On May 15th, the White House tweeted it had created a new online surveying tool for Americans to report instances of social media censorship due to political bias. Setting aside the politics of this move, there are serious privacy and security concerns that come with hosting such a survey on its website.
When users visit the reporting site, they’re required to give personal information including their name, citizenship status, zip code, phone number, and email address, all before any questions are actually asked about the alleged social media bias. They are then prompted to include links to their social media platforms, usernames, and other digitally-intrusive information.
Sound fishy? It should.
That is a significant amount of personal, highly-identifiable information to give up as a part of a selective survey. The irrelevance of most of this information to the survey’s purpose begs the question: why does the government need it and what will they use it for?
Neither question is answered anywhere in the survey or its related materials. That alone poses a serious privacy concern. If users don’t know how their data will be used, how can they trust that their information is secure and being used only for the reason it was provided?
But it gets worse. Only after a user has given their personal information, as well as information about the alleged instance of social media bias, do they get to the user agreement details. And that’s where things get really troubling.
The agreement clarifies that all responses are a part of a U.S Government activity, and therefore the U.S. Government is licensed to “use, edit, display, publish, broadcast, transmit, post, or otherwise distribute all or part of the Content.” Furthermore, “the license…is irrevocable and valid in perpetuity, throughout the world, in all forms of media.”
In plain language: If you click “agree,” there’s no turning back. Ever.
Not only that, but by filling out this survey, users give up their rights to inspect or approve any of the “content or edited, composite, or derivative works made from the Content” without notice.
At this point, your head should be spinning. Take a minute to get it on straight, and we’ll keep going.
Because that’s not all. Not only can the U.S. Government use highly-personal information about users for their own purposes – indefinitely – without warning, you the user “solely bear all responsibility for all content.” Oh, and you can’t alter or delete any content after it’s submitted. Great.
If the gravity of all this hasn’t sunken in, picture the following scenario:
You’re an Internet user. You spend time on social media, you share your views, and you find out that (rightly or otherwise) your content has been removed.
You fill in the White House’s survey and likely don’t read the user agreement even when it is finally presented to you (most people don’t). Would you be surprised to find personal and highly-identifiable information about you later broadcast globally without any prior warning? With this kind of blanket ability to use your information, it would be well within the White House’s right to take your social media post, account name, or real name and broadcast it in ads, billboards, or other material for a political purpose that you may not agree with. And if something bad happened as a result of that publication of your information (say, you lost your job or suffered other ramifications), do you think you’d feel okay bearing all legal responsibility for it?
Or, in another scenario, let’s say you fill out the survey and then you notice you’re getting increasingly targeted by political organizations’ ads and messaging in an attempt to change your views or find out more about you. Does that sound like an appropriate use of the private information you submitted in a survey? Not to me.
These scenarios may be hypothetical, but they are entirely possible.
We should expect better from the government. This is a blatant breach of trust and privacy and could have significant real-world implications for users who unknowingly enter into such a broad waiver of their own information.
Not to mention the security implications. Creating a database with this kind of information is essentially giving hackers a one-stop-shop to access intimate details about people who already feel marginalized online.
Let’s not forget that the government, just like anyone else who collects personal information, is not immune to data breaches.
The ability of individuals to interact online without sacrificing their right to privacy is essential to reinforcing user trust in the Internet. When privacy and security are undermined, it exposes users to actual and potential harm and weakens their trust in the Internet, diminishing their overall experience with its resources.
Sadly, as egregious as this collection of data is, it’s not illegal. Americans have baseline privacy protections thanks to the Federal Privacy Act of 1974, but the White House is largely exempt. (The Federal Privacy Act of 1974 regulates the ability of federal agencies to collect, maintain, use, and disseminate personally identifiable information. However, courts have long held that the White House is exempt from this Act.)
There is no reason for the Federal Government of the United States to be collecting and storing this kind of user information under such broad terms. If we want to hold Facebook, Google, and others accountable for misleading or inappropriate user privacy standards, the government should lead by example with a higher standard for user protection.
Read the Internet Society’s Policy Brief on Privacy.