May 4, 2010 Consumer Reports panel, "Social Insecurity: Risky Consumer Behavior in the Era of Social Networks." Presentation by Lee Tien, Senior Staff Attorney, Electronic Frontier Foundation.
1. Social networks and
privacy
Consumer Reports
State of the Net
May 4, 2010
Lee Tien
EFF senior staff attorney
tien@eff.org
2. What DOJ says:
UTILITY IN CRIMINAL CASES
Evidence from social-networking sites can
• Reveal personal communications
• Establish motives and personal relationships
• Provide location information
• Prove and disprove alibis
• Establish crime or criminal enterprise
Also: instrumentalities or fruits of crime
3. Social graph privacy
(it’s not just about
you)
• From personal data to relationship data
• ZDNet comment: “A number of my friends in
Iran are active student protesters….[who] use
Facebook extensively to organize…terrified
that their once private lists of friends are now
available to ‘everyone’…. When that
‘everyone’ happens to include the Iranian
Revolutionary Guard….”
4. Facebook then and
now
• 2005 privacy policy: "No personal information
that you submit to Thefacebook will be
available to any user of the Web Site who
does not belong to at least one of the groups
specified by you in your privacy settings."
• Now: parts of your profile, "including your
current city, hometown, education and work,
and likes and interests" will be transformed
into public "connections."
• Can only prevent by deleting them.
5. Public information
• name, profile picture, current city,
gender, networks, complete list of your
friends, and your complete list of
connections (formerly the list of pages
that you were a "fan" of, but now
including profile information like your
hometown, education, work, activities,
likes and interests, and, in some cases,
your likes and recommendations from
non-Facebook pages around the web)
6. Expectation
exp
mismatch?
• Public isn’t necessarily bad, but
• Originally FB was a way to share your
interests and information with a select
group of your own choosing.
• Now FB has helped itself and its ad and
business partners to more and more of
users’ information, while limiting users’
control options
7. Who has control?
• Degrees of publicity: e.g. status data
had been accessible, but FB News
Feed (2006) made it stream “pushed” to
your friends—users upset.
• Current app + friend problem
• FB apps get any data you allow them to …
and apps run by your friends get any of
your data that you let your friends see* IP
• Not just change—complexity
8. “Evil interfaces”
• “act of creating deliberately confusing jargon
and user interfaces which trick your users into
sharing more info about themselves than they
really want to”
• Labyrinthine process for opting out of Instant
Personalization (allows select FB partner
websites to collect and log all of your "publicly
available” data)
• Google Buzz (2/10): threatened to move
private GMail recipients into a public
"frequent contacts" list; complex "opt-out"
user-interface was big part of the problem
9. Publicity v. visibility
• “While you do have the option to hide
your Friend List from being visible on
your profile, it will be available to
applications you use and websites you
connect with using Facebook.”
• Users may think they’re protecting
information, but they’re merely making it
less visible (to users)
• Just confusing or deceptive/misleading?
10. Right to leave?
• Lock-in problem
• Can you take your data with you?
• Can you delete when you leave?
• Social networks could facilitate data
portability and thus competition on
privacy
11. Thoughts from danah
boyd
• Social media—the walls have ears
• Privacy not merely about control of
data, nor a property of data
• About managing our selves in situations
• Shared or “collective understanding of a
social situation’s boundaries and knowing
how to operate within them”
• Degrees of publicity and of trust
12. Two sides of ID
management
• Helping the user manage their multiple
personas?
• Or helping strangers identify you?