Social Networks as Regulated Utilities?

At CFP‘s, panel on “Privacy, Reputation, and the Management of Online Communities” professor Frank Pasquale mentioned the idea of treating social networking service providers as regulated utilities. He may or may not have read about the Facebook VP that described Facebook as akin to a cable company. One carrying social data:

We view ourselves as a technology company at our core. We’re the cable company creating the pipes, and what they carry is social information and engagement information about people.

So they carry your social information — your social relationships and identity, contextualized and with that social meaning, not just at the level of Internet packets. Facebook knows the meaning of what it is carrying, unlike your telecommunications company. They think of themselves as carriers that set up the structure that knows that meaning and allows it to be communicated.

CPNI and Content?

This sort of thinking opens of lots of neat new analogies. Lets think about privacy. Per the Telecommunications act, telephone companies have to protect the privacy of your “Customer Proprietary Network Information,” or CPNI. This is basically the information the company needs to provide the service — the numbers you dial, the location you dial from, etc… Importantly, not the content of your communication — that already has intense protection. The legal definition includes:

information that relates to the quantity, technical configuration, type, destination, location, and amount of use of a telecommunications service subscribed to by any customer of a telecommunications carrier, and that is made available to the carrier by the customer solely by virtue of the carrier-customer relationship”

Telephone companies have a duty to protect this information but can use it in advertising, or sell it to joint venture partners with consent. EPIC has more information on protection for CPNI.

So what is the equivalent in the social networking space? The people you send messages to are going to be protected. So should be your browsing, and just about all of your social actions. But there’s an important leap here. If Facebook thinks of itself as a pipe of social information, then your connections — your social graph — would be more like the content. That’s the change: your connections are your social messages, rather than your connections being who receives your messages. That would give your social graph quite a bit of protection, and disallow Facebook from reading it.

Common Carriers

Utilities are also sometimes viewed as common carriers. Common carriers can’t discriminate in what they carry, and further are absolutely liable. I analogize the first to the idea that Facebook won’t judge my social graph, and thus can’t discriminate based on how I am socially relating. This means I can be free to move data around, and even download my social graph from Facebook. I previously blogged about the potential for privacy enhancement from so called “data portability.” It would be discriminatory, and a violation of common carrier principles, for Facebook to prohibit certain uses of the social graph.

Posted: May 27, 2008 in:

Computers, Freedom and Privacy 2008

Today I got to CFP 2008: Technology Policy ’08 conference. Tomorrow I’ll be presenting on what could be a hopeful new direction in spyware policy. I’ll be speaking on the stalker spyware complaint EPIC filed earlier this year.

In this digital age, spyware is used by employers and parents, as well as stalkers and perpetrators of abuse. This workshop will discuss whether anti spyware policy and technology is appropriately tailored to spyware uses in the social context of abuse: misusing power and control. The essence of spyware is to spy, to monitor, to watch someone – all without their knowledge. How do we identify and respond to harmful, inappropriate use? What are the challenges faced by policymakers and antispyware technology providers when dealing with abusive uses of spyware? This workshop will explore the varying opinions on spyware policy and practice as it intersects with privacy and safety.

Other program topics that look interesting include network neutrality, reputation systems, and social networks. The whole program is here.

Posted: May 21, 2008 in: