But Zittrain said there may be an even more promising way to keep Facebook from acting against its users’ interest. In an unpublished paper that he is writing with Jack Balkin, a Constitutional law professor at Yale Law School, Zittrain recommends that certain massive repositories of user data—like Apple, Facebook, and Google—be offered a chance to declare themselves “information fiduciaries.” An information fiduciary would owe certain protections to its users, closing the “disconnect between the level of trust we place in [online services] and the level of trust in fact owed to us,” according to the paper.
The key to this idea? Facebook might opt into this regulation itself.
Right now, many technology companies are restricted by overlapping state data-privacy rules. These laws impose a fractured and sometimes conflicting set of rules on the companies themselves. As Zittrain and Balkin write:
California, for example, requires companies who accidentally expose their customers’ personal data to notify those customers of such potential breaches. While the California law by its terms only requires such notifications to customers in California, companies end up notifying everyone in order to avoid leaving any Californians out.
Trying to comply with the whole body of interstate privacy laws has led some companies to say they would support a single federal privacy standard.
Technology companies might not even have to de facto comply with this law—instead, they could opt into compliance. There’s precedent for this: The Digital Millennium Copyright Act of 1998 formally required companies to do very little to combat copyright abuse, but if corporations complied with its scheme, they were given broad legal immunity from the copyright abuse of their users.
“In the years since the DMCA’s passage, nearly all major intermediaries conform to its processes in order to avail themselves of the immunity,” says the paper. “While the copyright industries no doubt would have liked those processes to be required outright—and perhaps made stronger—they achieved a meaningful and lasting policy success in a difficult political environment.”
Zittrain and Balkin want to extend this kind of privacy immunity to Facebook, Microsoft, and the other large tech companies—if they agree to act as data fiduciaries. They recognize that this means the information-fiduciary standard would have to be very good, but “such a trade-off offers a clear path to implementation against skeptical and otherwise-near-implacable opposition by the firms to be affected,” they write.
Beyond that, there’s one more way that Facebook could avoid allegations of bias. Zittrain thinks Facebook, as a kind of data wholesaler, ought to make a straight feed of its friend activity available to all users. Then users could run their own News Feed-style algorithm on the data, and Facebook’s algorithm would merely be one premiere option.
“It’s extremely limiting, it’s as if an iPhone could only run software from Apple,” he said of the current regime.
It is also, he admitted, unlikely. “Even though I’m in favor of that,” Zittrain told me, “I don’t see a legal hook.”
* This article originally stated that John Thune is a senator from North Dakota. We regret the error.