The great revolutionary activist of our day, Robert Scoble (or “Che Scoble,” as Mike Butcher says), is battling for the ideal of data freedom with the evil forces of Facebook. At issue, writes Kara Swisher, in a post titled “Free the Scoble 5,000!!,” is “how much control you should have over your own information online.” Mathew Ingram chimes in, saying “there’s no question that the information itself should belong to Scoble.”
Sounds black and white. Scoble: good. Facebook: evil. But it’s not quite that simple. When Scoble broke into Facebook’s databank, he opened a Pandora’s Box, and I would argue that neither he nor Facebook is in the right.
I mean, is this really about “your own information,” as Swisher terms it? Is there really “no question” that the data “belong to Scoble,” as Ingram assumes? I don’t think so. Scoble got himself kicked out of Facebook for using a software script to automatically “scrape” information from Facebook’s database and move it elsewhere. Far from being just “his own information,” however, the information included the names, email addresses, and birthdays of 5,000 Facebookers who had “friended” Scoble. The act of “friending” on a social network site, it’s important to remember, is a fairly cavalier act, often undertaken with little thought.
Now, if you happen to be one of those “friends,” would you think of your name, email address, and birthday as being “Scoble’s data” or as being “my data.” If you’re smart, you’ll think of it as being “my data,” and you’ll be very nervous about the ability of someone to easily suck it out of Facebook’s database and move it into another database without your knowledge or permission. After all, if someone has your name, email address, and birthday, they pretty much have your identity – not just your online identity, but your real-world identity.
Scoble says his purpose in swiping the data was benign. He just wanted to see which of his Facebook “friends” were also members of another site he uses, Plaxo. He learned, he writes, that “of the 5,000 people in my Facebook account about 1,800 were already on Plaxo. [The scraping software] did NOT look at anything else. Just this stuff, no social graph data. No personal information.” I have no doubt that Scoble didn’t mean any harm, but in what sense are names, email addresses, and birthdays not “personal information”? The important question isn’t what Scoble intended to do with the information. The important question is this: Will others who use such scraping scripts necessarily have benign intentions? And the answer is: No.
Facebook has an obligation to protect the data entrusted to it by its members. At the very least, members should have the right to decide whether or not their personal information can be scraped out of the Facebook database. Scoble did not give them that choice. That doesn’t mean that Facebook is the hero. It, like other social networks, happily scrapes information from members’ email accounts to identify possible new members. Facebook will scrape when it suits its commercial interest but will block scraping when it doesn’t. Still, in this particular case, Facebook did what it needed to do: protect the information and the interests of its members. Until controls are in place, unauthorized scraping of other members’ personal information shouldn’t be allowed.
What the Scoble affair reveals is that the issue of “data portability” is not a simple issue but a fraught one. Data scraping can make our lives easier, but it can also put us at risk.
UPDATE: Dare Obasanjo adds more detail to the discussion, while Ian Betteridge comments: “I think the point we have to ask is what the expectations are of users who friend someone. You clearly expect them to have access to whatever data you make available to them through Facebook. You don’t, though, expect them to take that data wholesale and sell it to a spammer. So while friending someone is saying ‘you can use this information,’ it’s not saying ‘you can use this information in any way you see fit.'”