As Facebook turns off facial recognition in Europe, is this the start of a change for the company?

Meet the new social network, not quite the same as the old social network.

After a long struggle with the Irish Data Protection Commission, Facebook is set to delete the last tranche of data kept from its facial recognition feature, dubbed Tag Suggestions, and turn it off for all users today. It just the latest retreat in a series of changes which may redefine the company.

The Tag Suggestions feature was first announced in December 2010. By using a mixture of information about facial shape and features, and contextual clues such as other people in the same album or picture, Facebook is able to suggest to users the names of other people in photos they have taken. Similar capabilities appear in other software – Apple's iPhoto, for instance, has an offline version – but Facebook's implementation leverages its vast user base to get more data than any competing company could manage.

However, Facebook implemented the Tag Suggest feature as an automatic opt-in for all users. That, combined with the fact that most photos on Facebook aren't uploaded by their subjects – obviously, since someone is normally behind the camera – meant that it necessarily played fast and loose with privacy concerns.

Just six months after it was announced, the first objections were raised in the US, and in August 2011, a Hamburg court became the first to rule that it must be opt-in to comply with local privacy laws. A month later, the Irish DPC began a wide-ranging privacy audit in response to complaints from a user group, Europe v Facebook, which included in its remit the facial recognition issues.

Since Facebook's European operations are based in Ireland – largely for tax reasons, since the company has a corporation tax rate of just 12.5 per cent for trading income – the decision of the DPC has wide-ranging effects. The first report, in December 2011, gave Facebook six months to comply with a number of requirements. "Shadow profiles" – profiles made of people who haven't joined Facebook from information uploaded by their friends – had to go, while data retention for searches and ad-clicks was limited, to six months and two years respectively.

The DPC also required Facebook to provide a prominent warning to its European users that it uses facial recognition technology that automatically tags them in photographs.

It was this last requirement which Facebook seems to have found too hard to comply with. In September, it closed Tag Suggestions to new users, and this month, it is shutting the feature entirely in Europe, and trashing the already collected data.

It's a bold move to take for a company which has, in other markets, been doubling down on facial recognition technology. In June, Facebook bought Israeli company Face.com, for a reported $55m. Face.com was the provider of much of the technology used by Facebook, and the company argued that the transaction "simply [brought]… a long-time technology vendor in house."

The company has always known that privacy concerns are one of the largest hurdles it has to to overcome. In its IPO prospectus, filed in February, Facebook highlighted a number of privacy-related risks to its business, from the publicity pitfalls associated with moving faster towards "frictionless sharing" than it's users are comfortable with, to the hurdles that stricter privacy regulation could introduce.

The facial recognition skirmish is an unusually under-the-radar battle for Facebook, however. Most of its highly publicised missteps involve public information being shared without the explicit permission or notification of users. This includes, for example, the ability of friends to "check in" people in Facebook Places without asking, as well as the various concerns over the frictionless sharing of social readers and apps like Spotify.

In fact, the first major privacy battle Facebook had to fight was over this type of issue, though in hindsight it demonstrates nothing so much as how much more comfortable we've become about sharing online. In September 2006, Facebook activated the News Feed, a feature now associated with the company more than anything other than, perhaps, the "like" button. But at the time, the idea of aggregating all this information – publicly available, but never before displayed in one place – was enough to spark user rebellion.

In what has become typical for Facebook, the company bet the business on people getting used to the new rules of the game. And they did, just like they did with the changed default privacy settings, the creation and promulgation of "@facebook.com" email addresses, and the aforementioned Places feature.

But three recent moves by Facebook suggest that the company may be changing its attitude, both voluntarily and as a forced reaction to circumstances.

The first is the deletion of facial recognition data, as well as the other changes mandated by the DPC. Facebook has always dealt quite well with user discontent – if only by successfully ignoring it – but when the law gets involved, it can be forced to backtrack far further than it normally would. It also means that it can be held to account for infractions of privacy which the average user simply won't notice.

Not many of us realised Facebook was even tracking search data, putting together a profile of us which we can't see, and few would have cared even if we did. But the DPC, like other information commissioners worldwide, has the authority and remit to ensure that data is collected with permission, and not retained indefinitely. Facebook knows it will face these problems with greater regularity as other nations step up to their responsibility to protect their users, and that will surely change its attitude.

The second is that Facebook itself has been backtracking from frictionless sharing, which had the potential to be one of the biggest clashes between it and its users. Andy Mitchell, Facebook's Manager of Media Partnerships, said last month that the company was moving away from it because user feedback wasn't good. This isn't just an issue with people being displeased that what they thought was private was in fact public – although that has happened as well.

For Facebook, the bigger issue is that the results of frictionless sharing just aren't particularly interesting. Sure, Facebook would like to know every news story you read, or every song you play, because it helps them build up a formidable picture of you to sell to advertisers. The problem is that social media is only interesting to anyone else if it allows people to present a curated vision of themselves. Nobody cares about the full list of songs you've played, but they may want to hear the one which is your absolute favourite at the moment. If Mitchell is to be believed, Facebook has come around to this way of thinking. The privacy benefits for users should be obvious.

The third change by Facebook is perhaps the most important. It is that the company is demonstrating a growing awareness that advertisement income alone cannot help the company achieve the goals its shareholders have set for it. It's tricky to estimate a price/earnings ratio for Facebook, since it hasn't released any results since it went public, but Business Insider estimate it's around 32. That means that you would need to hold Facebook stock for thirty-two years for it to make profit equivalent to the amount of capital you've provided them – or, more accurately, it means that the majority of Facebook's shareholders expect it to start making more money.

The problem is that Facebook's previous earnings growth has come largely from user growth. But with over a billion users, it starts to get very tricky to get any growth – the size of the planet is a constraining factor. As a result, Facebook needs to get more money per user.

One way to do this is, of course, to make ad space more valuable to advertisers, and that's what all of the company's social profiling is aimed at; but that's unlikely to be enough. For perhaps the best hint of the future, look to Facebook's recent launch of Facebook Gifts. The tagline is "Real moments. Real gifts." But perhaps the phrase "Real money" should be added there, because that's what is really important. Facebook wants you to spend real money buying gifts for friends through them – and then, of course, take a cut of the transaction that follows.

A Facebook which makes money from the services it provides, rather that providing services as a sidebar to its real business of selling your data to advertisers, is a company which has a vastly longer half-life. I hope they know that too.

The facebook hompage in 2005. Photograph: Wikimedia Commons

Alex Hern is a technology reporter for the Guardian. He was formerly staff writer at the New Statesman. You should follow Alex on Twitter.

Photo: Getty
Show Hide image

2017 is the year we realise we've been doing the Internet wrong

Networks can distribute power or they can centralise it.

A couple of years ago I visited Manchester tech start up Reason Digital. They were developing an app to help keep sex workers safe. The nature of sex work means workers are often vulnerable to crime, crimes which can be particularly difficult to solve because witnesses are reluctant to come forward and crime scenes often public and subject to interference.

Reason Digital thought if they could alert sex workers of relevant incidents in their vicinity – harassment, a foiled attack – that would help sex workers protect themselves.

So, of course, they created an app which tracked the location and habits of all sex workers in Manchester in a central database and sent out alerts based on where they were and what they were doing, right?

Did they hell.

They knew a real-time centralised, location database would immediately be a target for the very people they wanted to help protect sex workers from. Moreover, they wanted their app to empower sex workers, to put them in control. And they knew that sex workers would be reluctant to hand over any part of their hard fought privacy.

So the Reason Digital app kept the location and other data on the sex workers’ smart phone and let it decide which alerts were relevant and what information to share.

That is the kind of distributed, autonomous app putting people in control we just don’t see on the Net.  No, all the apps that improve our lives – from Facebook to Uber to match.com – cull the intelligence and data from the user and stick it in the vaults of a company or, occasionally, a government.

Thankfully, the majority of us are nowhere near as vulnerable as the majority of sex workers – to physical crime at least.

But we are increasingly vulnerable to cybercrime, a vulnerability which will increase exponentially once everything is connected to the Internet of Things.

And we are vulnerable to the exploitation of our data, whether through data mining or algorithmic determinism. Google’s search engine can be “gamed” by extremists, used to strengthen hatred and spread stereotypes. I have also been told one major dating site optimises it matchmaking algorithm for short term relationships – it means more return business. And Uber have admitted it knows you’re likely to pay more for a ride if your battery is low – which it also knows. Our data is what drives services and profits on the Net - but we’re unable to reap the rewards of the value we create.

That’s why 2017 will be the year we realise we got the Net wrong.

Not the underlying internet, designed by the public and third sectors in the seventies to be as distributed and autonomous as possible.

Or even the World Wide Web, invented in the nineties by the public and private sectors, again without central control.

But the apps developed in the last couple of decades to use the infrastructure of the internet to deliver services.

Networks can distribute power – like the electricity power grid –  or they can centralise it – like old boys networks.

Increasingly, I fear the Net is doing the latter.  And for three main reasons.

Firstly, a technical legacy of the early internet: in the days of slow broadband and unreliable devices it made sense to transmit as little as possible and control your user experience by centralising it. That problem is by and large history, but the centralisation remains.

Secondly these apps were mainly developed by a small group of privileged people – white, male, relatively well-off engineers. That’s why, for example, the biggest campaign of the early  internet pioneers was against porn filtering. Yes, for many years the most inspirational internet civil rights struggle was for rich western men to have absolutely untrammelled access to porn. So often I was the only woman at the conference table as this issue was raised again and again, thinking ‘is this really the biggest issue the tech community faces’?

But there is a seam of libertarianism in technology which sees it as above and beyond the state in general and regulation in particular. Even as a replacement for it. Who needs a public sector if you have dual core processing?  When tech was the poor relation in the global economy that could be interesting and disruptive. Now tech is the global economy, it is self-serving.

And thirdly these apps were developed in a time of neoliberal consensus. The state was beaten and bowed, shrunk to its role of uprooting barriers and getting out of the way of the brilliant, innovative, invisible hand of the private sector.  When I was at Ofcom in the 2000s we strove valiantly, day and night, to avoid any regulation of the internet, even where that included consumer rights and fairer power distribution.

As a consequence now the Net is distributing power but to the wrong people.

  • It’s not empowering the poor and dispossessed but the rich and self-possessed.
  • It’s not empowering sex workers in Manchester but criminal cartels in China.
  • It’s not empowering the  cabbie in Coventry but the $62Billion Uber everywhere.
  • It’s not empowering the plucky little startup in rural Hexhamshire but the global enterprise headquartered in Bermuda.
  • It’s not empowering the Nigerian market woman with a yam to sell but the Wall Street stockbroker with your data to market.
  • It’s not empowering the Iranian dissident but the Russian state.

That’s a betrayal of the power and original purpose of the net: for greater human empowerment.

To be sure some of that is happening. The Arab Spring, for example  Campaigns for the tampon tax and Black Lives Matter are enhanced by the web. Apps such as Pol.is and MassLBP look to make 

digital democracy work. Institutes like Newcastle’s Digital Civics Institute are working at systems to enable real democratic collaboration. Groups and enterprises such as Medical Confidential, MySociety, Cap Collectif and Delib try to deliver control back to the citizen consumer. European research project d-cent has helped develop tools that can make deliberative democracy work.

But against that we have the rapacious data centralisation of big companies and, at times, the state.

What we need is a government that is capable of leading and inspiring the tech sector to empower citizens and consumers. Ignoring the libertarian technocrats who say it’s for them to determine how tech power is distributed and remembering that the white heat of technology should be at the service of the people, not the other way round.  This government has neither the capacity nor the will to take on that mission. As part of our review of industrial strategy, Labour will be examining ways in which tech can be empowered to deliver the economy we want, and people empowered to make the best use of it.

Tech and politics are the twin drivers of progress, and I’m lucky enough to have worked in both. If there is one thing we have seen it is that as people become richer they have fewer children, more education and a greater sense of privacy and autonomy.  2017 is the year to start giving back to the people the data and control they should never have lost.

Chi Onwurah is the Labour MP for Newcastle upon Tyne Central, and the shadow minister for industrial strategy.