Everyone’s heard that Facebook’s in trouble, but most people in healthcare don’t realize how much it applies to healthcare. In the past year, while the company’s irresponsible attitude about data has gotten the spotlight, a less well-known problem has been brewing and was a highlight of the “Health Datapalooza” conference this month in DC: a problem with patient privacy.
There are clear signs that Facebook has played fast and loose with patient identities in disease groups that the patients thought were confidential. “Fast and loose” to the point that they gave marketers a browser plugin so they could sneak in and capture the names of all the members of any group – including, for instance, a breast cancer group. Patients figured it out and caught them. Facebook expressed surprise that this was going on (!) and said they’d immediately put an end to it. But an FTC complaint has since been submitted by security consultant Fred Trotter and health data attorney David Harlow, with Andrea Downing, one of the group's admins. Read more about Andrea's story here.
A related problem happened a year ago, around the same time that the Cambridge Analytica scandal broke. A #MeToo group of 15,000 abuse survivors got hacked into, and trolls started posting threats and porn images at the group members. When presented with the evidence, Facebook didn’t hunt down who it was – they erased the group without warning, destroying all the evidence (and the message history of all the group’s members).
But it’s not easy to quit your lifeline.
I’m not saying people should delete their accounts. The reality is that if you’ve found a group of good fellow patients on Facebook, it’s hard (or impossible) to just leave, as shown in the heartfelt New York Times essay I Can’t Jump Ship From Facebook Yet by Kathleen O’Brien, mother of a 7 year old autistic son. And Downing’s group doesn’t want to “jump ship” until they have a safe place to go, so they’ve started the #ProjectLighthouse hashtag on Twitter.
I’m no Luddite: social media helped save my life.
I’m no opponent of social media. I’ve been online (on CompuServe) since 1989, I have 38,000 Twitter followers, 2800 Facebook friends, etc. And when I was dying of kidney cancer in 2007, social media helped save my life – according to my oncologist!
Facebook’s business model has been to “connect the world’s people,” which it does for free by selling ads – a robust business built on intelligent use of data, similar to what Google and others do. Everyone knows that.
But the drip, drip, drip of news stories about Facebook privacy problems got to where, on January 7, I didn’t close my account, but I quit: I left it open with a visible explanation:
The news since then hasn’t changed my mind.
Is there no limit?
In February, the Wall Street Journal broke the story that some apps were sending extremely sensitive data about you to Facebook – even if you don’t have a Facebook account, because Facebook has been building profiles on people who aren’t their customers anyway.
Did I say sensitive data? If you browsed the Realtor.com app and you favorited a home, they told FB. Oh, and did you use the “Flo” period and ovulation tracker app? It told FB when you’re ovulating (see what Jezebel.com thinks about that). And a heart rate app was sending your heart data into your Facebook profile…because who knows who might be interested, right?
Of course, as soon as it hit the Wall Street, all these scoundrels instantly stopped.
What does FB do with these profiles? Well, in one recently uncovered case, they were found to be selling an anti-vaccine group lists of women who’d expressed interest in pregnancy. In Washington State, where the big measles outbreak hit this winter.
Zucked: when your friends turn on you
I learned a lot about the company’s history when I read the new book Zucked, written by Roger McNamee, one of the company’s earliest investors and advisors, and a former close friend to CEO Mark Zuckerberg. He says he loved the company from the start but they’ve gone too far, and after trying to get “Zuck” and COO Sheryl Sandberg (whom he introduced to Zuck) to throttle it back, with no success, he decided to go public.
A final concern is that just about anyone can sign up as a “business partner,” i.e. an advertiser, and get access to tons of as much user data as they want to pay for. And once a piece of data has left FB’s hands, there is no way to know where it’s gone and will go, and no way to stop it. It could get into some black-hat database and be sold to credit raters or anyone else.
Bottom line: be careful what you do on Facebook.
Decide for yourself, but to me it seems clear that we can’t assume Facebook will act with any responsibility with any of our data. So the question is, what might they do next with any data about you, your business, your kids, anyone? There’s no way to know, so limit what you put out there, and keep your eyes wide open.
Last week was the annual TED conference in Vancouver, BC. On day one Welsh journalist Carole Cadwalladr, who broke the Cambridge Analytica story, delivered a bombshell TED Talk about Facebook’s role in the Brexit vote. It already has a million views in the first week. A powerful 15 minutes.