[Home] [Databases] [WorldLII] [Search] [Feedback] EPIC --- Privacy and Human Rights Report

EPIC --- Privacy and Human Rights Report 2006

Social Network Sites and Virtual Communities

Social networks are pre-technological creations that sociologists have been analyzing for decades. But with the rise of the Internet, social networks and technology networks are becoming inextricably linked, so that behavior in social networks can be tracked on a scale never before possible.[556] Social networking sites such as Facebook, MySpace, and Orkut are an increasingly popular online communication, entertainment, and networking tool for users to upload, share and view information, photos, and messages. There were over 200 social networking sites on the Internet in 2006.[557] In June 2007, the top six most popular social networking sites attracted a total of almost 274 million global visitors.[558] Ninety percent of South Koreans between the ages of twenty-four and twenty-nine are members of one Korean website, www.cyworld.com.[559] The number of Brazilian Orkut users counts for 56% of the total users, followed by the US and India, with about 19% and 15% respectively.[560] Social network sites have also become a platform for international cultural mingling as individual services add users from across the globe.[561]

Privacy is a central issue in the context of social networking services. Some social networking sites boast millions of members, but there is a disconnect between users’ perception of privacy and the privacy framework that is actually in place.[562] Information that users divulge on social networking sites is never truly private. While more than half of social networking site users worry about becoming victims of cyber-crime, they are, nevertheless, posting information that may put them at risk.[563] Social networking sites make it extremely easy to upload many different forms of personal information, including age, contact information (including home address and telephone numbers), photos, sexual orientation, and music preferences.

Some academic experts propose that a lack of education about the risks involved lead users to conclude that the benefits of socialization outweigh the potential harm.[564] While users might feel like they have control over their personal information, in many cases the user content uploaded onto a social networking site becomes the property of that site.[565] Social networking sites create a repository of personal information, and often the sites do not adequately educate users of risks to their information security.[566] Even if social networking sites do not provide users information to third party companies, security problems present on the sites leave users vulnerable, often unknowingly. While even small pieces of information can seem harmless, when combined they can offer identity thieves an extremely high identity correlation index. For example, simple combinations like birthdate and zip code can be enough information to properly identify a person and provide the basis for gathering more information.

Personal information, once posted on the Internet, can come back to haunt users later. Many groups including concerned schools and parents are encouraging students to show restraint in uploading personal information to social networking sites because college recruiters and employers are beginning to perform online "character checks" on applicants in addition to criminal background checks.[567]

Countries differ in their stance on online character checks. While some countries find that there is no legal issue inherent in researching an employee online, other countries have established legal barriers to prevent this kind of activity. In the United States, a federal court recently ruled that using Google to investigate an employee did not violate that employee’s “right to fundamental fairness.”[568] In contrast, Finland has erected strong legal impediments that deny employers the right to perform online investigations of employees or prospective employees. Under Finland’s Protection of Privacy in Working Life Act, an employer may collect information on its employees or job applicants primarily from the employees or job applicants themselves. If "other sources" are used, consent from the employee must be obtained.”[569] In the complaint, a man objected that his employer had used information to his detriment that he posted in a news-group five years previously.[570]

Some colleges have expelled teenagers for violating codes of conduct after discovering photos of underage students posing in front of kegs or writing about drinking binges.[571] Users of social networking sites should also recognize that once something appears on the Internet, it's almost impossible to remove.[572] Caching and intermittent archiving of webpages performed by sites like the Internet Archive’s Way Back Machine[573] can make personal information accessible for years, even after the relevant content has been deleted from a “live” site.

Young users in particular are confused about what is private and what is public on the Internet, and this renders them acutely vulnerable. A recent survey indicates that 36 percent of parents do not monitor their children’s use of social networking sites.[574] Young users must not only be educated concerning the proper levels of information to share, but also must be wary about who they are adding to their profiles. Although children’s social networking sites, such as Club Penguin,[575] may provide a safer online environment for children, youth must be taught that indiscriminate sharing of personal information is dangerous and renders users vulnerable to spam, identity theft and stalking by unknown users.[576]

Some academic experts contend that privacy is widely valued among users of social network services.[577] This seemed to be the case when almost three-quarters of a million users protested controversial new features added to Facebook in September 2006.[578] Facebook’s “news feed” updates a personalized list of news stories throughout the day, while its “mini-feed” shows what has changed recently in an individual’s profile and what content (notes, photos, etc.) they've added. Following the announcement of the feed readers, users organized a Facebook group called “Students Against Facebook News Feed,” and 740,000 users joined to protest the feeder features.

The public outrage caused by the “feed” features came as a complete surprise to Facebook. The company didn’t think that there was a privacy issue because it was just combining data to make the users’ social networking experience more useful and entertaining. However, users objected to the fact that Facebook allowed News Feed to begin distributing their information without any warning.[579] One of users’ main concerns was that they were not explicitly told how the feed readers worked and what their privacy options were. Facebook forced users to alter their privacy settings after the fact, and after some information may already have been broadcast. Additionally, Facebook did not acknowledge that the aggregation of information allows for presentation of data in a highly digestible form, which presents unique privacy concerns.[580]

Users who are mobilized to enact change can have an enormous impact on the privacy norms of the online world.[581] User education concerning the discrepancy between users’ expectation of privacy and the current online reality is key in this area. As outraged Facebook users demonstrated, a motivated user base with a strong conception of its rights can, in the context of social networking, help change the online privacy landscape.

[556] Steve Lohr, “Computing, 2016: What Won’t Be Possible?” New York Times, October 31, 2006, available at <http://www.nytimes.com/2006/10/31/science/31essa.html?ex=1319950800&en=64e41f3ff96acb9d&ei=5088&partner=rssnyt&emc=rss>. See also Jon Kleinberg homepage <http://www.cs.cornell.edu/home/kleinber/>.
[557] OnLine NewsHour: Report, Networking Sites Draw Youth, Ads, September 27, 2006 <http://www.pbs.org/newshour/bb/media/july-dec06/facebook_09-27.html>.
[558] “Major Social Networking Sites Substantially Expanded Their Global Visitor Base during Past Year,” ComScore, July 2007 <http://www.comscore.com/press/release.asp?press=1555>.
[559] Rachel Konrad, Korean social networking phenomenon aims to crack American market, August 13, 2006 <http://www.usatoday.com/tech/news/2006-08-13-cyworld_x.htm>.
[560] Wikipedia, Orkut <http://en.wikipedia.org/wiki/Orkut>.
[561] Erick Schonfeld, Cyworld ready to attack MySpace, July 27, 2006, <http://money.cnn.com/2006/07/27/technology/cyworld0727.biz2/index.htm>.

[562] See Bruce Schneier, “Facebook and data control,” September 21, 2006 <http://www.schneier.com/blog/archives/2006/09/facebook_and_da.html>.
[563] “Social Networking Exposes You to Hackers and Identity Thieves,” August 2, 2007 <http://www.technologynewsdaily.com/node/4696>.

[564] See generally Danah Boyd, “Identity Production in a Networked Culture: Why Youth Heart MySpace,” February 19, 2006 <http://www.danah.org/papers/AAAS2006.html>; “Social Network Users Have Ruined Their Privacy, Forever,” August 2, 2007 <http://www.hexus.net/content/item.php?item=7499>.; Susan Barnes, “A Privacy Paradox: Social Networking in the United States,” available at <http://www.firstmonday.org/issues/issue11_9/barnes/index.html>
[565] Schneier, supra.
[566] Jones and Soltren, “Facebook: Threats to Privacy,” December 14, 2005 <http://www.swiss.ai.mit.edu/6095/student-papers/fall05-papers/facebook.pdf>; see generally Fernanda B. Viegas, “Digital Artifacts for Remembering and Storytelling,” 2005 available at <http://www.danah.org/papers/HICSS-37.pdf>.

[567] Amy Hockert, “Employers Use “Facebook” and “MySpace” to Weed Out Applicants,” September 9, 2006 <http://www.wtlv.com/tech/news/news-article.aspx?storyid=64453>.

[568] Declan McCullagh, “Police Blotter: Fired Federal Worker Sues Over Googling,” May 9, 2007 <http://news.com.com/2100-1030_3-6182333.html?part=rss&tag=2547-1_3-0-20&subj=news>.
[569] “Don’t Google Job Applicants in Finland,” August 2, 2007 <http://www.linksandlaw.com/news-update49-job-applicants-finland.htm>.
[570] Id.

[571] “Teens’ Bold Blogs Alarm Area Schools,” January 17, 2006 <http://www.tmcnet.com/usubmit/2006/jan/1292401.htm>.
[572] “Social Network Users Have Ruined Their Privacy, Forever,” supra.
[573] “Internet Archive: Wayback Machine,” August 2, 2007 <http://www.archive.org/web/web.php>.

[574] Social Networking Exposes You to Hackers and Identity Thieves, supra.
[575] Club Penguin <http://www.clubpenguin.com>.
[576] See generally Social network users have ruined their privacy, forever, supra.

[577] See generally Unit Structures, “You're not my Friend: A new look at Privacy on Facebook,” January 31, 2007 <http://chimprawk.blogspot.com/2007/01/youre-not-my-friend-new-look-at_31.html>.
[578] Facebook CEO: “We Really Messed This One Up”, September 8, 2006 <http://www.nbc11.com/news/9805842/detail.html>.

[579] EPIC – Social Networking, Social Networking Privacy, August 3, 2007 <http://www.epic.org/privacy/socialnet/default.html>.
[580] Bruce Schneier, “Facebook and data control,” September 21, 2006 <http://www.schneier.com/blog/archives/2006/09/facebook_and_da.html>.

[581] Schneier, supra.