• Print

On email privacy, Twitter’s ToS and owning your own platform

The lesson from this week's #TwitterFail is that publishers of all sorts should own their own platform.

If you missed the news, Guy Adams, a journalist at the Independent newspaper in England, was suspended by Twitter after he tweeted the corporate email address of a NBC executive, Gary Zenkel. Zenkel is in charge of NBC’s Olympics coverage.

When I saw the news, I assumed that NBC had seen the tweet and filed an objection with Twitter about the email address being tweeted. The email address, after all, was shared with the exhortation to Adams’ followers to write to Zenkel about frustrations with NBC’s coverage of the Olympics, a number of which Jim Stogdill memorably expressed here at Radar and Heidi Moore compared to Wall Street’s hubris.

Today, Guy Adams published two more columns. The first shared his correspondence with Twitter, including a copy of a written statement from an NBC spokesman called Christopher McCloskey that indicated that NBC’s social media department was alerted to Adams’ tweet by Twitter.

The second column, which followed the @GuyAdams account being reinstated, indicated that NBC had withdrawn their original complaint. Adams tweeted the statement: “we have just received an update from the complainant retracting their original request. Therefore your account has been unsuspended.”

Since the account is back up, is the case over? A tempest in a Twitter teapot? Well, not so much. I see at least four different important issues here related to electronic privacy, Twitter’s terms of service, censorship and how many people think about social media and the Web.

Is a corporate email address private?

Washington Post media critic Erik Wemple is at a loss to explain how tweeting this corporate email address qualifies public rises to the level of disclosing private information.

Can a corporate email address based upon a known nomenclature used by tens of thousands of people “private?”

A 2010 Supreme Court ruling on privacy established that electronic messages sent on a corporate server are not private, at least from the employer. But a corporate email address itself? Hmm. Yes, the corporate email address Adams tweeted was available online prior to the tweet if you knew how to find it in a Web search.

Danny Sullivan, however, made a strong case that the email address wasn’t widely available in Google, although Adams said he was able to find it in under a minute. There’s also an argument that because an address can be guessed, it is public. Jeff Jarvis and other journalists are saying it isn’t, using the logic that because NBC’s email nomenclature is standardized, it can be easily deduced. I “co-signed” Reuters’ Jack Shafer’s tweet making that assertion.

The question to ask privacy experts, then, is whether a corporate email address is “private” or not.

Fred Cate, a law professor at the Indiana University Maurer School of Law, however, commented via email that “a corporate email address can be private, in the sense that a company protects it and has a legitimate interest in it not being disclosed.”

Can it lose its private character due to unauthorized disclosure online?

“The answer is probably and regrettably ‘it depends,’” he wrote. “It depends on the breadth of the unauthorized dissemination and the sensitivity of the information and the likely harm if more widely disclosed. An email address that has been disclosed in public blogs would seem fairly widely available, the information is hardly sensitive, and any harm can be avoided by changing the address, so the argument for privacy seems pretty weak to me.”

Danielle Citron, professor of law at the University of Maryland, argues that because Zenkel did not publish his corporate email address on NBC’s site, there’s an argument, though a weak one, that its corporate email addresses are private information only disclosed to a select audience.

“Under privacy tort common law, an unpublished home address has been deemed by courts to be private for purposes of public disclosure of private fact tort if the publication appeared online, even though many people know the address offline,” wrote Citron in an email.

“This arose in a cyber harassment case involving privacy torts. Privacy is not a binary concept, that is, one can have privacy in public, at least according to Nader v. GM, the NY [Court of Appeals] found that GM’s zealous surveillance of Ralph Nader, including looking over his shoulder while he took out money from the bank, constituted intrusion of his seclusion, even though he was in public. Now, the court did not find surveillance itself a privacy violation. It was the fact that the surveillance yielded information Nader would have thought no one could see, that is, how much he took out of the bank machine.”

Email is, however, a different case that home addresses, as Citron allowed.

“Far less people know one’s home address — neighbors and friends — if a home address is unlisted whereas email addresses are shared with countless people and there is no analogous means to keep it unpublished like home and phone addresses,” Citron wrote. “These qualities may indeed make it a tough sell to suggest that the email address is private.”

Perhaps ironically, the NBC executive’s email address has now been published by many major media outlets and blogs, making it one of the most public email addresses on the planet. Hello, Streisand effect.

Did Twitter break its own Terms of Service?

Specifically, was tweeting someone’s publicly available *work* email address (available online) a a violation of the Twitter’s rules. To a large extent, this hinges upon the answer to the first issue, of privacy.

If a given email address is already public — and it’s been available online for over a year, one line of thinking goes that it can’t be private. Twitter’s position is that it considers a corporate email address to be private and that sharing it therefore breaks the ToS.

Alex McGillivray, Twitter’s general counsel, clarified the company’s approach to trust and safety in a post on Twitter’s blog:

We’ve seen a lot of commentary about whether we should have considered a corporate email address to be private information. There are many individuals who may use their work email address for a variety of personal reasons — and they may not. Our Trust and Safety team does not have insight into the use of every user’s email address, and we need a policy that we can implement across all of our users in every instance.

“I do not think privacy can be defined for third parties by terms of service,” wrote Cate, via email. “If Twitter wants to say that the company will treat its users’ email addresses as private it’s fine, but I don’t think it can convincingly say that  other email addresses available in public are suddenly private.”

Danielle Citron, a research professor of law at the University of Maryland, argues that because Zenkel did not publish his corporate email address on NBC’s site, it’s private information only disclosed to a selective audience.

“Twitter’s policy about email address stems from its judgment that people should not use its service to publicize non-public email addresses, even though such an address is not a secret and countless people in communication with the person know it,” commented Citron, via email.

“Unless Twitter says explicitly, “we are adopting this rule for a particular reason–such as to prevent people from invading privacy by bombarding the person with unwanted emails,” the company may adopt it for other reasons, such as wanting to protect individuals from phishing or fraud. That rationale is related to privacy, of course, but it would be worth knowing what is behind their TOS. Bright line rules are easy and cheap for intermediaries to administer so the company’s abuse and complaint team may not want to wade into the complexities and reasons behind the posting of the email address.”

The bottom line is that Twitter is a private company with a Terms of Service. It’s not a public utility, as Dave Winer highlighted yesterday, following up today with another argument for a distributed, open system for microblogging.

Simply put, there are principles for use of Twitter’s platform. They’re in the Rules, Terms of Service and strictures around its API, the evolution of which was recently walked through over at the real-time report.

Ultimately, private companies are bound by the regulations of the FTC or FCC or other relevant regulatory bodies, along with their own rules, not the wishes of users. If Twitter’s users don’t like them or lose trust, their option is to stop using the service or complain loudly. I certainly agree with Jillian C. York, who argues at the EFF that the Guy Adams case demonstrates that Twitter needs a more robust appeals process.

There’s also the question about how the ToS is applied to celebrities on Twitter, who are an attraction for millions of users. In the past, Justin Bieber tweeted someone else’s personal phone number. Spike Lee tweeted a home address, causing someone to receive death threats in Florida. Neither was suspended. Neither the celebrities nor offenders referenced, according to personal accounts, were suspended. In another case, @QueenOfSpain had to get a court order to see any action taken on death threats on Twitter. Twitter’s Safety team has absolutely taken actions in some cases but it certainly might look like there’s a different standard here. The question to ask is whether tickets were filed for Lee or Bieber by the person who was personally affected. Without a ticket, there would be no suspension.

Twitter has not commented on that count, under their policy of not commenting about individual users.

Flowing tweets and censorship?

In the wake of this move, there should be some careful consideration by journalists who use Twitter about where and how they do it. McGillivray did explain where Twitter went awry, confirming that someone on the media partnership side of the house flagged a tweet to NBC and reaffirming the principle that Twitter does not remove content on demand:

…we want to apologize for the part of this story that we did mess up. The team working closely with NBC around our Olympics partnership did proactively identify a Tweet that was in violation of the Twitter Rules and encouraged them to file a support ticket with our Trust and Safety team to report the violation, as has now been reported publicly.

Our Trust and Safety team did not know that part of the story and acted on the report as they would any other.

As I’ve written elsewhere, looking at Twitter, censorship and Internet freedom, my sense is that, of all of the major social media players, Twitter has been one of the leaders in the technology community for sticking up for its users.

It’s taken some notable stands, particularly with respect to the matter of fighting to make a Twitter subpoena from the U.S. Justice Department regarding user data public.

“Twitter is so hands off, only stepping in to ban people in really narrow circumstances like impersonation and tweeting personal information like non-public email addresses. It also bans impersonation and harassment understood very narrowly, as credible threats of imminent physical harm,” wrote Citron.

“That is Twitter’s choice. By my lights, and from conversations with their safety folks, they are very deferential to speech. Indeed, their whole policy is a “we are a speech platform,” implying that what transpires there is public speech and hence subject to great latitude.”

Much of the good will Twitter had built up, however, may have evaporated after this week. (Twitter’s evolution on censorship was certainly of note to the Poynter Institute.)

To be clear, I don’t plan on leaving Twitter any time soon. I do think that McGillivray’s explanation highlights the need for the company to get its internal house in order, in terms of a church and state relationship between its policy and safety team, which makes suspension decisions, and its media partnerships team, which works with parties that might be aggrieved by what Twitter users are tweeting.

If Twitter becomes a media company, a future that this NBC Olympics deal suggests, such distinctions could be just as important for it as the “church and state” relationship between traditional newspaper companies or broadcasters.

One question that remains unanswered is why Twitter chose to suspend Mr. Adams, as opposed to simply removing his tweet and publishing it or referencing it at Twitter’s Chilling Effects Clearinghouse.

If the tweets must flow, it’s unclear why they didn’t use that mechanism to remove a tweet as opposed to the far more blunt hammer of suspending an account, particularly that of a journalist. (Twitter did not respond to this question; I’ll update the post if they do.)

Own your own platform

In the larger sense, this episode absolutely drives home the need to own your own platform online, particularly for media entities and government.

While there is clearly enormous utility in “going where the people are” online to participate in conversations, share news and listen to learn what’s happening, that activity doesn’t come without strings or terms of service. The existential challenge for the Internet and society remains is that the technology platforms constitute what many people regard as the new public square are owned by private companies.

While that does mean that a media organization could be censored by a distributed denial of service (DDoS) attack (a tactic used in Russia) and that it must get a domain name, set up Web hosting and a content management system, the barrier to entry on all three counts has radically fallen.

The open Internet and World Wide Web, fragile and insecure as they may seem at times, remain the surest way to publish what you want and have it remain online, accessible to the networked world. When you own your own platform online, it’s much harder for a third party company nervous about the reaction of advertisers or media partners to take your voice away.

tags: , , ,