On 2nd January 2008 I described various recent improvements to Facebook. I also pointed out that the research community has been developing tools for exporting data from Facebook for use in other applications. However my post added a note of caution:

Has the problem of data being trapped within Facebook now been solved? I don’t think so – remember that this is an experimental prototype … Perhaps more interestingly, though, are the ethics of exporting personal data to other applications.  The data I have received from my friends (their photos, contact details, interests, etc.)  has only been made available once we have mutually accepted friendship invitations.

Coincidentally the next day the blogosphere was full of discussions on this very topic, following an announcement (made initially on Twitter) that Robert Scoble had been banned from Facebook for using a scraping tool for exporting data from his Facebook account (“I got kicked off of Facebook because I was running a naughty script trying to get my friends info off of Facebook“).

Paul Miller and Nick Carr (“Scoble: freedom fighter or data thief?“) were amongst many bloggers who expressed their views on this incident in the immediate aftermath of this announcement.

My view if that it would be a mistake to portray this incident as a freedom fighter taking on the big evil corporate monster. I would also question the automatic assumption that people may have that they should be able to get out and reuse data they can access in networked services.  I feel that the nature of social networking services needs us to rethink assumptions which may have been valid in self-contained systems.

For example my email address and work details are freely available (on my Web site, my email signature, my business card, etc.)  However I took a deliberate decision not to publish my Skype and my MSN IDs and my mobile phone number in order to avoid both dangers of misuse (spam) and inappropriate use (being contacted out of work hours or being inundated with messages). 

But sometimes it would be useful to provide such information to others, but in a managed fashion. I do this from time to time, giving out my mobile phone number when I’m organising events (and am speaking at an event) so that conact can be made in case of problems, In such cases there may be an implied understanding that the information is provided only on a short term basis. However such understandings which may be reached by humans will not necessarily be the case in the networked world.

On Facebook when I befriend an individual this provides us with a mechanism for sharing information, which will include contact details as well as a wide range of other information.  But, whilst this information is managed in a Facebook environment I maintain control over this information, and can change the access conditions or even, by defriending people, withdraw access to my data.  And this is an important aspect of effective social networks. 

Circumventing such access control is therefore problematic, I feel. And this was the reason why I did not publish the FOAF file containing details of my Facebook friends.

Of course there are dangers of data lock-in if data cannot be exported from systems.  And if Facebook goes out of business there will be a lot of annoyed individuals if they cannot lose functionality and services they find useful.

It needs to be acknowledged that there does need to be a debate on how we should best proceed in addressing such tensions.  But this debate does need to be informed by an understanding of the diversity of requirements.

I was very pleased, therefore, to see a news item in Facebook from Dan Brickley about a WebCamp: SocialNetworkPortability event to be held in Cork on 2nd March 2008. The event will look at “abstract approaches for social network portability”, “authentication methods for cross-SNS usage” and “giving permission for profile discovery on different social networks”.

These are some of the important issues which need to be thrashed out. And Robert Scoble’s approach of simply running a screenscraper to extract personal data ignores these important issues.  So Facebook should be applauded, IMHO, for stopping Robert from infringing Facebooks’ terms and conditions. And note that there is a Facebook aplication – Friendscsv– which allows contact details to be exported from Facebook. Aparently:

This application has been created in accordance with the terms and condition outlined in the Facebook Terms of Use (May 24, 2007), Facebook Privacy Policy (Sept 12, 2007), and the Facebook Platform Terms of Service and Platform Documentation (July 25, 2007). The data exported from your cadre of friends is obtained in accordance with their Privacy Settings and does not contain any contact information.

That sounds good. But: 

By using this application, you consent to allow the developers to create a basic entry for you on bigsight.org, a site they also own and maintain. Your use of this application represents your consent to the privacy policies laid out on bigsight.org. The developers of this application do not store any information (encrypted or otherwise) about your friends.

So a company (Bigsight) has already been set up which allows your contact data to be exported, provided the data is also uploaded to their social network. Now Bigsight is currently in beta and, according to their directory, there are only nine people from London registered.

But if a Facebook friend of mine uses this tool, will I find my personal details held on this service?  Is this something to be welcomed?  Or, to revisit the title of this post, should personal data in Facebook be exportable?