:Information Law and Policy Spring 10

by Sean Marimpietri, Ian McDowell, and Julian Nunez

This week’s readings focused on the distinction between facts and creative works and explored the legal implications of using facts without consent. In this post, we will explore the application of these principles to current developments in the realm of social networking, taking Facebook as our subject.

Control of Content

The internet makes the once onerous process of content creation and distribution significantly easier. Popular blogging platforms like Blogger and WordPress make it easy for users to create content and make it available to anyone in the world. Social networks like Facebook and “microblogging” services like Twitter make it trivial for individuals to express themselves with minimal effort.

Presumably, much of the original work a user produces through their use of a social networking site or blogging platform are copyright by the user; the Berne Convention (to which the US subscribes) dictates that copyright is automatic when a work becomes “fixed in some material form,” of which an electronic medium seems to apply. Though the average Facebook user may never reflect on the legal ownership of the things they post on their “Wall,” the law suggests that they do in fact own the copyright to any such posts that would be considered authored by the user.

Services like Facebook have Terms of Service (TOS) that require users to grant them a license to reproduce the copyright work you post on those sites; they would not be able to function without some such license. The judgement in ProCD v Zeidenberg established that the “click to accept” license model is binding:

A buyer accepts goods under sec. 2-606(1)(b) when, after an opportunity to inspect, he fails to make an effective rejection under sec. 2-602(1). ProCD extended an opportunity to reject if a buyer should find the license terms unsatisfactory

As in the ProCD case, Facebook users are presented with terms of service which they must accept before using the product. Presumably, this means the Facebook TOS is legally sound. For our discussion, the section of this TOS relating to copyright content reads:

For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.

There are a couple of interesting points to unpack from this statement:

1) When you post something on Facebook, you grant Facebook permission to use it however they like, and you allow them to give that same permission to anyone else, at their discretion.

2) You can (and likely do) effectively lose control over a lot of your content once you share it with others. This is still better than the change to the TOS Facebook proposed in February of last year, which effectively would have had you granting them a license in perpetuity

3) The first clause makes the distinction between “IP content” and other content. In effect they are asserting that some of the information you post is not going to be covered by copyright. Exposition in Feist v. Rural gives us some idea of what these items might be; namely: facts. According to the case, “facts do not owe their origin to an act of authorship, they are not original, and thus are not copyrightable.” The Facebook policy page on privacy helps to connect the dots:

Certain categories of information such as your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to are considered publicly available, and therefore do not have privacy settings.

Facebook has explicitly designated some of your content as being outside of your control, and presumably outside of your copyright. The term “publicly available” seems to be Facebook’s analog of what the cases we read labeled “facts.”

Facebook’s Use of Facts

Despite the present wide familiarity with Facebook, for the purpose of our conversation it could be useful to take a step back and have a fresh look at this free, web-based service. There are a few different categories of facts users disclose in the course of using Facebook. First, there is the required registration data, which includes name, email, gender and birth date. Second, users may optionally turn over additional personal information, such as previous schools attended, employers, relationship status and more.

In addition to these two categories, one could look at the types of facts at play from the language of Facebook’s own policy. As mentioned in the previous section, Facebook treats some of the information a user turns over as not constituting “IP content” and thus not covered by copyright. Going by the definition of facts presented in Feist v. Rural, we would assume that such content does not owe its origin to an act of authorship and would not be considered a creative work.

However, in Facebook’s privacy policy it is indicated that Facebook considers a user’s profile photos to be in a category of information that is “publicly available.” Yet the terms of service explicitly call out “photos” as falling under the heading of IP content. Their treatment then is inconsistent; they are either not giving users the promised control over their intellectual property, or they are making the argument that profile pictures are a special class of pictures that are not subject to copyright. How does it make sense for Facebook to consider a user’s profile photos to be of one category of information and an uploaded photo album to be of another? In what ways are Facebook’s categories of information that is “IP content” and information that is “publicly available” irreconcilable?

There are several cases one can think of where this discrepancy doesn’t make sense. A carefully composed profile photo of artistic value would seem like a natural fit for copyright protection. Similarly, some users upload profile photos with such a frequency that the collection of all their profile photos as a whole would could function as a photographic-documentary account of their lives over the years. In both cases, would it not make more sense for a user’s profile photos to be considered “IP content”?

There are other corners of Facebook where the copyright question comes into play. Facebook affords users the ability to make short text updates that answer the question: “What’s on your mind?” These “status updates” serve as a prime example of text that could alternately be considered fact or fiction. An update such as “Bob is at the zoo” seem unambiguously factual, while updates such as “This poem’s for my mom / I like her a lot / she’s better than Tom” would seem to meet the criteria for “authorship.” One can easily imagine other hybrid examples that might be subject to copyright as a whole, yet contain facts that are not subject to copyright, much in the manner of a telephone book. Facebook’s stance on how they are able to use such work is not explicit, and it is unclear what rights they claim to the use of information found in updates.

Privacy Implications

Given that at least some of the information Facebook users turn over is treated as “factual” and distributed widely and without restriction, it is clear that users do not have a high degree of control over all the data they provide. What do these two conditions imply from the perspective of users’ privacy?

People willingly provide information to Facebook for different purposes. They share some facts with the world in order to be easily contacted by their friends (such as name, email, school, and hometown). Also, they post information just to be shared with their friends (pictures, videos, status updates, relationship status, and so on). Finally, some users also provide information to be rewarded or publicly recognized (i.e. cities I’ve visited, Farmville, and different games). They willingly provide this information for a specific purpose and share it with a particular audience. Nevertheless, this information is not protected from other uses and could produce unintended results when aggregated or data-mined.

Public information on Facebook or other sites could be used as a source of privacy invasion. Some Facebook users have already been affected by facts and data shared in social networks. For example, persons having affairs or flirting on the web have been detected by their partners . Data from social networks has been used as evidence in divorce cases and job dismissals. Also, some companies and individuals have developed methods and techniques to use information from social networks such as Facebook to detect patterns of behavior. These methods are used to determine someone’s sexual orientation or cheating behavior.

What kind of protection exists against these privacy issues? Apparently, not much. According to Facebook policy:

[Facebook] cannot control the actions of other users with whom you share your information. We cannot guarantee that only authorized persons will view your information. We cannot ensure that information you share on Facebook will not become publicly available. We are not responsible for third party circumvention of any privacy settings or security measures on Facebook.

Also, as noted in this post, users do not have many judicial means to prevent this type of actions. Facts are not subject to copyright and users are limited by the TOS of a website once they click “I Accept”.

Moreover, even users who do not willingly provide information or who do not sign up to any website and accept their terms are still subject to privacy invasion. After the Boring case, facts such as addresses and images of a house are considered public domain. Companies such as Google, Facebook or individuals could aggregate this data for their particular interests. After all, even Facebook founder Mark Zuckerberg has suffered from an invasion of privacy.

Facebook is just one example showing the changes in the scope of information people disclose and the manner in which they create works. At the same time, the methods of aggregating and processing disclosed data are growing more powerful. The intersection of these trends portends serious ramifications with respect to privacy and copyright. While the legal cases we covered certainly suggest how existing law might be extended to cover these changes, it may be that more specific laws (or new rulings) are needed to establish healthy legal norms for internet services.

1 Comment