On Facebook’s 10th Anniversary, many people posted short videos taken from their “life” on Facebook.  These included pictures, likes, favorites, etc. from their tenure as Facebook products – um, customers.  It made me realize how much information, and indeed how much trivial but potentially important information is stored on Facebook, and searchable (or subpoenable) about people.  And this is just the information that is publicly disclosed.

It goes without saying that anything voluntarily posted on a social networking site like Facebook should be presumed to be, if not public, at least semi public.  That’s not really the problem.  The problem is that the posting simply doesn’t die.  In fact, that’s a privacy and security problem for almost all data.  E-mail, web traffic, texts and messages, log data, third party data, everything digital.  And this “data persistence” is inconsistent with the most rudimentary concepts of privacy and threatens data security.

And what’s worse, rather than addressing the problem, we are making it worse – and threatening to mandate data retention rather than data deletion.

Pawing through my Facebook timeline, I found hundreds of postings I made over the years which I intended to be distributed to, and available to my friends and others.  No problem there.

The problem is that I never really intended for them to be available to my friends and others years (and possibly decades) later.  Many of these postings are comments that are incomprehensible when removed from the temporal context in which they were made.

A comment, “nice play!” means nothing six years after the game in which it was posted.  So there are literally thousands of these kind of innocuous breadcrumbs left in the digital detritus.  But as an aggregate, they can give a picture of me to marketers, and may present yet unknown risks to me.

First, they reveal a pattern of travel, habit, and interests.  If a person claims to live in Florida more than 50% of the year for tax or in-state college tuition purposes, a social networking (or geotagging in photos) data retention may reveal too many occasions when the person is out of state.

This data trail may also belie travel and entertainment deductions (Mark checked in at the Wizards game with his two kids, and not that “business partner” he deducted from his taxes).   In some cases this can be helpful to detect and prevent fraud or deceit.  In other cases, it can reveal an honest mis-recollection.  Your Facebook timeline remembers what you did, thought, and said better than you do.  That’s why it is so often subpoenaed in civil and criminal litigation.

A data subject should be effectively able to control not only the type, amount, and use of data collected about them, but also how that data is distributed, stored, protected and how long it is kept (and by whom).

Retention

One problem for privacy and security is that data, once created, is rarely purged.  And if not purged, it is at risk of loss, theft, misuse, or even worse – mining and other use.  Companies are increasingly realizing that data collected years ago has potential economic value, and are analyzing and selling the data without the knowledge of the data subjects.

Governments are exacerbating these problems by passing laws and regulations mandating that all kinds of data be retained – not only by companies themselves (e.g., tax records kept for seven years) but also by third parties whose creation of data was intended to be ephemeral.

When I send a package to someone else by FedEx, I know a record of that transaction is created and maintained by FedEx.  In fact, I WANT such a record to be created so I can track the package.  After the package is delivered, is there any utility TO ME in FedEx keeping that record?

Sure, they may want to analyze traffic patterns to decide whether to add planes on certain routes.  But they maintain records of every package I have sent and received, from whom I have sent or received it, who signed for it and when, and an electronic record of the signature for, as far as I can tell, forever.  The same may be true for all kinds of “transactional” records, when there is no need to keep the record after the transaction is completed.

Your credit card issuer likely has a record of every purchase you have ever made.  Ever.  Your ISP a record of every email and text.  Ever.  Your phone company a record of every call made or received.  Your broker of every trade.  Mailman may have a record of every piece of junk mail ever sent and received by you.  The traffic camera may keep records of movements of every car.

It’s not just about collection.  It’s about retention.

Even when companies want to purge data (and it costs money to purge data) governments may either require retention, or worse (as in the case of the NSA) may require production to the government so THEY can retain them.

We need to break this cycle.

Data should be retained for as long as there is a business need for the data.  Transactional records should be retained for as long as needed to validate the transaction.  The data subject should have much more granular control over how long his or her records are kept.

Which brings me back to Facebook.  Facebook’s privacy policies and procedures are a disaster.  To delete unneeded posting would take the better part of a week.  There is no way to delete all postings, likes, photos, etc., or all such things older than 90 days, or all except those sent to specified persons or groups.    This is because Facebook WANTS your data.  And Facebook wants to make it hard to remove your data.

To delete data, you must log on to your page and your profile, (one click) look at your posting, expand it, (two click) click a drop down menu and click delete (three click) and then confirm that you want to delete it (four click).  And you must do that for each and every posting separately.  Even if, on average you post only two postings a day, this is over 2,100 mouse clicks just to remove one year’s worth of postings.  (365 x 2 x 3 clicks – being generous to Facebook).  Like I said, they really don’t want you do to this.  They want your data.

Now its not that my postings about a Yankees – Indians game seven years ago are incriminating.  It’s just that they aren’t relevant anymore.  And I don’t want them or need them to be public.  “It seemed like a good idea at the time” but not anymore.

Make it easier for people to erase their past.  Just do it.  Now let me post this online…

Leave a Reply