Facebook has admitted it authorized an effort to raise privacy concerns about a Google product, but says it was not intended as a smear campaign.
The social networking giant released a statement acknowledging that it hired PR firm Burson-Marsteller to alert the media about the questionable use of Facebook user information in a little-known Google feature called Google Social Search.
The feature pulls in publicly available data about users from social networks, including Facebook and Twitter, and displays it in the search results of your social connections — often without their direct authorization.
Unsavory emails sent to reporters have since surfaced, deeply embarrassing both Facebook and Burson-Marsteller.
“Google, as you know, has a well-known history of infringing on the privacy rights of America’s Internet users,” a representative wrote in an email to one targeted blogger, Chris Soghoian. “This latest tool designed to scrape private data and build deeply personal dossiers on millions of users –- in a direct and flagrant violation of its agreement with the FTC.”
Embarrassment escalated after USA Today and then The Daily Beast published stories about the agency’s antics.
While Facebook refuses to say that it took part in a “smear campaign,” the company admits that it “wanted third parties to verify that people did not approve of the collection and use of information from their accounts on Facebook and other services for inclusion in Google Social Circles — just as Facebook did not approve of use or collection for this purpose,” a spokesperson said in an emailed statement to Mashable.
“We engaged Burson-Marsteller to focus attention on this issue, using publicly available information that could be independently verified by any media organization or analyst. The issues are serious and we should have presented them in a serious and transparent way.”
Burson-Marsteller has been quick to do a little crisis management of its own, telling Cnet in an emailed statement that an anonymous smear campaign “was not at all standard operating procedure and is against our policies, and the assignment on those terms should have been declined… When talking to the media, we need to adhere to strict standards of transparency about clients, and this incident underscores the absolute importance of that principle.”
Why Facebook’s Concerns Are Valid
Although the PR campaign clearly backfired, Facebook does raise some valid concerns about Google’s social search product.
Social search, which was launched in October 2009, provides search results with data aggregated from your social graph. Search for a particular restaurant, for instance, and social search might pull up a tweet from someone you follow noting that she ate there recently and didn’t enjoy the food.
To display this information, Google requires an indexable understanding of your social graph, which Google calls “social connections.” The company builds social connections for users by gathering information about your Google contacts and chat buddies, from information and accounts connected to your Google Profile, and through secondary connections.
Google Profiles generally provide most of this information, as many Google users have set up a Google Profile that links to their accounts on social services such as Flickr, Twitter, Blogger and Quora, just as they might also have done on a service like About.me. Although Google doesn’t allow users to connect their Facebook accounts to their Google Profiles, users can still enter a link to the URL of their public Facebook Pages or private profiles, which Google can scrape to display information such as status updates and photos that a user has authorized to display publicly.
The problem that Facebook is pointing out is that even if a user doesn’t explicitly link their Facebook account on their Google Profile, Google can still display his or her public Facebook information.
The way that Google does this is clever, legal and a little unnerving.
Google is able to crawl accounts to surface secondary social connections. For instance, my colleague Christina Warren has put up a link to her personal website on her Google Profile. Because her website displays a link to her MySpace account, information displayed on her MySpace page might unwittingly appear in the social search results of someone who follows her on Twitter.
Similarly, Google can index her public Facebook status updates even if she doesn’t directly post a link to her Facebook account on her Google Profile. If, for instance, she posted a link to her Quora account, which she signed up with using her Facebook credentials, Google could go ahead and pull in all of her public Facebook statups updates anyways.
This is, to be clear, in no way illegal. Google isn’t surfacing any information that isn’t in some way public. Users could conceivably use their own skills to find these links manually, but Google has just automated the process. The problem is that users aren’t being properly informed about how Google is making their social data public. Publicly available information and information that can be surfaced at a moment’s notice by someone you know are two different things.
We admit we were surprised by how much information Google knew about our social graph through accounts we’d linked together indirectly. I have always been vaguely aware that Google knows essentially everything about me, but knowing that anyone can look through my various social connections and networks associated with my name from my personal email address is still a bit of a shock.
Is Facebook Really Concerned About Our Privacy?
So is Facebook really worried about its users’ privacy? Our instincts say no. After all, the only Facebook information that can appear in Google’s search results are those that are public status updates. If Facebook encouraged users to lock down their accounts, they could limit the usefulness of Google’s data-mining efforts.
It’s more likely that Facebook is annoyed that Google has figured out how to use its data without employing its API, so preventing Facebook from controlling how users’ data can be used. Google is selling ads against data that it is pulling from Facebook, putting it directly with Facebook’s own ad network.
How the Campaign Backfired
A few weeks ago, Burson-Marsteller reps began contacting various reporters, encouraging them to investigate how a Google feature called Social Circles (used in Google Social Search) has been quietly violating the privacy of millions of Americans. One of the bloggers, Chris Soghoian, was asked to ghost write a post on the topic. Instead he published
several of those emails.
When Soghoian asked who was paying for this campaign, the Burson representative refused to name the client. Concerns were further raised when USA Today published a story saying that the firm had begun targeting “top-tier media outlets” with the same kind of pitches.
On Wednesday night, The Daily Beast published a story identifying Facebook as the agent behind the smear campaign, which a Facebook spokesperson admitted to.
Clearly, Facebook never should have hired a PR agency to “raise awareness” about this issue. Facebook itself has a reputation for disregarding users’ privacy concerns. Calling out Google for doing the same is the pot calling the kettle black.
After all, if it is really concerned about the privacy of its users’ data, Facebook should educate its users on how to hide their account information from Google.
Mashable’s Christina Warren contributed to this report.