It's time to regulate Facebook

Facebook, Google, Twitter, and every other data-sucking Web giant should be forced to reveal exactly what data they collect about us -- before it's too late

Yes, I know. That headline alone will cause anti-regulation conservatives to burst an artery and libertarians to swallow their tongues. Overall, our government does a poor job regulating technology, in large part because many of our elected representatives are still searching for the "any" key (or having their aides do it for them). But hear me out.

Last weekend Chicago-Kent College of Law professor Lori Andrews published an essay in the New York Times titled "Facebook Is Using You" -- to which any Web 2.0-savvy person would reply, "well, duh."

[ Want to cash in on your IT experiences? InfoWorld is looking for stories of an amazing or amusing IT adventure, lesson learned, or tales from the trenches. Send your story to If we publish it, we'll keep you anonymous and send you a $50 American Express gift cheque. ]

Her point, though, is worth exploring. As pressure to find new revenue streams increases on a post-IPO Facebook, it's very likely to use its treasure trove of data for more than just delivering targeted ads.

In the financial biz this is called "behavioral scoring," and it's already in wide use. Andrews gives as an example a PR pro in Atlanta named Kevin Johnson. In 2009 his American Express card limit was slashed from $10,800 to $3,800 overnight. Why? Because he shopped at a place whose other customers were deemed bad credit risks. That really is the reason Amex gave him for the change.

Johnson, who now runs a website called NewCreditRules, suspects it was because he happened to use his Amex card at a nearby Wal-Mart (yet another excellent reason to never shop at Wal-Mart).

Think this can't happen with Facebook? It already is. BetaBeat's Adrianne Jeffries wrote a great piece about how online banks are using data from customers' social media profiles to see if they qualify for loans. If your friends are deadbeats, you might not get that low-interest mortgage you're shopping for. Don't have a Facebook or Twitter account? Sorry, you can't apply.

Facebook has already been used thousands of times to catch crooks, nab cheating spouses, deny college applicants, and fire wayward employees. And that's before it has started allowing outside corporations to mine the nearly 3 billion bits of data it gathers every single day.

Imagine the following scenarios:

Clicked Like on all those "Fast and the Furious" movies? Don't be surprised when your car insurance rates go up.

Joined a Google group for cancer survivors? Oops, your health insurance just got cancelled.

Tweeting about how depressed you've been lately? Get ready for an onslaught of Zoloft ads.

There are precious few laws on the U.S. books protecting data privacy, but two of the most important ones are the Fair Credit Reporting Act (FCRA) and Fair and Accurate Credit Transactions Act (FACTA). These enable us to see what information consumer reporting agencies (CRAs) are collecting and how that data is used, and they provide the ability to correct information that's inaccurate. They also limit who credit bureaus like Experian and Equifax can sell your data to.

The story of how these laws came about is telling. Per the Electronic Privacy Information Center's history of the FCRA:

By the late 1960s, there was abuse in the [CRA] industry, including requirements that investigators fill quotas of negative information on data subjects. To do this, some investigators fabricated negative information, others included incomplete information. Additionally, the investigators were collecting "lifestyle" information on data subjects, including their sexual orientation, marital status, drinking habits, and cleanliness.

Sound familiar? Only in the case of Facebook, the "investigators" are us.

The FCRA and FACTA are hardly perfect, and consumer reporting agencies have done everything in their power over the years to weasel their way around them. But we're still better off with them than without.

So my proposal is simple: Treat Facebook, Google, Twitter, and other data-sucking Web giants the same way we treat credit bureaus and consumer reporting agencies. Force them, as the EU does, to reveal exactly what information they collect about us. Tell us who else was given that information, and give us the opportunity to limit who gets to see the goods.

The Facebooks and Googles of the world aren't going to do this voluntarily. Somebody needs to force their hand -- even if it has to be those digital dinosaurs mired inside the Beltway tar pits.

Rather than waste huge amounts of time and effort writing laws that benefit a fortunate few (like, say, the content cartel), why not create a data privacy law that benefits us all? Is that too much to ask?

Do we need data privacy laws? Cast your vote below or email me:

This article, "It's time to regulate Facebook," was originally published at Follow the crazy twists and turns of the tech industry with Robert X. Cringely's Notes from the Field blog, and subscribe to Cringely's Notes from the Underground newsletter.

Copyright © 2012 IDG Communications, Inc.

How to choose a low-code development platform