The latest privacy furore surrounding Facebook involves its new facial recognition feature. According to Facebook’s own blog entry on the feature, when you upload photos of people who are already tagged in other photos, Facebook will suggest their names, making it quicker for you to tag your photos.
Now I’m just as keen on privacy as the next person, but some of the anti-Facebook responses appear to me to be slightly overblown, especially those that think that this facial recognition gives governments greater access to information about its citizens. First of all, if governments can access our Facebook photos, they don’t need Facebook’s facial recognition technology to identify us. I’m sure they have their own. So the problem would lie with the photos being online, not with their being tagged. Secondly, just because someone has tagged a photo as being a photo of me doesn’t make it a photo of me. It may well be a photo of me, but the person tagging may have made a mistake, or may have tagged someone else as me in order to get my attention. Thirdly, to the best of my knowledge, I cannot prevent myself being tagged by someone else (but I can prevent other people from checking me in with them to places). I can remove the tag if I wish, but it may be too late. And disabling the facial recognition feature doesn’t mean I can’t be tagged anyway, which suggests that the problem, if there is one, is with tagging itself, and not with the new feature.
Most interestingly for me, though, as a sociologist of technology, is the fact that Facebook is offering a technological means for doing something that we can (and do) do anyway: Facebook says that 100m tags are added to photos every day. Actor-network theory analyzes how networks of humans and non-humans are configured so as to successfully perform so-called “programs of action”. It looks at those tasks that are undertaken by humans and those undertaken by non-humans, without privileging one type of “actant” over another. Often, non-humans (computers, say) can carry out out tasks much quicker than humans: a computer will find me someone’s phone number in the phone book much quicker than I can. Sometimes we are happy for non-humans to be involved in programs of action (such as finding someone’s number in the phone book) and sometimes we are less happy (for instance, cameras that photograph us speeding on the motorway).
I think the way to think about this new feature on Facebook is in terms of actor-network theory, and your view on the feature will be determined by whether you think that having a computer do something you could do yourself (and have been doing yourself) makes the action qualitatively different. Is having a machine help you identify your friends’ faces qualitatively different from you identifying them yourself? Does the fact that the machine can do it far quicker make the very task itself different? If it is OK to tag your friends, does having a computer help you tag them faster make it wrong? If so, how come?
And finally a quick “I’m not naive” disclosure. Of course, the reason Facebook wants to “help” us tag our friends is because Facebook makes money from the information it collects. A tag on a photo is information. I’m not so naive to think that Facebook is taking pity on those who have to spend hours tagging their friends in all their photos. There is real economic value in those tags, and so we should always be suspicious of everything Facebook does. Also, I have no doubt that there are serious privacy threats latent in facial recognition software. The state already knows what I look like (there are photos in my passport and on my driving license). If it wants to, it can film me at a political gathering, run facial recognition software, and thereby know I was at that gathering. That, to me, is much more worrying than Facebook’s offering.
The Wall Street Journal did a pretty serious investigation into the cookies and other bits and pieces that websites put in our computers as we surf our way around the internet. From reading that article I learnt that the process of selling ad space based on our profile is an extremely quick one and can happen even as the page we are viewing is loading. I also learnt that the companies that are building our profiles can offer incredibly precise segmentations, but that they do not actually know who we are.
Here, though, is the rub. Let’s say they don’t know our names, but I’m pretty sure that they could work out who I am based on the sports, technology and health pages I look at. The sites I look at to check movie times would give you a pretty good idea of where in the world I live. On the other hand, all of the data processing is done automatically – no one at these companies is actually trying to work out who anyone is based on their profiles. Frankly, it would be a waste of their time.
But what if the data got out? When AOL released hundreds of thousands of searches in what it thought was a generous gesture to the research community, some zealous investigators tracked down individual users. This suggests that the main privacy issue is one of data protection. Unlike the bank, however, whose security measures you can assess, we don’t really have a clue what is going on in these companies. We know that they will have to pay hefty fines if there are data breaches, which, in the US at least, they are legally obliged to report, and that this should serve as a good reason for them to secure their (our?) data, but perhaps by then the damage will be done.