Three Minutes with Facebook's Privacy Chief
The launch of Facebook's Beacon advertising system in November put the social networking and site in the middle of a controversy over privacy, as Beacon was criticized for being too aggressive and stealthy in collecting and broadcasting information about users' activities online. For that reason, few people right now would probably envy the job of Chris Kelly, Facebook's chief privacy officer and the person most responsible for explaining the site's policies to the public.
IDG News Service recently caught up with Kelly for a telephone interview. He answered questions about Beacon, saying the company is happy with it now after some revisions, but acknowledging that the work isn't over, so we may yet see further modifications that address remaining privacy concerns.
He also tackled other hot topics, like the company's efforts to protect minors from sexual predators, and data portability, or the ability for users to move their data between different social networking services. Kelly said Facebook is in favor of data portability in principle, but wary of it in part because of concerns about user privacy. That might surprise the critics who raised red flags over Beacon, but Kelly said there are legitimate concerns about privacy, and security as well, with data portability.
The following is an edited transcript of the conversation:
IDG News Service: There has been a lot of talk recently about data portability, specifically about letting users of social networks export their data to other sites and applications. What's your take on data portability?
Chris Kelly: We've made it clear that we don't have a philosophical problem with data portability. The problem comes in because there are all sorts of privacy and security worries [related to it], and there are a whole bunch of people out there who would gladly attempt to exploit somebody else's personal information if they could get one point of entry into a network, for instance, and try to export as much data as possible.
So we want to make sure there are rules and controls around that to minimize the possibility of something going off. That is a critical part of all of the discussions, and it's something that, in a rush to call for data portability, most proponents haven't effectively considered. We're trying to make sure that everyone considers that. We joined the Data Portability Workgroup because we want to show that we're serious about having that conversation. But to just say that you can have a completely open system ignores that there are serious privacy and security challenges about that.
IDGNS: So given the privacy, security and legal considerations that need to be taken into account, is a satisfying solution to data portability even possible?
Kelly: Any system needs to reflect the actual preferences of the end-user of the data, and the end possessor of the data is the data subject. At Facebook, we've obviously invested a great deal in building a preference-capturing system around that, and any portability scheme needs to reflect that type of information. We'll press for any data portability scheme to reflect the preferences of data subjects. That's a very important part of building an effective data portability setup.
IDGNS: What's your current position regarding Beacon, which has been such a big source of controversy?
Kelly: We've gotten Beacon to a point where it gives users control over the information they're bringing into Facebook from third-party Web sites and sharing with their friends. The users are coming to understand the technology better. As Mark [Zuckerberg, Facebook's founder and CEO] has said, we made some mistakes in the launch but we think we've gotten Beacon to a very good point. We think users will have a great deal of comfort with how they share or don't share -- based on their own preferences -- actions on third-party Web sites off Facebook.
IDGNS: Mark Zuckerberg has indicated in recent interviews that Facebook continues to work on and refine Beacon to further address lingering privacy concerns. Is that your understanding?
Kelly: Yes, we learn a lot from user feedback and are constantly working to make the site more effective for our users.
IDGNS: Could you articulate the importance of the bill that New York's Attorney General Andrew Cuomo and state legislative leaders are pushing and that Facebook, among others, is backing?
Kelly: It's very important because it allows us to have unique identifiers that focus on sex offenders that we want to exclude from our site. We've been asking for this type of help from Attorney General Cuomo and some of the other attorneys general. State legislatures are listening right now and trying to make it required that when people register as sex offenders they record any Internet and online IDs [they have], and to make it a crime to access the Internet using anything besides those identifiers. This is a big assistance to us because it lets us easily check if anybody is trying to sign up with those addresses.
IDGNS: How effective is that, considering you can get an e-mail address anytime without any verification as to who you are? Isn't this a cat-and-mouse game?
Kelly: This is where the social factor of Facebook's real-name culture comes in and the privacy controls that we have. Those are very effective in protecting people from those who might attempt to misrepresent themselves. But we also want to make sure that anyone who would do our users harm is easily excluded, and this bill will help with that quite a bit.
IDGNS: How feasible is it to come up with a tool or technology that lets social-networking site operators verify people's ages, in particular to identify -- and thus more closely protect -- underage users?
Kelly: You can have effective indicators of whether or not someone is actually a member of a community, like a high school. Facebook has always had technology to try to determine whether someone is a member of a network or not, and has restricted access to their information based on that. That has a great effect in pushing towards a type of proxy age verification. It's not perfect, though, and a lot of the discussions of age verification have focused on attempting perfection in determining whether or not someone is of a certain age, and that type of perfection can't be legislated effectively.
IDGNS: A couple of weeks ago MySpace and almost all state attorneys general announced an initiative outlining safety guidelines for social networking sites. Is that something Facebook plans to sign on to?
Kelly: That agreement substantially reflected an agreement we had previously reached with Attorney General Cuomo, and we're very glad that MySpace has stepped up in this effort. We think that going forward, there will be a variety of principles agreed upon among certain leading Internet sites.
IDGNS: Is it fair to say that the relationship between U.S. state attorneys general and social networking companies has significantly improved in recent months? It used to be quite adversarial and contentious.
Kelly: At Facebook, we've always tried to maintain a very open and honest dialogue with all the attorneys general and law enforcement agencies, and I think we're getting to a very good point with these law enforcement agencies and the industry in a broader way.
IDGNS: How realistic is it to expect a site like Facebook, which has about 60 million active users, to properly monitor what so many people are doing to prevent inappropriate or illegal behavior?
Kelly: We use very sophisticated social designs in terms of limiting access to people's information based on networks that they share in their real-world lives, and further we use technology to look for anomalous behavior, things that may be concerning. It helps to keep our users safer, and also prevent spam and create a more comfortable environment for our users. We have a pretty large customer service team which deals with both reports and with the potentially anomalous behavior highlighted by the technology.
IDGNS: Have you improved your response times when members report complaints about content or actions on the site? That seemed to be a big complaint Attorney General Cuomo's office had with Facebook at some point.
Kelly: Yes, absolutely.
IDGNS: Does Facebook do enough to make sure its average member understands how to manage the very granular privacy settings you offer?
Kelly: I think the average Facebook user understands very well that we take privacy extraordinarily seriously. There's always a balance to be struck between the ease of use and completeness in providing privacy control. We try to strike that balance very well, but we always listen to user feedback about that in terms of how we give them more control over what information they share and with whom.
IDGNS: How much monitoring do you do of, say, photos or videos uploaded to the site? Do those go through automated screening, or do you depend more on members manually flagging stuff they see?
Kelly: Most of the automated tools we've tested in terms of recognizing inappropriate images and things like that are ineffective. We've found that users are some of the best reporters on that, and our reporting infrastructure is extraordinarily effective in removing inappropriate content quickly and in holding those users who attempt to post them responsible by cutting off their account.
IDGNS: As chief privacy officer, what are some of your goals for this year?
Kelly: As the site and the Internet as a whole evolve, we want to continue giving people a great deal of control over what personal information they share and with whom. We want to continue to reflect the social graph very accurately, and privacy is a critical part of that, so we'll continue to bake it into the design of the site and provide people with the most effective privacy controls on the Internet.