Facebook’s New Site Governance Policy

Facebook has a new policy: http://www.facebook.com/note.php?note_id=10150162286770301

The comment period is now closed, after I went through it in detail. So, here are my thoughts.

Section 2, paragraph 1 interprets “intellectual property” solely to include such things as photos and videos. I believe that this should be expanded to include text; in particular because IP law does include text.

Section 2, paragraph 1 states that intellectual property may be sub-licensed. Please clarify what you intend by transferring this right to Facebook.

Section 2, paragraph 2 stipulates that “…removed content may persist in backup copies for a reasonable period of time” and “…will not be available to others.” Please clarify what “reasonable” may be interpreted to mean, as it seems reasonable that someone would want to know how long a particular photo might be lingering in your systems. Also, please clarify to whom the word “others” refers; specifically, does this also include law enforcement and/or governmental agencies? Only via the subpoena process? If not via subpoena only, please provide some explanation as to the relationship you maintain with such agencies.

Section 4, paragraphs 1 and 2 should be stricken from the agreement entirely. Their intent may be to ensure that everyone is relating to a “real” person, but they are unnecessarily restrictive, and disallow certain anonymous / pseudonymous behavior. For example, persons transitioning from one gender to another may find it immensely valuable to be able to “live” as their intended gender via Facebook. This is, perhaps, quite a valuable means of them doing so. There are other cases in which people use the freedom of anonymity / pseudonymity which are not illegal or nefarious; this is one of the most valued features of the world wide web. By legally marginalizing this use, you are undermining one of the fundamental pieces of our society.

Section 5, paragraph 2 needs to be expanded to provide a detailed description of the procedure involved when you are “removing” someone’s (questionably) infringing content. Also, you need to make it clear whether you will be automatically scanning for copyrighted content (a la YouTube), and under what circumstances you will act. Say, for example, I keep my photography on Flickr, but post a few pictures to Facebook as well. I own the copyright, and clearly state this to be the case on Flickr. If you were to scan my Facebook account (which is not associated with Flickr in any way), you would find items which would appear to be in violation of copyright. The paragraph also needs to be expanded to describe which entities may be granted access to our accounts via automated means in order to determine violation of copyright. Will the RIAA be given access, for example? If so, will you be charging them for the privilege? And if they are given access, in violation of your own privacy policy, will you also make this feature available to other IP owners (such as scanning for copies of my Flickr images in everyone’s photo albums)? Will you reveal the identity of persons thought to be in violation of copyright to the owners of the copyright (again in violation of your own privacy policy)?

Section 9, paragraph 6 states that “You will provide customer support for your application.” This places an unreasonable burden upon application developers, who are contributing to the environment of Facebook for no charge, in their spare time, and for the pleasure of providing an application. If an application is poorly written or executed, the users of the application may choose not to participate, and this should be enough of an incentive to provide some level of customer support. To mandate that customer support be provided may reduce the number of applications available, and is removing some of the pleasure of developing applications: application development, for many on Facebook, is not a job; to throw a requirement out here like this is to make it seem more like work and less like participating in a social experience. This paragraph should be removed.

Section 9, paragraph 17 needs to be expanded to describe what type of analysis you are intending to perform. Does this include reverse-engineering an application? What will be done with the analysis? Should you reverse-engineer an application, who owns the code? Certainly, it is standard practice in software development to prohibit such behavior; one would think that Facebook should be prohibited from such theft of intellectual property.

Section 9, paragraph 19 states that you reserve the right to develop applications in competition with user-developed applications. Will these, perhaps, be the product of any “analysis” and/or “audit” as laid out in paragraphs 17 and 18? If so, how is this fair to application developers, and how does it not infringe upon their intellectual property?

Section 10, paragraph 3 should be removed. Essentially, you are stating that (as per Section 3, paragraph 1) users of Facebook are prohibited from unsolicited commercial use of Facebook, yet not only is Facebook allowed to engage in such activity, but Facebook also reserves the right to disguise such spam.

Section 16 needs to be expanded to provide information about whether the data retained by Facebook will be kept in accordance with such laws as the UK Data Protection Act 1998. Specifically, after what time period will personal information be destroyed (when no longer needed)?