Around 25% of the population of the earth use Facebook. Its latest accounts, presenting figures up to December 31st 2016, reveal that, at peak, there were 1.83 billion active users, 1.74 billion of those connecting from a mobile device.
Figures for Ireland are less clear-cut, but 65% to 78% of the adult population is estimated to be using the service. Stand on the main street of any town in Ireland. If you’re not on Facebook the likelihood is that the person next to you is.
The latest figures for 2016 show revenues hitting $27.7bn. A little bit of maths, taking into account regular active users at approximately 75%, reveals that Facebook makes between $18 and $20 per active user every year. That’s pretty impressive for a company that offers a free service. Conventional wisdom suggests that a company can only be making money by selling something; so what exactly is Facebook selling?
Facebook’s real product
Facebook is selling you. Not the real you, but the virtual you that lives and works online. Facebook, among others, has turned you into a product, and it sells the ability not just to reach you, but to very specifically target you based on a surprisingly intimate knowledge of what would make you a potential customer. Facebook has become so good at selling you, over and over again, that 84% of its revenue comes from advertising.
You have been analysed, categorised, matched and packaged into a commodity that advertisers can turn their sights on using the tools that Facebook provides. You can be found based on your gender, age and ethnicity; your relationship and employment status; your education level and any interesting life events, such as birthdays, anniversaries, whether you’re newly engaged or recently married. Of course, for the 1.74 billion mobile users you can also be found based on where you are, where you were recently or on whether you are visiting a location or are at home.
This is before it even gets started on your interests, your work, and your entertainment and social preferences. From food to hobbies to political affiliations a cursory examination of the various ways you can be targeted reveals no less than 250 criteria that can be selected. All for the sole purpose of grouping you into consumer groups with the intention of presenting advertising so specifically tailored to you that the likelihood of a sale increases.
How much does that likelihood increase when you’re so targeted? 200%-300% is the conservative estimate.
How do you become a product?
If you are only realising now that you have been ‘productised’ I wouldn’t be overly shocked as most of Facebook’s users are largely oblivious to what’s happened. In Facebook’s defence though, they are quite explicit in their terms and conditions:
“For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it”.
That’s right, worldwide and royalty free; you gave over the information and agreed to let Facebook use it for free. Moreover, scrutinising the various sub-areas of the terms and conditions, specifically the data policy, we find:
“When we have location information, we use it to tailor our Services for you and others, like helping you to check-in and find local events or offers in your area or tell your friends that you are nearby.
We conduct surveys and research, test features in development, and analyse the information we have to evaluate and improve products and services, develop new products or features, and conduct audits and troubleshooting activities”.
Not only did you give it to them, you agreed to let them use it almost without restriction: your profile information; your messages; your likes and, though not often considered, your photographs. Facebook estimates that it receives 134,000 new photographs along with nearly 300,000 status updates every minute of every day. Facebook users are literally keeping the company informed of their every move.
For Facebook, the challenge is simply to gather up as much information as it can about you as quickly and as easily as possible.
How to get people to monitor themselves
Facebook has to convince you that you want to give it the information. It can’t directly ask you for it, you need to volunteer it.
The process starts the moment you create an account, give over your name, age and gender. So far so good. Next, for the purposes of making it convenient to connect with your friends, you’re afforded the opportunity to import your contacts from your phone or your email system or from other networks such as LinkedIn. Excellent, now Facebook knows not only about you, but also all of your contacts including, maybe, some it didn’t know about before. Did you remember to remove phone numbers from your contact list before uploading it to Facebook? Of course you didn’t. Facebook now has an additional piece of information that can uniquely identify a person. Imagine if your friend explicitly didn’t add their phone number, or their address, not to worry: you just fixed that outstanding issue. For Facebook. Congratulations! You are now a data source and of course an early stage product.
You could be a better product if you could be convinced to offer up more information about yourself. Your friends like this music and these movies, but how about you? Any other music or movies you like? Where did you go to school? How about university? Look: here’s a group of people who went there also. When did you say you attended?
The greatest trick Facebook has managed to pull off is the omnipresent ‘Like’ button. Read an article; just click the ‘Like’ button. Bought something on Amazon, tell your friends by clicking the ‘Like’ button. Every like you make, and every like that your connections make feeds the Facebook machine with more information on you.
And so it goes. You have quickly moved from a good product to an excellent product. Facebook is starting to build a good impression of what makes you tick. On to the next challenge. You really need to start tracking yourself so Facebook can always know where you are.
Here’s a friend going to an event in the future, are you going? Would you like to allow Facebook to get access to your calendar so that it can add a reminder for your convenience? Good! While Facebook is looking it might discover some birthday reminders or perhaps anniversary days. Is that event today? Are you there already? Why not take a quick selfie with you and your friends? You can upload that to Facebook for sharing with your friends. Don’t worry if you don’t know exactly where you are, if you have location services turned on, or more accurately forgot to turn location services off, your camera will automatically tag the photo with the date, time and specific location of the photograph. As soon as you upload that photograph to Facebook, all of your friends will be able to find you on a map. Even if you turn off location services, someone has already told Facebook where the event was taking place, so while it can’t track you to the nearest metre; at least it knows what building you’re in.
Next time you look at that photograph on Facebook, you’ll notice that it’s tried to identify all of the people in the photograph, just in case you forget. Facebook’s researchers estimate that they can accurately match faces 97.25% of the time. Humans can accurately match 97.5% of the time. Happily, in the rare cases where it incorrectly matches a face, the photographer is encouraged to fix the mismatch with the correct name. That fix teaches Facebook’s facial recognition engine a little bit more, allowing it to be better next time around. It has been mooted that Facebook’s facial recognition might outperform the FBI’s.
The worrying aspect of this particular facility is that you can exist on Facebook long before you even sign up. All that is required is for you to appear in a photograph taken by anybody, either deliberately or accidentally, and for the Facebook engine to have been told by any of its users who you are.
At no other point in history has your personal privacy been so challenged. Whether through personal choice, or through the choices of others, it is probable that you exist in some form on Facebook. The depth of that existence is only partially in your control. While Facebook highlights that your information will be deleted on request it is limited to the information that you have provided. The information that others have provided on you is not actually yours and therefore not covered by those same conditions.
Is it only Facebook?
You might reassure yourself that only Facebook is undertaking this type of work, but you can take no comfort there. ‘Big Data’ is the buzzword of the day in technology circles. You can distil it down to companies sucking up as much data as they can about you and your environment for the purposes of analysing, tracking and ultimately selling. Major forces making significant revenue in this field include:
Everyone on the Internet leaks a trail of information knowingly and unknowingly.
The one area into which Facebook has not yet managed to access is your actual financial transactions. So far its efforts have been limited to encouraging you to click a ‘Like’ button on the retailer’s website. If the retailer hasn’t added a ‘Like’ button then Facebook can only guess whether you made a purchase.
Luckily for you, the European Commission has produced a directive that will allow authorised entities to gain access to your bank accounts, including your transaction history. The Second Payment Services Directive (PSD2 to those in the know) comes into force in January 2018. Its intention is to foster competition, harmonisation and openness in the EU financial markets.
There are two acronyms with which you will become intimately familiar, AISP and PISP.
An AISP, Account Information Service Provider, is described as a duly authorised ‘Natural or Legal Person’ to whom you can grant access to your transaction history for the purposes of providing you with some service. If you consider almost any financial arrangement you have entered into, you may have been required at some point to provide your last three or six months’ bank statements. An authorised AISP would be able to reach into your bank and retrieve this information, again for your convenience.
A PISP, Payment Initiation Service Provider, is described similarly as a duly authorised ‘Natural or Legal Person’ that you can authorise to initiate a payment directly from your bank account. All those online transactions that you made with your credit card or debit card can now be completed without needing the card, directly from your current account with a quick and convenient authorisation.
The immediate question is who can be authorised, and who will control authorisation. For the first part, any individual or company that meets the required standards can be authorised, so everyone from your local newsagent to the largest corporation could be authorised, if they can meet the requirements established by the ‘Competent Authority’. The Competent Authority is the body that will be responsible for controlling the authorisation process. In Ireland, it will be the Central Bank; in other jurisdictions it will be their financial regulator.
The directive requires that any bank in the European Union be required to grant access to any authorised AISP or PISP. The banks have no option to deny or restrict access. In practice this will mean that an AISP or PISP that has been authorised by any EU financial regulator, the Greek regulator for example, must be granted access to your Irish bank account if you allow it.
PSD2 creates an environment where banks, which traditionally ran a closed shop on your information, will be forced to build a doorway into that information and furthermore will be required to open that door to any person or entity that has been given rights by any financial regulator within the EU.
Why is this of interest? It is fair to speculate that Facebook among others would quickly apply to become a regulated AISP with a view to gaining access to your transaction information. Its view of how you spend your money would be immediately transformed from one driven by speculation, prediction and estimation to one that is accurate down to the euro. Of course, it requires your authorisation to actually gain access but if their operation has shown anything it is Facebook’s ability to convince billions of people to volunteer private information.
by David Waldron