The following article, entitled, “Facebook rules,” including commentary from Professor Jonathan Zittrain ’95, was published in the February 18 edition of the New York Times.

Earlier this month, Facebook deleted a provision from its terms of service that said users could remove their content at any time, and added new language that said it would retain users’ content after an account was terminated. Waves of protests from users ensued. On Wednesday, Facebook, trying to quell anger among its tens of millions of users, reversed its new policy.

Why the privacy backlash from those who happily plaster their pages with personal information? What do social networking sites like Facebook owe their users?

The New York Times asked several experts to weigh in. Here is Professor Zittrain’s response:

Privacy Invasions From Other Users

Mark Zuckerberg, Facebook’s founder, has pointed out that with more than 175 million users, the site, if it were a country, would be the sixth most populated country in the world.

So, he points out, Facebook’s terms of service, while there to protect the rights of the company and to reassure its users, also operate as the governing document for that space. In some ways, the controversy was the result of a failure of language, ¬ which is not so surprising since the privacy and property issues are hard and so much of the content on the site involves links among its users.

Let’s say you upload a photo of you and me, and I tag it with your name. I leave Facebook ¬ but does your name disappear from the photo since I was the one who originally tagged it?

This is just one issue that Facebook possibly thought to avoid ¬– or at least retain maximum flexibility to answer ¬– by including the new sweeping clauses in its terms of use to allow data retention forever.

One lesson is that plain English (and its other-language counterparts!) works better these days than legalese, even for lawyers trying to draft terms that can protect their client as much as possible ¬ for any future practices as well as present ones.

Writing in plain language could have helped Facebook better describe what the company was trying to do, and Mark Zuckerberg’s blog entry in response to the controversy helped clarify what the site has been trying to do. Facebook will go back to the drawing board and come up with some new, no doubt more narrowly drawn language.

One broader question is whether a “community” like that on Facebook, where people invest their data, ¬ indeed often their very identities, ¬should allow some way for users to govern that space. When someone’s years-long cultivated Facebook account is terminated for alleged objectionable behavior, should that be considered a mere customer service issue?

Of course, no one expects Facebook to be run by anyone other than its management and owners, but if the communities there are truly to flourish, perhaps it’s time to experiment with forms of self-governance.

Just as online multiplayer games allow worlds of users with different rules, and some incorporate users themselves into developing those rules, Facebook could experiment with that kind of approach.

There may be a sweet spot somewhere between the status quo ¬ — where at least we know whom to blame or sue if we disagree with a Facebook policy — and, say, Wikipedia, where governance generally takes place in ways large and small among the thousands of people who edit its articles and work through the disputes there.

Another lesson: Even small tweaks in how a site like Facebook operates ¬– like who gets to tag and untag a photo and who is notified (or asked for permission) when tagging happens — can have a huge impact on the flow of data and identity.

This is especially true as more and more tidbits of our personal information end up in social networks — ¬automatically updated telemetry about our daily travels (think Google Latitude) or changes in who we’re friends with on such sites.

While many people focus on Facebook’s use of data, I think the uses of data and privacy violations by other Facebook users ¬– or “peer-to-peer” uses ¬– could turn out to be even more pervasive. We should start working out how to handle these issues. (My own attempt at this can be found at my Web site.)

Too often people are too busy shoveling out their data to really think through the implications of what they’re doing. During times of privacy “perfect storms,” like now, we have a chance to debate.

For a full discussion of this issue by Jonathan Zittrain, see this post on his blog.