August 30, 2016

avatar

Facebook and the Campus Cops

An interesting mini-controversy developed at Princeton last week over the use of the Facebook.com web site by Princeton’s Public Safety officers (i.e., the campus police).

If you’re not familiar with Facebook, you must not be spending much time on a college campus. Facebook is a sort of social networking site for college students, faculty and staff (but mostly students). You can set up a home page with your picture and other information about you. You can make links to your friends’ pages, by mutual consent. You can post photos on your page. You can post comments on your friends’ pages. You can form groups based on some shared interest, and people can join the groups.

The controversy started with a story in the Daily Princetonian revealing that Public Safety had used Facebook in two investigations. In one case, a student’s friend posted a photo of the student that was taken during a party in the student’s room. The photo reportedly showed the student hosting a dorm-room party where alcohol was served, which is a violation of campus rules. In another case, there was a group of students who liked to climb up the sides of buildings on campus. They had set up a building-climbers’ group on Facebook, and Public Safety reportedly used the group to identify the group’s members, so as to have Serious Discussions with them.

Some students reacted with outrage, seeing this as an invasion of privacy and an unfair tactic by Public Safety. I find this reaction really interesting.

Students who stop to think about how Facebook works will realize that it’s not very private. Anybody with a princeton.edu email address can get an account on the Princeton Facebook site and view pages. That’s a large group, including current students, alumni, faculty, and staff. (Public Safety officers are staff members.)

And yet students seem to think of Facebook as somehow private, and they continue to post lots of private information on the site. A few weeks ago, I surfed around the site at random. Within two or three minutes I spotted Student A’s page saying, in a matter of fact way, that Student A had recently slept with Student B. Student B’s page confirmed this event, and described what it was like. Look around on the site and you’ll see many descriptions of private activities, indiscretions, and rule-breaking.

I have to admit that I find this pretty hard to understand. Regular readers of this blog know that I reveal almost nothing about my personal life. If you have read carefully over the last three and a half years, you have learned that I live in the Princeton area, am married, and have at least one child (of unspecified age(s)). Not exactly tabloid material. Some bloggers say more – a lot more – but I am more comfortable this way. Anyway, if I did write about my personal life, I would expect that everybody in the world would find out what I wrote, assuming they cared.

It’s easy to see why Public Safety might be interested in reading Facebook, and why students might want to keep Public Safety away. In the end, Public Safety stated that it would not hunt around randomly on Facebook, but it would continue to use Facebook as a tool in specific investigations. Many people consider this a reasonable compromise. It feels right to me, though I can’t quite articulate why.

Expect this to become an issue on other campuses too.

Comments

  1. avatar the zapkitty says:

    The old dichotomy. The seeming privacy of a select group and your own PC… and the reality of no privacy at all.

    As you’re undoubtedly aware it’s not just limited to the young ones :)

    People tend to start with an assumption of privacy in regards to a specific service where no such privacy has been guaranteed by the provider of the service.

    The interesting legal question is always: when, where, and concerning what level of intrusion were such assumptions of privacy actually warranted?

  2. avatar davestein (alius) says:

    This a fabulous Blog, so after months of reading, I am ready to write.

    What if, for example, I write a screenplay that takes at college, and coincidentally a character shares the same name as a current student at that university. Should he be prosecuted? If so, what if the line of reality is blurred even further and a character’s name is my name. Some of the events in my story even seem very similar to events that really happened. Some of the events have been tweaked, because I know that a story worth selling must be pretty spectacular, and a spectacular story is usually an exaggerated and/or totally fictional story.

    But my life hasn’t been spectacular enough to, on its own, be made into the Hollywood production I would like. So I start to exaggerate and even make up entire events, which is plausible considering my aspirations.

    I am a senior now (and somewhat tech/internet savvy), so from the first day that facebook came to existence, I understood the possible consequences of my posting private information. But, and I’m generalizing here, most freshman and sophomores have not had the life experience to understand some of these things. (Don’t get me wrong, there are plenty of seniors who are just as bad as the younger students).

    What if I am an immature freshman, insecure with myself, and so I post fake pictures of fake alcohol bottles, and fake liquor. Clearly, odds are the pictures are real. But can that be proven?

    The problem is that using these social networks for purposes of police investigation is a very slippery slope.

    When I write a work of fiction, sometimes some really terrible things happen in the world that I create, some of which are illegal. But that does not mean that I am engaging in any of these activities in my real life.

    I don’t see much difference between facebook and a screenplay or short story.

    I go to Emory University, and a few months ago an R.A. was looking at facebook, and he saw pictures of people in his dorm drinking and what not. I have not followed this case, but the ResLife stated intentions of punishing these students.

    If you’re gonna punish someone for things on facebook, then why not start looking into all artistic work. Why not prosecute David Chase, since in his show murder is commonplace.

    Instead, please, let’s just go back to the old way—you wan to crack down on drinking? Start catching people while they are in the act of drinking/smoking etc., then punish accordingly. Pictures are just not good enough, and this new wave is chilling to the First Amendment.

  3. avatar Ima Fish says:

    “Many people consider this a reasonable compromise. It feels right to me, though I can’t quite articulate why.”

    I seems like a completely unreasonable compromise to me. Why would safety agree to this? It must have been a political decision imposed by the university. How is posting materials in full view of safety be considered private?!

  4. It has to do with a deep cognitive mismatch between how people actually think about what’s public and private in their day-to-day interactions, and what they can handle, and the reality of it.

    The amount of punditry on this point has devastated whole forests, but it’s basically simple: People get their social cues in ways which don’t always match with what’s really happening, in fact may be optimized to give a social impression which is false.

    Simple example – some people don’t handle live TV well at all. You can tell them, THIS IS ON LIVE TV AND MILLIONS OF VIEWERS WILL SEE IT, DO YOU UNDERSTAND?! And they may *say* yes. But they’re in a studio with just a few people, who are doing their best to manufacture the impression this is a personal and intimate setting, so the interviewee thinks he or she is in such a setting, and may act like it. They wouldn’t do that if they were on a stage in front of a few dozen people. But since they don’t *see* the big audience, it doesn’t register to them the social interaction.

    With Facebook or blogs, the only people likely to be “visible”, in the sense of responding, are a small set of friends. So it’s real easy to fall into a cognitive trap that it’s small-circle-of-friends sort of situation. It isn’t. But it look that way, until the person finds out differently.

    This is also one of my main dissatisfactions with blogging, and why I think it may in fact have been ultimately detrimental for me to have a blog, and to continue. There’s a very great amount of blog marketing about “conversation”, which conjures up ideas of intimacy and equality, which are in fact extremely false. But when someone is hurt from that over-sell, in the grand tradition of marketing, the evangelists blame the person who is hurt for supposedly not realizing the sale-pitch didn’t mean what seemed to be promised.

    I suggest you shouldn’t think of this problem as, paraphrased, stupid students who don’t realize they have a microphone and cameras attached to them. Rather, understand it’s very hard to conduct oneself all the time for the worst case of having a microphone and cameras attached (even professional politicians mess up here!), especially when almost nobody is looking *most* of the time, and there’s a lot lot of marketing to get you to attach and use this microphone and camera because it’s a big business of those who sell it.

  5. When I contacted canlii.org, who post Canadian court decisions online, about possibly setting up a suite of RSS feeds for their site, I was told:

    “We are forbiding the automated access to the decision listing pages for privacy concerns, and because of that we cannot allow you to set up a RSS feed for CanLII on your own.”

    These are public documents; CanLII themselves are making them freely available to the public, and they already are freely available through other channels too; but they think that “privacy” is a reason to forbid automated access. Whether CanLII are right or wrong (I happen to think they are wrong), it seems to be widely believed that there’s a difference between one-at-a-time access by a human who has a direct personal stake in the information (like your friends visiting your Facebook profile), and larger-scale, systematic, impersonal, and/or automated access – such as by Princeton Public Safety. That belief seems to be what’s behind the Facebook thing. It’s also clearly visible in the many dramas people have over Livejournal – the “I meant that for the public, but not really” thing.

    In related news, I was quite annoyed to discover that SEDAR (the public database of Canadian securities disclosure documents) now demands that you answer anti-robot questions, and agree to a long and unreasonable set of terms that includes not using the materials for business purposes (what the Hell other purpose could one have for reading securities disclosure documents?) for every document retrieved.

  6. This is a brilliant post and I hope I can add to the discussion.

    I can say that this isn’t a new issue. In my time in college as an undergrad and as a Resident Assistant at the large University I went to, I remember the rise of several websites that were designed as social portals for students at the school, complete with image galleries, forums, textbook buying services, and even an e-bay like trading service.

    There were several of these sites, most of which are now shut down, and I remember telling my residents that while the sites were incredibly popular (and one of them was actually shut down by the University-they called copyright violation because the school mascot was in the URL, and the school claimed the rights to that) and they were more than happy to accept photos of partying students doing all manner of things, that those photos, because they were public, could be used against them. Some of them didn’t listen to me, and while there were no cases of students getting in trouble for hosting parties with alcohol or for flashing the camera (as many of them want to do) perhaps one of the biggest things that the campus police wanted to crack down on was the rioting that the students would get into every time they lost a basketball game to their specific rival. Or when they won, whatever-if our school played that other school, a roit was almost sure to ensue.

    So when the rioting happened and people took photos of the masses of drunken and/or stupid students ripping up the goalposts from the football field, setting fires, breaking car windows, smashing store windows, and marching down to fraternity row where said goalpost was added to the bonfire, campus police would sit back, make sure no one really hurt themselves, and in the following days, wait for the photos to pop up, identify the students, and question them about their activities. Suspensions, citations, and expulsions would follow.

    All in all, it’s puzzling that the students were so outraged at being caught by the camera-they claimed it was a violation of privacy, they claimed that the police “shouldn’t be able to” do that (that being read the same forums and view the same galleries the students did, apparently), and they complained to no end.

    I’ve since graduated, and the same behavior still goes on and some of those sites still exist, but I can only wonder why people think it’s acceptable to break the rules, get their picture taken, post it on the internet, and somehow think that there’s a difference between being caught by a passerby’s camera and caught by a police officer’s camera, or that the realm of the internet is somehow a blanket of safety that makes all legal issues suddenly murky and protective in their favor, when it really really doesn’t.

    I definitely agree that this is going to continue to be an issue, in several different forms.

  7. I completely agree. Publish it on the internet, expect it’ll get found. For what it’s worth, I’m a keen user of flickr and look hard enough they’re are plenty of pictures of me, by me and others on there, my skiing trip over new years, company christmas bash, friends’ birthday parties among other things.

    Although this does raise a question, which due to my lack of knowledge in the law, particularly in the United States, I cannot answer. Does a party constitute a private event? If so, did the person who took the photograph have the right to take the photo in the first place? Furthermore did they have the right to publish the photograph, making no assumptions about the two being the same person. Furthermore, if you flat out denied the picture was of you or your dorm room, what are campus rules about lying and proof?

    For what it’s worth, flickr allows three levels of privacy, public, friends and family (or perhaps a four, friends & family). Although I’ve never marked any as anything other than public.

  8. Is it September again?

    It seems as if every new social network (and every new cohort coming into existing ones) leads to a new version of the same lesson: if you say/write/upload it, someone you hadn’t thought of will find out. Facebook is a particularly interesting example because a feature that makes it seem private — requiring an email address from a particular campus — actually improves the signal-to-noise ratio for folks like campus police. (In the dark ages, Usenet posting software would warn you that your message was going out to thousands of machines; I wonder what a similar warning would look like now.) The first reports I know of people ostensibly losing jobs for things they said on the net come from ’91 or ’92.

    The range of responses here is fascinating — all the way from “how dare anyone assume these diary entries and phtographs are anything but entirely fictional” to “what wimps the administration is not to have people combing entries 24/7 for evidence of wrongdoing”. I’m probably somewhere in the middle with Ed Felten — on the one hand this stuff is posted in public, but on the other, investigative officers don’t make it their business to listen to/look at everythings that’s audible or visible in public places.

    I was also interested by Matthew Skala’s post, because it points at the very real tension between making public information available on the net and losing complete control of its use for data mining. The current “security by damnable inconvenience approach” doesn’t really seem to be serving anybody, but it doesn’t seem as if anyone has given serious thought — or at least implementation — what portions of public records need to be really public, and which need to be mostly private. (From some early CFP I remember a Cook County clerk of the court talking about their new automated records search system, and how one of the first searches the probate court got was for all wills admitted to probate in the last year where the value of the estate exceeded $250,000 and the principle legatee was a woman over 65…)

  9. Old guard: privacy means usually being able to get away with popular misdemeanours that would be punished if you bragged about it publicly.

    Neophytes: Why are we being persecuted for activities no more depraved than those our parents engaged in – simply because it’s easier to read our diaries?

    This is another new phenomenon akin to file-sharing, i.e. personal information sharing. Just because it’s easier to find out what people are up to doesn’t necessarily justify more efficacious policing.

    The fact that an older generation have jealously guarded their privacy doesn’t necessarily indict a younger generation who do not.

    Orwell may have got it wrong. It’s not that big brother is watching you, it’s that little sister is showing you – everything.

    We remain human. There’s no reason to believe greater transparency portends social collapse.

    You can’t force privacy on people if they don’t need it or want it. Just don’t punish the children simply because no-one told them that they were naked.

  10. It’s a good thing the campus safety officers never had time to read student yearbooks for “incriminating photos” in the old days, Ed, since I recall you (and everyone else in our class) hanging off the side of a campus building once for a photograph.

  11. Do the words “natural selection” mean anything to anyone?

    My biggest concern is what about when the police/public safety find a picture out of context that suggests something that didn’t really happen as it appears to happen in the picture. This means those fake beer bottles Davestein was talking about, pictures of a guy holding two bottles of everclear as a joke that never actually drank it, and photoshopped pictures.

    Possibly misleading photos may deliver a false impression to viewers, but they should never be the basis of proving a crime.

    And Kirk, all content is copyright on the moment of creation. The photographer owns those pictures. Adding a copyright would make no difference.

  12. avatar the zapkitty says:

    Richard Says:

    ” It’s a good thing the campus safety officers never had time to read student yearbooks for “incriminating photos” in the old days, Ed,”

    But the yearbooks aren’t online for easy access by the campus safety officers… or are they…?

  13. Given the number of lawyers and people-with-money-for-lawyers in the population of Princeton parents, I’d think it’s pretty much foregone that no picture posted on any internet site would be used in evidence for disciplinary proceedings. But it sure does establish a strong suspicion.

  14. This is an issue at Penn State University as well. In the fall of 2005, the Penn State University Police used the Facebook to identify students who rushed the field after the October 8th Ohio State game. Students aren’t exactly making this difficult; there are even groups with names like “I rushed the field after the OSU game (and lived!).” In some cases, they also checked students’ Webshots account for photographs.

    More recently, at the Southwestern University School of Law (where I am currently a student), an associate dean has made remarks that imply that he has seen the Myspace accounts of some of his students and was displeased with the contents of one or more of those profiles.

  15. See also the story of a ‘beer party’ bust, by way of Facebook, at George Washington University …

  16. There is a list of events comprising this “Facebook-policing” phenomenon at Wikipedia. I have a feeling that the increased negative exposure of both Facebook and MySpace will cause this list to grow.

  17. Heres what I do: I have two seperate web sites. One has the ‘real’ my name, where I live, even my cell phone. This one I am careful to show myself as a responsible person. No stories about drinking and sex and the likes. This site I can show to anyone. I also have a facebook associated with this ‘real’ me.

    Then I’ve got brickballs. Thats the ‘other’ me, the me that I can pull shit as. Brickballs doesnt exist in real life. There are no pictures of brickballs online anywhere so as to identify him with my real name. (I use a picture of an upsidedown rubber duck that I bought off some stock photography website.) About half of my friends know, my parents know, but thats about it. I am very careful to not reveal any real details as brickballs, much like the author of this site.

    I ran a web proxy at my school for about 8 months w/out getting caught because of this caefulness. I herad other students talking about me and not realizing I went to school with them, let alone that I was standing right near them. That was prety cool, actualy.

    Now I know that there are some downsides to this approace, namely the no photos part. Also, friends finding me through facebook won’t ever get to the fun me unless i show them. But I am ok with that.

  18. There are two failures here, neither of which was Public Safety’s.
    The first failure is of the students, who are clearly trusting the Face Book. The Face Book privacy policy is written in the most polite terms (“we may choose..”) but it is terrible nonetheless.
    Public safety has a responsibility to pay attention. I am an opponent of the alcohol and drug hysteria that the nation has embracedin the past decades. I suppose it is the Really Long Wat. But consider if the situation were actually dangerous. For example, imagine if this suicidal student had had a FaceBook account:
    http://chronicle.com/colloquy/98/suicide/background.htm
    What if a student is doing something inarguably self-destructive, e.g., cutting themselves, talking about suicide, experimenting with inhalants. What if a student posts threats to another student? If there is public information that the student is in a dangerous situation should the School intervene? What if the School doesn’t? (drum roll please) Is the School liable?
    A university is not a business. I would oppose any business use on moral grounds, but expect it in practical terms. But the issue with the University is a little more complicated because the University has a moral responsibility to protect its students. The question of under what conditions the University should look at public information has not been settled. Princeton doesn’t want to lose the test case.
    The second failure is of computer scientists – you. Scientists have failed to created highly usable mechanisms for sharing information in closed networks. The students can share stuff over facebook, email it, or not share it. These are the readily available and usable options. What service have you designed or offered that would enable a small naive group to share information in a secure way using out-of-band authentication? What we are saying to the students is that they should choose NOT to use technology because there are privacy risks. We might was well tell them to cease being young and risk-seeking. The people who read this blog have the skills to do is to remove that false choice between communication and seclusion. In this case, I think the real problem is not so much technical as economic. There is no fiscal support for allowing people to share their own content in a secure and private manner. Funding for DRM, otoh, seems all too common.

    Thanks for reading.
    -Jean

  19. *cough*freenet*cough*

  20. Ed,

    It is right to be concerned about students who post, probably naively, about his and her sexcapades. But there is another concern: how does sharing this material affect how the students think about what’s popular and their behavior?

    I think intervention is not only acceptable, but probably necessary. We don’t want a race to the bottom for our kids and society.

    If I’m beginning to sound like a parent, it’s because I am.

    – Mike

  21. avatar Sojourner says:

    It’s always so much fun when people misunderstand the term “privacy.” Don’t call something private unless it is a matter that doesn’t leave your head, your mouth, or your home.

  22. Actually, you’re beginning to sound like a prudish member of the religious right. How exactly does what consenting adults choose to do with each other going to destroy society, or bother you? Of course you may wish to avoid such things yourself, and that is your right. Of course you may wish to educate your offspring on safe sex and the like to reduce the likelihood of a tragic outcome, and more generally on safety and being careful with their physical and emotional health. And, once they get old enough, they will inevitably become more independent and reserve the right to make (and hopefully learn from) their own mistakes. Ultimately it will become their choice. Unless moralizing puritans drag down our society so that it is no longer a free society where different people can try different approaches to life and what fluorishes is what works well for people rather than what some minority dictates…now we wouldn’t want that, would we?

    It’s time that you, campus security guards, police, politicians, and priests started focusing on policing what really harms people: violent crime and (physical) property crime, fraud, computer intrusion, and fiscal evildoing by e.g. Enron CEOs. When granny’s pension fund is wiped out, or when granny is beaten and mugged, then we have a problem; when granny smokes a little weed or a 19-year-old lesbian has consensual kinky sex, nobody has a problem unless they choose to consider it a problem.

  23. I think it’s interesting that no one has brought up the fact that Facebook DOES have privacy features. Yeah, if you’re ignorant you can set up your facebook so anyone can see it, or anyone can see your pictures.

    I have my profile set up so that in order to view my profile or see any of my pictures posted, you have to be one of my friends which is by request only. Obviosuly, if you are stupid and let other people without those restrictions post incriminating photos of you, that’s your own fault.

  24. avatar Nick Gaddy says:

    I am a freshman going to western washington university, and currently myself and 4 friends are facing sanctions from our rd(residential director) because my buddy applied and got an ra job in our dorm (which is substance free). Someone had bitter feelings about this, and took my pictures from my album and turned them in. My first question was whether or not i have a copyright to those pictures. I asked facebook and they said that i do, i know it is not an argument that would hold up in court, but it is a good scare tactic. I advise adding a disclaimer that officially adds legal copyright status to your entire profile and all your information, that way no one can do anything. I have an excellent example on my page, if you would like to copy/paste it. Just ask for my friendship and you’re more than welcome to have it to protect yourelf, just add a personal message to your friendship request.

  25. avatar Jessica Eggers says:

    Facebook gives to its users a realm of privacy in that individual profiles cannot be viewed unless a friendship conncetion is first confirmed. How were the security officials able to view personal profiles of students, unless the students themselves gave them permission by confirming a friendship request?

  26. avatar Jessica Eggers says:

    Nevermind, I didn’t realize you could change your privacy settings.

  27. avatar Simon Davies says:

    Most people, of course, never grasp the surveillance implications of new technologies until one or other scandal hits the headlines. The privacy “balance” in each case is struck over time in numerous ways and tested to its elastic limit by all users. And while it doesn’t surprise me that people will reveal masses of personal information in such a way I feel current the Facebook situation is merely one stage in the adjustment of people’s privacy expectations.

    In my view this all comes down to two historically constant conditions: (1) people must feel that they have the ability to control the conditions and outcomes of any personal revelation, and (2) there should be a “contract” in place with authorities that wish to override this control. The contract (agreement) often involves due process, transparency and accountability.

    So it’s only natural at this relatively early stage in the evolution of the technology that users will be almost as shocked at the potential for privacy invasion as the authorities will be delighted.

  28. REMEMBER WHAT NOW SEEMS UNIMPORTANT TO ONES PRIVACY IN YOUTH MAY BE DETRIMENTAL LATER ON IN LIFE TO THEM. TO REMAIN SAFE SIMPLY DON’T USE THE SYSTEM.