Facebook’s business model calls for wiping out privacy

In order to create an enduring, multi-billion dollar business on par with the likes of Google and Microsoft,  Facebook must compel its users to divulge and make widely accessible as much information about their preferences and online behaviors — and their friends’ preferences and online behaviors — as possible. By doing this, Facebook amasses rich intelligence it hopes to sell at a premium to advertisers. But security and privacy go hand in glove.  Facebook already has created a new attack vector that has given rise to the Koobface worm. Time will tell what other security issues get created as the company pushes to wipe out privacy. In this USA TODAY cover story, my colleague, Jon Swartz, examines how Facebook’s business model is running into resistance.

By Jon Swartz, USA TODAY

16 June 2010, p. 1B

SAN FRANCISCO — As Facebook quickly closes in on 500 million members, it has become the Internet’s water cooler.

The social-networking giant’s vast customer base — the equivalent of the world’s third-biggest country, by population—freely shares personal information, which has reset the way many communicate and how advertisers reach them.

Breaking news: How clickjackers take advantage of lowered privacy. Click here.

Facebook CEO Mark Zuckerberg is betting that there’s almost no limit to what people will share and to how his company can benefit from it. “Our incentive is to give people the exact controls they want, so they can share the most information,” he says. “More and more people want to share information. That is where the world is going.”

But can too much information be too much of a good thing? Social-networking sites — Facebook, in particular — face heightened scrutiny over their privacy policies from consumers, privacy advocates and legislators.

Some lawmakers are readying legislation to regulate websites’ tactics for collecting information about consumers, and the way that information is used to target ads.

Just last month, Facebook held a mea culpa press conference in which Zuckerberg apologized and the company overhauled its admittedly unwieldy privacy controls amid negative user feedback.

The moves quelled some concerns but did not appease privacy advocates, who see an inevitable conflict between Facebook’s treasure trove of user data and the temptation to sell it to advertisers.

“Facebook is in the business of making money, not protecting privacy,” says Nicole Ozer, technology and civil liberties policy director for the ACLU of Northern California. “These latest changes became the right thing for Facebook to do because of mounting pressure from users and Washington.”

Complicating matters, Zuckerberg finds himself at odds with a staff of 200 salespeople who wish to “monetize” the vast personal information of its users, says David Kirkpatrick, author of the new book The Facebook Effect.

“It’s a very difficult juggling act,” Kirkpatrick says. “For better or worse, Facebook is causing a mass resetting of the boundaries of personal intimacy.”

Facebook’s dilemma is one shared by other online companies as they weigh the benefits of sharing customers’ personal information with advertisers — even if it means losing some of them over privacy concerns. (Facebook points out that its members intentionally share data, while other sites aggregate data on individuals through searches and other online behavior.)

“(Privacy) is one of the biggest questions on the Internet,” Zuckerberg said in a brief interview after Facebook unveiled new, simpler privacy settings last month. “This is not just an issue for Facebook. But we should be held to a higher standard.”

The inherent conflict between information and privacy isn’t likely to go away. Facebook’s prosperity — perhaps its future — depends on it making a vast mountain of personal information available to marketers as it seeks to gain an edge in an online ad war with Google, says Roger Kay, president of Endpoint Technologies Associates.

“Facebook is in a conundrum,” says Jeremiah Owyang, an analyst at Altimeter Group. “To win marketing dollars, it has to be open. But the social contract with the users is that it is closed, and there are permissions.”

Dogged by privacy topic

Privately held Facebook does not disclose its financial results, but two people familiar with the company’s finances who are not authorized to speak publicly about the matter said overall revenue could top $1 billion this year, up from about $550 million in 2009 and an estimated $300 million in 2008.

Driving sales are highly targeted self-service ads, which accounted for $300 million to $400 million in 2009, the sources said.

Because Facebook is so big, its task is particularly tricky as it adds features and shares information beyond its site, Zuckerberg and software developers concede.

Facebook ran into resistance, for example, when in 2007 it rolled out Beacon, a now-discontinued program that let third-party websites distribute “stories” about users to Facebook news feeds.

An overwhelming 95% of American consumers are concerned about their privacy on the Internet, according to a survey of more than 400 last month by market researcher Vovici.

It’s no wonder, then, that many Facebook members howled with outrage when the company in April announced a new feature that sends user profile information in bulk to companies such as Microsoft, Yelp and Pandora — in essence, broadcasting their habits and likes across the Internet.

The feature prompted four U.S. senators — led by Charles Schumer, D-N.Y. — to demand Facebook only pass along data if users agree to it under a so-called opt-in feature.

It also compelled Ben Edelman, a Harvard Business School professor and privacy expert, to accuse Facebook of sending personal information to online advertising companies without its users’ consent. Edelman made the claim in a letter of complaint with the Federal Trade Commission last month.

Facebook officials say a “relatively rare combination of clicks” might have helped advertisers identify people who clicked on some ads before the company fixed a mistake two weeks ago.

“We absolutely do not sell user data, period — including to advertisers,” says Bret Taylor, Facebook’s newly appointed chief technology officer.

It is routine for Facebook to sift through user data and look for behavioral patterns of its membership, the company says. The intent is not to conjure up predictive profiles that could be used for targeted ads but to promote the sharing of information and self-expression by improving and innovating the service, Taylor says.

Yet the introduction of new features invariably leads to user confusion over how their information is shared and the impact it may have on their privacy, analysts say.

“They don’t ask customers before they roll out features,” Owyang says. “Over time, they will withdraw features if there is enough blowback. This is calculated.”

However, if Facebook was forced to seek users’ permission before it rolls out features, counters Henry Blodget, CEO of tech blog The Business Insider, “Innovation would slow to a crawl. It would also sacrifice the opportunity to roll out (features) that initially freak people out but that soon become wildly popular.”

Taylor acknowledges the many changes to the site — and its privacy, consequently — were “overwhelming.”

“It needed cleanup and refactoring,” he says of the new, simplified privacy settings. Additionally, Taylor says some future features will come with an opt-in option. The company this month launched a privacy page (facebook.com/fbprivacy) to communicate with its members on the topic.

A growing backlash, but how big?

Still, the privacy clash won’t go away.

The debate was on vivid display again during the D8 tech conference this month, when Apple CEO Steve Jobs weighed in on the topic. “Privacy means people know what they are signing up for in plain English,” he said.

“Some people want to share more data. Ask them. Ask them every time. Let them know precisely what you are going to do with their data.”

The issue has elicited grumblings among a small faction of Facebook’s enormous user base.

More than 80,000 people have signed an ACLU petition since November — 30,000 in late May — demanding that Facebook live up to its principle of user control.

Another sign of discontentmanifested in some high-profile tech influencers — blogger Jason Calacanis and Google search-engine guru Matt Cutts— quitting the service in recent weeks.

Whether other users follow is debatable. Facebook’s member rolls have surged this year; in the weeks following the most recent controversy, Facebook says, it added 10 million members. Two “quit Facebook” protests flopped because of low participation.

Many Facebook users say they couldn’t care less. They’ve accepted the notion that some of their online likes and habits will make their way to advertisers and marketers. It’s all part of the social-media experience, they say.

“Our future identities are on the Web and the future of advertising is content we want to see,” says Emily Gimmel, 26, owner of a media-consulting company in Las Vegas. “I am busy, and I want to see ads pertaining to me.”

Others aren’t so sure. Brent Pietrafese, a 32-year-old mergers-and-acquisitions lawyer in Cleveland, shares only his name and town on his profile.

Shelene Peterson, 27, administrative assistant for a non-profit education organization in Burlingame, Calif., has taken it further: She uses a fake name on Facebook to avoid “embarrassing disclosures” to future employers.

“I don’t want my personal information sold,” she says. “(Facebook) is becoming more about that and less about the social experience.”

Few users appear to be defecting, though, despite a recent spike in Google searches on “deleting” Facebook accounts and one study that suggests 60% of Facebook users are considering quitting.

That study, by computer-security firm Sophos, is based on a small sample size of 1,588 Facebook members — many of whom have privacy concerns. “People are concerned, but they aren’t taking action,” says Jeffrey Henning, vice president of strategy at Vovici.

“The identity system is a building block of our civil liberties,” says John Clippinger, an official at Harvard’s Berkman Center for Internet & Society and author of A Crowd of One: The Future of Individual Identity.

“Sure, creating social graphs can be a new way of authenticating people,” Clippinger says. “But should Facebook own it? And have no restrictions over it? It is an Orwellian power play. Facebook is trying to be the identity broker of the Web.”

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone