"...(a) provide accurate, current and complete information about you as may be prompted by any registration forms on the Site ("Registration Data"); (b) maintain the security of your password and identification; (c) maintain and promptly update the Registration Data, and any other information you provide to Company, to keep it accurate, current and complete..."What is very intriguing about this aspect of the user agreement, is that Facebook reserves the right to shut down any account that fails to maintain the accuracy and completeness of any user's identity. In fact any account that Facebook deems not veritable, it reserves the right to remove the account from the site.
Also worth noting is, as of December 22, 2008, Chris Kelly, Chief Privacy Officer of Facebook, announced his run for California Attorney General. This was the person in charge of Facebook's identity management, and the course it took in demanding full disclosure of any and all user information on the site. By allowing Facebook to enforce strict identity rules for its users, Mr. Kelly does not uphold security in identity, but instead allows a private company to have a database full of private information. Facebook does not participate in law enforcement, or investigation, so there is really no need to have this level of detail. If these were his policies on privacy at a private company, then what's stopping him or anyone else who practices identity steering from drawing from the same set of principles to be used in the public sector. A governement that demands full disclosure of anyone's identity is a ruling entity that will not enforce the privacy of individuals.
It has been a trend of late for major social networking sites to require its users to provide full disclosure of their true identity at the level of what most institutions like banks, government, DMV, or social security requires. One of the benefits of having a presence online is anonymity, and it is no different than those who meet in person, who carry out communication unmonitored and not observed by anyone other than the participants. Online networking has transformed social privacy in huge way, and this factor may or may not contribute to one aspect of human rights, known as privacy. Whether user information is disclosed to third party elements online, or this information is kept under lock and key by the site that holds the data, the general user base is not aware of how and in what manner their data is being used by a social web site. In other words there is no transparency when it comes to knowing when, how, who, and where user information is being transferred.
On January 9, 2009, Google released a report on the relative openness of private user accounts, that could become susceptible to third-party data mining through the simple act of accessing the data connected to one's "social circle". There were three points made by the authors of this report that argued the loss of individual privacy through a online system that is prone to "compromise user privacy".
First, is the "lack of control over activity streams". This is an incapacity of the user to know or see what parts of their interaction on a site's application is being seen by unknown parties, when the user participates in what the Google report terms, "mini-feeds", "updates" to their profile, or whatever other information is readily available to the social network.
Next, is "unwelcome linkage". This basically is termed as involuntary revelation of user information due to links readily available on other sites, that may or may not have been created by this user. Any other individual could simply supply a link to another profile on a site not even associated to that user, and could possibly lead to be incriminating to the unwilling user. Most social networking websites lack a security of isolation of accounts, that could possibly enhance a user's security of privacy.
Lastly, and most relevant to this article's case is the "merging of social graphs". By their nature alone, social networking sites, whether they enforce veritable identity or not, extract plenty of private information about a user (i.e. birth dates, addresses, favorite things to do, travel plans, etc.), which at some point can be analyzed across multiple networks, in order to assess the identity of a person based on piecing together user profile characteristics.
If social sites are going to provide a free service, or a channel of communication, there should be an evidential way to provide users with data that informs them if, when and how their information is being used. A great example of how, if this information is not disclosed to individuals who have readily available data online, online account data can be accessed by state institutions for investigation. Currently, there are no laws, constitutional or otherwise, that protect online users from privacy invasion by governing agencies. There is also no disclosure of if, when and how governing agencies would access online identities as a supplemental way of investigation. For instance, the Department of Homeland Security uses what they term, "fusion centers", that are used by local, state and national law enforcement and intelligence agencies. Current analysis of the DHS Privacy Impact Assessment fails to discuss whether or not investigations are limited to current fusion center databases. According to the 9/11 Act, "many fusion centers have an 'all crimes and/or all hazards' mission, and there is no methodology defined as to how this mission is carried out through investigation. This means that law enforcement through current DHS policies is enabled to use third party data sources (i.e. Facebook, MySpace, etc...) in order to gather identities without warrant. What some term as "mission creep".
Constitutional law protects U.S. citizens from this type of scrutiny by law enforcement, but if the law is using data mining through third party data sources, then they are taking full advantage of a legal loophole, by using private industry databases, in order to process your identities for the sake of "national security". Neither Facebook or any other social networking site has a policy in place to protect identities from big brother surveillance.
In conjunction to this, instead of providing a one way terms and conditions, social networking sites should be held responsible for their holding your information. These sites should be fully liable for any damages or incrimination that may occur if an outside party were to access private information. Current terms and conditions do not provide this. The services are only available as free, but if users were provided with a pay account, a fee of sorts, used to provide insurance that a user's information is kept locked down, and unavailable to any external entities. Chris Kelly, as well as other companies online who maintain privacy policies, have not ensured users that their information is protected. Instead they enforce their users to disclose accurate information about themselves, or do without their services. Even if users decide that they no longer want their information to be stored on these databases, how would they know whether or not their information still resides on these databases. Neither the private nor the public sector has offered individuals satisfactory protective policies for their information. If Kelly wants to succeed in the public sector, he should consider a platform of user rights in an information age that is slowly eroding the privacy of its citizens.
No comments:
Post a Comment