President Obama’s Facebook Friends: Web 2.0 Technologies and Privacy
posted by Danielle Citron
President Barak Obama has 6,239,925 Facebook friends. To be sure, this friendship has its privileges. FOPs can post questions on the economy and vote on others’ submissions and questions. Have we awoken to a new era of participatory democracy where Web 2.0 technologies mediate conversations between the Executive Branch (and maybe the President himself as he reportedly reads selected public mail weekly) and the interested Facebook friendly public? Do these social media technologies tap public participation in ways that e-Rulemaking proponents envisioned but to date has not? Quite possibly. But before we rush headlong into social networking political nirvana, we need to think about the privacy implications of friending (or watching You Tube videos of) the President, Senators, or your favorite Councilwoman.
When we interact with Government on private social media sites like Facebook or YouTube, have we implicitly forsaken any privacy in those communications? Does the President and his helpers get to collect personal data we post on our Facebook profiles and scurry back to agency information systems for processing, say data mining programs looking for threats to critical infrastructure or data matching programs looking for dead beat dads? On the one hand, we gave up that information voluntarily: if we set our privacy settings on Facebook accordingly, we know that what we tell our friends is “out of the bag” so to speak. On the other hand, do we really expect that the President, as my friend, is going to take my data and use it for purposes other than what his Facebook page promotes: conversations with the President about public policy, not whether we pay child support or engage in antisocial activities?
I will be writing a follow up post on the legal issues raised here in a few weeks. Notably, the E-Government Act of 2002 requires federal agencies to conduct privacy impact assessments when developing systems that collect, store, or disseminate personally identifiable information. PIAs must evaluat potential threats to privacy, identify risk mitigation measures, and articulate the rationale for final design choice of the system. Now, the E-Government Act may be applicable if we consider the Facebook site a “system” within the meaning of the Act. That may be far fetched but worth thinking about perhaps. And the Privacy Act of 1974 may be relevant too, at least in a more straight forward way than the E-Government Act of 2002. What do you think?