Privacy Technical The Sky Is Falling

Technical rebuttal of Mark Zuckerberg’s rebuttal to Facebook TOS change

There is no spoon
Damage Control

Mark Zuckerberg defended the recent change to Facebook’s TOS in a blog post recently. As much as I appreciate any response from Facebook regarding their lecherous move, his rebuttal has no merit whatsoever. As a co-founder of my own startup in the 90s (unfortunately, never anything close to the scale of the 500-lb gorilla that is Facebook), this post is simply damage control.

Let’s break it down:

“When a person shares information on Facebook, they first need to grant Facebook a license to use that information so that we can show it to the other people they’ve asked us to share it with. Without this license, we couldn’t help people share that information.”

Not necessarily. You could have a terms-of-service which states:

  • You, the user, promise to upload content and information for which you have a license or are owner of
  • You grant a license to any other user who is connected to the Facebook network to copy, disseminate, download (and the 42 legal synonyms) your content
  • Upon cancellation of  your account, we will take reasonable means to remove your licensed information from our site and from your friends pages, but …
  • Ultimately, we are not liable for others accessing or disseminating your content

You get the point. From a legal perspective, they could simply say they are an intermediary, like the cell phone company which transmits my text messages to all my friends. They phone company doesn’t own the text message; I do. My friends get a copy and can copy it again if they want, but I retain original ownership.

Another good example is online mail programs. People send images, videos to their email lists… not so different than Facebook. The other 500-lb gorilla out there doesn’t own your email messages in perpetuity either. They have language which says they will delete things immediately, but backups etc. may take up to 60 days to delete. As well, they don’t have rights to your content either.

“One of the questions about our new terms of use is whether Facebook can use this information forever. When a person shares something like a message with a friend, two copies of that information are created—one in the person’s sent messages box and the other in their friend’s inbox. Even if the person deactivates their account, their friend still has a copy of that message.”

From a layman’s perspective, this is true, however from a technical perspective, it is not. Facebook connects information between people within their database, using hard links to “objects.” Copies of information flying around are still linked back to the originating source (you, and your profile.) Saying there’s a copy somewhere is an oversimplification of it, and all in all, it does not prevent Facebook from deleting your data and your copies of data when you leave.

There is absolutely no reason why they can’t delete your information when you leave. So, in your friend’s in box where it says, “From Kent Davidson”, they don’t know that message is from me? They can’t delete it? Absolutely not true at all.

“In reality, we wouldn’t share your information in a way you wouldn’t want…”

Unfortunately, Mark, saying you wouldn’t share it doesn’t mean anything legally. As well, it means nothing. How do you know how I want you to share my information anyway?

Historically, every example of sites which become “huge” like Facebook ultimately become beholden to their bottom line, which means selling out their users in one way or another.

“A lot of the language in our terms is overly formal and protective of the rights we need to provide this service to you.”

At a multi-billion dollar valuation, you’d think Facebook would be able to hire some lawyers who could come up with less formal language which didn’t piss off privacy advocates out there. I think they can CYA without owning all user content on their site in perpetuity.

“There is no system today that enables me to share my email address with you and then simultaneously lets me control who you share it with and also lets you control what services you share it with.”

I’m going to say not true. There are methods by which you can share your email address with someone and then retain control if they decide to abuse that right.

The simple P.O. Box is one, for example, where you can get a new P.O. Box if your friends start sending you junk mail. Likewise, email addresses can be changed as well, and most email programs allow me to set up a “filter” which lets an email address receive email from a select list of people.

Because all roads lead back to, you have no control over your information there at all.

However, Facebook chooses to own your information, to hold onto your information forever, and they “won’t share your information in a way you wouldn’t want.”

That doesn’t mean they use it in the way you want either.

I am going to stick with the tenet that if you care about privacy, you have to pay for online services to protect it. There’s really no other way.

Update: Nice post by Amanda French about how Facebook compares among 500-lb gorillas.
Update: Also, the LA Times makes very similar points to my points above.
Researched ownership and what Facebook TOS means about your ownership.
Great legal opinion about changing the Terms of Service behind your back.

25 replies on “Technical rebuttal of Mark Zuckerberg’s rebuttal to Facebook TOS change”

I think Facebook’s lawyers might need a bit more experience or something similar. By claiming that they “own” your material immediately when you upload it, makes Facebook–as well as the uploader–liable for that content.

Say I post something that gives away US state security secrets, according to the TOS the parties involved can pursue Facebook as well as the individual because Facebook has taken ownership of that data as well. For something like a libel case, this is a gold mine for an attorney.

The content should always remain in ownership of the content originator, and Facebook would be weary of leaving it that way in order to CYA.

Brilliant and very lucid as well as funny. It’s obvious that the text of “Sugarhill” is complete BS, but I wouldn’t have been able to state my feelings in such a nice way.

thanks a lot!

I think we’re getting lost here. We need to think about what you just said FB is fully within their rights to say: “Ultimately, we are not liable for others accessing or disseminating your content.” But, what does that mean?

In legal terms, that translates to: “You hereby grant Facebook an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to (a) use, copy, publish, stream, store, retain, publicly perform or display, transmit, scan, reformat, modify, edit, frame, translate, excerpt, adapt, create derivative works and distribute (through multiple tiers), any User Content you (i) Post on or in connection with the Facebook Service or the promotion thereof subject only to your privacy settings or (ii) enable a user to Post, including by offering a Share Link on your website and (b) to use your name, likeness and image for any purpose, including commercial or advertising, each of (a) and (b) on or in connection with the Facebook Service or the promotion thereof.”

A license is nothing more in the end than a promise that the licensor won’t sue the licensee for doing things the licensor might have otherwise sued the licensee for doing.

Thus, the two statements are functionally identical. But, one hides the ball while the other lays the consequences out. If I were FB, I’d be plenty comfortable that I could do everything the world is accusing them of wanting to do if I had the statement posed in the entry. But, as a consumer, I’d much rather be fully informed by the longer statement. Regardless, the two statements are identical in consequence — They are both licenses to do the same thing.

I can’t agree with your explanation of Facebook’s ability to delete a sent message after the originator left the site. I think it depends on how they implemented, which I am not familiar with.

I run a membership site and, for better or for worse, store only one message copy for both sender and the recipient. If sender deletes the message, it is just flagged for the sender as deleted, but it still exists, since recipient needs to see it, until she deletes it.

If the sender leaves the site, I do delete the message, but only as a measure of spam control, which means if someone gets thrown out, their messages go with them.

Just my 0.02

@Who Cares: Yes, you are technically correct. I think for “text messages” such as this, it makes the most sense, especially for distributed systems, or (in your case) when you do not want a message copy deleted upon account termination.

However, for “images”, “video”, and “audio”, this is likely not the case on Facebook, as replicating them everywhere would be a data explosion and makes no sense at all.

Finally, the point I’m trying to make is that it is possible, not that it occurs. Assuming that information you send to friends and others contains your ID, it is both possible (and reasonable) for Facebook to clean out your old data within a reasonable amount of time.

Thanks for your thoughts.

Couldn’t have been worded any better. Thank you for an EXCELLENT post. Well said, I hope well heeded by other Facebook users.

Someone told me that a recent ruling states that you have the right to retrieve your content back from Facebook (you own it, not them); is this true, and if so, how does one do this?

@Aris: Thanks for the comment. If you know of the specific ruling, post it here and I’ll add it to the article.

Facebook does have the ability to delete your content, but apparently they are going to make you delete all content in your account, one by one.

Thank you for this opinion!
Even though they claim to have changed the policy and the procedure about deleting the accounts, it is still a pain doing it. Moreover, creating a new account from a machine (most probably due to the same IP) which was used for logging with another one resulted in… copying information from the unlogged account to the just created one. This happened today (07/21/2009)!
Not only causes this a bad taste in my mouth, it made information of the one user accessible to another, completely different person! And this is not compatible to what Zuckerberg claims!
Am I paranoid or Facebook went too far?
It is like Skype: I don’t wanna use it but there are so many people infected that it is difficult to stay away.
Is there any alternative you guys use?

@betso: The security implications of assuming an IP address is the same person is dicey, at best. In fact, public computer terminals at colleges are a simple example where your personal information could be easily compromised if this is, in fact, how they are doing it.

You’re not paranoid, every company, large or small, when given power like this, goes to far.

There’s the saying by John Emerich Edward Dalberg Acton, “Power tends to corrupt, and absolute power corrupts absolutely. Great men are almost always bad men.”

The same applies to companies, of course.

Unfortunately, like Skype, eBay, and Facebook, the “Network Effect” of having so many people on a single platform doesn’t makes it very enticing to go elsewhere.

Personally, my own reaction is to play dead. I don’t post much on Facebook, and I use it less and less. It’s a nice way to keep in touch with people you probably wouldn’t keep in touch with anyway, and in general any communication that starts with Facebook I take off of Facebook as fast as I can to take them out of the loop.

Finally, I post personal content in places where I can control it. Start a blog by paying a host a paltry $5 a month and you get tons of disk, free software, and you can post your pictures to your hearts content. If your friends want to see what you’re up to, they can visit your site.

Maybe an open-source, free, self-hosted social networking solution is what we need.

Epic Fail on Markie Mark’s part.FastBoof is proving a terrible place to be and I am getting off the site fully within the next 12 hours. I own my property and always will. I am a photographer and have over 200 photos loaded there. They will be gone through one by one and “Disappeared.” Then i ditch my 336 “friends” and find another way to get in touch with them, such as the “Old-Fashioned” way of EMAIL, where you still own your property.

Comments are closed.