Jacob Kramer-Duffield thinks

There was naturally a lot written about Facebook’s über-creepy Beacon application when it launched last week; now thanks to user pushback there’s political movement there as well.

This pushback is good, and I think that Facebook is making a massive mistake here, trashing the trust and goodwill that had previously existed [PDF] as compared to other SNSes. Any over-specified predictions are of little value, but I think that the reaction from Zuckerberg et al. will probably follow a pattern begun with the News Feeds: some increased user controls that ultimately do little or nothing to change the overall substance of the program.

While the implementation and roll-out (surprise! we’re watching! everything!) leaves a lot to be desired, it’s not difficult to understand Facebook’s motivations here. They’re a company with a brand-new and highly lucrative partnership with one of the world’s most powerful corporations based on a huge growth rate that at some level they must know is unsustainable. Their most valuable asset is user data – the information that their users have exchanged as payment for the Facebook service. Trading with other actors in the same market (user data acquisition – the only market that really matters online), be they providers of movie tickets, consumer electronics or what have you – is a perfectly reasonable thing for everyone involved.

Well, except for users. But they’re not involved – and that’s really the issue here.

For any number of services – anything from Facebook to gMail to a bank or credit card account – users click through and sign at the dotted every day without reading or understanding and “agree” to Terms of Service (ToS) and End User License Agreements (EULAs) that tend to grant total freedom to the corporation to share or sell user data, and indeed to change the ToS or EULA without notice. Even if a user were to object to specific items in a ToS or EULA, the only option they have is to opt out entirely – not to have a Facebook, e-mail or bank account.

This is a serious imbalance of power in the market for personal information – pretty much a total imbalance of power, actually. Users have none, and corporations have all – indeed, even if you delete your account, do you think you get your payment (your personal information) back?

Maybe this and other miscalculations (and the normal life-cycle of online enterprises) will sink Facebook, in the end, but without a very broad demand – enforced by action, with users not signing up for or leaving services where personal information is not adequately protected – there’s little reason to believe that the next Facebook/MySpace/Friendster will be any better. And even if they are – Citibank/Amazon/Google will still have that data, and be willing to share for the right price. The market’s not going to solve this one, because it has no interest in solving it to users’ benefit.

And so what’s needed in our shiny new information economy is that boring old process that’s still the only way to move markets away from their natural tendencies toward static monopoly – regulation. Techno-libertarians might not like it, but the simple fact of the matter is that markets need rules to function properly, and “AGREE: YES/NO” is not a sufficient basis to rationalize the market in personal information. What’s needed instead is a transparent, comprehensive legislative process that examines all transactions where contracts, ToS, EULAs, etc. are under-specified (see also the predatory sub-prime lending fiasco), identifies problem areas and structural imbalances, and proposes and implements sustainable systems for users to protect their rights and personal information. Whether we can get that kind of process out of this or any other Congress or administration is another question – but that’s the only way this is going to happen.

Yup, democracy – the worst kind of guvmint ‘cept for all the others.