At the F8 event yesterday, Facebook announced several powerful applications to expand the reach of the Age of Web 2.0’s already prominent social networking model. New product announcements included Open Graph application software and inclusion of location-based services for greater social web interconnectivity. The debut of the highly anticipated “Like” button on sites external to Facebook was also disclosed. In fact, Facebook stated that it already has established partnerships with approximately 30 highly visible websites including Yelp and Microsoft. Senior Facebook developers successfully demonstrated some of the potential uses to marketing and business users as well as individuals.
In light of this rather significant event, I’d like to share some of my concerns regarding the effect of increased information disclosure on us, collectively. The legal and contextual basis for my concern is drawn from a rather prescient January 2010 feature from BBC News, courtesy of watchdog blog Facebook Cleanup Your Act! . The following excerpt regarding erosion of privacy due to online activity is solid background material, and is followed by my own comments, as motivated by yesterday’s F8-associated events.
How Online Life Distorts Privacy Rights for All
By Zoe Kleinman, Technology Reporter, BBC News
Friday, 8 January 2010
People who post intimate details about their lives on the internet undermine everybody else’s right to privacy, claims an academic. Dr Kieron O’Hara has called for people to be more aware of the impact on society of what they publish online. “If you look at privacy in law, one important concept is a reasonable expectation of privacy,” he said. “As more private lives are exported online, reasonable expectations are diminishing.”
The rise of social networking has blurred the boundaries of what can be considered private, he believes – making it less of a defense by law. We live in an era that he terms “intimacy 2.0″ – where people routinely share extremely personal information online. “When our reasonable expectations diminish, as they have, by necessity our legal protection diminishes.”
Dr O’Hara, a senior research fellow in Electronics and Computer Science at the University of Southampton, gave the example of an embarrassing photo taken at a party. A decade ago, he said, there would have been an assumption that it might be circulated among friends. But now the assumption is that it may well end up on the internet and be viewed by strangers….
This is the article’s most critical point: “People who post intimate details about their lives on the internet undermine everybody else’s right to privacy… When our expectations diminish, by necessity our legal protection diminishes…”
The importance and very negative effects associated with such a loss of privacy is significant. Contemplate an analogy, between the social web’s escalating trend toward over sharing and the risk scenario implicit in the herd immunity effect of inoculation to prevent infectious disease.
Start by considering our rapidly growing social web. An individual’s privacy is not a Constitutional right, insofar as I understand. Achieving today’s level of coverage and certainty in the security of our private information was not achieved easily nor quickly. Certain rights, such as protected health information laws under HIPAA, were only legislated during the past five or ten years. However, in this sudden outpouring of social web-motivated information disclosure, we the people might very possibly destroy all that our predecessors, and our own selves, have fought to achieve over a span of decades or centuries.
Now consider immunization against contagious disease. Note that metaphorical comparison to disease is not overstatement: In a worst case scenario, the threat to personal privacy (or possibly infrastructure security) due to unprecedented levels of network connectivity is dire indeed. We’ll use a non-controversial example like polio, for which immunity is achieved at the community level. Decades of time and effort were required to wipe out incidence of this disease. However, by choosing not to protect oneself (or one’s children now), the entire community is made more vulnerable, not just those who choose not to immunize. The collective immuno-status of the “herd’ can be compromised by a small number of now unprotected individuals.
The phrase “going viral” with the spread of social web information is in fact just as sinister as the original epidemiological context from which it was derived.
That is why you will find virtually everyone who works in information security, be it computers, telephony, healthcare, or in financial or IT audit to be very leery of Facebook type services. Every time I scan news feeds from InfoSecIsland.com, or Wired.com, or DEFCON updates, or any other computer or financial information security group forums, I see repeated references to the latest Facebook scam, exploit, user vulnerability etc. The data security and information technology community seem to be of one mind about Facebook: no system safeguards, no matter how stringent, can protect users who choosing to divulge information by over sharing.