Tales from the Net

a work in progress

Saturday, January 5, 2008

Trust, control, and scraping Facebook

Judi Sohn’s got an good perspective on this week’s high-profile social networking kerfuffle:

This week’s blog storm centered around Robert Scoble. He temporarily lost his Facebook account because he got caught trying to scrape what he erroneously believed was “his” data into Plaxo using a script that violated Facebook’s terms of service….

It’s not about data portability. It’s about trust.

Well, it seems to me that it also is about data portability (Dare Obasanjo aka Carnage4Life and Nick Carr both have excellent posts on this). In addition to privacy concerns, one of the reasons I don’t put much data into Facebook or its applications is because I can’t take it with me. Visual Bookshelf, for example, is something that I’m continually tempted by; but if I’m going to go to the trouble of inputting all of my library, I want to be able to access it and display it from any site — and continue to use it if I decide to leave Facebook. Alas, social networking sites today generally regard the data as theirs, not their users; and so they don’t make it easy to move it.

Still, the trust aspects are paramount here, and there are at least a couple of interesting vectors:

  • between Scoble and his friends. When I added him on Facebook, my intent was to give him access to my Facebook information and create a channel by which we could communicate; sure, he could proceed to scrape my information and use it for all kinds of purposes without asking me, but as Tara Hunt tweets “I’m appalled that someone can take my info 2 other networks w/o my permission. Rights belong 2 friends, too.” Did he violate our trust relationship by doing the scraping without asking for permission? He says he was just doing some testing and threw away the data; do I trust him not to have left any stray traces? Also, Scoble’s got a lot of friends, and Judi comments in her post that for the vast majority of them, he is the equivalent of a magazine publisher and the “friends” are his subscriber base/audience. These are very different connotations than we usually think of for friends; how does this affect the relationship?
  • between Facebook and its users. Scoble used a script that he knows violated their rules of service; are they right to reinstate his account after his apology when his posts make clear that he still doesn’t think he really did anything wrong? On the other hand, Scoble points out that when there automated defenses flagged him as a potential security violation, they erased him without warning. Does this mean that all Facebook users are essentially living on sufferance?

Interesting issues. Shel Israel’s summary suggests that the overall impact is nil (although it helped the day go faster), and I tend to agree that it didn’t affect the reputations of Facebook (even though they looked good here), Plaxo (who’s already generally regarded as evil) or Scoble (who is known for doing stuff like this). Still, it’s a fascinating microcosm of a couple of the issues that are likely to come up again and again in the social networking space; so it’s well worth thinking about.

Update: Ed Felten’s It’s not about data ownership makes some very important points here and is well worth reading.

posted by Jon at 6:23 pm  

4 Comments

  1. Dare’s got an excellent followup post, including this:

    When I entire my personally identifiable information (PII) into Facebook, I am entering into a social contract with two entities. I am trusting Facebook to protect my data so it is safe from malicious hackers and not sell it to malicious third parties like spammers or telemarketers, in return I provide Facebook with accurate data which improves their service and the user experience of the people in my social network. In addition, I am implicitly trusting the people in my social network not to abuse the privilege of having my personal information (e.g. by prank calling my cell phone, giving my personal details to third parties I don’t trust).

    Well said.

    Comment by Jon — January 6, 2008 @ 9:24 pm

  2. […] the aftermath of the Scoble/Facebook scraping brouhaha, DataPortability.org (”sharing is caring”) has announced that individuals from Google, […]

    Pingback by Tales from the Net » New members for DataPortability.org — January 8, 2008 @ 5:16 pm

  3. Ed Felten weighs in with It’s not about data ownership on Freedom to Tinker, making the excellent point that neither Scoble nor Facebook nor Scoble’s friends “own” the data.

    Where did we get this idea that facts about the world must be owned by somebody? Stop and consider that question for a minute, and you’ll see that ownership is a lousy way to think about this issue. In fact, much of the confusion we see stems from the unexamined assumption that the facts in question are owned.
    ….

    Once we give up the idea that the fact of Robert Scoble’s friendship with (say) Lee Aase, or the fact that that friendship has been memorialized on Facebook, has to be somebody’s exclusive property, we can see things more clearly. Scoble and Aase both have an interest in the facts of their Facebook-friendship and their real friendship (if any). Facebook has an interest in how its computer systems are used, but Scoble and Aase also have an interest in being able to access Facebook’s systems….

    How can all of these interests best be balanced in principle? What rights do Scoble, Aase, and Facebook have under existing law? What should public policy says about data access? All of these are difficult questions whose answers we should debate. Declaring these facts to be property doesn’t resolve the debate — all it does is rule out solutions that might turn out to be the best.

    Fred von Lohmann of EFF agrees in a comment that there is no ownership of the data, and adds

    But even if there were, it wouldn’t answer these questions. Consider sites like Flickr. Unlike the facts in Facebook, the photos on Flickr are plainly copyrighted works. But that doesn’t tell you anything about whether the copyright owner is entitled to access Flickr’s servers to make copies of the photos.

    Your ownership in an intangible (copyright or patent) does not come with any right to access particular copies of it that reside elsewhere. Flickr can delete all of your photos, and if you failed to make back-ups, nothing in copyright law would provide you recourse.

    Comment by Jon — January 9, 2008 @ 3:57 pm

  4. Thomas Otter suggests on Vendorprisey that Scoble’s actions may have violated EU privacy laws. Scoble and several others not-so-helpfully weigh in showing what seems to be a lack of understanding of EU law and gratuitous anti-European comments (which also show up on Dennis Howlett’s post picking the story up).

    Thus far I haven’t seen anybody ask the related question of whether Scoble’s actions if left unchecked would have caused Facebook to violate EU privacy law … it’s a complicated issue indeed.

    Comment by Jon — January 9, 2008 @ 4:25 pm

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress