The future of social networks and privacy
October 28, 2009 Shelley Russell COM530: Theory and Audience Analysis ABSTRACT This research paper focuses on the future of social networks and privacy by addressing current issues with privacy policy statements of networks such as Facebook and Twitter, as well as specific ways in which data can be obtained. Cookies, third‐party Web sites and external applications available on many social networking Web sites are discussed as ways that personal information is collected and used—many times without full consent or knowledge of the user. Social networking concerns related to employer‐employee relationships are addressed, as well as differing opinions about the possibility of complete anonymity online. Following an in‐depth look at the history of social networks and privacy, as well as information about new studies and findings related to the topic, the paper looks at the future by addressing future‐centered studies from media professionals and personal interviews from four experts in fields related to social networking and privacy: Logan Green, George Mahoney, Mihir Kshirsagar and Marc Rotenberg. Ideas of ubiquitous social networking and integration of personal data via the Semantic Web are emerging futurist themes, as well as the need for the United States to work to strengthen and revise existing privacy laws to include concerns relating to the availability of information via social media avenues.
2
Part 1: Literature Review Social Networking Sites – A Brief History Social networks have been in existence for more than 10 years, allowing users to easily connect with friends, or others sharing similar interests in particular subjects— including dating, music and shared cultural backgrounds. The first social network, SixDegrees, was launched in 1997 and allowed users to create profiles and friend lists. One year later, members of SixDegrees were able to search for friends online and form additional connections. While this was a simple, basic idea, the value of this Web site came from the fact that it was the first to combine features from multiple platforms (Boyd & Ellison, 2007). Buddy lists were accessible on AOL’s Instant Messenger, and one could easily affiliate with a school or community on Web sites such as Classmates.com. Internet users could also create profiles in the past via community Web sites (Boyd & Ellison, 2007). Millions of users joined SixDegrees, but the site folded in 2000 due to waning interest from users and limitations of the site’s infrastructure. SixDegrees marked the first social network release and was a bellwether for hundreds of social networking sites that would spring up in the coming years. Between 1999 and 2004, nearly 50 popular social networking sites had been launched—including LiveJournal, Friendster, and MySpace. In 2004, Mark Zuckerberg Figure 1 created Facebook when he was a student at Harvard University. The site was only available to Harvard students but gained more than 1,000 members overnight (Cassidy, 2006). Figure 1 shows the launch dates of major social networking sites in the years before and after the creation of Facebook. Zuckerberg quickly realized that the site could be successful at other universities and added 40 additional schools to the social network. Students Source: Boyd & Ellison, 2007 were able to view profiles from everyone affiliated with their university, and they could connect with students at other universities only by permission from each student. Although MySpace had been launched in 2003, there was no restriction as to who could sign up. Young children could disguise themselves as adults, or vice versa, because any valid e-mail address would suffice. Facebook emerged as the most popular social networking site—despite numerous others that were in existence prior to, and after its time. Facebook’s popularity came from the intimacy of the site; only college students could interact with one another, and they were given the option of either restricting their
3
personal network to contain only members of their university, or extending their network to connect with others across the country. In 2005, Facebook was the second-fastestgrowing major Web site on the Internet (Cassidy, 2006). In 2006, Zuckerberg, along with roommates Dustin Moskovitz and Andrew McCollum finished working on the new Facebook platform—one that would include hundreds of universities, professionals and anyone with a valid e-mail address. 7.5 million users had profiles on the site by summer of the same year (Cassidy, 2006). As of October 2009, more than 300 million active users are a part of the Facebook community (Facebook Press Room, 2009). Hundreds of popular social networking sites are now in existence—many of them interest-specific, such as art, food, music or dating, and other networks focused on establishing connections with friends across the globe. Facebook remains the most popular. In a 2006 interview for “The New Yorker” magazine, Zuckerberg discussed his opinions about the qualities that contribute to the popularity of Facebook—namely usercontrol: “If your site is open, and you let everyone read everything, then the [content] they put up is going to be less personal. The stuff that people want to share with just their friends is the most important: Photo albums that you only want your friends to see, contact information, that kind of thing… giving people control over who sees what helps to increase over-all information flow” (Cassidy, 2006). The success of a social network may not come from it’s overall size, but more from its capabilities to let users decide how to organize themselves and who they will share and exchange information with. Although Facebook opened its services to include any user with a valid e-mail address in 2006, its privacy policy maintained and expanded upon the same user-control standards that were set in place from the beginning. Privacy and Social Networks While social networks have become popular among teenagers, young adults and professionals, concerns about privacy online have become more prevalent as membership on these networks increases. Users are pushing for more strictly-defined privacy policies so that they can understand who is seeing their personal information, and how it is being used. According to a 2009 study from the Pew Internet & American Life Project, 87 percent of American teenagers are online and 55 percent of them have created a social networking profile (Jones & Fox, 2009). As of 2007, 90 percent of all undergraduates at schools where the site was available were registered on Facebook (Van der Werf, 2007). In a recent poll, about 30 percent of students reported accepting friend requests from people who they had never met (Van der Werf, 2007). Privacy has become an increasingly important issue as more users become members of social networking sites— placing personal information on profiles and sharing it with friends. Privacy expectations on social networks are getting stronger as more members begin to realize possible risks they face by placing their personal information online. Social networking sites Twitter and Facebook have recently tweaked their privacy policies to include new information about how information will be used and which personal information may be collected. Twitter recently updated its terms of service to include new information about privacy and Tweets. According to the privacy policy on the site, Twitter collects each user’s “IP address, full user name, password, email address, city, time zone, telephone number, and other information that [they] decide to provide…or include in [their] public profile” (Twitter Privacy Policy, 2009). A user’s IP address will not be directly linked
4
with their personally identifiable information. Following the change in the site’s privacy policy, Twitter co-founder Biz Stone elaborated about the changes in his blog: “Twitter is allowed to ‘use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute’ your tweets because that's what we do. However, they are your tweets and they belong to you” (Biz Stone, 2009). This post was met with much opposition from the online community, who questioned the truth of this statement. While many users frequently Tweet, they had not thought about the ways in which Twitter is using their contributions. Biz Stone’s blog post added a sense of reality to the ways in which information is used by social networks on a regular basis. Twitter has also had other privacy issues arise with third-party applications such as GroupTweet. Due to confusing registration procedures, one user reported that her private Twitter messages were being displayed on her live feed. The user, Orli Yakuel, had 650 followers at the time, all who had quick access to her private messages that could not be deleted from Yakuel’s main profile page. Yakuel was forced to delete her account in an attempt to conceal her private messages (Arrington, 2008). Other users reported having similar problems, but only one instance was officially confirmed. GroupTweet stopped all new registrations until the problem could be resolved. While the issue was eventually fixed, personal information was being displayed on the Web, causing some users to lose trust in the social network. Social networking sites must work to build trust with their users. Building welldocumented and detailed privacy policies, as well as communication with network members, is an important step that leads to a better-informed online community. In response to Twitter’s issue concerning the ownership of Tweets, one blogger wrote: “The bigger problem is the blanket claims these social networking sites are making on users’ content. I appreciate that Twitter’s terms of service are brief and readable, but I’d rather the site spell out exactly how and where it intends to use people’s tweets, so we’re all on the same page” (Newman, 2009). Facebook’s terms of service and privacy policy received similar complaints from users who were concerned about how Facebook would use information that was posted to individual users’ profiles. The questionable terms of service update occurred in February 2009. Past terms of service negated any rights that Facebook had claimed to a users’ personal information once the account had been terminated. Noticeably absent from the new terms were the following lines: “You may remove your user content from the site at any time. If you choose to remove your user content, the license granted above will automatically expire, however you acknowledge that the company may retain archived copies of your user content” (Walters, 2009). Facebook users started blogs and signed petitions to persuade the company to re-evaluate the change. One post on “The Consumerist” blog by Chris Walters received 6,460 Diggs and many comments from passionate Facebook users. Following Facebook’s issue regarding their Terms of Service, the company worked to dispel negative rumors about the site. Zuckerberg posted an update on the Facebook blog, clarifying that: “We wouldn't share your information in a way you wouldn't want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work… Our philosophy that people own their information and control who they share it with has remained constant” (Zuckerberg, 2009).
5
Facebook recently worked with the Office of the Privacy Commissioner of Canada to improve their privacy policy. While the privacy commissioner was satisfied with Facebook’s extensive privacy settings that gave social network members multiple choices and control over who has access to their personal profiles, there was some dissatisfaction regarding the language and depth of the company’s privacy policy. In August of 2009, Facebook’s Press Room announced projected changes to their policies that would occur over a 12-month time period, setting a new standard for social networking sites. The privacy policy will be updated to inform users as to why the company collects date of birth and retains accounts of deceased users, as well as information regarding operation specifics of advertising programs on the site. Information will be available that explicitly documents the difference between account deactivation and deletion (Facebook Press Room, 2009). As per recommendations of the privacy commissioner, Facebook will also be working with third party applications to ensure that they obtain express consent from users before any information is exchanged. Ethan Beard, director of Platform Product Marketing at Facebook, expressed the satisfaction of the company with the upcoming changes: “We strongly believe that the changes to the permission model for third-party applications will give users more confidence in the Platform and will, thus, help ensure the long-term health and vitality of the ecosystem that has grown around Platform” (Facebook Press Room, 2009). In order to compete with MySpace, Facebook has made decisions that have contributed to an overall erosion of privacy on the Web site. The company’s photo tagging system allows anyone to post a photo and tag individual users. Any objectors can “un-tag” themselves, but the photo cannot be removed from the site. Facebook’s page rank has since surpassed MySpace, according to Alexa.com, which places Facebook in the number two top site position, second to Google (Alexa.com, 2009). MySpace ranks in eleventh place, with a 19.84 percent decrease in page views over the past three months (Alexa.com, 2009). In response to growing privacy concerns as Facebook expanded its membership base, the company added the option of limited profiles in 2006 that allowed users to restrict content available on one profile, and control the visibility of personal information for specific friends. Zuckerberg has stated that he looks to maintain choice and control on the Facebook platform, but he is also working to expand the capabilities of the site as more people learn to depend on the Internet as a means of communication and personal branding. During PC Forum in 2006, Zuckerberg stated: “I think that understanding that there might not be any difference between what people are doing online and offline is something really important. People are online because it is a more efficient way of doing things” (Cassidy, 2006). In a North American Technographics Benchmark Survey, American adults were asked about their participation in various online activities over a three-year period. E-mail fell at the top of the list, with social networking sites ranking seventh out of a list of 10. However; the jump in usage of social networking sites between 2008 and 2009 was one of the most significant one-year percentage increases on the chart. Social networking usage rose from 18 percent in 2008 to 30 percent in 2009 (Ostrow, 2009). Many social networking sites may take extensive measures to ensure the safety of others, while struggling about placement of these issues on the site. In order to avoid criticism from non-governmental organizations or concerned users, having privacy
6
information readily accessible from the home page is a logical step that many sites take. However, extensive and clearly-worded privacy policies and terms of service statements may deter users from joining the site—thereby diminishing the popularity of that network. Researchers Joseph Bonneau and Soren Preibusch refer to this dilemma as the privacy communication game (Bonneau & Preibusch, 2009). In a 2009 study, Bonneau and Preibusch evaluated privacy criteria for 45 social networking sites, developing the Privacy Communication Game model, in which the authors assert “a successful site will therefore play a game of minimizing the concerns of the fundamentalists while simultaneously minimizing the awareness of privacy for the non-fundamentalists” (Bonneau & Preibusch, 2009). In looking at privacy policies of each of the social networks, privacy was reportedly used as a selling point in 7 out of 29 general-purpose sites, with only four sites “explicitly mentioning” privacy in their promotion efforts (Bonneau & Preibusch, 2009). The researchers also reported a general trend of “over-collection of demographic data” for each of the sites, stating that gender was required for 20 sites and birth date information was required for 24 site registration forms. One social network, Yonja, required users to declare their sexual orientation upon completing registration (Bonneau & Preibusch, 2009). Understanding privacy settings and the importance of strong communication through social networking sites’ terms of service and privacy policies is one way that protection is possible on these sites. Another crucial step to understanding privacy issues on the Web and working toward a safer online environment is learning how information is obtained off of the sites, and which tools are most useful in preventing information retention by unidentifiable third parties, if prevention is an option. Obtaining Personal Information from Social Networking Profiles: New studies, privacy policies, issues and discussions among media professionals Personally identifiable information (PII) can be defined as “information [that] can be used to distinguish or trace an individual’s identity either alone or when combined with other information that is linkable to a specific individual” (Krishnamurthy & Willis, 2009). When users create profiles on social networking sites, some PII is required to begin registration, such as a valid e-mail address. Other examples of specific PII are outlined above in the discussion of Bonneau and Preibusch’s study. Once the information is entered into the site and available on a user’s profile, the data also becomes available to third-party servers. Uses of third-party servers are social network specific, meaning that each privacy policy addresses the issue differently. Third-party servers provide advertisements and content for social networking sites, such as Facebook’s use of applications that users can add to their profiles and share with friends. Third-party servers can serve as aggregators, tracking user movements and habits with the use of cookies (Krishnamurthy & Willis). Twitter and Facebook, as well as many other social networking sites, use cookies (or small data files transferred onto a user’s computer), to collect data about the site and ultimately improve service to users. Twitter’s privacy policy states that cookies are not used to collect PII, but the company does use both session and persistent cookies to expand their knowledge about user behavior on the site (Twitter Privacy Policy, 2009). Session cookies expire following log-out from the site, whereas persistent cookies remain on the user’s computer—although they can be deleted via adjusting Web browser
7
preferences. Facebook makes use of cookies much like Twitter does, although Facebook is farther along in its advertising plan and therefore has additional uses of cookies and thirdparty servers. Cookies are used by Facebook to collect information regarding one’s personal profile, relationships, groups, scheduled events and applications, among other features (Facebook Privacy Policy, 2009). This information is then used to enhance personalization features on the Web site. Facebook also uses third-party cookies to create user-specific advertisements based off of their interests collected from profiles. While Facebook does share certain information about users with third-party cookies, individual users are not specifically documented in relation to the shared data (Facebook Privacy Policy, 2009). Facebook’s rationale for giving out PII to third parties is that ads will be more effective if they matter to Figure 2: the user. Chris Kelly, Facebook’s chief privacy officer, gave an example of a user-specific ad: "If you say you are a U2 fan, you might find an ad for the new album in your profile” (Cassidy, 2006). Using unspecific, personal information about users to create ads and learn about overall audience trends are some of the relatively unobtrusive ways that social networks can share information. In a study about data protection in social networks, Krishnamurthy and Willis noted that use of third-party servers by popular social networking sites had increased from 40 percent in Source: (Krishnamurthy & Willis, 2009). Highlighted areas October 2005 to 70 percent in show a user’s social networking ID being given to a third‐ September 2008 (Krishnamurthy party server in (a). Section (b) shows a user’s ID being passed from Facebook’s “iLike” application to a third‐party & Willis, 2009). The authors of aggregator, Google Analytics. The third header shows PII this study sought to examine leakage via the “Kickmania!” application to an ad tracker. whether PII belonging to users was being leaked through social networks to any third-party servers—implying that third parties, who aren’t often identified in privacy policies, would then be able to place a specific individual with their viewing habits and any other information that had been obtained. According to Krishnamurthy and Willis, leakage of PII via social networks can occur through HTTP header information, as well as cookies that are sent to third-party servers that act as aggregators. Third-party external applications can also obtain and spread user information about individual users found in HTTP headers (see Figure 2). “Most users on online social networks are vulnerable to having their social network identity information linked with tracking cookies” (Krishnamurthy & Willis, 2009).
8
Tracking cookies have a long lifetime, and can therefore retain the identity of an individual, even if the information has only been leaked once. In addition, third-party servers and aggregators can piece together information to identify specific users. For example, 87 percent of Americans can be uniquely identified from a birth date, zip code and gender (Krishnamurthy & Willis). Although aggregators claim that they do not gather or retain PII, the information is still available to them, and they do not have to take additional measures to retrieve the data. Aside from the personal information that individual users voluntarily place online, there are some ways that details about their personal lives could be rapidly spreading around without their consent. Facebook’s photo and video tagging feature is one way that a member’s face could be spread around to users who are not on their ‘friends’ list. While a user can organize privacy settings so that only their friends are able to view tagged photos, an inappropriate picture of that user posted by another member will still be viewable by the friends of the user who posted the original picture—despite any untagging attempts. In a study about photographs on social networking sites and privacy, author David Findlay argues that this feature raises new issues regarding privacy expectations within the fourth amendment. “Contemporary standards for defining privacy should be crafted to reflect an increasingly integrated and interactive world where people often voluntarily engage in situations with fewer barriers protecting their privacy” (Findlay, 2008). The definition of privacy is changing as more people move photographs and personal information online. Findlay believes that both legal and social adjustments are necessary when it comes to privacy issues online. Photos are just one of the ways that a user can be unknowingly monitored without their consent. New laws have been set in place to address concerns about watchdog employers—or those who are using social networking sites to check up on employees and monitor them on a regular basis. The debate continues; should employees have a reasonable expectation of privacy on social networking sites? In California, laws have been set in place to protect employee privacy rights as related to social networking sites. Photo tagging, as well as information that can be indirectly linked to users on social networking sites has been the cause of many job rejections. A recent survey reported that 63 percent of employers visiting online social networking profiles have turned away job candidates due to information found on the sites (Davis, 2006). California’s privacy laws are included within the state constitution, and protect individuals from any exposure on social networking sites that occurred while the user was off-duty from their job (Genova, 2009). California is one of only four states that protect individuals who participate in any form of off-duty lawful behavior—including any images or information found on social networking sites (Genova, 2009). Aside from the argument that it is simply unfair to turn away employees based off of information on a social networking profile, Donald Carrington Davis argues that there are three basic problems with online employment decisions. The problems are as follows: 1. Information on the profiles could be inaccurate or irrelevant; 2. Employers are not held accountable for how they arrive at any employment decisions and could therefore be tempted to make these decisions by viewing online profiles; 3. An employer should not monitor an employee’s online social life, because it violates that individual’s reasonable expectation of privacy (Davis, 2006). The Fair Credit Reporting Act (FCRA), ensures that “an individual’s eligibility for employment is based on a consumer report free from
9
inaccurate or irrelevant information” (Davis, 2006). A growing online presence of employees has led to more personal information being readily accessible online. Davis argues that since the accuracy or relevance of this information cannot be confirmed, it should not be a factor in employment decisions. “Lawmakers and policymakers must begin to reconsider physical conceptions of privacy…in order to meet the demands of the members of this new tech-savvy generation that have proven much more apt to share and communicate in the World Wide Web than their ancestors” (Davis, 2006). Facebook has also been used as a law enforcement tool by universities looking to monitor the behavior of the student body, or find and punish students who have committed campus crimes. At DePauw University, a sculpture of a deer was vandalized. University administrators were able to track down the students responsible by using Facebook (Van der Werf, 2007). Many similar instances have occurred at other campuses and some university administrators are questioning whether or not they should use the social networks to check up on students in an attempt to prevent the release of any potentially offensive material by their students. At a 2007 conference about highereducation law, panelists warned against such monitoring practices. “Colleges on the lookout for lawbreaking or just crude and insensitive behavior could be setting themselves up for a new line of litigation” (Van der Werf, 2007). Users’ personal information can be monitored without their knowledge in several ways described above. Third-party servers and cookies can easily acquire PII and associate individuals with specific data. External applications available on Facebook, which currently has more than 55,000 applications available, can use personal data in ways that Facebook cannot monitor or control (Krishnamurthy & Willis, 2009). The same is true for external applications on other social networking sites. In addition, open social networking profiles can be subject to review and judgment by employers or university administration and could result in discrimination or punishment, without the user being aware that their personal information was ever viewed. Figure 3:
Source: (Facebook Data Team, 2009)
Gender differences in social network usage, network sizes and associated privacy implications Several studies have been completed that attempt to tie in gender differences with privacy concerns as related to social networking sites. A recent study surveyed 1261 users from five cities across the globe to identify opinions and behavioral trends as related to online privacy. Gender was identified as one of the factors that directly influenced online privacy concerns. Researchers reported that more than 70 percent of users were concerned about privacy online (Cho
et al., 2009). Females were reportedly more attuned to privacy concerns than males, who were much more trusting of
10
strangers in social settings and Web sites asking for personal information (Cho et al., 2009). A Facebook study about friend-retention and long-term communication between members of individuals’ social networks analyzed the differences between the ways that males and females build their social networks. The study reported that closest connections occur within smaller groups of friends (Facebook Data Team, 2009). Females, while reportedly more concerned about privacy issues online, tend to communicate more with their Facebook friends than males. The size of a Facebook network decreases as communication increases. Facebook allows users to passively access information about their friends. These “maintained relationships,” described in the study as those not requiring any form of communication, usually contain far more friends than “one-way communication” relationships (Facebook Data Team, 2009). Reciprocal relationships made up the smallest network size. Privacy concerns can be tied in with this study because results show a large number of maintained passive networks. Users with a large social network may only directly communicate with a few of their friends, while silently observing the profiles, pictures and status updates of friends who they no longer speak with. Users rarely update delete friends from their Facebook community, but it is possible that acquaintances that have become strangers over time could be viewing personal information and using it or spreading it to others without consent of the individual who the data belongs to. Feasibility of complete online anonymity In thinking about the future of social networks and privacy, it is evident that online communities are continuing to grow and develop, with more information being stored online. Facebook currently has more than 300 million active users, with 50 percent of those users spending time on the site each day (Facebook Press Room, 2009). Membership on other popular social networking sites is also increasing. Questions are being raised concerning the possibility of anonymity online. Researchers are wondering if it is possible to remain protected and unidentifiable with one’s online presence. In an article about personal protection in online social networks, Patricia Abril argues that users will never be able to completely control information online, or achieve full anonymity (Abril, 2007). “The digital medium [has] erased the possibility of anonymity and concealment from unintended audiences (Abril, 2007). Abril states that many individuals and online content creators view privacy as control, which, according to the author, is not a possibility on- or off-line. While anonymity may not be a possibility, protection of privacy and identity on social networking sites is important because this protection can preserve dignity, reputation, socialization and discourse (Abril, 2007). Aside from the fact that online privacy is defined differently among businesses and individual users, many individuals have misconceptions about what is acceptable online behavior and what behavior may result in the permanent leakage of personal information online. Study results from a survey conducted by the Pew Internet and American Life Project, revealed that the majority of social network users think that it is acceptable to share gossip and personal information online (Lenhart & Madden, 2007). Open sharing of personal information via Facebook or MySpace, or through live feeds on sites like Twitter, can result in third-party servers or external applications gaining access to information and potentially linking it to an individual user (Krishnamurthy & Willis,
11
2009). Marc Rotenberg, executive director of the Electronic Privacy Information Center (EPIC), provided feedback about the need for online privacy and protection from government surveillance in a 2007 article published in the Huffington Post. “My opponents argue that…with advances in new technology, we need to reduce our expectation of privacy and accept the boundless mass surveillance that has characterized this administration’s policies over the last several years. I reject this position” (Rotenberg, 2007). Rotenberg argues that the United States Constitution has historically protected citizens’ privacy prior to the 9/11 attacks, and has merely made several errors post-9/11. Rotenberg’s statements apply to online privacy as well, and raise questions about existing privacy law: “The choice that we are being asked to make is not simply whether to reduce our expectation of privacy, but whether to reduce the rule of law…If we agree to reduce our expectation of privacy, we will erode our Constitutional democracy” (Rotenberg, 2007). Users’ expectations of privacy have been outlined by the Federal Trade Commission (FTC), as well as specific tips to help enhance safety online. According to the FTC, parents should talk to children about what information should be kept private. Privacy settings should be set by parents on their children’s’ personal profiles in order to reduce the risk of PII leaking to other users online, and privacy policies of the social networking site should be read thoroughly before registration (FTC, 2009). With increased use of mobile devices to access the Internet, the FTC advises parents to restrict phone settings to potentially limit a child’s unsupervised social network usage (FTC, 2009). Emphasis is being placed on children and pre-teens use of online social networks because this age group has grown up with the presence of social networks from a very young age. Daniel Solove calls the digitally connected youth “Generation Google,” because many pieces of their personal lives will remain on the Internet forever and will likely be searchable on Google (Solove, 2008). Once information is placed online, it has the potential to remain on the Internet forever. Facebook has a deceased members policy in which the accounts are “memorialized.” In this process, Facebook will remove certain information and re-set privacy preferences so that the individual’s account will only be searchable by confirmed friends (Popken, 2009). While this information may not be searchable through Google, it is still permanently available on the Facebook database. While information may be permanent on the Internet, there are positives and negatives to the free and open Web that allows for an unprecedented exchange and sharing of information via social networking sites. Solove discusses the benefits of having freedom, but also outlines the threat to privacy that users face upon joining online communities. “Companies collect and use our personal information at every turn…The government also compromises privacy by assembling vast databases that can be searched for suspicious patterns of behavior” (Solove, 2008). Posting personal information on user profiles is merely another way for corporations and government entities to piece together more information about an individual. Due to the fact that once information is posted on the Web it has the potential to remain there indefinitely, users must consider implications of their online actions and information from the very beginning. “People want to have the option of …reinventing themselves throughout their lives…but with so much information online, it is harder to make these moments forgettable. People must now live with the digital baggage of their
12
pasts” (Solove, 2008). Aside from considering information that one decides to post online, privacy settings (outlined in the “Privacy and Social Networks” section) are also an important component to preventing the spread of personal information to unintended parties. While there has been heated debate about Facebook’s rights to users’ content, most claims about permanent storage and usage of personal information by the company can be negated by strengthening privacy settings for Facebook accounts (Walters, 2009). As outlined above, privacy as related to social networks is a growing issue that will likely remain on the forefront of communications discussion in the future. However, it is probable that these privacy discussions will shift focus as social networks begin to move in new directions.
Part 2: New Data and Futures Information As more people move online and build a presence through social networks and perhaps other social media tools, communications professionals are looking at future trends involving these aspects of the Internet. Trends in futures predictions about social networks include: Ubiquitous social networks, a single online identity for each individual and the possibility of life recorders becoming popular in the future. In terms of privacy issues, one of the biggest concerns that many experts in the field have spoken about involves the need for more rigid social media privacy laws—especially in the United States. With a growing online community, many privacy experts are looking to enact change through Congress in order to protect employees, youth and others involved in social networking from discrimination or invasion of privacy on the Web. At a Graphing Social Figure 4: Patterns West conference on the topic, “The Future of 4 components of 4 components of social Social Networks,” Charlene ubiquitous social networking Li, vice president of Forrester networks Research presented a speech • Pro\iles • Universal identities about the issue—synthesizing • Relationships • A single social graph her ongoing research • Activities • Social context for involving emerging trends in activities social networking. According • S ocial in\luence • Business models to Li, “social networks will be de\ining marketing like air” (Li, 2008). These value networks will be accessible to users from almost anywhere, allowing them to continuously build relationships and expand their profiles. Li calls these well-integrated online communities “ubiquitous social networks” (Li, 2008). Figure 4 documents Li’s 2004 research as compared to her 2008 research. The existing four categories of social networks (left column) are predicted to transform into new categories fitting into the context of ubiquitous social networks (right column). Li’s research indicates that these trends will emerge in as little as five years. Others have observed or declared similar predictions about the future. Participants at the 2009 World Wide Web Consortium Workshop on the Future of Social Networking, participants concluded that a decentralized, more distributed social network was a possibility for the future (W3C Final Report, 2009). This prediction is
13
similar to Li’s indication about universal identities. About half of the papers submitted to the W3C workshop addressed the topic of decentralizing social networks: “Forcing users to create accounts and record their data across many of these networks [is] counterproductive, and prevents the establishment of innovative services” (W3C Final Report, 2009). Many services promoting open platforms are already available. OpenId allows users to create an ID that will let them access sites that support the free tool, although Li argues that OpenId has only touched the surface of decentralized Web capabilities. “Each person already has an identity that can be tied back to e-mail addresses and mobile numbers. These are personal, tied typically to one person, and most importantly, under our control” (Li, 2008). According to Li, the future holds the possibility of there being a few large centers of a “federated identity,” which will likely involve the largest e-mail providers like Google, AOL and Microsoft (Li, 2008). Although OpenId provides a way to log on to multiple accounts with one password, it does not allow for users to pair multiple e-mail addresses or social network profiles. While it may take years for this open platform function to become available and ultimately widespread, the technologies needed to achieve a fully-decentralized social network are already available. Microformats such as Friend of a Friend (FOAF), Resource Description Framework in Attributes (RDFa) and XHTML Friends Network (XFN) are data formats that could produce an open platform, and OpenId, and OAuth are some of the interaction protocols available and able to accommodate this change (W3C Final Report, 2009). Many single sign-on efforts have been established, but these previous unification efforts such as Windows Live ID or more global efforts such as a national ID card, have been met with suspicion from concerned users. In most cases, adoption rates for these services have been low. EPIC reported: “Americans have rejected the idea of a national ID card” (EPIC, 2008). Citizens have been skeptical of committing themselves to one identity, or possessing a card or document that encompasses their identity. While Social Security Cards hold importance in the United States, they do not serve as identifiers on the global scale. Despite resistance from the establishment of a single global identifier offline, developments are underway for one such identity online. In a document compiling conversation about identity online, Kim Cameron synthesizes issues discussed in the blogosphere regarding Web presence. According to Cameron, the heart of the issue regarding a single online identity lies in the fact that “the Internet was built without a way to know who and what you are connecting to” (Cameron, 2005). Adding an identity layer to the Internet is a difficult process—one that has been attempted but never completely successful. According to Cameron, the problem lies less in the technological aspect of adding a standardized layer and more in the face that an agreement cannot be reached on the specifics of the identity layer. “Digital identity is related to context, and the Internet, while being a single technical framework, is experienced through a thousand kinds of content in at least as many different contexts—all of which flourish on top of that underlying framework” (Cameron, 2005). This complexity has made any possibility of an agreement on how the identity layer should function, a large undertaking that has yet to see much success. Various companies are not quick to relinquish control over their customers and do not want there to be much opportunity for crossover between Web sites. According to Li, a sacrifice of control by online businesses is essential for a single identity, or single sign-on open platform to be achieved. “[Yahoo, Microsoft, Google and AOL] will need to be willing to accept and
14
aggregate identities outside of their proprietary systems, for example, I could pair my Gmail address on my Yahoo account” (Li, 2008). Cameron proposes a “unifying identity metasystem” that would function universally without the need for a global consensus on the specifics of purpose and functionality (Cameron, 2005). Aside from the concept of a universal identity, researchers are also looking toward the possibility of more sophisticated communications services on the Web that could lead to an intuitive social graph that would be accessible across multiple platforms online. In five or 10 years, instant messaging, e-mail, mobile calls and text messages will have the capacity to retain information about individuals’ address books and frequent contacts. Li has placed the power in the hands of major e-mail providers—not only to serve as social identity brokers, but also to purpose a single social graph for each user. Social networks fit into the Figure 5: equation based off of their basic structuring, if nothing else. Facebook, MySpace and Twitter broadcast high membership rates, and all are in competition to achieve the “most complete social graph” (Li, 2008). Open platform policies will likely allow for users to bring their social graph into new social networks without having to re-send “friend” invitations. There will also be a potential Source: (Li, 2008) for users to eventually integrate already-existing external applications from older social networks into newer ones. Figure 5 displays an example of communications technologies and predictions about their future capabilities in terms of establishing a social graph. The idea of the Semantic Web as related to social networking is an additional trend that is emerging. This relates to the idea of open platforms and sharing of a single identity across a variety of Web sites and social networks. John Breslin and Stefan Decker argue that formalizing language around the Semantic Web will lead to more valuable, object-centered social networks that are based more on common interests than boosting one’s friend list. “By using agreed-upon Semantic Web formats to describe people, content objects and the connections that bind them together, social networking sites can interoperate by appealing to common semantics” (Breslin & Stefan, 2007). Breslin and Stefan also suggest that there is future research potential as related to social networks. Currently, any social network visualizations are built for the purpose of viewing the magnitude of one’s online community. Researchers are looking into the possibility of using social networks to track e-mail rank and filtering (Breslin & Stefan, 2007). In addition, as information overload and competition for user attention online becomes more crucial, content producers will likely look to social networks to examine the popularity of certain issues and the route that information travels on the Web. The
15
above ideas have been focused on the future of social networks, while assuming the fact that these networks will retain their current form as Web sites for online communities. However; the Metaverse Roadmap (MVR) includes components that would suggest otherwise. The MVR is an ongoing project that speculates about future developments regarding virtual and 3D worlds. Researchers have focused on the implications related to the potential for a major social space to emerge on the Web. “The Metaverse is the convergence of 1) Virtually-enhanced physical reality and 2) Physically persistent virtual space” (Smart et al., 2009). The project looks at augmented reality, virtual worlds (VR’s) and lifelogging as new social media trends. According to Alexa.com, Second Life, an online VR community the page ranks 3,667th (Alexa.com, 2009). However, with the MVR predictions, this page rank is likely to climb as VR avatars begin to move into the realm of social networks and users are able to access MySpace, Facebook and numerous other social networking profiles via Second Life and additional VR worlds. Lifelogging, one of the predicted future trends of the MVR, is predicted to quickly rise in popularity, bringing a new meaning to the “always-on” trend of connected Internet users. Currently, social network users choose their friends and actively take, post and tag images on their profile. More intelligent communication devices will likely be able to build social graphs for individuals, and life recorders are emerging as a device that will be able to take photos and automatically identify and tag individuals. Microsoft developed a life-recording device called SenseCam. Computer science legend Gordon Bell has been wearing the camera for 10 years, taking photos of his life every few minutes (Baker & Hesseldahl, 2009). While the SenseCam is not advanced enough to tag or identify specific individuals, a device with such capabilities is not far off. In a recent article in TechCrunch, it was reported that that a lifelogging device could potentially be on the market in 2010, although the biggest challenge lies in the storage, transcription and protection of data online (Arrington, 2009). Success of lifeloggers could mean that the lives of individuals would be entirely documented and searchable on the Web. As social networks become more seamlessly integrated into the lives of users and become available via multiple online platforms including the potential for VR worlds and life recorders, privacy issues are a large concern for the future. The biggest strides in jurisdiction relating to social networks have been in Canada, and in the European Union. “Canada and most European countries have more stringent privacy statues than the United States, which has resisted enacting all-encompassing legislation. Privacy laws elsewhere recognize that revealing information to others does not extinguish one’s right to privacy” (Solove, 2008). As mentioned previously, Facebook recently decided to improve and adjust their privacy policy after recommendations from the Canadian Privacy Commissioner. Canada has taken many measures in order to extend privacy regulations to encompass personal information online—including information available on social networking sites. Whereas pre-Internet, traditional methods of data gathering were slower and costly, technological limitations sustained “practical obscurity” to individuals for generations (Shields, 2000). The Internet has done away with practical obscurity—allowing for most information to be accessible by multiple people, dispersed widely and retained indefinitely. Canada’s privacy laws prevent companies from retaining personal information indefinitely—including situations where accounts had been deactivated or deleted (BBC News, 2009).
16
The European Union (EU) has also made adjustments to previously-existing privacy laws to include social media and personal data online. New laws are being set in place stemming from the European Union Directive on Data Protection of 1995. The Directive prohibits “collection of personal information without consumers’ permission, forbids employers to read workers’ private e-mail, and doesn’t allow companies to share personal information on users without their permission” (Schroeder, 2009). An EU panel was recently established to outline new guidelines for social networks, including allowing users to limit some data transfer to third party applications. Social networking sites must also adhere to the EU guidelines by making the default privacy settings at the highest protection level. The panel also addressed social networking sites’ use of personal information for behavioral targeting purposes, demanding that the sites limit the use of discriminatory or sensitive information such as race or religion in its advertising practices (Schroeder, 2009). While international countries have taken initiative to include social network data and online personal information in their privacy laws, the United States has not extended its privacy laws in the same capacity, although they could be close to enacting change. On October 1, 2009, it was reported that talks were underway in Congress regarding a new privacy bill that would affect the online advertising industry. In a recent article, Rep. Rick Boucher announced that a bill carrying bipartisan support could be established as early as November 2009. The bill has the potential to change the face of privacy online because it would require every Web site to communicate with users about every piece of information collected, and how that information is used (Kaye, 2009). Control will be placed in the hands of the user, who will be able to allow or deny Web sites the access to their personal information. Under the new bill, users’ personal information will not be able to be disclosed to “un-related third parties” without users opting in to this process (Kaye, 2009). If this bill is introduced, it would be a large achievement for the United States, placing the country on more of a level playing field with Canada and many countries in Europe that have already taken action. The Electronic Frontier Foundation, along with various consumer and privacy groups, recently approached Congress to ask for privacy protection from online tracking and behavioral tracking for marketing purposes. “Self-regulation by advertisers is not enough—legislation is needed to protect consumers” (Jeschke, 2009). The coalition recommended that laws be set in place to limit information collected for behavioral tracking, as well as making it a requirement for consumers to opt-in to data collection by Web sites or ad networks (Jeschke, 2009). According to EPIC’s Executive Director Marc Rotenberg, original privacy guidelines set forth by the Organization for Economic Cooperation and Development (OECD) are based on the fact that “individuals should have the right to limit the use of the personal information they disclose to others, and businesses should have a duty to safeguard the data they collect” (Rotenberg, 2007). Current issues have arisen because social networking companies are not complying with the standards, and Congress is not moving to establish laws to encompass the issues at hand. EPIC recently filed a complaint involving Google’s proposals on Internet privacy, working to ban Google’s planned merger with Doubleclick, the Internet’s largest advertising company. Following the complaint, Google called for new global privacy standards. Rotenberg disapproved of Google’s seemingly shallow and late proposed
17
standards: “This is an interesting proposal, since countries from America, Europe and Asia announced global privacy standards more than 25 years ago” (Rotenberg, 2007). EPIC had originally been opposed to the acquisition of the two leading Internet companies because of the historic lack of online privacy protection measures taken by both entities, and the fact that combining the companies would “pose a unique and substantial threat to the privacy interests of Internet users around the globe” (Rotenberg, 2007). Privacy was also one of the main issues at the W3C Workshop on the Future of Social Networks. A consensus was made that “social networking technologies needed to preserve the possibility for a user to fragment its identity across various profiles, and, in an increasingly context-sensitive setting, to hide, blur or lie about the user’s current context, as a minimal option to protect privacy” (W3C Final Report, 2009). Aside from technical aspects involving the establishment of privacy standards across various social network platforms, issues were also raised about the difficulty in increasing userawareness regarding the importance of privacy standards. One of the suggestions at the workshop involved the idea of developing a code of ethics or privacy best practices for social network operators, but this would likely be impossible given differences in global legislations. While legislation concerning online privacy is currently dispersed and underdeveloped in some circumstances, privacy issues associated with the future of social networks may have the potential to change the face of Internet law—transforming it from a segmented, inconsistent set of regulations to a centralized, globally-accepted working document that would ensure a widespread adoption of privacy standards. There is currently a working document available as a blog post entitled “A Bill of Rights for Users of the Social Web” (Smarr et al., 2007). The authors propose the idea of an open social Web, asserting that every Web user should be entitled to the rights of ownership of their own personal information, control over how their personal information is shared and freedom to allow certain external Web sites access to their information (Smarr et al., 2007). The document encourages readers to sign the post and propose any changes or additions to the wording. In terms of an all-encompassing bill of rights for the Web, there is no indication of how far off any materialization of such a document would be, or if a global consensus could ever be achieved. However many researchers have come to a consensus that there are too many loopholes in existing privacy laws for no change to be enacted. In a report about privacy and social networks, John S. Wilson focuses on the ways that social networks are changing the face of traditional law. With the advent of e-mail and widely-shared personal profiles via social networking sites, Wilson asserts that “America has lost control of its electronic data” (Wilson, 2007). In 2007, the Advisory Committee on Civil Rules came to a consensus that the traditional Rules of Civil Procedure were not sufficient in that they were not detailed enough to include issues of information discovery via new technologies (i.e. social networking and other publicly available data online). While the Rules were evaluated and updated, Wilson argues that the changes were not momentous enough: “Although the new Rules represent a good effort to regulate e-discovery, their language is still general enough that many remaining questions of interpretation and application will be resolved only through litigation” (Wilson, 2007). The Supreme Court has also stated that privacy law has not kept up with technological advances. More than a century ago, Justice Brandeis said that “the progress
18
of science, especially in the area of communication technology, requires that the focus shift from the letter to the spirit of the law to protect the individual from privacy invasions” (Wilson, 2007). This statement is still true today—perhaps now more than ever. Technology is advancing rapidly, allowing for more information to be stored online and accessed rapidly via the advent of sophisticated search engines, large social networks and hyperconnected individuals.
Part 3: Interviews Four experts were interviewed about the future of social networks and privacy. Two of the individuals worked at companies more closely related to social networking, while the other two work with privacy law. Interviewees: Logan Green – CEO and co-creator of Zimride, a social network focused on organizing carpools across the country. Zimride is also a Facebook verified application. George Mahoney – Vice president of Media General, a communications company that works across many media platforms including social networking to provide news and information to users. Media General operates 18 network-affiliated television stations along with the papers’ Web sites, as well as 21 daily newspapers and Web sites. The staff frequently uses social networks to interact with consumers and spread information on the Internet. Mihir Kshirsagar – former fellow at EPIC who has done significant amounts of research involving privacy and government surveillance programs that were developed just after 9/11. Kshirsagar is currently a lawyer at a firm in New York. Marc Rotenberg – Executive director at EPIC who can be considered a privacy advocate. Rotenberg teaches information privacy law at Georgetown University Law Center and has testified before the Congress on many issues including access to information, consumer protection, and computer security and information privacy. The following responses were transcribed from interviews with the above individuals. 1. How do you foresee ubiquitous computing and the idea of ubiquitous social networks playing a role in privacy issues in the future? Green – Ubiquitous social networking is still to be seen. There are some big players and it is still being worked out. Whatever it is, Facebook will probably win. People are fighting for who controls that identity, but their fight requires them to be open and interoperate in a major way to make that possible. In the future we are going to see a high level of interoperability, but Facebook will hold the largest and most true-to-life representation of your real life online. I don’t think anyone else has come close to touching that. A few companies are trying to own the identity: MySpace Connect, Google Friend Connect and Facebook Connect. All of these flopped except Facebook. All of these services allow you to maintain one login credential… but Facebook does the most to let you bring all of your connections and Facebook features into that other application.
19
It’s there and working, but it is far from totally ubiquitous and I think there is a huge amount of value and a lot of people are going to compete and try to be the broker of your online identity. Mahoney – The idea about having a broker for social identity sort of runs counter to people saying: I have a specific audience that I use. But I know what my demographics look like so I can find a way to monetize the information that I have about my database of users. So I think that is the kind of commercial use that is going to keep people from trying to blend and throw all their stuff in one pot. They way I see it, someone has to make money off of these things. Kshirsagar – I would take a step back and look at it from two perspectives. 1) Collection of information. People are collecting information, processing information and then making decisions on the basis of that information. And right now, the main area of emphasis is on the collection. A lot of people are concerned about cookies, or about various ways which information is collected. 2) The processing part of it. Once you collect this information, what do you do with it? How do you make decisions based on the information you collected? And what mechanisms do you use to come up with algorithms, for example. Say you are on a social networking web site as a teenager and you are uncertain about your sexuality and you go to a number of different Web sites trying to figure that out. Well somebody now has a trail and awareness about your very personal question. They will use that information to sell you products and to try and understand you. Today we are still in the collection mode. People are still trying to understand what are they ways that information is collected. In the future it is going to be about how that information is processed and what decisions are being made based on how it is processed. 2. Where do you see social networks moving in the future? Green – I think trusted identities are going to be incredibly important. Facebook is beating MySpace. It’s no contest. MySpace is dying fast and is nothing more then a music site at this point. I think that it goes two ways: You have to give up more anonymity to gain the trust of others. People are much less interested in engaging in anonymous communities. There is a clear preference for sharing very real information to prove one’s identity and interact as real-life selves online. This communication is a lot more meaningful then having avatars and fake profiles and anonymous interactions online. That is kind of the old Internet. The new one is: “This is me.” There is a major trend away from the old sign up process where you create a username and password and the username says nothing about you. Now there is e-mail instead. There is a lot more accountability that goes along with that and a lot more transparency into your own life, and that is almost expected of other people—that you are going to be that transparent about who you are. Mahoney – We do communicate with social networking sites. I wouldn’t say privacy policies have become more prevalent, but there is a general discussion at the legislative level on Capitol Hill where people are talking about this more. I see a lot of people in
20
Washington now have too much time on their hands so they try to figure out how to legislate issues regarding privacy. Google is pushing back really hard, but I haven’t gotten more complaints—it just isn’t a big deal. People don’t have problems with the kinds of things we are doing because nothing is a surprise to people. The only service we have where we use people-specific information is a net-Informer concept that we can rebrand for all sorts of people—and that is an opt-in. Kshirsagar – The social networking area is particularly interesting because what it involves is people voluntarily giving up information. You hope you are giving it up to your friends, but people are pretty free and loose with the information on such Web sites, and they talk a lot about personal decisions and personal issues. The big question is, who has access to that information and how can they use that information? In the real world, information is collected for one use for one purpose, such as to complete a transaction. But on the Internet it is used in many other contexts, many that you don’t know. There will be ads over time that will predict that you are a college student, for instance, and maybe there will be ads based off of this information regarding certain credit card companies or loan options. Rotenberg – Already in the United States there are serious problems about identity theft and security breaches, but these are kind of isolated. What we are going to see with social networking sites as more personal information is consolidated is that who you are will be stored online. This is going to have enormous implications when other people get access to those profiles if it is misused. We will see some new laws, new types of crime. It is going to get very interesting. 3. Do Web applications need all of the personal information that they obtain? Kshirsagar – My understanding is that external applications take anything they can get. The third-party ones do this by definition, but they just have no reason to have your information. Cookies are also used by and large—you go to the New York Times and sign in and you get a cookie. But did you need to sign in? There is a very limited use for these cookies, which is fine, but third party cookies are just getting the information because they are marketing you. It is very difficult to regulate this information and some of these can’t be deleted – your trail is still with the company that collected the information. Rotenberg – I think there is a huge problem with third parties because practically speaking they don’t need all of the information that they obtain. If I want to go to movies in a neighborhood, [the application] just needs my zip code, not everything else. Collecting the additional information has created a bit of a security risk. Who is going to have access to that information and how is it going to be used? 4. How do you use personal data from users of your Web site? Mahoney – Increasingly, we will use behavioral targeting to connect advertisers to people who come to Richmond.com. We won’t use specific identifying features, but will
21
look at their interests. It’s more about where they are going, not who they are. We do not give them the information about our users and they won’t ever send anyone e-mails. We have an opt-in service for e-mails, but on the pure Internet side of things, behavioral targeting is woven into our privacy policy. 5. How can individuals best protect themselves through the use of privacy settings online? Green – Zimride started off as just a Facebook application, but when we started developing the business last year, the schools we were selling to all wanted their staff and faculty to use the service and you had 95 percent of students on Facebook but staff and faculty percentages were much lower. We have re-created some of the most basic social networking functionalities outside of Facebook. Zimride’s privacy settings are specific within each school system. People at Asheville [University] can choose to post their rides and make them available only to other people in their system, or they can choose to make those rides public to the whole Zimride community. Anyone can use the site, but if users are just on the public service, they do not have the option of restricting their posting and can only see other public posts. Rotenberg – Some privacy settings can be useful. People are of course making a lot of decisions about what their privacy settings are. A few tricks: Are the privacy settings being changed by the company? If you opt out of something, do they opt you back in? If you are told one reason to do something and there is another reason that you weren’t told about, that is another problem. Privacy settings are helpful but not the be all and end all. You may have privacy settings that may have nothing to do with the information application that developers have access to. Facebook said that it is going to try to allow people to create some privacy settings for third-party developers, but even that is really not enough. I think we need stronger, clearer, enforceable standards. I don’t think people should spend their lives clicking through digital fine print. 6. Do you believe that privacy is becoming obsolete? Or will there always be a need for privacy online? How do you foresee these privacy issues playing out in the future? Mahoney – Privacy is not dead at all. At the end of the day I think we will probably have some legislation in D.C. that will say that you have to go look at privacy policies. That is what we want. We don’t want people crossing lines and using that personal information about people. That will be a federal law. I don’t think that it really changes the conversation that is occurring in the real world. Kshirsagar – There is a split view when it comes to privacy issues online: 1) The highly technological approach—which suggests that everything be anonymized in the future. You browse through an anonymous browser; you take self-help mechanisms to try to limit the trail of information. 2) The other way is to say “its not the job of the consumer to limit the trail, its really the task of the companies, and what we need is to regulate the companies—requiring that the companies disclose their actions, allow you to decide
22
whether information should be deleted or stored, and explain what they hope to do with that information. Rotenberg – It is not that privacy is dead; it is that people are getting a lot less and companies are getting a lot more. People have been talking about death of privacy for a very long time. The book “The Death of Privacy” was written in 1964. I think that increasingly privacy is becoming more and more of an important issue because we become so dependent on personal data. For example, there was a protest by Facebook users over the change in terms of service. A lot of people got very upset about it. People didn’t like the thought that they were losing control over information they were posting on pages, or that they couldn’t delete accounts, or that Facebook may take their picture. It is all about control over your data. Privacy isn’t so much about secrecy. It is really about the idea that you can control information when it is held by others. When people sense that the data they have given away for one purpose is now being used for another purpose. That is a privacy concern. Conclusion: It seems probable that social networks will continue to move towards a state of augmentation—integrating themselves into the Semantic Web and allowing for users to cross between multiple open platforms. As online communication technologies become more advanced, users’ social graphs will likely build themselves. The Metaverse Roadmap creators have speculated about the potential for social networks to become fully-integrated with 3D, VR worlds in the next 20 years. For most of these potential future scenarios, the technology already exists. The challenge lies more in the cooperation of corporations and online businesses that may have to relinquish some of their power and control to allow for a more complete and flexible open Web platform. However, privacy issues must advance as well. The United States, although currently working to enact new privacy laws, has fallen behind the advances of Canada and the European Union in terms of its lack of action to significantly extend existing privacy legislation to protect users’ personal data online. This is imperative as technology moves forward and more data becomes available to third parties and external applications on social networks.
Shelley Russell October 28, 2009
Annotated Bibliography (2009).Workshop report. Proceedings of the W3C workshop on the future of social networking, http://www.w3.org/2008/09/msnws/report.pdf This final report from a recent W3C workshop outlines issues about online social networks (OSNs) as defined by stakeholders and the content from 72 papers submitted to the workshop regarding the future of social networks. Five topics are discussed in the report: The possibility of a decentralized social network, issues associated with contextual information available on OSNs, privacy issues as related to social networks and the current difficulty with accessing these sites via mobile devices. Making OSNs available to those with disabilities is also a topic of discussion in the final report. The most prominent topic from the report involves the idea of decentralizing social networks—a topic that was the focus of half of the papers submitted to the workshop. The report documents the presentation of social data aggregation services, as well as a discussion about already-existing decentralized social networking systems. (2009, August 27). Facebook announces privacy improvements in response to recommendations by Canadian privacy commissioner. Retrieved from http://www.facebook.com/press/releases.php?p=118816 This press release from Facebook’s Press Room documents the recent decision of the OSN to update its privacy policy. The changes are occurring as a result of Facebook’s work with the Office of the Privacy Commissioner of Canada. After more than a year reviewing the site’s privacy policies and user-controlled settings, Facebook has decided to make its policy more descriptive so that users will understand why and how their personal information is being collected. The press release mentions that Facebook will work to encourage users to change their privacy settings, as well as increase user-control over these decisions. The document also discusses the other aspect of Facebook’s adjustments, which involves working with third-party applications to specify which types of information they are accessing, and requiring that these applications obtain express consent from users before doing so. Abril, P.S. (2007). A (My)Space of one's own: On privacy and online social networks. Northwestern Journal of Technology and Intellectual Property, 6(1), 73-88. Abril focuses on the relationship between privacy and OSNs and negates the idea that complete anonymity and control are possible online. The article first discusses OSNs from a user standpoint, presenting statistics and looking at the
ways that users present content on social networks. The next section looks at the debate about digital privacy, posing the question about whether or not it is reasonable for Web users to expect complete privacy online. Abril outlines the current interpretation of privacy by digital immigrants, as having total control over any content that is posted online. This is then compared with the digital natives’ conception of privacy, in which they expect full anonymity. Abril then presents four arguments for the protection of privacy and identity online: Identity, dignity, intimacy and socialization, and discourse. The article closes with a discussion about user expectation and the need to spread awareness about the reality of the spread of digital information and the importance of privacy controls. Alexa.com (2009). Alexa top 500 global sites. Retrieved from http://www.alexa.com/topsites Alexa.com is a resource that provides information about page rank and demographics for Web pages. On this site, the top 500 global sites are listed in terms of their ranking. Each site can be searched individually from the site’s home page. Information is provided about traffic rank, site reviews, click streams, demographics and key words associated with various Web pages. Arrington, M. (2008, April 23). Privacy disaster at Twitter: Direct messages exposed (update: GroupTweet is likely culprit). Retrieved from http://www.techcrunch.com/2008/04/23/privacy-disaster-at-twitter-directmessages-exposed/ This news story was found on TechCrunch.com, and it discusses issues with Twitter’s system that ultimately left some users’ private messages on their public news feeds for the entire Twitter community to view. As outlined in the story, the problem was related to a GroupTweet application that was causing the errors on live feeds when users registered. The story documents one user’s experience with the error and how Twitter handled the situation. Baker, S,, & Hesseldahl, A. (2009). This is your lifelog. Business Week, Retrieved from http://www.businessweek.com/magazine/content/09_37/b4146051036364.htm Baker and Hesseldahl discuss an ongoing project by Gordon Bell, a computer science legend. Wearing a custom-made life logger, Bell wears a camera, audio recorder and health monitors in order to record every moment of his life. The project has been in existence for 10 years. The article discusses Bell’s ideas about the future of information. Bell speculates that most information and records will be completely digital in the future. According to Bell, this will change the face of credibility because most information will be backed up with video, audio or photos documenting the event. Baker and Hesseldahl also discuss the book “Total Recall,” which Bell co-authored with Jim Gemmell.
BBC News (2009). Facebook 'breaches Canadian law'. Retrieved from http://news.bbc.co.uk/2/hi/8155367.st This article discusses the ways that Facebook is in violation of Canadian privacy law. The social network retains a users’ personal information indefinitely, but this is not acceptable according to the Canadian Privacy Commissioner, Jennifer Stoddart. BBC News reports about the issue in this article. Stoddart is interviewed for the article and a timeline is presented that includes information about the steps that Facebook will take to alleviate the situation. The law violation is significant given that 12 million Facebook users are Canadian (more than one in three of the country’s population). Biz Stone (2009, September 10). Twitter's new terms of service. Retrieved from http://blog.twitter.com/2009_09_01_archive.html This source is a blog post written by Biz Stone regarding changes to Twitter’s terms of service. The post reflects on the meaning behind the changes to the terms—namely the fact that Twitter users technically own their Tweets. the author clarifies issues regarding advertising, ownership, API’s and spam. Issues discussed in this blog post were widely discussed in the communications world. Users were concerned about their rights and control of data on Twitter. As quoted in the blog post from Twitter’s new terms, the company can “use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute" Tweets. Bonneau, J., & Preibusch S. (2009). The privacy jungle: On the market for data protection in social networks. In WEIS ’09: The Eighth Workshop on the Economics of Information Security, pages 1-45. Retrieved from http://preibusch.de/publications/Bonneau_Preibusch_Privacy_Jungle_2009-0526.pdf This report is made available through the Electronic Privacy Information Center’s resource section regarding social networks. Bonneau and Preibusch present an extensive study in which they became members of 45 OSNs and used 260 criteria to evaluate the social networks. The authors analyze how privacy is marketing in each of the OSNs in the study. Charts and statistics indicate how much personal data is collected from each site upon registration. The report then includes information about privacy controls, defaults, and user interface issues, which the authors deem an impediment to intelligent and safe privacy practices from Web users. The next section of the study documents positive and negative aspects of online privacy policies, emphasizing the importance of an honest, accessible and detailed policy. Bonneau and Preibusch then present a data analysis in which privacy is compared to functionality, Web site age, size and growth rate. The report closes with a proposal of a new model: The Privacy Communication Game, which suggests that successful sites must play a game of satisfying privacy
fundamentalists (a minority), while minimizing privacy awareness for the nonfundamentalists. Cameron, K. (2005). The laws of identity. Microsoft Corporation, Retrieved from http://www.identityblog.com/stories/2005/05/13/TheLawsOfIdentity.pdf This document is compiled from conversation about privacy and the Internet on the Blogosphere, and on www.identityblog.com. According to Cameron, “the Internet was built without a way to know who and what you are connecting to. This limits what we can do with it and exposes us to growing dangers.” Cameron’s paper serves as a means to inform individuals about how they can continue to use the Web to cater to their own interests while maintaining privacy, safety and knowledge of who they are communicating with on the Internet. Cameron discusses the need for an identity layer on the Internet and outlines difficulties associated with adding this layer to the Internet. Seven Laws of Identity are presented, in which Cameron attempts to explain the pros and cons of identity systems on the Internet. Cassidy, J (2006, May 15). Me Media; How hanging out on the Internet became big business. The New Yorker, 82, Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=aph&AN=20853331&sit e=ehost-live This article provides an in-depth look at the creation of Facebook from the perspective of Mark Zuckerberg, the social networking site’s creator. Cassidy includes statistics about online social networking sites, comparing the growth and success of Facebook to other popular social networking sites such as MySpace. Following the discussion about the back-story of Facebook, the author goes on to discuss privacy settings and security issues associated with the site. Quotes from Zuckerberg and Facebook’s Chief Privacy Officer Chris Kelly are featured throughout this section as they discuss the site’s development and new additions, such as the decision to merge Facebook’s high-school and college networks, and how this changed privacy on the social network. The author goes on to mention the importance of a user-controlled, user-generated social network. The article ends with a brief discussion about online advertisements and Facebook’s unobtrusive and user-appropriate banners. Cho, H., Rivera-Sanchez, M., & Lim, S.S. (2009). A multinational study on online privacy: Global concerns and local responses. New Media & Society, 11(3), Retrieved from http://nms.sagepub.com/cgi/reprint/11/3/395.pdf Five cities were selected for the study: Bangalore, Seoul, Singapore, Sydney and New York. 1261 Internet users were surveyed about privacy and online behavior. The study provides a look at the way that individual factors (such as demographics and experience), and macro-level factors (such as nationality)
influence views about online privacy. The study includes a literature review that outlines differences in the way that females and males perceive privacy issues, as well as the ways that more experienced users handle privacy over those with little experience. Cultural values were proven to influence individual users’ responses to privacy online. A detailed methodology and results are presented in the report, followed by a discussion, which concludes that more than 70 percent of those surveyed were concerned about privacy. The authors observed a multidimensional response to online privacy, in that many different factors play a unique role for individuals in determining their outlook on Internet security. Davis, D.C. (2006). MySpace isn't your space: Expanding the Fair Credit Reporting Act to ensure accountability and fairness in employer searches of online social networking services. The Kansas Journal of Law & Public Policy, 16. Retrieved from http://www.lexisnexis.com/us/lnacademic/results/docview/docview.do?risb=21_T 7382170125&treeMax=false&sort=&docNo=1&format=GNBFULL&startDocNo =0&treeWidth=0&nodeDisplayName=&cisb=&reloadPage=false This journal article addresses arising issues with employment decisions and social networking profiles. Davis gives attention to the fact that many employers are basing hiring decisions or job terminations off of prospective or current employees social network profiles, many of which are not an accurate representation of those individuals’ professional persona. The Fair Credit Reporting Act (FCRA), was originally set in place as a way for Congress to alleviate the problem of inaccurate credit reports in the 1970s. Davis argues that amending the FCRA could be a feasible solution to protecting job seekers and employees from job rejection based on irrelevant and inaccurate information. The article begins with a summary of basic issues with online social networking profiles and employment, followed by a discussion about employees’ expectation of privacy during off-duty hours. Davis closes with a description of the FCRA and suggests ways to amend the act to include protection in online social networking venues. EPIC (2008). National ID and the Real ID Act. EPIC.org, Retrieved from http://epic.org/privacy/id-cards/#hist This document on the Electronic Privacy Information Center’s Web site discusses the idea of National ID cards. While social security cards have successfully served their purpose as identification of American citizens, there is no global identification card in existence. According to EPIC’s report, Americans have rejected the of an international identification measure. The Web site provides detailed information about the history of the National ID and Real ID Act, as well as links to latest press releases involving these acts.
Facebook Data Team (2009, March 9). Maintained relationships on Facebook. Retrieved from http://www.facebook.com/note.php?note_id=55257228858&ref=mf This report involves a study done by Facebook’s data team in which male and female users were compared to see how each gender maintained relationships in their social network. Females were found to stay in touch with more of their friends than males. The study broke down statistics into maintained relationships, one-way communication and mutual communication. For both genders, the amount of friends falling into the mutual communication category was low compared to the large amounts of maintained Facebook friends that can be compared to mere acquaintances. The study also reported that while many Facebook members are concerned about the amount of “friends” they have on the site, the average amount of friends for an individual is 120. Facebook Press Room (2009). Press room. Retrieved from http://www.facebook.com/press/info.php?statistics This site serves as a resource for media professionals, researchers and interested members of the social network looking to find out specific facts about Facebook. The site provides numerous statistics, including their current membership numbers (more than 300 million users), applications (more than 2 billion photos uploaded to the site each month), and international growth (roughly 70 percent of Facebook users are outside of the United States). Additional information is also available regarding user engagement, mobile devices and the Facebook platform. The Federal Trade Commission, Consumer Protection. (2009). Social networking sites: A parent's guide Retrieved from http://www.ftc.gov/bcp/edu/pubs/consumer/tech/tec13.shtm This informational document provides recommendations to parents and OSN users from the FTC. The FTC encourages users to think about which information should be kept private, restrict access to personal information through privacy settings, and read Web sites’ privacy policies. The document also discusses the right for parents to delete the profiles of children if they are younger than 13. The second half of the document lists resources for parents to access regarding safety of children online and the importance of maintaining, and checking one’s privacy settings on a regular basis. Findlay, D. (2008). Tag! Now you're really "It." What photographs on social networking sites mean for the Fourth Amendment. North Carolina Journal of Law & Technology, 171. Retrieved from http://www.lexisnexis.com/us/lnacademic/results/docview/docview.do?risb=21_T 7379611859&treeMax=false&sort=&docNo=1&format=GNBFULL&startDocNo =0&treeWidth=0&nodeDisplayName=&cisb=&reloadPage=false
Findlay’s article looks at the new privacy implications in cyberspace, specifically related to OSNs. This report focuses on photographs on social networking sites, in terms of photo tagging and controlling who is seeing photos that are posted online. The first part of the document discusses the need for a contemporary definition of privacy. This is followed by several case studies that illustrate privacy issues relating to the Fourth Amendment, such as criminal cases where individuals are being arrested for content in photos on OSNs that they did not know existed. The article then looks at privacy implications associated with posting and tagging photos online. This is followed by a section about the Fourth Amendment, which protects citizens from unreasonable searches and seizures. Findlay concludes with a discussion about what should be considered a “reasonable expectation of privacy” online. With any user being allowed to post pictures online, and the online community continuing to grow and expand, privacy issues will continue to arise and become more prominent. Findlay compares objective and subjective privacy expectations, and emphasizes the importance of an evolving law to match the rapidly-changing social dynamics in society. Genova, G.L. (2009). No place to play: Current employee privacy rights in social networking sites. Business Communication Quarterly, Retrieved from http://search.ebscohost.com/login.aspx?direct=true&db=buh&AN=36366007&sit e=ehost-live By making personal information available on social networking sites, one may face issues when looking for a new job if any of the photos or personal information portrays the individual in a negative or unprofessional light. Genova’s article looks at the tendency for employers to visit OSNs to obtain information about potential job candidates. The article begins with an analysis of survey results regarding the influence of OSNs on hiring procedures. This is followed by a look at the way that California is protecting its citizens from job termination due to OSN exposure. Genova looks at the state’s constitution, which allows employees to claim a reasonable expectation of privacy for OSN content that was created independent of the work environment. The article closes with a discussion about appropriate employer OSN policies and ways in which employees can maintain an OSN presence in a professional manner, while still reaping the benefits of control and freedom online. Jeschke, R. (2009, September 1). Privacy in online behavioral tracking and targeting It's time to protect consumers. Retrieved from http://www.eff.org/deeplinks/2009/08/behavioral-tracking The Electronic Frontier Foundation (EFF) issued this press release, and it discusses the efforts of EFF to enact change in Congress with regards to online behavioral monitoring. The article begins by presenting the statement that was
sent to the House Energy and Commerce Committee. Tracking one’s online behavior without their consent is a clear invasion of privacy, according to the report. EFF’s article also discusses ways that third-party Web sites such as Omniture and AdBrite, can combine information and work to compile user profiles in order to better tailor their ads to specific users. The report also raises the issue of data collection by the government, arguing that with many different ways for third-party Web sites to collect personal information unbeknownst to the user, the power of legislation is essential in order to fully protect consumers’ privacy. Jones, S., & Fox, S. (2009). Generations online in 2009. Pew Internet & American Life Project, Retrieved from http://www.pewinternet.org/~/media//Files/Reports/2009/PIP_Generations_2009. pdf This document outlines research findings and analysis regarding differing use of varying communications tools on the Internet. Researchers define and compare Internet usage by Generation Y, Generation X, young boomers, older boomers, silent generation and G.I. generation. The authors discuss Internet use for e-mail, versus the growing use of the Internet to join and expand social networks. It was reported that older generations spend less time with these tools and more time shopping, banking and conducting research on the Web. Kaye, K. (2009, October 1). Web privacy bill could come by November. Retrieved from http://www.clickz.com/3635153 In this article, Kaye writes about a new privacy bill that Congress is discussing. According to Rep. Rick Boucher who leads the House Subcommittee on Communications, Technology and the Internet, the bill could be established as early as November. The new bill would place control over personal data back in the hands of the user. Web sites would be required to inform users about every piece of information used, and how that information is being used on the Web. In addition, online advertisers would face new regulations: Social networks could no longer exchange personally-identifiable information to advertising companies without users opting in to this process. The article also discusses deep packet inspection, a technology allowing Internet Service Providers to monitor user behavior on the Web in order to develop user-specific ads. Kaye also discusses actions taken by the Network Advertising Initiative, the Federal Trade Commission and the Interactive Advertising Bureau to “encourage more transparency in online data collection and usage.” Krishnamurthy, B., & Wills, C. E. (2009). On the leakage of personally identifiable information via online social networks. In WOSN '09: Proceedings of the 2nd ACM workshop on online social networks, pages 7-12. Retrieved from http://conferences.sigcomm.org/sigcomm/2009/workshops/wosn/papers/p7.pdf
Krishnamurthy and Wills present a study in which they explore the possibilities of personally identifiable information (PII) on social networking sites leaking to third-party Web sites. The study provides background information regarding the increase in the use and purpose of third-party servers, as well as consequences of this information leaking to external parties online. Cookies and HTTP header information are the two main focuses of the study, but there is some discussion about specific privacy policies available for online social networks (OSNs). Krishnamurthy and Wills conduct a leakage study and present a section about protection from PII leakage. The study results conclude with the message that indirect leakage of PII through OSNs is occurring and this will become more of an issue in the future as more members join social networking sites and more features become available within these communities. Lenhart, A.,& Madden M. (2007). Teens, privacy and online social networks. Pew Internet & American Life Project, Retrieved from http://www.pewinternet.org/pdfs/PIP_Teens_Privacy_SNS_Report_Final.pdf This report focuses on the ways that teenaged OSN users manage online profiles. Surveys and focus groups conducted by the Pew Internet & American Life Project involving the ways that teens understand privacy are referenced in the report. The first section of the report presents an overview of survey findings, followed by statistics involving the use and management of OSN privacy settings. The authors then discuss which information teenagers most commonly put on their profiles, as well as the most common privacy pre-cautions taken online. Lenhart and Madden then compare the different mindsets of boys and girls—analyzing the behavior of each gender and documenting the contrasting concerns online. A comparison is also conducted within each gender, between younger and older teens. The study progresses to discuss household rules about Internet use, and the frequency of the use of this medium over a six-year period. The authors indicate that no relationship or pattern was established in terms of how often or in what manner teenagers disclose personal information online. The report closes with a discussion about how teenagers feel in terms of being accessible or vulnerable to communication with strangers online. Li, Charlene (2008, March 6). The future of social networks: Social networks will be like air. Retrieved from Groundswell: Winning in a world transformed by social technologies Web site: http://blogs.forrester.com/groundswell/2008/03/the-futureof-s.html Charlene Li, author of “Groundswell” and Vice President and Principal Analyst at Forrester Research, authors a blog post in which she presents an ongoing research project involving the future of social networks. Li discusses her thoughts on the future timeline for social networks. According to Li, social networks are moving towards a seamless, integrated existence into the lives of humans. Li addresses four components of current social networks: Profiles, relationships, activities and business models. She argues that with the instatement of ubiquitous social
networks in the next five or 10 years, these components will shift to: “Universal identities, a single social graph, social context for activities and social influence defining marketing value.” Li also writes about personal cost per impression (CPM), which she ties into the fourth component of her research. Lomas, Natasha (2007, October 19). Analyst: Social Networking faces uncertain future. Retrieved from CNET news Web site: http://news.cnet.com/Analyst-Socialnetworking-faces-uncertain-future/2100-1025_3-6214355.html This article targets the future of social networking from the standpoint that OSNs have an uncertain future. Lomas begins by discussing doubts that investors have regarding social networks. These doubts are based on the fact that despite millions of active members on OSNs, long-term growth is not certain. Lomas references a 2007 Datamonitor report, which indicates that membership on social networking services will plateau by 2012. The article also looks at marketplace consolidation and the possibility that more special-interest OSNs may emerge as a result of this consolidation. Newman, J. (2009, September 11). You own your tweets...but so does Twitter?. Retrieved from http://technologizer.com/2009/09/11/you-own-your-tweets-but-so-doestwitter In this article, Newman debates about the meaning behind Twitter’s new privacy statements and terms of service updates. While Twitter has said that users technically own their own Tweets, Newman speculates about the control that Twitter could still maintain over content produced on the Web site. The author references Biz Stone’s blog post about the updates and asserts that Twitter’s justifications for their privacy policy changes are not adequate. “I appreciate that Twitter’s terms of service are brief and readable, but I’d rather the site spell out exactly how and where it intends to use people’s tweets, so we’re all on the same page.” Ostrow, A. (2009, July 28). Number of social networking users has doubled since 2007 . Retrieved from http://mashable.com/2009/07/28/social-networking-users-us/ In this article found on Mashable.com, Ostrow presents information from a new study conducted by the North American Technographic Benchmark Survey. Ostrow compares survey data sets from 2007 and 2009, concluding that the number of social network users has doubled in the past two years. “ 55.6 million adults – or just less than 1/3rd of the population – in the US now visit social networks at least monthly.” Ostrow sites additional specifics from the Forrester Research report, and several visualizations are used to compliment the data presented.
Popken, B. (2009, February 20). Facebook won't let you remove dead relative's page, per "policy". Retrieved from http://consumerist.com/5157481/facebook-wont-let-youremove-dead-relatives-page-per-policy This blog post documents a user’s experience and difficulty with trying to remove a deceased family member’s Facebook page from the site. The dilemma with Facebook occurred because the user was not yet an accepted friend of the deceased family member. Facebook’s policy on deceased members reads as follows: “Per our policy for deceased users, we have memorialized this person's account. This removes certain more sensitive information and sets privacy so that only confirmed friends can see the profile or find the person in search. The Wall remains so that friends and family can leave posts in remembrance.” The member’s page was eventually removed and Facebook cooperated with the individual. However Popken’s story raises some questions about privacy and protection of deceased family members’ personal information being left visible on social networking sites. Preibusch, S., Hoser, B., Gurses, S., & Berendt, B. (2007). Ubiquitous social networks' opportunities and challenges for privacy-aware user modeling. In proceedings of the Workshop on Knowledge Discovery for Ubiquitous User Modeling, 2007, Retrieved from http://vasarely.wiwi.hu-berlin.de/DM.UM07/Proceedings/05Preibusch.pdf This report focuses on the implications of ubiquitous computing, and how this will transfer into the realm of social networking. The paper briefly outlines the importance of social networks, but the bulk of the document discusses privacy issues or challenges within OSNs and the importance of identifying these privacy conflicts. In order to enhance privacy in OSNs as they become more prevalent in the lives of connected individuals, the authors suggest the use of the Platform for Privacy Preferences (P3P); a protocol that informs users about how various Web sites collect and use personal information. The authors emphasize the importance of allowing Web users to comprehend the ways in which sites they visit are using their information. Opt-out or opt-in preferences are also discussed in the paper. The authors also discuss the ways that privacy policies can be “integrated seamlessly into the interaction among users.” Currently, users choose who they communicate with in OSNs, but communication patterns and personal information can be picked up from distant connections that are gaining access to the information because it is visible on the profiles of direct connections. The authors look at the ways that privacy policies can be improved to better accommodate ubiquitous social networking. Rotenberg, M. (2007, September 24). Google's proposals on Internet privacy do not go far enough. Retrieved from http://www.ft.com/cms/s/0/764c5338-6a32-11dca571-0000779fd2ac.html?nclick_check=1
Marc Rotenberg reports about the decision of the Electronic Privacy Information Center to oppose Google’s planned merger with top Internet advertiser Doubleclick. The article includes information about past EPIC complaints involving breaches in privacy protection in Microsoft’s Passport identity management system, as well as data broker Choicepoint. The Federal Trade Commission received EPIC’s complaint and launched an investigation. According to Rotenberg, Google’s recent decision to establish global privacy standards due to EPIC’s complaint is too little too late, since countries in America, Europe and Asia finalized global privacy standards more than 25 years ago. Rotenberg suggests that accessible and strict privacy policies are essential. He also argues against the point that cookies and IP addresses cannot be traced to a specific user; an IP address is linked to a specific computer and Google specifically creates cookies as unique user identifiers. Rotenberg, M. (2007, November 9). Privacy vs. security? Privacy. The Huffington Post, Retrieved from http://www.huffingtonpost.com/marc-rotenberg/privacy-vssecurity-priva_b_71806.html In this article, Marc Rotenberg, executive director at the Electronic Privacy Information Center, argues against the idea that it is acceptable for Americans to reduce their expectation of privacy because of recent technological advances. Rotenberg begins by providing examples about the way that the United States government has historically acted to protect citizens’ privacy—despite the actions of other governments worldwide that did the opposite. Congress rejected wiretapping and worked to create laws related to intelligence surveillance. Rotenberg’s argument moves to a discussion about the events of Sept. 11, and outlines decisions made by the government that did not uphold previous privacy laws. Instead of sacrificing freedom to enhance one’s security, Rotenberg argues that the correct balance is “between the powers of government and the means of oversight that are established.” According to Rotenberg, Americans should understand and act upon the Constitutional democracy of the country, thereby maintaining a strong expectation of privacy despite a more technologicallyadvanced world. Schroeder, S. (2009, June 24). EU wants tighter privacy on social networks. Retrieved from http://mashable.com/2009/06/24/eu-privacy-social-networks/ This article from Mashable.com discusses new privacy regulations from an EU panel. The suggested laws are related to the European Union Directive on Data Protection of 1995. The directive “prohibits collection of personal information without consumers’ permission, forbids employers to read workers’ private e-mail and doesn’t allow companies to share personal information on users without their permission.” Schroeder looks at implications of the new guidelines set by the panel, suggesting that basic privacy settings on social networks may not be enough to fully abide by the new laws. According to Schroeder, one of the main
issues lies in the fact that the panel called for social networks to delete inactive accounts—a practice that Facebook does not follow. The article also includes a link to the full set of new guidelines. Shields, R. (2000). Publicly available personal information and Canada's personal information protection and electronic documents act. McCarthy Tretault, 2, Retrieved from http://strategis.ic.gc.ca/epic/internet/inecicceac.nsf/vwapj/Researchpaper_privacy_en.pdf/$FILE/Researchpaper_privacy_en. pdf Shields’ report provides an analysis of measures taken in Canada to strengthen privacy laws as related to personal information online, including information available on social networking sites. The report begins with a section that defines different forms of publicly available personal information, followed by explanations of Canadian federal court decisions involving privacy online. Shields mentions specific court cases to illustrate issues surrounding publically available information, such as Terry v. Canada (Minister of Defense). The impact of technology is on the spread and accessibility of personal information is one of the main issues in Shields’ report. Information can be obtained instantaneously, and stored indefinitely. The report includes a discussion about how other countries are responding to the dilemma regarding personal information online and privacy issues. Shield’s provides details about legal measures taken in Europe, The United States, New Zealand and Australia. The report then outlines commentaries from the British Columbia privacy commissioner, privacy expert Roger Clark and other experts involved in online privacy issues. Shields closes with a discussion about policy approaches that could be taken in the future—asserting that technological developments are re-defining and perhaps permanently changing the notion of a truly private life. Smarr, J., Canter, M., Scoble, R., & Arrington, M. (2007, September 5). A Bill of Rights for users of the Social Web. Retrieved from http://opensocialweb.org/2007/09/05/bill-of-rights/ This resource is a blog post compiled by multiple authors as a proposed Bill of Rights for the Web. The document is tailored to protect individuals who participate on social networking sites. The authors state that every individual is entitled to control, freedom and ownership of their own personal data. The document is brief but presents a charge to readers to suggest changes or add new articles to the document. The post also includes information about what Web sites can do to adequately support the rights presented in the document, including taking steps to: “Allow their users to syndicate their own stream of activity outside the site, and allow their users to link from their profile pages to external identifiers in a public way.”
Smart, J., Cascio, J., & Paffendorf, J. (2007). The Metaverse Roadmap: pathways to the 3d Web. Retrieved from http://www.metaverseroadmap.org/overview/ The Metaverse Roadmap (MVR) is a project conducted by the Acceleration Studies Foundation (ASF) that makes short-term and long-term predictions about the future of virtual and 3D worlds on the Web. Creators of the MVR “envision a future broadly reshaped by virtual and 3D technologies.” This Web site includes information about the ways that virtual worlds such as Second Life may be tied into social media communications in the future. Information is included about specific trends in the MVR, as well as survey results and visualizations. According to information compiled in the MVR, four trends will emerge in the future as related to communications online: Augmented reality, lifelogging, mirror worlds and virtual worlds. Solove, D.J. (2008, August 18). Do social networks bring the end of privacy? Young people share the most intimate details of personal life on social-networking Web sites, such as MySpace and Facebook, portending a realignment of the public and the private. Scientific American, Retrieved from http://www.scientificamerican.com/article.cfm?id=do-social-networks-bring Solove discusses the issues related with privacy and social networking. The article uses a brief anecdote regarding the spread of “The Star Wars Kid,” to illustrate that the spread of information on the Web is rapid, widespread and permanent. The author refers to young people using social networking sites as “Generation Google,” because most information about their lives will eventually be accessible through a simple Google search. Solove discusses the positive and negative aspects related to the openness of the Web. Freedom online allows anyone to be expressive and find a voice, but many privacy issues are associated with this freedom. Solove presents the idea that OSNs are allowing communities worldwide to “revert to the close-knit culture of preindustrial society.” The article includes a discussion about reputation protection in a transparent world. Issues involving Facebook’s news feed, as well as its launch of a new advertising system in 2007 are used to illustrate ongoing issues with privacy and OSNs. Solove negates the idea that privacy is obsolete and suggests that the U.S. should follow suit of Canada and European countries that have updated privacy laws to protect Web users’ personal information online. Van Der Werf, M. (2007). Beware of using social-networking sites to monitor students, lawyers say. Chronicle of Higher Education, 53(26), Retrieved from http://web.ebscohost.com/ehost/detail?vid=3&hid=9&sid=eb7be667-821e-46ae86e609b60bc1d3fe%40sessionmgr10&bdata=JnNpdGU9ZWhvc3QtbGl2ZQ%3d%3d #db=aph&AN=24281109
This article addresses the use of Facebook and other popular social networking sites as law-enforcement tools. The author begins with a brief case study in which Facebook was used to identify students at DePauw University who had vandalized a sculpture. According to the article, many college students are likely to “friend” strangers on OSNs. Van Der Werf briefly mentions the ongoing debate among colleges about whether or not they should monitor OSN profiles of students to prevent institutional embarrassment or offensive content within the university community. The second half of the article discusses laws related to privacy and social networking, and features interviews with law professors who are looking to resolve the debate. These interviewees pose questions about the legal aspects of monitoring postings or photos online and how they should take action, if at all. Walters, C. (2009, February 15). Facebook's new terms of service: "we can do anything we want with your content. forever." Retrieved from http://consumerist.com/5150175/facebooks-new-terms-of-service-we-can-doanything-we-want-with-your-content-forever In this blog post, Walters discusses the changes to Facebook’s privacy policy. One of the primary components discussed in the post involves the fact that Facebook removed several lines from its original policy statement. Previous documents had indicated that upon terminating a Facebook account, any rights that the company had to your personal information were relinquished. Now that is not the case, as the social network’s policy writers removed those lines from the privacy statement. Comments on this blog post include thoughts from concerned Facebook members, as well as additional clarifications from the Facebook team. Wilson, J.S. (2007). MySpace, your space, or our space? New frontiers in electronic evidence. Oregon Law Review, 86, Retrieved from www.law.uoregon.edu/org/olr/archives/86/Wilson.pdf Wilson’s report raises questions about the law, as it is related digital information. Wilson focuses on social networks and the ways that they are changing the face of traditional law, including trial preparation and investigation. Wilson ties the constitution into the discussion and looks at the possibility of the Fourth Amendment providing protection of personal information being “unreasonably searched” online. The article outlines specific court cases in which these issues were a factor, such as McPeek v. Ashcroft. Referring to OSNs as “soda fountains” for the 21st century, Wilson discusses the fundamentals of online communities as customizable networks featuring user-generated content. The article also discusses the debate about the admissibility of evidence taken from OSNs. Wilson closes with a more in-depth discussion about the Fourth Amendment, citing Justice Brandeis, who argued “the progress of science, especially in the area of communication technology, requires that the focus shift from the letter to the spirit of the law to protect the individual from privacy invasions.” Wilson’s research suggests that reasonable expectation of privacy online may not be
feasible in all cases, but courts and rule makers should develop ways to define admissible evidence in a world where most information and personal identity is quickly becoming digital. Zuckerberg, M. (2009, February 16). On Facebook, people own and control their information. Retrieved from http://blog.facebook.com/blog.php?post=54434097130 In this blog post, Zuckerberg writes to concerned Facebook members about the social network’s new terms of service. Zuckerberg reassures users that the company still rests on its core values of protecting the privacy of users while allowing for controlled sharing among networks. “In reality, we wouldn't share your information in a way you wouldn't want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work.” Zuckerberg looks to dispel any negativity surrounding the new terms of service by clarifying the fact that Facebook will not retain one’s personal data indefinitely, although any wall posts or messages sent by that user will be available on the wall or in the inbox of that user’s friends.