. Challenging them might mean rethinking our place in the brave new interconnected world.