Ther recent imbroglio over internet celebrity Robert Scoble being banned from Facebook raises some long-overdue questions. It appears that Scoble used a beta version of a tool from Plaxo to extract his social graph from his Facebook account. Facebook's automated mechanisms detected a heavier-than usual pattern of access and shut off his account until he appealed. The account has since been reinstated, but not until it caused a Facebook group Facebook re-open Robert Scoble account !!!!! to gather 539 members and the TechCrunch post to generate 93 comments. While the comments contained the usual quotient of foaming-at-the mouth, several legitimate points were raised:
- Scoble clearly violated Facebook's Terms of Use, to which of course all users carefully read before they "agree" to by clicking as they sign up. "...you agree not to use the Service or the Site to...use automated scripts to collect information from or otherwise interact with the Service or the Site"
- Facebook goes to some lengths to obfuscate the email addresses on a profile by displaying them as bitmaps, which Plaxo cheerfully OCRs back into text.
- While Facebook touts its openness, is it really open if it prevents its users from taking their data with them, and whose data is it anyway?
This last point is the important one. If I display my email address on my profile, or for that matter if I give someone by business card or tell them my email address, do I have any right to control what they do with it? While I may have legal recourse if they use it so sent me spam, it's really no business of mine whether they load it into Outlook, Plaxo, or write it on the back of their hand with a Sharpie. Perhaps the fact that the process is automated may give someone pause, that is only a matter of degree.
If we were to deal forthrightly with the matter of ownership of one's social graph, it might make sense to make a distinction between the nodes and the arcs. Clearly the arcs of my social graph (who I am friends with) are my property, although one could make the case that the nodes (the information about each of my friends) should be controlled by the people described by the nodes. Ultimately this gets into the area of nondiscretionary controls, which as Ray Ozzie has pointed out, are easy to fake but almost impossible to implement.