Facebook Under Oath: You Have No Expectation of Privacy

The social media giant thinks privacy is a you problem.

Mr. Warzel is an Opinion writer at large.

Credit...Marco Garcia for The New York Times

This article is part of a limited-run newsletter. You can sign up here.

In a San Francisco courtroom a few weeks ago, Facebook’s lawyers said the quiet part out loud: Users have no reasonable expectation of privacy.

The admission came from Orin Snyder, a lawyer representing Facebook in a litigation stemming from the Cambridge Analytica scandal. In a court transcript, first surfaced by Law360 and later uploaded in full by Sam Biddle at The Intercept, Snyder and U.S. District Judge Vince Chhabria debate what has become an existential platform question: Does posting, even to a small group of friends, on social media mean that a user is forfeiting all expectation of privacy? Yes, Facebook argues:

There is no privacy interest, because by sharing with a hundred friends on a social media platform, which is an affirmative social act to publish, to disclose, to share ostensibly private information with a hundred people, you have just, under centuries of common law, under the judgment of Congress, under the SCA, negated any reasonable expectation of privacy.

The judge pushed back, suggesting that if a user had painstakingly tweaked her privacy settings so that only a tight-knit group could see her posts, it would be a privacy violation if “Facebook actually disseminated the photographs and the likes and the posts to hundreds of companies.” But Snyder didn’t budge, suggesting that sharing any information with even one human being negates an expectation of privacy.

The entire transcript is worth a read, but this rebuttal from Judge Chhabria set up what I think might be one of the most revealing exchanges with a tech company representative in recent memory:

Chhabria: You seem to be treating [privacy] as a binary thing, like either you have a full expectation of privacy or you have no expectation of privacy at all. And I don’t understand why we should think of it in that way.

Snyder: Because, Your Honor, what the plaintiffs are doing here and what Your Honor’s hypothetical suggests is a brand-new right of privacy that has never been recognized before.

A generous reading of Synder’s response is that Facebook’s hands are tied by the legal understanding of privacy. But I’d argue that Facebook is hiding behind an antiquated definition of the word. Other industry observers have noticed this recently, too. In a blog post last week, Maciej Ceglowski suggested that the reason companies like Google and Facebook have taken pro-privacy positions lately is they’re not talking about the status quo but, instead, about this outdated definition of privacy. “That language, especially as it is codified in law, is not adequate for the new reality of ubiquitous, mechanized surveillance,” Ceglowski wrote.

Ceglowski offered up a different definition, which he calls “ambient privacy.” Basically, it’s “the understanding that there is value in having our everyday interactions with one another remain outside the reach of monitoring, and that the small details of our daily lives should pass by unremembered.”

There is no such ambient privacy in Facebook’s world, as evidenced by the transcript. And for good reason. The very notion of ambient privacy is an existential threat to Big Tech’s business model. Take away that which violates the ambient privacy and what’s left is not Facebook.

Facebook and the rest of Big Tech built their empires by prioritizing innovation and embracing a mind-set that enormous, systemic challenges (“solving death,” driverless cars, bringing the world closer together) can be solved through processing power, code and a reimagining of what’s possible. It’s a mentality that treats complex physical world issues as software; everything can be updated.

And yet, Snyder and Facebook appear gobsmacked by the idea of Privacy 2.0 and creating a new definition that reflects the way the tech giants have altered its very meaning. It’s yet another example of what has become the dismal reality of Silicon Valley: They’re very excited to fix big problems, as long as they’re not problems that they created.

Do you think that posting personal content, even to a small group of friends, on social media means forfeiting all expectations of privacy? Send me your thoughts at privacynewsletter@nytimes.com. Your responses may be shared in an upcoming edition of this newsletter.

Credit...NYT archive

In the spirit of expectations of privacy, this week’s archive pick is a February 1998 editorial on a decision to put cameras in New York’s Washington Square Park. The similarities to today’s debates on surveillance are striking.

Even though there is generally no expectation of privacy in a public space, most people expect freedom from government monitoring when they eat lunch on a park bench or stroll down a street. The growing use of police video monitors in New York City may threaten the free and anonymous nature of public space …

Before Mayor Rudolph Giuliani and Police Commissioner Howard Safir expand video monitoring to cover more areas of the city, there needs to be significant public debate about the wisdom of 24-hour videotaping of lawful movement.

Sounds a bit like the arguments that led to San Francisco’s ban on facial recognition technology, no?

Chaser: This piece 10 months later, in December 1998, about more cameras infiltrating New York.

Mayor Rudolph W. Giuliani has endorsed the use of video surveillance to enhance public safety. His Police Commissioner, Howard Safir, said yesterday that such cameras had proven to be “incredibly effective,” cutting crime by 30 percent to 50 percent in public housing projects …

“You have no right to privacy in a public place,” Commissioner Safir added, and “no court order is required” to use cameras.

Makes for an interesting comparison with a 2019 Op-Ed from New York’s police commissioner arguing that facial recognition makes you safer.

[If you’re online — and, well, you are — chances are someone is using your information. We’ll tell you what you can do about it. Sign up for our limited-run newsletter.]

Today’s tip comes from our Opinion graphics director, Stuart Thompson.

In a new piece for Sunday Review, Michael Kwet of Yale Law School writes how grocery stores, sports stadiums and other brick-and-mortar venues are using small Bluetooth-powered devices called beacons to monitor where you go.

The devices work by sending out constant wireless Bluetooth signals, which get picked up by your phone’s Bluetooth receiver and can “wake up” apps on your phone — even when those apps are closed. The apps record your movements, monitoring whether you lingered by the low-fat ice cream, for example, and transmit your location to third-party companies for analysis.

How do you protect yourself from this kind of Bluetooth snooping?

For iOS users, the solution might seem simple: Slide up from the bottom of your screen and press the Bluetooth icon to turn it off. Easy, right? Except that’s not what those buttons do. In 2017, Apple clarified that instead of turning Bluetooth off, the button only disconnects existing Bluetooth devices — and only for one day. The same is true for the nearby button controlling Wi-Fi, which can also be used for tracking.

Apple gives one pop-up notice explaining how it works the first time you use the button. But afterward, you only see a small warning at the top of the screen. The Bluetooth antenna remains active on your phone, so any app with beacon technology installed could still monitor your location if you haven’t configured your phone properly.

Apple users can turn off Bluetooth entirely by going to Settings > Bluetooth and sliding the big button at the top to the “off” position. (You can turn off Apple’s own location tracking — as well as location tracking by specific apps — by toggling options in Settings > Location Services.) To turn off Bluetooth tracking entirely on Android phones, make sure you shut off both Bluetooth and Location History. But keep in mind turning these functions back on can reactivate Bluetooth tracking.

The wildest privacy piece I read last week is about how a Spanish soccer league’s app is “using their microphones and location data to listen in and find bars that were pirating streams of soccer games.”

Some of the Hong Kong protesters are “going dark” to prevent being surveilled while demonstrating. Here’s how they’re doing it.

Amazon is being sued over its Alexa recordings.

Like other media companies, The Times collects data on its visitors when they read stories like this one. For detail please see our publisher’s description of The Times’s practices and its continuing efforts to increase transparency and protections. The Times privacy policy can be found here.

Follow @privacyproject on Twitter and The New York Times Opinion Section on Facebook and Instagram.

glossary replacer