In the aftermath of a year of major privacy scandals, Facebook has been working hard to redefine itself as a privacy-first company. Just this past March, Zuckerberg himself presented a grand new “privacy-focused vision” of his company. He repeated these sentiments this past Thursday when he told shareholders that Facebook was becoming a “privacy-focused social platform.” Yet just hours before Zuckerberg reassured investors about Facebook’s commitment to privacy, his own lawyers argued in court that “there is no privacy” on Facebook. What does this conflict tell us about the future of privacy on the company’s platforms?
When Zuckerberg unveiled his privacy manifesto this past March, perhaps the most striking aspect of the entire document was the way it explicitly excluded Facebook itself and its partners from all of the privacy protections it promised. While it went to great lengths to detail how it would shield user communications from governments and competitor companies, his vision statement made clear that Facebook itself would continue to mine and manipulate its users as before.
Indeed, Facebook made this clear in its court arguments this past Thursday, noting that the Cambridge Analytica scandal did not actually represent a failure to protect the private information of its users. As its attorney put it, “There is no invasion of privacy at all, because there is no privacy.”
The company likened itself to a “digital town square” that people utilize with the full understanding that what happens in that square is public. Even private whispers of extremely intimate information in the corner of such a public square are apparently fair game in the company’s perspective. As it noted, “You have to closely guard something to have a reasonable expectation of privacy.”
This raises the question of just what Facebook defines as “closely guarding” one’s sensitive information. After all, the company has previously noted that by installing its application onto their phone, users grant Facebook the right to utilize their GPS location, camera, microphone and private photo galleries for its own business purposes.
The company’s move towards installing its content moderation algorithms directly on users’ devices as a way of bypassing the protections of end-to-end encryption raises even greater privacy concerns.
As part of this transition to the edge, the company raised the notion of covertly transmitting decrypted content from an end-to-end encrypted conversation back to its centralized servers.
The company’s own messaging presents end-to-end encryption like WhatsApp as offering “secure” communications where users can discuss extremely sensitive topics safely, securely and privately.
At the same time, the company is actively touting its work on bypassing that encryption in order to monitor and proactively censor those conversations and even raising the idea of quietly download decrypted messages of interest back to its servers.
Facebook has a long history of publicly touting its privacy credentials while using tortured legal definitions to ignore those promises entirely. In the aftermath of the Cambridge Analytica story, Facebook repeatedly emphasized to the public and to lawmakers and regulators that it heavily restricted third-party access to user data, in compliance with its consent agreement. In reality, Facebook was in fact sharing user data widely by defining all of those external companies as partners providing "Facebook experiences."
While touting to the public that third parties no longer had access to their data, in reality, Facebook was still sharing their data widely by redefining companies like Microsoft and the Royal Bank of Canada as extensions of Facebook instead of independent companies.
Thus, it is little surprise that Facebook would be once again issuing public statements touting its commitment to privacy even while arguing in court that there is no such thing as privacy on its platform.
The simple reality is that we don’t care about our privacy anymore. Facebook could literally box up and resell our data as ZIP files and despite a few negative press articles we would just accept that as the new norm and continue as before.
The company did not respond to a request for comment.
Putting this all together, it is not surprising at all to see Facebook, in the space of a single day, touting itself as the ultimate privacy protector and arguing that there is no such thing as privacy on its platform.
In the end, privacy on the Web today exists in words alone.
