Facebook has an opportunity next week to influence the policy arc on social media privacy and security -- with senators expecting written recommendations from the company on better securing users' online experience -- but the discussion promises to be long and arduous.
“Policy around privacy right now is a train wreck,” said Richard Ford, chief scientist of the Texas-based security firm Forcepoint. “We need to have a well-informed, slow conversation to discuss what the general principle is here.”
That conversation about privacy goes well beyond social media, Ford said, and is being driven by developments such as the new data-privacy rule in Europe.
“I'm a big fan of GDPR,” the European Union's General Data Protection Regulation taking effect May 25, Ford said. “It's a great opportunity for us to get our own house in order and have this conversation about whether I should collect and hold all this data.”
Facebook is gearing up for a deep discussion in this policy realm following CEO Mark Zuckerberg's recent appearances on Capitol Hill.
The social media giant has announced a job opening for a “cybersecurity public policy manager” to “Work within Facebook's Product Policy team to formulate policies that govern user, advertiser, and developer behavior on Facebook”; “Represent Facebook in meetings with politicians, policymakers, NGOs and civil society groups”; and “Work with Facebook's Public Policy and Security teams to form international coalitions that help advance and support Facebook’s cybersecurity goals.”
The meetings with politicians and policymakers could take up a good chunk of time, as senators including John Kennedy (R-LA) and Amy Klobuchar (D-MN) try to rev up legislative activity aimed at “online companies.”
Even before the new cyber policy manager comes on board, Facebook is expected on May 8 to respond in writing to senators' questions at the recent joint Senate Commerce-Judiciary committee hearing with Zuckerberg, including recommendations for bolstering privacy and security in the social media space.
Kennedy and other lawmakers have said Facebook's responses and other actions could have a major influence on how Congress approaches online activities.
A bill by Kennedy and Klobuchar, unveiled just after Zuckerberg's appearance, would require covered entities to establish and publish the description of a privacy or security program, to biennially audit those programs, and to notify platform users of any privacy violations within 72 hours. The Federal Trade Commission would enforce the requirements under its “unfair or deceptive” practices authority.
Forcepoint's Ford said “any legislation should be around the fundamentals,” including better defining individuals' right to their own data. “What are the principles we're trying to enshrine?” he asked.
The stakes are large in an environment where “likes and dislikes” on social media are “incredibly revealing to data scientists” and can contribute to the “weaponization” of data, Ford explained. “Simple algorithms can determine huge things, but do you cripple U.S. companies ability to compete against companies in less scrupulous countries? Do we still aspire to be better?”
With that in mind, he said the “do something” impulse spurred by controversial uses of Facebook data is going to create discussions that will be “uncomfortable” for “some lobbyists.”
Ford said: “Companies are going to want to collect and use data. … I wish our policymakers would say 'I don't know what the answer is.'” -- Charlie Mitchell (firstname.lastname@example.org)