Facebook logo. (JOEL SAGET/AFP/Getty Images)
This week was both fantastic and terrible for Facebook. Its latest earnings report shows the company has become an unstoppable force whose user growth and profits are immune to its never-ending parade of privacy and security breaches. Even the FCC appears willing to back down from its confrontation with the company and slap it with a fine that amounts to just a tiny fraction of its quarterly profit, making even legal violations nothing more than the cost of doing business. At the same time, Facebook confronts newly emboldened regulators around the world all clamoring for their own chance to bring the world’s most powerful gatekeeper to heel. The only problem is that Facebook may already be unstoppable.
Facebook has much to cheer about.
As has become increasingly clear, the public no longer seems to care about their digital privacy or security.
Despite breach after breach after breach after breach, users aren’t leaving and aren’t demanding any changes to the company’s business practices. In fact, Facebook is only growing bigger as more users clamor to jump onboard the privacy wreck.
Is Facebook simply too large to regulate or change? The answer is that it isn’t just Facebook that seems immune to the death sentence that was historically the outcome of a major breach.
Ashley Madison explicitly credits its massive 2015 security breach in powering its spectacular renaissance, giving it enormous free global media saturation that has driven incredible growth.
It seems the laws of gravity that once applied to security and privacy breaches have been redefined in 2019. Rather than harming a company, having a major breach that garners global headlines can actually be a tremendous boost to a company.
Facebook has learned over the years that while the public is quick to complain about privacy and security issues, they are unwilling to take action to demand change on those fronts. After all, it was just under a decade ago that Facebook fought its first major privacy battle, with the same endless privacy headlines, policymaker threats of regulation and predictions of mass user defections, none of which came true.
Each time there is a public uproar over privacy, Facebook simply waits it out, safe in the knowledge that we no longer care enough about our digital safety to actually give up our membership in its exclusive walled garden.
Similarly, governments are loathe to regulate the very company they depend so heavily upon to win reelection.
Facebook has become a master at calling governmental bluffs. In the aftermath of an almost endless deluge of potential GDPR violations, the company has amassed case after case of egregious deviations from the protections afforded by GDPR, redefining its provisions to its own business needs. To date the European Union has offered only that it is “investigating” the matters but has taken no meaningful action against the company and it is likely that any GDPR-related actions will be litigated in court for years.
Even if the company is fined billions of dollars, the simple fact of the matter is that a few billion dollars against Facebook’s enormous quarterly profit is merely the cost of doing business just like the utility bills and bandwidth costs of its data centers.
If Facebook can get away with doing whatever it wants for a grand total of a few billion dollars of fines a year, it can recoup that cost in a matter of weeks.
In fact, the company predicts the ultimate outcome of the wide-ranging FCC investigation of its consent decree violation will merely be a fine of a few billion dollars and potentially a new consent decree. Given that the Facebook didn’t view the last consent decree as terribly binding on its business practices, it is unclear what good a new agreement would do.
The simple fact of the matter is that Facebook is so massive that even billion-dollar fines can be readily absorbed as the cost of doing business.
In many ways, an apt example is a speeding ticket in the United States. To someone barely making ends meet, a speeding ticket and the attendant fines and insurance rate increases may force them to sell their car or even bankrupt them. To a billionaire supercar owner, they could likely pay the fine out of the cash in their wallet – it simply has no incentivizing impact on their behavior. To address this, many jurisdictions will suspend the driver’s license if they receive too many tickets, ensuring that wealth alone cannot place someone entirely above the law.
Yet, when it comes to social media companies, the maximum penalties they can confront today in most countries are fines that are so small as to amount as nothing more than an annoyance.
In cases where companies face actual legal jeopardy, such as copyright infringement in the United States or hate speech in Germany, the company has invested heavily in addressing the issues, demonstrating that legislation or the threat of it can have a powerful incentivizing impact on their actions.
In the United States anti-monopoly laws have had little practical impact on social media companies because they don’t charge their users a fee, while their impact on the prices charged to advertisers has presented a more complicated picture for regulators.
However, as Facebook’s internal correspondence continues to surface through whistleblowers, leaks and disclosures, the company’s view of its user data as having very real monetary value could make it more vulnerable to such regulatory intervention.
Yet, as calls for regulation grow, the company’s ability to silence criticism and debate has been on increasing display.
The company did not respond to a request for comment on these issues.
Putting this all together, we really must ask as a society if Facebook is now simply too powerful to regulate. Powerful companies have long given way to new upstarts, been constrained by regulation or even broken up.
Yet, no company in history has ever held the power Facebook does over information itself.
Social media platforms quite literally control who speaks to the President of the United States and what citizens are permitted to talk about with their elected officials. They have even actively intervened in foreign elections to interfere with the information environment in ways that actively harmed one of the parties and today actively ban a number of democratically elected political parties in Europe, including ones holding seats in the European Parliament.
If Facebook was confronted with a legitimate threat to its very existence, it would be within its technical capabilities as a company to intervene in elections across the world to elect anti-regulation candidates, block elected officials from talking about regulation or hearing regulatory concerns from their citizens and even ban all society-wide discussion and debate about regulation.
The capacity is there, Facebook merely has to flip an algorithmic switch to enable it.
In the end, the only question is what it will take to awaken the sleeping giant.