Each internet epoch grows more complicated and defies previous analogies. We can sit around and bemoan a failed internet felled by splinterization, misinformation, and a lack of incentive to regulate itself. Or we can look to other industries for solutions, which may be imperfect but possibly instructive.
Let’s look at Facebook, which we’ll use as a very worthy stand-in for all social media, and see how it might apply the tenets of the approach called “Know Your Customer” (KYC), which is an important regulatory and compliance pillar of the banking and payment industry.
There’s no doubt social networks are lax when it comes to knowing their customers. In a May 2019 report, Facebook noted that it “disabled 1.2 billion fake accounts in Q4 2018 and 2.19 billion in Q1 2019.” With over 3 billion fake accounts removed, you might think “problem solved,” right? Actually, no. There are so many accounts to disable because the onboarding process for new users is so easy–way too easy. In the same report, Facebook suggests that about 5% of active monthly users are fake. It’s not a perfect analogy, but if 5% of the Wall St. Journal’s articles were fake, it would not last long. On Facebook, nobody cares. Or at least hardly anyone did until the last few years.
Another indication that fake accounts are of little interest to Facebook was amusingly described in a 2018 NY Times article by Jack Nicas. He found that there were “205 accounts impersonating Mr. Zuckerberg and Ms. Sandberg on Facebook and its photo-sharing site Instagram, not including fan pages or satire accounts, which are permitted under the company’s rules.” Some were scams, some misinformation, others maybe just some fun. Talk about low hanging fruit!
The stakes get more serious. One part of the 2016 Russian disinformation campaign, according to a Facebook internal investigation, was initiated by twenty or thirty fake Facebook accounts in St. Petersburg, Russia, which promoted 120 pages of misinformation. That, in turn, led to “80,000 pieces of content that reached 129 million Facebook users.” (See page 373 in Steven Levy’s excellent book “Facebook: The Inside Story.) When Facebook doesn’t know who is on its service, that can have gigantic negative consequences for society.
Banks used to have a big problem with fake accounts that were used for money laundering and tax evasion. The money in the accounts was real, but the associated customers were not. In 2001 the Patriot Act (Section 326) introduced a requirement for banks to ‘know’ their customers. This has spawned a small industry that helps banks verify customer identities and meet other KYC requirements. KYC has helped clean up banking, and a similar requirement for internet social networks might help clean up social discourse.
The central pillar of KYC is that the customer must identify themselves as a real person (or business or organization) and that information must be verified. Facebook claims to “require people to connect on Facebook using the name they go by in everyday life” but that claim is false. How else to explain billions of fake accounts routinely disabled, or hundreds of fake Zuckerbergs existing for years? Only one of the Facebook Zuckerbergs, the real one, could easily open a bank account.
Why doesn’t Facebook care about knowing its customers and advertisers? Mainly it’s because while you may think you’re Facebook’s customer, their real customer is an advertiser who wants to reach you with its message. You, as many have said, are not the customer but rather the product. But in addition, there’s a cost to doing a KYC search. And there will be revenue lost from turning away people who enable more page views and thus more advertising dollars, not to mention turning away advertisers themselves who are misidentified. But it’s obvious Facebook could easily afford it. Its revenues are growing at more than 25% per year, and its profits per dollar of revenue are among the highest in business. And after all, you’d think it would be appealing to those advertisers to know they were talking to real customers, even if there were fewer of them.
How could KYC help clean up social media? Many political bad actors have been foreign trolls, often pretending to be US citizens. Those would be gone. Facebook already took steps in this direction by requiring that U.S. political ads be paid for in dollars. (Can you believe they didn’t have a system to flag it when the Russian ads in 2016 were paid for in Rubles?) Posts from trolls of any type are often amplified by bots, which are fake personas, and thus would also be gone. Those who incite violence or otherwise violate social media policies could be banned for life. Today, shutting down one fake account often leads to the same bad actor routinely and easily opening another (another Jack Nicas gem here). Scammers would have a much harder time pretending to be celebrities or friends or relatives of celebrities. And when things get way out of hand, like inciting a riot, Facebook would have actual contact information for law enforcement.
It’s also true that in some situations a KYC policy could be extremely dangerous. For example, few dissidents would be willing to reveal full identities to social media companies. There are obviously details to be worked out. Perhaps an intermediary layer or company could emerge that vouches for and maintains the authenticated identities, for example. But banks have proven that it is possible to know your customers, with high reliability. Some in the banking industry have decried KYC as an unwelcome invasion and centralization of power, however. Privacy advocates and crypto enthusiasts have been the most outspoken. Michael Casey writes about this in his Money Reimagined column at Coindesk.
KYC tenets would not solve every problem, but they could start to chip away at some of the identity issues. The internet has transformed itself many times since its inception. So has our conception of privacy and citizenship. A recent Pew Study optimistically predicts that by 2030 we’ll see a new recognition of the role of social media in a democracy. Some of the changes it foresees will be regulatory, some natural evolution. Old social media paradigms for monetization will fall by the way, for example. And some will be technological advancements like wearables and IoT devices that create a more organic relationship to privacy and data. Could a variation of KYC principles be part of the solution? Share your thoughts.