Note from Beth: As I listened to the NPR story this week about online privacy, it is becoming very important for us to understand the implications.I really wanted to attend the "Social Networks Friend for Foe?"at UC Berkeley earlier this month, but unfortunately had a conflict. Fortunately, my colleague, Aspen Baker, was attending. Even better, she agreed to share a blog post about what she learned on this blog.
Barely a week goes by that I don’t see at least one status update or tweet from a nonprofit colleague lamenting a hacked personal account, including email, Twitter and Facebook. According to John Carlin, the Chief of Staff and Senior Counsel to the Director of the F.B.I, who gave the keynote speech at UC Berkeley’s conference on law, ethics and technology, “Social Networks: Friends or Foes?,” complaints of hijacked accounts increased by one-third from 2007 to 2008. Yikes. Organized crime, Mr. Carlin, says is selling our information and making some very serious money.
Of course, as soon as you have a couple of big time FBI guys and former federal prosecutors who worked on cyber-crimes speaking, there is going to be plenty of information to scare you away from ever posting anything remotely interesting about yourself online. And for good reason. Only a very small amount of data is needed to produce quite a lot of information about each and every one of us and the law is so far behind the times that according to Facebook’s Deputy General Counselor, Mark Howitson, the social networking website aggressively invites litigation because they need new case law to set precedent. The conference, according to Jason Schultz, Co-Director of the Samuelson Clinic for Law, Technology and Public Policy, was designed as “a chance to address the ramifications of what happens when people write permanently to a giant network.”
As nonprofit organizations increase their use of social media tools, including social networking, to spread their message, gain new supporters and serve clients, it’s important for us to understand – and address - the risks we’re taking on organizationally, as well as the risks of our people, from employees and volunteers to donors and clients. I’m not a lawyer. I’m the Executive Director of Exhale and I attended the conference to increase my own knowledge and awareness about how these legal and ethical issues around social networking may affect our work online with women who have had abortions.
Here is what I found to be the most relevant and interesting to the nonprofit sector:
Collecting Evidence Online
Is it ethical for a prosecutor to “friend” a defendant (with a real or fake profile) to find out potentially incriminating evidence about their whereabouts, friends, or behaviors? Can the lawyer of an accused rapist subpoena the private network of the accuser for evidence to place doubt on her story? Can a judge and a lawyer be “friends” and do they need to “un-friend” each other if they’re working the same case? What if the government created a third-party widget that asked people a range of personal questions that they then data-mined and used to find criminals or criminal behavior?
While the overwhelming consensus was that such behavior isn’t right, there are few laws on the books to address these scenarios. Lawyers’ associations, such as state bars, attempt to address such behavior through Codes of Ethics, however government officials are not bound by these rules. Government officials may use deception in undercover work and such practices have been ruled acceptable in cases related to intellectual property infringement (where investigators act as members of the general public seeking to make a purchase) and discrimination cases (housing discrimination against people of color, for example).
Thinking about all the potential ways the legal system already has to blame rape survivors for the crime perpetrated against them, its hard to stomach the idea of defense lawyers legally snooping around a victim’s private networks to gain personal information to use against them. These questions remain undecided and any group that works with victims of violence or communities targeted by law enforcement will pay close attention.
Privacy
There were a lot of big questions around what defines “content.” Is “content” what you write on your wall or post on your friends page, or is it also “transactional,” the information collected about your use of the social network: what did you search for? What pages did you visit? Most of the panelists thought everything should be deemed content and should therefore be considered, and protected, as private communications.
It was also noted that social context is incredibly important to our ideas of privacy and that privacy has a lot to do with expectations. We may not expect what we post on a friend’s wall to be private, but we probably expect that sending a private message will. However, according to Paul Ohm, Professor of Law at the University of Colorado Law School, email services such as Gmail are changing our expectations of privacy, as we find tailored advertisements in our internet browsers. If we are comfortable with getting advertisements for running shoes after emailing a friend about our trail run, what legal implication does this have for future expectations of privacy?
The issue of privacy is of huge importance to my field of sexual and reproductive health as well as anti-violence work. Will people be more or less likely to visit an online social network for domestic violence survivors, and who will find out if they do? It’s not too hard to think ahead and realize that if domestic violence is a pre-existing condition for health insurance that somehow an insurance company will find a way to gain access to this type of information. Now does this issue of what is private content online not only affect a woman’s personal privacy, but her rights and access to health care?
The Buyer Beware Argument
One of the more interesting debates that took place throughout the day and over several panels has to do with a question of Informed Consent. The Buyer Beware Argument basically posits that social networking is about sharing and if you don’t want to share, then you shouldn’t. Sharing, it should then be assumed, is necessary for building trust and real relationships, online or offline, and like in the real world, there are reasonable and unreasonable expectations for your information staying private. If you tell your friend known for gossiping a secret, you can expect that your secret might get around. Same with social networking, you should expect that your private information may end up somewhere you didn’t intend. Therefore, this argument goes that “buyer beware” and it is not the responsibility of each social network to defend or protect your privacy. It is the individual’s responsibility to understand the risks of participation and make personal choices about when and how to participate.
Not to mention that writing something online provides a permanent record that can be stored indefinitely is incredibly different than a known gossip’s spoken word, this argument did not fly with me on two levels:
1. Social networking will soon no longer be a choice, it will be a requirement to participation in modern life. Strangely, Mr. Howitson from Facebook used the telephone as an analogy to Facebook (you expect your telephone calls to be private and there is a clear process to follow if the government seeks to listen in) several times and yet repeatedly said things like “if you don’t want to share, then you don’t go on there.” If Facebook and other social networking sites are like the telephone, then I argue that very soon it will become a critical part of how people communicate and it will cease to be a choice. You could easily refuse a telephone in 1949 and not be too crazy, but this is not true by 2009. And, as we all know, technology is moving much faster now so the idea that you could refuse to participate in social networking without having any real personal or economic consequences will be unrealistic in the near future. If this is the case, then we, the users, not only need to beware of the consequences of our participation, but most importantly, we need to be consumer advocates who fight for our own protections and demand legal, and wide-ranging respect for our privacy online.
2. The Buyer Beware Argument is victim-blaming instead of proactively protecting. Mr. Carlin began his keynote speech by taking us back to a pre-Giuliani New York City where people were told not to look strangers in the eye as they walked by them on the street. If someone was attacked, the first question they were asked was typically, “well, did you look them in the eye?” suggesting, only half-joking, that it was their fault. Of course, anti-rape advocates know this line of questioning all too well (was your skirt too short? Did you have a drink?), and we also know that while certainly there are things each of us can do to protect ourselves, it is not our fault if we are attacked – the attacker is the one who bears responsibility. Ashkan Soltani, a Masters of Information student at UC Berkeley’s School of Information brought up the important point that there are real limits to what most users can understand about the full scope of risk they are taking on with their online participation. It’s almost impossible to decide for ourselves when the true extent of what websites are collecting about our participation is hidden and/or when websites don’t give users full access to control what is collected about our individual use.
Lessons for the Nonprofit Sector:
Social media and social networking are amazing tools for mission-minded organizations to spread our message, gain new supporters and serve our clients in innovative ways. We can be simultaneously inspired by its potential and feel challenged by the need to not only integrate these strategies into our traditional fundraising and communications strategies, but also to adapt the way we work in this modern, digital, ever-evolving age. We need to see the benefits of what these tools can provide, and we must also educate ourselves about the potential consequences of participation for our employees, volunteers, board members, donors, members and clients, especially for those of us who work on stigmatized, marginalized or taboo issues. On the Exhale talkline, we often hear from women whose privacy was violated in some way and the information that they have had an abortion has been used to target or harass them in their workplace, church, or with their own family members. If it takes very little data to reveal quite a lot of information about any given person, we must understand how data-collecting and online privacy may impact our supporters and potential supporters.
Most of the conferences and workshops I attend about nonprofits and social media address the digital divide, but mostly I hear it referred to in regards to who has access to technology. Rarely have I heard these discussions to include the digital divide between those who know the risks of online participation and can protect themselves and those who cannot. This seems like an incredibly important part of how we think about the cost and benefits of social networking in our organizations, communities and towards our social change missions.
To stay updated on how the legal landscape develops, follow the Samuelson Law, Technology and Public Policy Clinic blog at UC Berkeley Law. The Electronic Frontier Foundation is a nonprofit legal organization which defends free speech, privacy, innovation, and consumer rights. TechSoup works with nonprofits to increase their access to, use of, and knowledge about technology and ZeroDivide knows that access to technology is just the starting point, and education and knowledge are critical to effective, informed use.
Aspen Baker is executive director and founder of Bay Area-based Exhale, the nation's only pro-voice organization dedicated to promoting post-abortion health and well-being.
Update: More on Social Privacy
Hi Aspen,
Thank you for sharing your report from this presentation. I write because your reference to the use of "deception" by quasi-governmental agencies investigating housing discrimination is, I think, misleading, and portrays this work in an unnecessarily nefarious light (particularly when compared to the other examples you cite). I think you are referring to the practice of "testing", which is when community members are asked to apply for apartments or view houses for sale. If the "testers" who are not white are routinely told to look in different neighborhoods than testers who are white, if testers who are parents or unmarried or disabled or veterans are discouraged from renting, then an agency that investigates fair housing has some basis to look more closely at what is going on and what is the need for education, outreach and action in a particular geographic area. Is this practice unethical? Is it wrong? I don't think so. As someone who has worked with fair housing agencies in the past, I think it just helps to validate and shine a light on an all-too-familiar scenario for many in our communities: the times when we have been told openly, but without a lawyer or witness present, if you are [fill in the blank], you need not apply....
Posted by: Mia Sullivan | October 28, 2009 at 12:57 PM
Yes! I'm so glad you wrote and described this in more detail. As much fun as it is to listen to lawyers argue, some legal terms like "deception" mean much different things to the rest of us in the real world. The panelists were exploring the legal definition of "deception" and used the two examples - of intellectual property infringement and housing discrimination against people of color - to show when "deception" can be used for good, legally. They gave specific examples where the law has already decided very clearly that the kind of testing strategy you describe is both legal and ethical in the pursuit of justice. The nefarious examples were really my spin - I don't agree that defense attorneys should be legally allowed to snoop around private networks of people who accuse them of crimes, but there were panelists at the conference who would disagree with me and would say that this kind of "deception" (the kind I think is wrong) is important and useful and ethical to fight crime. I think the point is that there are real differences that exist in the legal community about how to deal with online privacy and data-collection and they are looking to real-world examples to try to make sense of what should be legal or not. "Deception" as a legal concept was referred to in a number of ways with very strong differences in opinion about when it is justifiable and when it is not, given what can be competing needs for justice and privacy.
Posted by: Aspen Baker | October 28, 2009 at 06:52 PM
Many thanks Aspen for your attention to the dark-side of social media (and our related naivete) when it comes to privacy and to a degree the related issues of security and transparency. I was especially interested in your following comments:
"Most of the conferences and workshops I attend about nonprofits and social media address the digital divide, but mostly I hear it referred to in regards to who has access to technology. Rarely have I heard these discussions to include the digital divide between those who know the risks of online participation and can protect themselves and those who cannot. This seems like an incredibly important part of how we think about the cost and benefits of social networking in our organizations, communities and towards our social change missions."
I'm a social media fan and user, but to a point. As a Gmail user, I liked the tangible example of what Gmail, FB and Twitter datamining is capable of via their custom advertising. I've personally experienced a couple things with Gmail and FB that made me remember my pre social-media days with labor and human rights organizing under the Pinochet dictatorship in Chile and how government data stealing from non-profits led to hit lists and horrible consequences; social service agencies ended the use of written client lists. I'm still involved in international conflict resolution work and continue to be amazed at what gets shared on-line by some (more bc of how mis-information is created from snippets), even after all the attention to illegal wiretapping recently. My paranoid side continues to wonder about that YouTube video that traces FB venture capital back to NSA and Defense Dept types (I wish I were better at adding links). While I value the social part of social media and how the vehicle can help mobilize for good, it seems like not until a bank or HMO enables identify theft via a hack or human error (with a very kindly worded apology to thousands) does this vulnerability hit us at home.
Posted by: Jeff Jackson | November 05, 2009 at 11:43 AM
Thanks Jeff, for this very thoughtful and detailed post. As a peace-and-conflict studies major whose work is now focused on transforming the abortion conflict, I am always interested in learning more about conflict resolution work, and yours sounds interesting!
But, back to your question. I'll just expand more on my thinking and experiences and see if that gets at your question, which I think is, "how do privacy risks with social networking really effect nonprofits?". Is this right?
My experiences being in workshops and at conferences for nonprofits and social media is that there is an idea being promoted that we should all - across the npo sector - maximize our use of social media tools in order to spread our messages and promote our mission. I generally agree with this sentiment. And, because these tools are the future and so important to our goals, then we need to make sure that those who can't afford them have access to them, so that we don't leave anyone behind in our online organizing strategies. We are supposed to find ways to engage and reach our communities, clients, and constituencies through these tools, and encouraged to use third-party platforms and widgets to maximize our scarce resources. If we are utilizing these tools, encouraging others to adopt them, and helping increase access to them, then, I think we should also be doing our part to inform people about the risks of using them, and to be pro-active as a sector about protecting our rights and privacy.
Your question has helped me get more focused on my own take-away from this conference, which is that I believe our sector, which is increasingly relying on social media and networking tools for fundraising, communications and services, has an important leadership role to play in shaping conversations and policies to protect ourselves and those we serve, and/or organize.
Posted by: Aspen Baker | November 09, 2009 at 12:34 PM