Facebook’s Open Graph API - Be Afraid or Be Very Afraid?

Illustration by Hank Grebe

Mark Zuckerberg unveiled the next generation of Facebook’s Open Graph API at the F8 conference in San Francisco on Thursday, September 22nd. The updated protocol allows third party applications to more easily utilize Facebook users’ data. The goal is to encourage users to share increasingly dynamic content more frequently. A simple example of the API in action is the inclusion of a Like button on a webpage – when a visitor clicks the Like button that information is recorded in that user’s Facebook feed.

The new version of Open Graph “allows apps to model user activities based on actions and objects.” Eventually, the old-fashioned (ha!) Like button will be supplemented with a number of other verb choices. Thus, you can receive news by emulating what your friends are reading on Yahoo! News, be exposed to new music by examining what your friends are listening to on Spotify, or challenge yourself by running the same route as your friend that uses a Nike Running application.

As happens pretty much any time Facebook changes their site in a way that implicates privacy concerns, a backlash is building. Critics’ primary concern: the availability of data to application developers for more than 24 hours, strikes me as fairly harmless considering that many applications previously circumvented this restriction anyway. Other concerns focus on the fact that Facebook has a variety of new partners that automatically fall under the ‘Instant Personalization’ category and automatically ‘personalize the experience’ for you. In other words, new users have to opt out of in order to avoid sharing information that they might not otherwise want to share by using these applications. However, all of the Open Graph features can be easily disabled.

So are there any laws in the United States that will govern Facebook’s conduct when they roll out new functionality with respect to these privacy concerns? Well, not really; not any comprehensive ones, at least. The United States has taken a very pointed approach to regulating privacy issues, addressing privacy only certain specific instances such as HIPAA (Health Information), Gramm-Leach-Bliley (Financial Information), or FERPA (Educational Records). This is to be contrasted with the European (most notably French) approach to privacy regulation where privacy is implicit in the constitution. Social networking sights such as Facebook and Google have found themselves more frequently arguing privacy issues in European states. So while we are largely at the mercy of the social networking industry giants, we can take some comfort stateside in the fact that many of these concerns are mitigated by the market forces imposed on the companies because they do not want to alienate the user base.

One last point that all these Facebook shenanigans got me thinking about – are the developers of these applications adequately protecting their copyrights? Facebook encourages independent third-party development of integrated applications. For that matter, what about users that are, in addition to just going around Liking things, generating a wide variety of copyrightable material in the form of photos, blog posts, and music? If they’re not – they will be, as new tools are popping up to facilitate this protection. The website Myows provides free tools to manage your copyrightable works and to build a case for infringement. In their own words, “Myows offers a professional one-stop copyright management solution from registration through to issuing take-down notices.” Very cool. The website DepotCode is an alternate site that provides similar tools for managing and proving copyrights in source code.