This article examines social networking services from a privacy standpoint, looking at key issues such as access, control, limitations and trust. Websites’ privacy policies and their weaknesses are also examined, by using the well-known social networking service Facebook as an example of how these services can compromise users’ security.

Gaining Access

The virtual communities of social networking websites have rapidly developed in recent years. For instance, facebook.com ranks second on US Quantcast rankings, with over 130 million visitors per month from the US alone. Other social networking sites, such as MySpace, Twitter and LinkedIn rank within the top fifty most visited websites in the US.

Upon joining a social networking site, users provide personal information to create a profile, which may include their name or username; birth date; photos and videos; hometown; location; religious beliefs; ethnicity; personal interests and other identifying information. Through their profile, users make links with other people on the site, whether they are existing friends and family, or new acquaintances. While some users create their profiles to communicate with their circle of friends, information on social networking sites can all to easily be accessible to the public, employers, the press, academic staff, law enforcement and more.

Many social networking websites have restrictions for membership, which limit who can have access to users’ information. MySpace requires users to be at least thirteen years old, while Facebook is open to anyone. Sites like LinkedIn require users to be invited to the network, in order to show that they are part of a professional community. Despite these membership restrictions, social networking sites facilitate the sharing of digital information at a large scale. Distribution of information may be done by members within the network, or by the website itself. Sharing member information with third party advertisers is a common practice for many social networking sites.

Limiting Control

Once users put their information online, they relegate much of their control over it. Information is transmitted much faster through an online social network than through a “real” or offline network. Even though people in the real world do not all have the same access to an individual’s personal information, on a social networking site, every “friend” has access to whatever the user may choose to put online.

There are various reasons for a user to limit the access to their personal information. Since digital information is shared amongst a group of people, it could be collected and stored for an undefined period of time. This may be harmful to the individual if the information is in the possession of someone for whom it was not intended.

Many social networking sites maintain files of users that try to reflect his/her identity as accurately as possible. Content is contributed by the user along with other members of the website. Users may have problems with how much control they actually have over their own online identity. Some social networking sites also have access to the user’s personal information from other websites.

Most social networking sites are free of charge; however, they depend on third-party affiliates to generate income. Many social networking sites collect and sell user information in the form of marketing profiles. One example of this is the targeted ads used by Facebook. With this program, third party advertisers use information from a users’ profile to create personalized advertising content. Currently, Facebook does not allow users to opt out of receiving such content.

Limited user control of information could lead to dangerous outcomes. Combined with loose access limitations, it may become difficult to prevent information-based harm. For instance, users of social networking services may unwittingly be putting themselves at risk for identity theft. Studies have shown that it is easier than one might imagine to guess a social security number. With knowledge of one’s address and current employer, a burglar may know when a house is empty. With lax restrictions on information collection, information processing and information dissemination, users of social networking services may be poorly protected from such harmful outcomes.

Privacy Safeguards

From a privacy standpoint, trust is a key concept for social networking sites, among other online interactions. Trust is closely linked to information disclosure and social exchange. If users believe that the disclosure of information will be beneficial to them, then they are more likely to enter into a relationship with the social networking service.

However, researchers believe that the level and basis of this trust is not well understood. Despite numerous incidents, millions of users continue to join and participate in social networking sites, adding more and more personal information to their profiles. Unfortunately, the type of privacy expected and provided by social networking services is often undefined or inadequately defined.

Default privacy settings on many social networking sites do not offer a high level of privacy protection. They often allow a large amount of personal information to be accessible to any viewer. This may include blogs, comments, profile photos or videos.

Many social networking sites have privacy policies that appear as disclaimers that a user must accept to continue using the service. Through his/her acceptance of the terms and conditions, the user waives some privacy rights and other privileges over his/her personal information. Critics have pointed out that many of these privacy policies suffer from:

• Lack of visibility: Many privacy policies are mentioned once in the “terms of use,” which users must accept in order to continue. As these privacy policies are constantly changing to accommodate new features, services or demands, updated versions should be made visible on the website.
• Provide inadequate information for users: Users are largely unaware of any changes to the social networking service, or the results that may occur from these changes. Users are also kept in the dark regarding any third party service providers the site may share information with.
• Lack of independent review: The majority of social networking sites lack an independent monitoring system.

Example: Facebook

Due to its great popularity, Facebook has received much attention for its actions regarding user privacy. Since 2006, Facebook has made numerous changes to its privacy policy, which has been problematic for privacy watchdogs and users alike. A number of its significant changes and privacy breaches are outlined below:

• 2006: User information started to be shared with the public as well as third-party application developers. Facebook users were misled to reveal personal information that had once been protected.
• 2007: Facebook’s Beacon program disclosed users’ personal information without their knowledge or consent. This was a violation of a number of federal and state laws, including the Video Privacy Protection Act; California’s Computer Crime Law; the Electronic Communications Privacy Act; and the Computer Fraud and Abuse Act.
• 2009: Facebook made significant changes to its Terms of Service, declaring that it retained broad and even retroactive rights to users’ information, even after their accounts had been deleted. In the face of public outcry, Facebook was forced to overturn the changes.
• 2009: The Privacy Commissioner’s Office of Canada found Facebook violated the Personal Information Protection and Electronic Documents Act (PIPEDA).
• Currently, publicly available information on Facebook includes: names; profile photos; list of friends; pages that members are fans of; gender; geographic regions; and networks that members belong to.

Summary

This article introduces key privacy and security concepts surrounding social networking sites. While such sites have seen incredible popularity in recent years, they are also potentially dangerous tools, as they provide almost unrestricted access to the personal information of hundreds of millions of people worldwide. The article looks at issues of access to such information, how access is limited and how privacy and trust affect users of social networking sites. The article also explores some shortcomings and potential privacy risks, through a brief examination of Facebook’s privacy policies and their changes over time.

CIPP/IT Preparation

In preparation for the Certified Information Privacy Professional/Information Technology exam, a privacy professional should be comfortable with topics related to this post, including:

• Privacy by policy, notice and choice (III.A.a.)
• Social networking services (VI.C.)

Introducing Google Buzz

Google launched what it expected would be the Twitter/Facebook competitor, Google Buzz on February 9, 2010. It was advertised as “a new way to share updates, photos, videos and more, and start conversations about the things you find interesting.” Buzz was designed to integrate with Gmail – which already had over 146 million users at the time of the launch – and other interface interaction elements with other Google products, such as Google Reader.

The service can also be accessed through supported mobile devices. The mobile version of Buzz is integrated with Google Maps, in order to let users know their location and identify other users who are around them.

Buzz was received with great interest. In the first two days after its launch, tens of millions of users created over nine million posts and comments. On average, there were over 200 posts per minute through mobile phones worldwide.

Responses

However, not all responses to Buzz were positive. Immediately after its introduction, privacy-minded users noticed that Buzz automatically set them up with followers and people to follow. This group of followers is chosen based on the contacts the user emails and chats with the most.

Another issue of concern was that the people a user follows and the people that follow the user are made public to anyone viewing the user’s profile. This is the default setting, which allows anyone who views a profile to see the people who a user chats with or emails most. The implications of this setting were worrisome to some users. For instance, a boss may discover that a subordinate has frequent email contact with executives at a competing firm.

What was distressing to most critics was that Google did not openly explain how the publicly viewable follower lists were determined. Buzz’s unclear opt-out approach put many users in the position of unknowingly sharing personal information. It is clear that Google’s choice to design the lists to show publicly by default was a strategic decision to get as many people using Buzz as quickly as possible. While it may be a helpful setting for some users, others may not feel comfortable with sharing with the world who they email or chat with most.

This glaring privacy flaw was brought to the spotlight two days after Buzz was launched, when Harriet Jacobs saw her personal information revealed to her ex-husband and his abusive friends. Unfortunately, Google automatically allowed her most frequent contacts to view her Google Reader, all the comments on her Reader, as well as her current location, workplace and other sensitive information. Her most frequent email contacts happened to be her ex-husband, his friends and other hostile blog commenters. She was unable to block these users as she never created a Google profile or Buzz profile, which left her unable to prevent them from following her.

Making Changes

Within three days of launching Buzz, Google issued a public apology and made some changes to the program in response to the widely-publicized consumer privacy concerns. It added a more visible opt-out selection to allow users to choose not to show their connections or followers on their profile. This was a rapid response to user concerns, especially when compared to Facebook’s Beacon privacy problems in 2007, which took over a month to resolve.

Although the changes were a positive step in terms of supporting user privacy rights, critics pointed out that Google did not go far enough to address immediate concerns. For instance, the selection box for sharing followers was checked by default. Since this is an option for sharing private or sensitive information, many argued that the box should be unchecked. Given its nature, it would be best to leave that as an opt-in feature.

Furthermore, the opt-out selection did not give users an adequate explanation as to what they were allowing Buzz to publish. Users were not informed that Buzz would publish the list of people they email and chat with most. Although the privacy settings could be adjusted, the problem was that most users do not know how to change these settings. The majority of users simply click “save and continue” until the application is fully set-up, unfortunately reading little of the information contained in the dialog boxes. This made it clear that Google’s changes were an inadequate response to the scope and implication of user’s concerns.

In April 2010, privacy officials from Canada, Germany, France, Ireland, Israel, Italy, the Netherlands, New Zealand, Spain and the UK raised privacy concerns regarding Google Buzz, as well as other Google services. The letter pointed out that even months after its launch, Buzz was still disregarding its user’s privacy rights, despite Google’s promises to the contrary.

Opt-In vs. Opt-Out

Opt-out mechanisms give users the opportunity to express non-agreement to a specific purpose. Unless the user takes action to opt-out, the organization assumes consent and proceeds. The organization should clearly inform the users that failing to opt-out means that the user consents to the use or disclosure of information. For instance, the Google Buzz box presented users with the opt-out choice with a pre-checked box that read, “Show the list of people I’m following and the list of people following me on my public profile.”

Opt-in consent is often referred to as “express consent.” With opt-in consent, the organization presents the users with the opportunity to express positive agreement to a stated purpose. Only with the user’s action will the organization assume consent. Opt-in consent is considered the strongest form of consent. The Privacy Commissioner of Canada encourages organizations to use this form of consent wherever it is appropriate, as it is least likely to result in misunderstandings and complaints.

In the Google Buzz case, an effective opt-in statement for new users might have been a checkbox reading “Show the list of people I’m following and the list of people following me on my public profile. Right now, the list is made up of people you email and chat with most.”

Recommendations

Jennifer Stoddart, the federal Privacy Commissioner of Canada expressed her unease over how such a problematic application like Buzz was launched for public use in the first place. Stoddart did not support the decision to release Buzz in its “beta” form, as it should have demonstrated compliance with fair information principles before it was introduced. She felt it was unacceptable to launch a product that had such significant privacy issues, with the intention of addressing those problems only as they arise. This was also not the first time Google made a glaring privacy error, as Google Street View was launched earlier, without consideration of privacy, data protection laws or cultural norms.

Stoddart and the Privacy Commissioner’s Office sent Google a number of recommendations that would enable it to integrate fundamental privacy principles into its online services. The recommendations included:

• Collecting and processing only the minimum amount of personal information that is necessary for achieving the purpose of the product or service.
• Providing clear, unambiguous information regarding the use of personal information.
• Allowing users to provide informed consent.
• Creating privacy-protective default settings.
• Ensuring that privacy control settings are clear and easy to use.
• Ensuring that all personal data is adequately protected.
• Giving users simple procedures for account deletion.
• Honoring user requests in a timely manner.

Summary

This article examines privacy issues raised through the launch of the social networking program Google Buzz. It outlines some critical responses to the privacy settings and risks that the application exposes users to. The article also explores opt-in and opt-out consent mechanisms. Finally, the article takes a look at the Canadian Privacy Commissioner’s response and recommendations to Google Buzz.

CIPP/C Preparation

In preparation for the Certified Information Privacy Professional/Canada exam, a privacy professional should be comfortable with topics related to this post, including:

• Online privacy, online data collection (V.B.c.)
• End user expectations (V.C.c.a.i.)
• End user preferences, opt-in vs. opt-out (V.C.c.a.ii.)

It’s a jungle out there

Disorder and confusion everywhere

No one seems to care

Well I do

Hey, who’s in charge here?

It’s a jungle out there

With cloud computing, individuals with average or even basic computing skills have been able to make use of high tech applications, software and other technologies. In turn, this has increased productivity and encouraged interaction between different users and platforms. However, it has also created a nebulous area within data protection laws concerning data ownership, access and privacy rights. Far more of an individual’s information and data may be available to third parties and the public than they may realize.

What is Cloud Computing?

Cloud computing is a broad concept which contains many types of technologies, applications and systems.

The official definition from the National Institute of Standards and Technologies states: “Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.”

More simply, cloud computing allows users to use the Internet to make use of a an application, software or service. In this way, a user does not need to have the computer expertise or the storage or networking capabilities to utilize highly technical applications.

Cloud computing contains many layers:

Cloud Clients are hardware systems which make use of the cloud. This includes Mobile clients such as the iPhone and Windows mobile and Thin Clients which have limited processing power and use network connectivity to perform most functions.  They also include Thick clients such as the typical computer which conduct many processes without connection to a network. Thick clients use web browsers to make use of cloud computing technologies.

Cloud Applications include peer-to-peer programs such as Skype, and web applications such as Twitter and Facebook. It also includes Security as a Service and Software as a Service (SaaS) which provide small businesses with security and business management related software on-demand, through the Internet.

Platform as a Service allows developers to create and support their own applications through the Internet and does not require the personal use of their own network or storage capabilities to run or host the application.

Infrastructure as Service allows users to purchase all outsourced computer services from one vendor on a per use basis instead of paying for each service individually.  

Risks Involved with Cloud Computing

Privacy Risks– In current U.S. information privacy law, particularly the Electronic Communications Privacy Act, data hosted with a third party is not as strongly protected as data stored on an individual computer or network.

• Under current data laws anything posted to Facebook or Twitter, any messages sent through Gmail or other web based email providers, any document shared with Google docs, basically any information uploaded to cloud computing services, can potentially be subpoenaed by law enforcement officials, as provided for under the Patriot Act, without ever notifying the consumer.
• Because technology has grown faster than the government’s ability to regulate it, there are fewer legal regulations protecting data in the cloud from unauthorized use and disclosure and few systems in place to investigation and prosecute violations.

Vendor Risks– As more businesses use Software as a Service to complete business functions, they need to make careful decisions regarding the vendors they use.

• Reliability– Placing data in the cloud means that a business relies on their vendor for business functions. Problems with a vendor, such as data outages, bankruptcy or legal issues may result in disruption of business activities.
• Accountability– Service Level Agreements or End User License Agreements should be signed to protect both parties. These are agreements created between the provider and consumer of a software or service which outline the responsibilities, capabilities and rights of each party.
• Transferability– While it is convenient to upload data to a cloud service so it can be accessed anywhere, such services are notorious for creating difficulties in downloading data. As of now, there are few services that allow bulk downloads, which means data may only be downloaded one or a few files at a time. Furthermore, some services may charges fees for you to download the data. This may make it extremely difficult to switch your information to another vendor.

Accountability Risks– Though data may be placed or serviced by a third party, the consumer is still responsible for the security and integrity of the data.

• Since the user will not have personal control over which individuals are given the authority to access and service their information, users should look into a vendor’s hiring and employee policies. Many cloud services deal with sensitive or protected and data and it is the responsibility of the user to make sure their information is adequately protected.
• Because data is not stored locally on the user’s computer, often the user may not know the exact location of their data. It is possible that a vendor may store data in facilities located outside the jurisdiction of U.S. or E.U. data protection laws. Users should check a vendor’s policies to make sure they comply with all information privacy regulations.  A breach to these regulations and any resulting unauthorized disclosure of a consumer’s personal information, will be the responsibility of the user and not the vendor.
• Even with the faster, more reliable, more secure systems that cloud computing offers, there may be incidents of data loss, unauthorized disclosure and misuse. Users should work with vendors that contractually allow for investigations into such incidents and have a history of looking into such incidents. Users should also be aware that investigations with cloud computing services are often extremely difficult because information is stored on various hosts and servers alongside the information of many other users as opposed to personal networks and applications which have a smaller number of storage facilities and system users.

Data Loss- While using a cloud service may prevent against the loss of data should a user’s computer or storage facilities fail, it also creates many more opportunities for the loss of data.

• Data on web based service networks is stored along with the information of hundreds, thousands or even millions of users. While encryption is widely used to protect data it does not guarantee complete safety. Wrong encryption can occur creating data that is completely unreadable and/or unrecoverable. A user has little control over the technologies and methods used to protect their data when using a cloud computing service.
• Data outages and natural disasters can wreak havoc on a user’s ability to utilize a service. In October 2009, a number of T-Mobile Side Kick subscribers lost important information such as their contacts, calendars, and other data involved with applications when Danger, a Microsoft Service, experienced outages and data loss. Users should be aware of a service provider’s policies for disaster recovery management.
• Data stored by a third party can potentially be made inaccessible or destroyed by that party. Amazon recently deleted a number of purchased copies of 1984 from Kindle users computers during a copyright dispute. While the action was not an attempt at censorship, the incident raised serious issues at the rights of e-book owners and the potential for censorship in the future.
• Similarly some services, like Flickr, limit the number of uploaded documents that can be accessed unless a paid account is purchased. Other services, such as Facebook and Myspace fail to delete photos and other data immediately after the delete request has been made, and may take months for the data to be completely removed. This denies users the ability to control the destruction of their data.

Summary:

Cloud computing has been a remarkable development in computing technology. It allows for high levels of specialization so that a small group of individuals, with expertise in a particular area can create a specific service and make that service widely available through the Internet. Such specialization has created giant leaps in technological capabilities. It has made information mobile, across locations and devices and revolutionized the way people share, store and consume information. However, it does not come without its risks. Until information privacy laws can catch up with the changes in technology, consumers must be personally responsible for learning about, monitoring, and protecting against the risks associated with sharing data in the cloud.

While another social networking site geared for business, LinkedIn, is trying to expand its scope past online resumes and network introductions with new beta features such as job listings and company information, many professionals have begun expanding Facebook’s reach past the under 30 ranks by friending their co-workers.  Wired magazine’s July issue suggests Facebooking is even a requirement at the office, to personalize relationships and thereby increase productivity.   Turns out the latest privacy protections are showing up just in time.

A Harris Interactive poll sponsored by Career Builder shows that 45% of employers are using social networking sites in making hiring decisions; 11% more plan to do so shortly.  That number skyrockets to 63% of those companies in the Information Technology space.  There are regulations regarding what information may be collected and used for Human Resources decisions in the US.  Unless someone is posting their Social Security Number or bank account information online, most of those regulations have nothing to do with network centric scrutiny.  Separating the white collar from the weekend is where the privacy features will become paramount.