At the annual Facebook F8 event yesterday, Facebook announced several powerful applications to expand the reach of the Web 2.0’s social networking model. New product announcements included Open Graph application software and inclusion of location-based services for greater social web inter-connectivity. The debut of the highly anticipated “Like” button on sites external to Facebook was also disclosed. In fact, Facebook stated that it already has established partnerships with approximately 30 highly visible websites including Yelp and Microsoft. Senior Facebook developers successfully demonstrated some of the potential uses to marketing and business users as well as individuals.
In light of this event, I’d like to share some of my concerns regarding the effect of increased information disclosure on us. The legal and contextual basis for my concern is drawn from a prescient feature article via BBC News. The following excerpt regarding erosion of privacy due to online activity is solid background material. It is followed by my own comments, as motivated by yesterday’s F8 activities.
How Online Life Distorts Privacy Rights for All by Zoe Kleinman, BBC News, 8 Jan 2010
People who post intimate details about their lives on the internet undermine everybody else’s right to privacy, claims an academic. Dr Kieron O’Hara [a senior research fellow in Electronics and Computer Science at the University of Southampton] has called for people to be more aware of the impact on society of what they publish online. “If you look at privacy in law, one important concept is a reasonable expectation of privacy,” he said. “As more private lives are exported online, reasonable expectations are diminishing.”
The rise of social networking has blurred the boundaries of what can be considered private, he believes – making it less of a defense by law. We live in an era that he terms “intimacy 2.0″ – where people routinely share extremely personal information online. “When our reasonable expectations diminish, as they have, by necessity our legal protection diminishes.”
This is the article’s most critical point: “People who post intimate details about their lives on the internet undermine everybody else’s right to privacy… When our expectations diminish, by necessity our legal protection diminishes…”
The negative effects associated with such a loss of privacy are significant. Contemplate an analogy, between the social web’s escalating trend toward over-sharing and the risk scenario implicit in the herd immunity effect of inoculation to prevent infectious disease.
Start by considering our rapidly growing social web. Achieving today’s level of coverage and confidence in the security of our private information was not achieved easily nor quickly. Certain rights, such as protected health information laws under HIPAA, were only legislated during the past five or ten years. However, in this sudden outpouring of social web-motivated information disclosure, we might destroy all that our predecessors, and ourselves, have fought to achieve over a span of decades or centuries.
Now consider immunization against contagious disease. Note that metaphorical comparison to disease is not overstatement: In a worst case scenario, the threat to personal privacy or infrastructure security due to unprecedented levels of network connectivity is dire. We’ll use the non-controversial example of polio, for which immunity is achieved at the community level. Decades of time and effort were required to wipe out incidence of this disease. However, by choosing not to protect oneself (or one’s children), the entire community is made more vulnerable, not just those who choose not to immunize. The immuno status of the “herd” can be compromised by a small number of now unprotected individuals.
The phrase “going viral” with the spread of social web information is in fact just as sinister as the original epidemiological context from which it was derived.
That is why nearly everyone who works in information security—be it computers, telephony, healthcare, or in financial or IT audit— seems leery of Facebook services. Every time I scan news feeds from InfoSec Island, Wired.com, or DEFCON, I notice references to the latest Facebook scam, exploit, user vulnerability etc. The data security and information technology community appear to be of one mind about Facebook: no system safeguards, no matter how stringent, can protect users who choosing to divulge information by over sharing.
I conclude with a link to visual editor and journalist Robb Montgomery’s advice about how to guard your privacy and enjoy your time more securely on Facebook.
Ellie Asks Why 
Comments welcomed! Less enthusiastic about spam.