Woke up recently to email from a friend – he’d noticed several acquaintances taking photos from of a recent Facebook album of his and re-posting  without attribution.  He wondered about the legality of it, but also about whether this was the accepted practice on Facebook.   It's an excellent question which required delving into Facebook and its policies.

Facebook’s Statement of Rights and Responsibilities includes the clause that: [y]ou will not post content or take any action on Facebook that infringes or violates someone else's rights or otherwise violates the law.

In most if not all cases, that Statement should mean that anyone lifting someone else’s photos and re-publishing them are not just compromising the author’s rights to the image but also are not complying with Facebook’s terms.  Yet this practice isn’t restricted to this particular friend’s friends….it’s pretty commonplace online, this grabbing and re-publication of images without acknowledgement or attribution.  It’s not just photos – we see information from social media sites re-used and re-viewed in a variety of circumstances. 

Whose data is it?

Why does this happen?  The roots are in a common presumption that information online is public by default.  This isn’t news -- typically when the question of privacy online, especially privacy on social networks like Facebook, comes up it seems like everyone is an expert.  Conventional wisdom tends toward the notion that once we put information on Facebook or really anywhere at all, to expect privacy is ridiculous.  That ship has sailed, someone will explain patiently, information online is information that's been released into the wild. You have no privacy; you have no control over the information at all! 

Are these self-appointed experts correct?  I’d contend that they are not.  Stephen Colbert talks about the distinction between truth and truthiness, a term he coined that he American Dialect Society defines as “the quality of preferring concepts or facts one wishes or believes to be true, rather than concepts or facts known to be true”.  It seems to me that the presumptive publicness of information online is one of those “facts”.  That despite the existence of privacy policies, terms of use and other restrictions on what the information can or should be used for, people somehow prefer to believe that once information is put online it is available to everyone. 

Helen Nissenbaum has written extensively about privacy as “contextual integrity",  breaking down the way(s) appropriateness is assessed in determining whether and where information is divulged.  A breach of privacy, then, is one where either information is inappropriately divulged, or one where the realms within which the information flows are outside the normative understandings embedded in the original sharing of the information. 

The next time you find yourself snorting dismissively about someone’s failure to protect their information and subsequent complaint about its collection and use, stop.  Think for a moment about if that were you.  Think about the context in which you would’ve uploaded the information, the expectations about who would see it and what would or would not be done with the information that informed your decision to make it available.  And from that perspective, ask yourself if that information is *really* public.    In the offline world, joking posturing for a friend or friends would be understood as such – why is it that we presume that performing that same act online makes it presumptively “true” and relevant to an assessment of my overall character or employability?

Blaming the "stupid user"

The assumption that such information is public grounds not just the feeling(s) of entitlement to images and ideas, it also grounds our response(s) when we hear about such invasions taking place.   It normalizes those invasions, places blame on the “stupid user” and obscures the role of the individual organization or site in creating the issue.    Where a business plan is predicated on access to and use of personal information provided by users, is it fair to focus our analysis of “responsibility” solely on the individual?   Shouldn’t we look at the way(s) in which site design, architecture and default settings facilitate and encourage the sharing of information?  At the intentions behind the information sharing – with whom was the information intended to be shared and for what purpose(s)?   Let’s examine the constituting documents of the site – the Terms of Use and/or the Privacy Policy to ensure that they are reasonable and comprehensible to the ordinary user.  Let’s ensure not only that there are privacy tools in place, but that the tools are able to protect privacy in meaningful ways.