Privacy in Social Network Sites
-
Upload
dariphagen -
Category
Technology
-
view
5.413 -
download
0
description
Transcript of Privacy in Social Network Sites
Privacy Risks in Social Network SitesPrioritization and Framework
David Riphagen
Social Network Sites?
1.Personal profile
Social Network Sites?
1.Personal profile
2.Friends list
Social Network Sites?
1.Personal profile
2.Friends list
3.Ability to view other profiles
Social Network Sites?
1.Personal profile
2.Friends list
3.Ability to view other profiles
4.Membership rules
Social Network Sites?
Severe Privacy Threats
for
Users of Social Network Sites
Prioritize Threats
Deconstruct Threats
by
1. Activities that cause damage
2. Reasons why activities are damaging
Threat?
Information CollectionThreat
“Joe”
Information CollectionThreat
“Joe”
Information CollectionThreat
“Joe”
Source: Riphagen, D., 2008. The Online Panopticon. Privacy Risks for Users of Social Network Sites. Identification and prioritizations of privacy rirks for users of Social Network Sites and cosniderations for policy makers to minimize these risks. , 149. Available at: www.davidriphagen.nl/Riphagen_2008_PrivacyRisksForUsersofSocialNetworkSites.pdf.
Source: Riphagen, D., 2008. The Online Panopticon. Privacy Risks for Users of Social Network Sites. Identification and prioritizations of privacy rirks for users of Social Network Sites and cosniderations for policy makers to minimize these risks. , 149. Available at: www.davidriphagen.nl/Riphagen_2008_PrivacyRisksForUsersofSocialNetworkSites.pdf.
Collection
“Joe”
Threat
Collection
“Joe”
Threat
Processing
Threat
Processing
Information Processing
Threat
Processing
Information Processing
ΔJoe changed his relationship
status from ‘in a relation’
to‘invisible’
Collection
“Joe”
Threat
Processing
Collection
Dissemination
“Joe”
Threat
Processing
“If you use a service from a partner, the privacy statement of that partner applies. Check their privacy statement when visiting their website.”
Threat
Information Dissemination
Source: Hyves Prvacy Policy. Available at: http://www.hyves.nl/privacy/
Threat
Information Dissemination
Source: API Methods Hyves API. Available at: http://trac.hyves-api.nl/wiki/APIMethods
Threat
Information Dissemination
4/29/08 11:50 AMAPIMethods - hyves_api - Trac
Page 14 of 85http://trac.hyves-api.nl/hyves-api/wiki/APIMethods
returnvalues
body, comment, commentid, created, currentpage, info, resultsperpage, running_milliseconds,
target_blogid, timestamp_difference, totalpages, totalresults, userid
blogs.getForFriends
Retrieves the most recent blogs for the friends of the loggedin user.
Added: Apr 17, 2008
Paginated
params
none
responsefields
This method supports the use of ha_responsefields. Acceptable values are a comma separated list
of 0 or more of the following:
commentscount
respectscount
tags
sort
Sorted by age. The most recently created items are returned first.
extra
For this function to work, you need to supply a valid access token to oauth_token.
For more information on oAuth, see APIoAuth and http://oauth.net/.
Note that retrieving something by id always succeeds (as long as the id is valid), even if the
visibility settings of the object do not allow viewing it. If some user is not allowed to view
something, he/she will not get the id from another call. See for more info.
examples
example 1
url
<body>Lovely!</body> <created>1205495604</created> </comment> <info> <timestamp_difference>0</timestamp_difference> <totalresults>2</totalresults> <totalpages>1</totalpages> <resultsperpage>2</resultsperpage> <currentpage>1</currentpage> <running_milliseconds>321</running_milliseconds> </info></blogs_getComments_result>
http://data.hyves-api.nl/?oauth_token=YXRfMTA0ODk1OV-IsZ9CSfstiNhrjkyj10-X&ha_method=blogs.getForFriends&ha_resultsperpage=2&ha_responsefields=commentscount%2Crespectscount%2Ctags&oauth_consumer_key=MV9LTucf6nmdjzU8i0obS1QP&oauth_timestamp=1208429050&oauth_nonce=552150&ha_version=1.0&oauth_signature_method=HMAC-SHA1&ha_format=xml&ha_fancylayout=false&oauth_signature=VlQ5tngL5gXTP3ruNvtqmEoAGws%3D
4/29/08 11:50 AMAPIMethods - hyves_api - Trac
Page 60 of 85http://trac.hyves-api.nl/hyves-api/wiki/APIMethods
returnvalues
body, comment, commentid, created, currentpage, info, resultsperpage, running_milliseconds,
target_tipid, timestamp_difference, totalpages, totalresults, userid
tips.getForFriends
Retrieves the most recent tips for the friends of the loggedin user.
Added: Apr 17, 2008
Paginated
params
tipcategoryid --- Filter selecting tips by tipcategoryid.
Optional
responsefields
This method supports the use of ha_responsefields. Acceptable values are a comma separated list
of 0 or more of the following:
commentscount
respectscount
sort
Sorted by age. The most recently created items are returned first.
extra
For this function to work, you need to supply a valid access token to oauth_token.
For more information on oAuth, see APIoAuth and http://oauth.net/.
Note that retrieving something by id always succeeds (as long as the id is valid), even if the
visibility settings of the object do not allow viewing it. If some user is not allowed to view
something, he/she will not get the id from another call. See for more info.
examples
example 1
url
result
<totalresults>2</totalresults> <totalpages>1</totalpages> <resultsperpage>2</resultsperpage> <currentpage>1</currentpage> <running_milliseconds>281</running_milliseconds> </info></tips_getComments_result>
http://data.hyves-api.nl/?oauth_token=YXRfMTA0ODk1OF8g6dsY_ZYOmj1J3x2ZFQRD&ha_method=tips.getForFriends&ha_resultsperpage=2&ha_responsefields=commentscount%2Crespectscount&oauth_consumer_key=MV9LTucf6nmdjzU8i0obS1QP&oauth_timestamp=1208429054&oauth_nonce=149096&ha_version=1.0&oauth_signature_method=HMAC-SHA1&ha_format=xml&ha_fancylayout=false&oauth_signature=lNnIN2Qeq%2Bllj%2BCoL6UmfuRo%2FcA%3D
<?xml version="1.0" encoding="UTF-8"?>
4/29/08 11:50 AMAPIMethods - hyves_api - Trac
Page 84 of 85http://trac.hyves-api.nl/hyves-api/wiki/APIMethods
returnvalues
created, currentpage, emotion, info, resultsperpage, running_milliseconds, timestamp_difference,
totalpages, totalresults, userid, visibility, where, www, wwwid
wwws.getForFriends
Retrieves the most recent www(Who What Where)s for the friends of the loggedin user.
Paginated
params
none
sort
Sorted by age. The most recently created items are returned first.
extra
For this function to work, you need to supply a valid access token to oauth_token.
For more information on oAuth, see APIoAuth and http://oauth.net/.
Note that retrieving something by id always succeeds (as long as the id is valid), even if the
visibility settings of the object do not allow viewing it. If some user is not allowed to view
something, he/she will not get the id from another call. See for more info.
examples
example 1
<?xml version="1.0" encoding="UTF-8"?><wwws_getByUser_result> <www> <wwwid>7cda4c7efe64b58c</wwwid> <emotion>Climbing a tree</emotion> <where>jungle</where> <userid>738a3e92186fe5e9</userid> <visibility>superpublic</visibility> <created>1205496045</created> </www> <www> <wwwid>a08d0f76c34ea081</wwwid> <emotion>Distracting Gorilla</emotion> <where>jungle</where> <userid>738a3e92186fe5e9</userid> <visibility>superpublic</visibility> <created>1205496004</created> </www> <info> <timestamp_difference>0</timestamp_difference> <totalresults>3</totalresults> <totalpages>2</totalpages> <resultsperpage>2</resultsperpage> <currentpage>1</currentpage> <running_milliseconds>297</running_milliseconds> </info></wwws_getByUser_result>
Source: API Methods Hyves API. Available at: http://trac.hyves-api.nl/wiki/APIMethods
Collection
Processing
Dissemination
Incident?
Incident
Threat
Survey
• American privacy and Internet experts
• Identify privacy incidents
• How much damage incurred?
• How many users affected?
!
!"#
$"!
$"#
%"!
%"#
&"!
&"#
'"!
'"#
#"!
! !"# $"! $"# %"! %"# &"! &"# '"! '"# #"!
!"#$%$&'&()*+*,-.%/(*0%("&1*#2*!"&3%/)*,4/&564(7869%(&36*,-.%/(*#4*:76"7
!"#$%$&'&()*#2*;//<""64/6*#4*%*=%"96*>/%'6
?
@
A
B C
D
E
F
,
G
H
?I()*+,*-(./0,1,02(03./4,*5
@I(6553-5.0,7*(78(9.0.(:(;378,+-<(78(=<-3<
AI(>7(,*873?.0,7*(71-3(:(/7*037+(78(<-/7*9.32(=<-
BI(@0.+4-3<(:(;3-9.073<(:A=++,-<
CI(B9-*0,02(0C-80
DI*D71-3*?-*0(=<.5-(78(,*87
EI(@C.3,*5(:(<-++,*5(78(,*87(07(&39(;.30,-<
FI(E*F.*0-9(9,<<-?,*.0,7*(07(70C-3<(:(537=;<
,I(G,<;+-.<=3-(837?(A-,*5(?7*,073-9
GI(G.?.5-(07(3-;=0.0,7*(A/(78(9,</+7<=3-
HI*H7<0,*5(78(,*873?.0,7*(A2(70C-3<
J#(%'*,42#"-%(*?K%"64677
B&776-&4%(*(#*L"#495#6"7
8#*A#4("#'*#36"*,42#"-%(
$I JK;-30<(97(*70(.53--(7*(L;37A.A,+,02M
%I JK;-30<(97(*70(.53--(7*(L*-5.0,1-(,?;./0M
$I $I
$I
%I
%I
Damage?
Collection
Processing
Dissemination
Incident
Threat
Damage
How is this Damaging?
Incident
Threat
Damage
1. Information-based harm
How is this Damaging?
Incident
Threat
Damage
1. Information-based harm
2. Informational inequality
How is this Damaging?
Incident
Threat
Damage
1. Information-based harm
2. Informational inequality
3. Informational injustice
How is this Damaging?
Incident
Threat
Damage
4. Restriction of moral autonomy /
Inability to create moral identity
1. Information-based harm
2. Informational inequality
3. Informational injustice
How is this Damaging?
Recovery?
The Online Panopticon
MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Information-based
harm
Information
inequality
Informational
injustice
Moral
autonomy and
identification
Information
collection
3. Harmful remarks
towards Megan are
uploaded to
MySpace (collected).
Information
processing
Information
dissemination
1. Disclosure of
Megan's profile ID
makes contacting
her possible.
2. An adult, from a
different social
sphere, contacts
Megan.
Table 7: Framework applied to Megan Meier case
With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
I DENT ITY THEFT
In a research project on identity theft, security software manufacturer Sophos created a
fake Facebook profile, Freddi Staur, and asked 200 Facebook members to become his
friend (Sophos 2007). 41% of the users that they contacted gave away identity-relevant
information such as email address, date of birth and phone number to a green frog
called Freddi Staur, who divulged minimal information about himself (Sophos 2007).
Graham Cluley, senior technology consultant at Sophos, says "while accepting friend
requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many
of the building blocks they need to spoof identities, to gain access to online user
accounts, or potentially, to infiltrate their employers' computer networks." (Sophos
2007). Experts agree that identity theft is one of the most harmful activities a SNS user
could encounter.
That the information on SNS is easily accessible and can be used by stalkers is
something Samer Elatrash experienced in real life (Elatrash 2007). He is, within certain
groups, a well-known pro-Palestinian Israeli who signed up for Facebook because his
friends asked him to. After two weeks, he found out that someone copied information
124
Incident
Threat
Damage
Recovery
The Online Panopticon
MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Information-based
harm
Information
inequality
Informational
injustice
Moral
autonomy and
identification
Information
collection
3. Harmful remarks
towards Megan are
uploaded to
MySpace (collected).
Information
processing
Information
dissemination
1. Disclosure of
Megan's profile ID
makes contacting
her possible.
2. An adult, from a
different social
sphere, contacts
Megan.
Table 7: Framework applied to Megan Meier case
With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
I DENT ITY THEFT
In a research project on identity theft, security software manufacturer Sophos created a
fake Facebook profile, Freddi Staur, and asked 200 Facebook members to become his
friend (Sophos 2007). 41% of the users that they contacted gave away identity-relevant
information such as email address, date of birth and phone number to a green frog
called Freddi Staur, who divulged minimal information about himself (Sophos 2007).
Graham Cluley, senior technology consultant at Sophos, says "while accepting friend
requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many
of the building blocks they need to spoof identities, to gain access to online user
accounts, or potentially, to infiltrate their employers' computer networks." (Sophos
2007). Experts agree that identity theft is one of the most harmful activities a SNS user
could encounter.
That the information on SNS is easily accessible and can be used by stalkers is
something Samer Elatrash experienced in real life (Elatrash 2007). He is, within certain
groups, a well-known pro-Palestinian Israeli who signed up for Facebook because his
friends asked him to. After two weeks, he found out that someone copied information
124
Incident
Threat
Damage
Recovery
The Online Panopticon
MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Information-based
harm
Information
inequality
Informational
injustice
Moral
autonomy and
identification
Information
collection
3. Harmful remarks
towards Megan are
uploaded to
MySpace (collected).
Information
processing
Information
dissemination
1. Disclosure of
Megan's profile ID
makes contacting
her possible.
2. An adult, from a
different social
sphere, contacts
Megan.
Table 7: Framework applied to Megan Meier case
With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
I DENT ITY THEFT
In a research project on identity theft, security software manufacturer Sophos created a
fake Facebook profile, Freddi Staur, and asked 200 Facebook members to become his
friend (Sophos 2007). 41% of the users that they contacted gave away identity-relevant
information such as email address, date of birth and phone number to a green frog
called Freddi Staur, who divulged minimal information about himself (Sophos 2007).
Graham Cluley, senior technology consultant at Sophos, says "while accepting friend
requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many
of the building blocks they need to spoof identities, to gain access to online user
accounts, or potentially, to infiltrate their employers' computer networks." (Sophos
2007). Experts agree that identity theft is one of the most harmful activities a SNS user
could encounter.
That the information on SNS is easily accessible and can be used by stalkers is
something Samer Elatrash experienced in real life (Elatrash 2007). He is, within certain
groups, a well-known pro-Palestinian Israeli who signed up for Facebook because his
friends asked him to. After two weeks, he found out that someone copied information
124
Incident
Threat
Damage
Recovery
The Online Panopticon
MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Information-based
harm
Information
inequality
Informational
injustice
Moral
autonomy and
identification
Information
collection
3. Harmful remarks
towards Megan are
uploaded to
MySpace (collected).
Information
processing
Information
dissemination
1. Disclosure of
Megan's profile ID
makes contacting
her possible.
2. An adult, from a
different social
sphere, contacts
Megan.
Table 7: Framework applied to Megan Meier case
With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
I DENT ITY THEFT
In a research project on identity theft, security software manufacturer Sophos created a
fake Facebook profile, Freddi Staur, and asked 200 Facebook members to become his
friend (Sophos 2007). 41% of the users that they contacted gave away identity-relevant
information such as email address, date of birth and phone number to a green frog
called Freddi Staur, who divulged minimal information about himself (Sophos 2007).
Graham Cluley, senior technology consultant at Sophos, says "while accepting friend
requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many
of the building blocks they need to spoof identities, to gain access to online user
accounts, or potentially, to infiltrate their employers' computer networks." (Sophos
2007). Experts agree that identity theft is one of the most harmful activities a SNS user
could encounter.
That the information on SNS is easily accessible and can be used by stalkers is
something Samer Elatrash experienced in real life (Elatrash 2007). He is, within certain
groups, a well-known pro-Palestinian Israeli who signed up for Facebook because his
friends asked him to. After two weeks, he found out that someone copied information
124
Incident
Threat
Damage
Recovery
The Online Panopticon
MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Information-based
harm
Information
inequality
Informational
injustice
Moral
autonomy and
identification
Information
collection
3. Harmful remarks
towards Megan are
uploaded to
MySpace (collected).
Information
processing
Information
dissemination
1. Disclosure of
Megan's profile ID
makes contacting
her possible.
2. An adult, from a
different social
sphere, contacts
Megan.
Table 7: Framework applied to Megan Meier case
With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
I DENT ITY THEFT
In a research project on identity theft, security software manufacturer Sophos created a
fake Facebook profile, Freddi Staur, and asked 200 Facebook members to become his
friend (Sophos 2007). 41% of the users that they contacted gave away identity-relevant
information such as email address, date of birth and phone number to a green frog
called Freddi Staur, who divulged minimal information about himself (Sophos 2007).
Graham Cluley, senior technology consultant at Sophos, says "while accepting friend
requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many
of the building blocks they need to spoof identities, to gain access to online user
accounts, or potentially, to infiltrate their employers' computer networks." (Sophos
2007). Experts agree that identity theft is one of the most harmful activities a SNS user
could encounter.
That the information on SNS is easily accessible and can be used by stalkers is
something Samer Elatrash experienced in real life (Elatrash 2007). He is, within certain
groups, a well-known pro-Palestinian Israeli who signed up for Facebook because his
friends asked him to. After two weeks, he found out that someone copied information
124
Incident
Threat
Damage
Recovery
Severe Privacy Threats
for
Users of Social Network Sites
Prioritize Threats
Deconstruct Threats
by
1. Activities that cause damage
2. Reasons why activities are damaging
Privacy Risks in Social Network SitesQuestions?
Back-up
Research Activities
LiteratureReview
1
DeskResearch
2Facebook
Case Study
3
Expert Survey
4
Research Activities
“Joe”
Threat
Collection
“Joe”
Threat
Collection
Processing
Dissemination
Privacy threats in Social Network Sites
should be conceptualized as
unwanted access to
Identity-Relevant Information
Collection
Processing
Dissemination
The main incident that puts the
privacy of users of SNS at risk is:
The collection of information from
secondary sources,
Which is used by the government
!"#$%"%&'()*+,-
!"##$%&'"()"*)
"+,$%&'-$)'(*"./0&'"(
!"#$%"%&'()*+.-
1(*"./0&'"()0(0#23'3
0(4)("./0&'-$
$-0#50&'"(
!(/'01
2#3#/($4#)&*+5-
!(/'01
64$/#4#)&%&'()*+7-
!(/'01
83%/9%&'()*+:-
!"#$%&'(')'*(#*+
#',-*.)/()#0*(0%-)1
2"#3().*450)'*(
6"#7./,%8*.9
#+*.#/(/:;1'1
!"#$%&%'(")*"#+#(",-
./0$1"(21")*"#+#(",-
<"#=%;#+%/)5.%1
#*+#>?>
@"#A:/11'&'0/)'*(
#*+#)B.%/)1
C"#D%)B*4*:*E;
#*+#15.F%;
.&0%"%,($*"#+#(",-
G"#H.'F/0;#'(0'4%()1
I"#JK/,-:%1#*+
#-.'F/0;#.'191
2L"#A*(0:51'*(1#/(4
#.%0*,,%(4/)'*(1
3#,-'%45#+6#2-17+
M')%./)5.%#.%F'%8
M')%./)5.%#.%F'%8
M')%./)5.%#.%F'%87/0%N**9#A/1%#>)54;
M')%./)5.%#.%F'%8
M')%./)5.%#.%F'%8
M')%./)5.%#.%F'%8
$%19#.%1%/.0B
$%19#.%1%/.0B
$%19#.%1%/.0B
$%19#.%1%/.0B
$%19#.%1%/.0B
$%19#.%1%/.0B
>5.F%;#/(4#'()%.F'%81
$%19#.%1%/.0B
O4#P*F%(>*:*F%
Q'19#/(/:;1'1
DAD#+./,%8*.9
7/'.#3(+*.,/)'*(
H./0)'0%1
$'1/E.%%,%()
,%/15.%,%()
H*11'N':');#R#3,-/0)
,/).'K
O4#P*F%(>*:*F%
O4#P*F%(>*:*F%
S*)1
T"#Q%&:%0)'*(1
!"#$%&
'()*+$(&
,%-%.$
/$)01$#2
3#$1$(&*1$4
-$%56#$5
,$&$)&*1$4
-$%56#$5
70##$)&*1$4
-$%56#$5
'(80#-%&*0(4)099$)&*0(:4
;#0)$55*(.:4+*55$-*(%&*0(
<54*+$(&*=*$+44>24$?;$#&5
*(4)"%;&$#4@
A$%+54&04-0#%94#$%50(54&0
#$5&#*)&4%))$554&04*(80#-%&*0(
!"#$%&'(&)*
+,-##&.&$-(&)*
/"$0-*#
23($)1"#
! !"#$%&'()$*('+",&-.$%()/"$01(&-$&-02'32'(,&-.$,1&'4$
3(',&"56! 7!7$8(0&)&,(,"$&-82'*(,&2-$4&55"*&-(,&2-$,2$2,1"'$/5"'56! 71('&-.$&-82'*(,&2-$9",#""-$,23:)"%")$42*(&-56! ;&-(-0&()$(.'""*"-,$9",#""-$;<$(-4$='4$3(',&"5
! >-82'*(,&2-$02))"0,&2-?$/5"'@5$(0,&2-5$8'2*$($,1&'4:3(',A$
#"95&,"6! >-82'*(,&2-$3'20"55&-.?$4","'*&-"$,2$#12*$,2$5"-4$,1"$
&-82'*(,&2-B$3'23'&",('A$().2'&,1*6! >-82'*(,&2-$4&55"*&-(,&2-?$,2$3"23)"$&-$8'&"-45$)&5,6
! !2$&-82'*"4$02-5"-,$#1"-$02))"0,&-.$&-82'*(,&2-?$9('")A$
-2,&0"(9)"$23,:2/,$@,2(5,$323:/3@6! !2-:,'(-53('(-,$3'20"55&-.$28$&-82'*(,&2-$&-$($9)(0+$92C$
*24")B$/5"'$0(--2,$3(',&0&3(,"$D$-2$(002/-,(9&)&,A6! E&55"*&-(,&2-$28$&-82'*(,&2-$9"A2-4$/5"'@5$02-,'2)6
! ;"")&-.$28$-2$02-,'2)$2%"'$&-82'*(,&2-$02))"0,&2-B$
/-3)"(5(-,$5/'3'&5"6! F5"'5$4&4$-2,$(-,&0&3(,"$,1(,$,1"&'$8'&"-45$#2/)4$9"02*"$
(#('"$28$3/'01(5"4$3'"5"-,56
!"#$%&'()*+,$-"+.%+&
/$+'+#$'()/("0
/("0)"1)2""34)5)!%-,$#%4
!"#$%&'(")*+,-%*-)"#
'$.-,/%0.
1%"-$0%.&,2&-(%&
34%5)6)5&7%8)$/
1%"-$0%.&,2&-(%&
34%5)6)5&+0,8$5-
9":.&;&<%=$#"-),*.
>,4,#,=?
3,5)"#&@%-:,0A&>(%,0?
B"/%&>(%,0?B"/%&>(%,0?
C5-,0&C*"#?.).
1")0*%..&&,2&5,*-0"5-
+.?5(,#,=?
D5,*,/)5.
!"#$%&&'()*+,
-#$'./*0%12#"3*-'1% 4'&&%5'(.1'#(6#//%$1'#(
789%"1'&%"&
789%"1'&'()
0%12#"3&789%"1'&'()
0%12#"3&
:&%"& ;<'"8=>."1,
7>>/'$.1'#(
!"#9'8%"&
!."1(%"
?%+&'1%&
;<'"8=>."1,
7>>/'$.1'#(
!"#9'8%"&
:&%"&
7$1'9'&1&@
A%&%."$<%"&
B#9%"(5%(1@
A%)C/.1#"&
4'&&%5'(.1%*1#D(1%".$1*2'1<
The Online Panopticon
SNS restricts access to
information
SNS leaves access to
information open
User does not join SNS User: ( 0 ) - ( 0 ) = ( 0 )
SNS: ( 0 ) - ( 1 ) = ( -1 )
User: ( 0 ) - ( 1 ) = ( -1 )
SNS: ( 0 ) - ( 0 ) = ( 0 )
User does join SNS User: ( 1 ) - ( 0 ) = ( 1 )
SNS: ( 1 ) - ( 1 ) = ( 0 )
User: ( 1 ) - ( 2 ) = ( -1 )
SNS: ( 1 ) - ( 0 ) = ( 1 )
Table 1: options with pay-offs for Social Network Sites and users.
The model is based on game theory, a science that investigates options and
outcomes of multi-actor situations in the terms of alternatives with different pay-offs.
Users always derive benefits from joining a SNS in terms of increased social contact,
therefore this option always scores (1). However, users are also subject to ‘tagging’ of
their photographs and discussions about them if they are not members of SNS
(ENISA 2007). If a SNS restricts this form of information uploading without consent,
users do not experience the drawbacks from this. When a users joins a SNS and there
are no restrictions on collection, processing and dissemination of their information,
they will even experience more harm. Social Network Sites do not derive any benefits if
users do not join the network, and restricting access to the information of users costs
them money. With this pay-off, SNS have no incentive to restrict access to the
information, while users have incentives to join the network. Although users seem
indifferent between joining or not joining when the access to the information is not
restricted, I argue that users are not familiar enough with the negative consequences of
joining the network and will therefore choose to join the network.
This simple model suggests that SNS can implement measures that better protect
identity-relevant information if these measures would not contradict with creating
monetary benefits from the information. Users want the benefits from joining a SNS
without the privacy risks. However, many users are unaware of these risks and it it
therefore unknown if they would be willing to pay for better privacy protection,
thereby creating revenue for SNS from other sources. This should be investigated more
thoroughly. Other actors also have an incentive to decrease the privacy risks in SNS
because of the negative connotation they generate. All of the partners of the SNS
(Beacon, advertisement) have an incentive to prevent this negative connotation of SNS,
because this could be coupled to them. Therefore, they want to minimize the negative
exposure of SNS related to privacy harms. As these partners have monetary means to
contribute to the decrease of privacy risks, this could pose a viable solution for the
problem.
The actor analysis of the value chain of SNS shows that many different actors are
involved that all have a financial incentive. Social Network Sites currently have no
incentives to restrict the access to identity-relevant information. Furthermore, users
have incentives to become members of SNS, but get confronted with the negative
effects of privacy threats. Governments and privacy regulators have incentives to
68
!"#"
$%&'()*
+,,)(,"#-%.
/'(.#-0-1"#-%.
/.*(12)-#3
4(1%.'")356*(
781&2*-%.
9)("1:5%;5<%.0-'(.#-"&-#3
!-*1&%*2)(
78=%*2)(
/.1)("*('5+11(**->-&-#3
9&"1?@"-&
+==)%=)-"#-%.
!-*#%)#-%.
42)A(-&&".1(
/.#())%,"#-%.
!"#$%&'()$"*
+$,,-.()$"
!"#$%&'()$"*
/%$.-00)"1
!"#$%&'()$"*
2)00-&)"'()$"
2'('*3456-.(
0
0.8
1.6
2.4
3.2
4.0
!""#$"#%&'%$(
)*+,%-&'%$(.$/."#%0&'1./&-'2
3#1&-4.$/.-$(/%51('%&,%'6
7&,21.,%84'
9%84'.'$."*+,%-%'6
:('#*2%$(
2.25
2.65
2.953.05
3.303.35
!"#$%&'#()'(*'#'"#'%(+(#,&$+#&--.(++#/.01&23#%&.4+5
0
2
4
6
8
10
!"#$%&'()*#+,#-./0%.0/#&11201
3"#4(&.#56)21#6.#7%&'()*#+,#-./0%.0/#&11201
8"#4(&.#56)21#6.#7%&'()*#9:;#-./0%.0/#&11201
<"#=&>.&5&)(./#0?70%&0.)0#6.#-./0%.0/#7%&'()*#&11201
@"#,0)6>.&A0B#(1#(.#0?70%/#6.#-./0%.0/#7%&'()*#&11201
The Online Panopticon
4. Because the data subject is unaware of how this algorithm works, a power
relationship exists between Facebook and the user. The user might not want
some information to be collected or disseminated, but has no influence on
this. This is clearly against the OECD's individual participation principle
(Gellman 2008).
5. The collected and processed information is disseminated to some people in
the friends list and could cross different social spheres without the consent of
the user. In this scenario, your beer drinking soccer friends could become
aware of your academic life, or worse, the other way around.
6. This information could be embarrassing, and could harm the user once it is
disseminated to wrongdoers.
7. Because the user has no influence on which information is being sent to
whom, it restricts him in his moral autonomy. This differs from the harms
under (3) and (4), because it does not prohibit users from crafting their moral
identity, but from controlling the dissemination of their identity to others.
Information-
based harm
Information
inequality
Informational
injustice
Moral autonomy
and
identification
Information
collection
2. Information
collection takes
place without
informed consent
and this
information could
be embarrassing
to users.
1. Information
collected from
third-party
website, other
social sphere.
Information
processing
4. Users are
unaware of how
this algorithm
works.
3.Algorithm
defines to whom
the information
will be
disseminated.
Information
dissemination
6. Information
could be used to
harm user, for
example
embarrassing
information.
5. Information is
being
disseminated to
friends, in
various social
spheres.
7. User not able to
build his own
moral biography.
Table 5: Framework applied to Beacon case
118
The Online Panopticon
MySpace. This information, and especially the final remark, was posted with
the intent to harm Megan. Solove (2008d) states that it is hard to prove that
these remarks led directly to the suicide. However, it is very clear that the
remarks were made to harm Megan, and therefore part of information-based
harm.
Information-based
harm
Information
inequality
Informational
injustice
Moral
autonomy and
identification
Information
collection
3. Harmful remarks
towards Megan are
uploaded to
MySpace (collected).
Information
processing
Information
dissemination
1. Disclosure of
Megan's profile ID
makes contacting
her possible.
2. An adult, from a
different social
sphere, contacts
Megan.
Table 7: Framework applied to Megan Meier case
With this analysis, I have showed that the specific harms in the Megan Meier case
derive from the possibilities that identity-relevant information is used for harm, and the
movement of this information through different spheres.
I DENT ITY THEFT
In a research project on identity theft, security software manufacturer Sophos created a
fake Facebook profile, Freddi Staur, and asked 200 Facebook members to become his
friend (Sophos 2007). 41% of the users that they contacted gave away identity-relevant
information such as email address, date of birth and phone number to a green frog
called Freddi Staur, who divulged minimal information about himself (Sophos 2007).
Graham Cluley, senior technology consultant at Sophos, says "while accepting friend
requests is unlikely to result directly in theft, it is an enabler, giving cybercriminals many
of the building blocks they need to spoof identities, to gain access to online user
accounts, or potentially, to infiltrate their employers' computer networks." (Sophos
2007). Experts agree that identity theft is one of the most harmful activities a SNS user
could encounter.
That the information on SNS is easily accessible and can be used by stalkers is
something Samer Elatrash experienced in real life (Elatrash 2007). He is, within certain
groups, a well-known pro-Palestinian Israeli who signed up for Facebook because his
friends asked him to. After two weeks, he found out that someone copied information
124
Information-
based harm
Information
inequality
Informational
injustice
Moral autonomy
and identification
Information
collection
Information
processing
Information
dissemination
1. More
information is
disclosed than
needed to third
parties, even
sensitive
information.
2. Users cannot
expect that a birthday
application gets access
to photos, because
this information
resides in different
social spheres.
Table 11: Framework applied to Facebook Third-party Applications case
The Facebook Third-Party Applications case shows that users' expectations of
privacy and expectations of an application’s function on Social Network Sites is very
different from what happens in reality. Also, it shows that SNS like Facebook do not
have the same standard of security on every part or function of their website.
UNWANTED D ISSEM INAT ION OF I NFORMATION TO OTHERS / GROUPS
Oxford University in England has a disciplinary body, the proctors, which has admitted
to using Facebook in order to find evidence of students breaching the University's code
of conduct (Gosden 2007). A common post-exam tradition at Oxford is 'thrashing', or
covering your friends with flour, confetti or even raw meat or octopus. The University
does not approve of this and students have been receiving fines of 100 pounds and a
prohibition from graduating (Knight 2007).
Recently, students that have posted pictures of these activities on their Facebook
profiles have been disciplined. Of course the actions of these students are against the
code of conduct of the University, but the question here is why the students got so
upset when the University used this information to discipline them. As one of the
students, Alex Hill, says: “I don't know how this happened, especially as my privacy
settings were such that only my friends and students in my networks could view my
photos. It's quite unbelievable and I am very pissed off, [I] just hope that no-one else
gets 'caught' in this way.” Part of the amazement comes from the fact that the students
did not expect that the University would be able to access the information on the SNS.
Experts agree that the unwanted dissemination of information to others is something
that happens on a large scale.
1. The students posted information online, only for their friends and fellow
students to see. Because Facebook started as a SNS for college students only,
it created the image of being only accessible to students from the same
131