ITU News

Tells you what's happening in Telecommunications around the world

中文  |  Español  |  Français  |  Русский  |  download pdf
                     

Social networks
The death of privacy?
 
image
Photo credit: AFP

Freely sharing ideas and information through social networks is becoming the norm. But in the process we implicitly give away data about our interests, location or health. When content from users of social networks is effectively owned and disseminated over the Internet by third parties, those users may experience immense difficulty in removing or altering it.

Although many social network providers are careful to preserve users’ ownership of user-created and user-generated content, the meaning of this ownership is questionable where social networks reserve the right to modify, publish or distribute content as they wish.

Recent changes in the default settings of some popular social networks have prompted a heated debate, raising the question of whether or not the general public cares about “privacy” at all. This article considers some of the ways that social networking services may affect our privacy, and looks at the trade-off between openness and its inherent risks.

Privacy and security: What is the difference?

Privacy is not the same as security. Breaches in security generally concern unauthorized access by non-accredited persons to protected coding or written language. For example, a social network can fall victim to hacking, a computer virus or worm. But if no exploitation of users’ personal information arises from the attack, there is no loss of privacy.

Loss of privacy involves unwarranted access to private information, not necessarily as a result of a breach in security. For example, some social networking sites — to whom users have consented to give ownership of their personal data — may have subsequently supplied these data to academic researchers and marketing companies.

Social networking sites are clearly attractive targets for breaches of both privacy and security. Anyone who breaches a site’s security can easily obtain private — and valuable — information on a large number of users.

Illicitly obtained data can be used — and sold — repeatedly. According to the United Nations Interregional Crime and Justice Research Institute (UNICRI), the value of stolen personal data depends mainly on the country of residence. In March 2010, a set of personal data cost around USD 7 on the global black market. The value to a cybercriminal of the personal data held by a social network with millions of members would be immense.

According to some ICT industry experts, the possible harm to individual users from unauthorized access to data depends on how much a user engages in a social networking site and the amount of information a user has been willing to share. This point was underlined by New York Times readers in a recent debate over the potential role for government in protecting privacy on social networking sites. Many people consider that it is up to users to take responsibility for the information that they share about themselves.

Geolocation

Indexing information by location will become increasingly important, especially in real-time. The uses of such information are expanding, from identifying people’s current location and movements, to offering augmented reality services such as travel guides (where it is important to know which way you — and your mobile device — are pointing). Virtually all projections for sales of Global Positioning System (GPS)-enabled handsets are positive (Figure 1). Realtime location information will be built into the world around us.

The ability to track — and reveal — people’s location through location-based services is a two-edged sword, however. Social networking services such as Loopt can transform your mobile phone into a “social compass”, alerting you when your friends are nearby. This is a great service if the people alerted are really your friends. But if your list of friends is compromised, you could be in danger. For example, if real-time location data fall into the wrong hands, such access can allow sexual predators to target victims in specific locations at specific times.

   image

Chatting to friends or broadcasting to the world?

Perceptions of social networking as conversations with friends and benign contacts (whether known or unknown) are misleading. Michael McQueen, social researcher and author of The ’New’ Rules of Engagement, observes that information posted on Facebook now has global reach and suggests that posting material to Facebook is best compared with “broadcasting on the nightly news”. McQueen highlights the issue of a third-party firm retaining permanent ownership of content that users have shared online, so users can no longer control their personal information or how they are represented.

Facebook’s founder, Mark Zuckerberg, triggered controversy and a lively online debate when he suggested in January 2010 that privacy is “no longer a social norm” and that people are now more willing to share information about themselves and their views online. Indeed, Facebook holds data relating to roughly a quarter of the global online population, giving it tremendous influence.

Google also stirred up debate with the launch of its social networking service, Google Buzz, in February 2010, which seeks to pull in recommended content from friends and contacts through features such as inbox integration.

Reading the small print

Social networking sites usually (but not always) provide details of their policies on the ownership, distribution, use, privacy, deletion and alteration of data in their “terms of use”, “terms of service” or “terms and conditions” agreements published on their websites. Many sites avoid the sensitive question of ownership rights. A few explicitly state that ownership rights over the content remain with users. A few others “do not claim” ownership rights over user-generated content, although it is unclear whether this amounts to an explicit renouncement of rights.

In fact, ownership may be a largely academic question, as most sites specify that they retain full modification and distribution rights to content published over their service.

“Liberating” data

Marketing firms should receive no information about a user, other than an unintelligible string of letters and numbers that cannot be traced back to an individual. In May 2010, however, the Wall Street Journal reported that some social networks may have been sending information which could potentially be used by advertisers to identify users without users’ consent, often even in breach of their own stated privacy policies, as well as industry standards.

With social networking sites, addresses typically include user names that could direct advertisers back to users’ profile pages, which are full of personal information. In some cases, user names are in fact people’s real names. According to the Wall Street Journal, large advertising firms have received information including usernames or ID numbers that could be traced back to profiles of individual users.

In an era where “all your memories belong to the web”, it may prove impossible to retract or eliminate data “liberated” onto the public Internet, and spread over a multitude of web archives, caches and pages copied elsewhere. This suggests that users’ ownership rights may be largely unenforceable.

User behaviour

According to “Reputation Management and Social Media: How people monitor their identity and search for others online”, a Pew Research Center report released at the end of May 2010, some Internet users “embrace an open approach to sharing information about themselves and do not take steps to restrict what they share”. But, says Mary Madden, lead author of the report, “Many users are learning and refining their approach as they go — changing privacy settings on profiles, customizing who can see certain updates and deleting unwanted information about them that appears online”.

Striking a balance

The rise of social networks offers new ways of interacting with other users online, but it also presents fresh challenges in protecting users’ privacy and safeguarding personal information. The article published in our July–August 2010 issue and this article have highlighted what social networks are, how some of them are being used, and how they are evolving — not only in terms of growth and the business models they have adopted, but also in regard to their very nature.

Policy-makers and regulatory institutions (including data protection agencies, broadcasting and/or telecommunication regulatory agencies) will need to consider the implications for privacy and data protection, in order to address the risks and contain the downside dangers of the rapid growth of social networks, while preserving and maximizing the benefits and utility of these services. It will be vital for regulators to work with different industries to ensure that data protection and privacy laws are understood, observed and enforced in ways that are acceptable to all concerned.

There are delicate trade-offs to be made between on one hand enjoying the richness and utility of social networking services, and on the other hand protecting consumers and individuals from the dissemination of personal data. It may prove most effective to negotiate and design these trade-offs through consensus, rather than relying on informal industry practices or the goodwill of individual firms to protect consumers.

 

  Previous Printable version Top email to a friend Next © Copyright ITU News 2014
Disclaimer - Privacy policy