Finger pointing doesn’t cut it and regulation won’t fix it

By Laura Haight 

After three weeks of learning about the harvesting and manipulation of our personal information by Cambridge Analytica and Facebook, and last week’s high-profile questioning of Facebook CEO Mark Zuckerberg, the key takeaway seems to be the very disturbing realization that absolutely no one knows who is supposed to be protecting your privacy.

A good place to start should be Facebook’s terms of service, especially after Louisiana Sen. John Kennedy told Zuckerberg “your user agreement sucks.”

Generally, the things that are the most important to evident in how often we refer to them when we speak or write about them. So I found it interesting that “privacy” appears only 7 times in the 3,437-word policy. That’s .2 percent.

Beyond the dearth of information about protecting (two appearances) privacy, the policy is written at a college-graduate reading level that would take an average of 12.5 minutes to read. So it’s not a big leap to assume that most regular users would not take the time to dig into this treatise, choosing instead to just hit OK and move on to Candy Crush.

But at the same time, consider this: In the time it would take you to read the policy, stats tell us that 6.37 million comments would have been posted on Facebook, along with 1.7 million photos and 3.7 million status updates.

So, OK, we share a lot. That’s not news. But here’s an item that may surprise you – as it did the senators who grilled Zuckerberg. You are not Facebook’s customer. That vaunted place in the business schema goes to advertisers and third party partners, who access user data and build brand (eight appearances) messages.

So, if we aren’t the customer, what are we? To Facebook, we (or more precisely our likes, interests, opinions, and psychological proclivities) are the product it sells to its high-dollar advertisers, and the bait that brings in the third-party whales like Cambridge. In a very cannibalistic twist, we make ourselves easy victims, fattening ourselves up with ever-increasing consumption of posts, memes, and mindless quizzes.

The average person spends 22 percent of their Internet time on Facebook. Aggregate other Facebook-owned social media sites like Snapchat and Instagram and you will spend nearly three years of your life interacting with Facebook.

Zuckerberg’s grilling in Congress covered a lot of ground, but much focused on what senators appeared to believe was a deliberate attempt to keep users unaware of privacy policies. I’ve got to stand up for Facebook just a bit here. Nary a day goes by that I don’t see a message reminding me who sees my posts, or that I have allowed people to tag me in photos, or any one of dozens of other privacy/usage reminders.

Coupled with the ever-present onslaught of new data breaches, security vulnerabilities, and data leaks, it’s not unreasonable to think that most of us would have a passing understanding of the social media risk-benefit equation by now.

So what happens now? Fingerpointing isn’t going to cut it, regulation isn’t going to fix it. Because we are at the core of the issue. Technology has moved at breakneck speeds, feeding our expectations that it would make things easier, do more for us. Has that misperception, coupled with the onstoppable onslaught of tech innovation, perhaps outpaced our learning curve?

Does our refusal to take responsibility for our own security and privacy open the door for Big Brother? If we can’t be trusted to protect ourselves, is government regulation of social media the only answer? No, because we already have that. Facebook is living under the gun of a 2011 consent decree regarding disclosing information to third parties without consent (sound f amiliar?). If the Federal Trade Commission finds it is in violation of that agreement in this current situation they could face fines of up to a trillion dollars.

Laws requiring businesses to protect sensitive information have significant financial penalties already. And yet Experian, the credit reporting agency that lost the sensitive information of more than 145 million Americans, has suffered only a very strict tongue lashing from Congress.

The Consumer Financial Protection Bureau, under interim director and South Carolinian Mick Mulvaney, is scaling back an investigation into what happened , making it less likely there will be any serious repercussions for Experian. The company got hacked after lackadaisical practices left all your data exposed despite the fact they had been warned of the risk, then waited  weeks before disclosing the incident to the public, during which time three executives sold nearly $2 million worth of the company’s stock. There are laws against all these things, and yet they happened and will very likely go unpunished.

Federal intervention sounds meaningful, but it’s the will to enforce it that is lacking not the regulation itself.

So who is in charge of protecting our privacy? We are. And we’d best get a lot smarter about it. If we are going to play in the digital arena, we have to get our pads on.