Facebook’s threat to individual privacy in the social networking sites boom
Purpose – Web 2.0 which was invented in late 2004 is experiencing its early stage and has been inevitably encounter problems, such as privacy issues and concerns. This stream essay is aimed to explore the privacy issues emerged from the burgeoning Web 2.0 movement, especially from popular social networking site Facebook which is located in the US now affecting the globe.
Design/methodologies/approach – The research is conducted by examination of two key topics of the Facebook, user surveillance (including trust mechanism) and industry self-regulation. It is similar to a case study approach with statistics (by existing reports), table, and facts (from newswire).
Findings – Recognising both rewards and risks, the research has found all three aspects are problematic and in particular the trust mechanism and industry self-regulation do not work as originally anticipated by the businesses and the consumers.
Originality/value – This essay is groundbreaking and introduces the social issues from the ever-growing Web 2.0 trend. In the same time it raises numerous privacy concerns of emerging threat from the Facebook to its users. It is therefore recommended to those studying privacy in Web 2.0 especially social networking sites as a major piece of research into this topic.
Keywords Internet, Web 2.0, Social networking sites, Facebook, Privacy, Data protection, Social impact, Surveillance, Trust, Self-regulation
“Web 2.0 is a set of economic, social, and technology trends that collectively form the basis for the next generation of the Internet – a more mature, distinctive medium characterised by user participation, openness, and network effects.”
-Web 2.0 Principles and Best Practices (Musser and O’Reilly 2006)
Web 2.0 sites (also known as ‘social webs’) enabling the delivery of richer user experiences (O’Reilly 2005) have today been so prevalent that they are beginning to shape our social lives in cyberspace. Recent statistics by Nielsen NetRatings (Nielsen 2006-4) shows that by providing online community services social networking sites are, in particular, the very fast growing sites amongst all 2.0 websites (MySpace 183% in the United States between 2005 and 2006). Presences of this kind such as MySpace and Facebook leading ahead globally have experienced a multifold growth in their page views per month (439% and 845% respectively) whilst growth of traditional web portals like Yahoo! and Google sites has been slowed down (Yahoo! 1% and Google 52%) (Metz 2006). Social networking sites are now becoming a cultural and technological phenomenon (Grayson 2007, Lupsa 2006, Metz 2006, Nielsen 2006-2).
In the mean time, on-line users have however become increasingly aware of a negative effect of the Web – privacy threat by realising the considerable amount of their personal information that is being tracked and used (Stock 2004). Their genuine concerns over the invasion of privacy have thus been growing (Hubert 2007, IBLS 2005, Lee 2003). A comprehensive survey conducted by the Oxford Internet Institute reveals that a large portion of on-line users (79% and 84% in 2003 and 2005 respectively) in the United Kingdom are concerning about threats to their privacy (Dutton et al. 2005). Specifically, slightly more than half, or 54%, of the respondents felt they had put their privacy at real risk whilst they were surfing the Internet in the past. The vast majority of these anxious users (83%, 45 out of 54) also raised the concern that on the Internet their personal information can be accessed without any prior authorisation. This strong indication is concurred by other research where most consumers do believe that the Internet has made their information readily available on-line (McRobb and Rogerson 2004). Such worry has thus developed into one of the major reasons why some of them have chose to decline the offer from the Internet (Dutton et al. 2005). It is not just a British phenomenon, the effect of capturing users’ personal information has been spreading over the United States and Australia, and it has been global (Fleischer 2005, Spanbauer 2006).
This essay starts by providing a brief overview of both the Web and privacy in the social context of cyberspace. The following sections draws heavily on one of the most notable examples to date – Facebook, where most of the social networking sites’ characteristics are clearly displayed (other social networking sites are of less social networking functions and features to present) and the social power of Facebook is at the same time demonstrated. In order to fully explore the emerging issues from social networking sites experience to date, this essay highlights two key topics of the growing concern over privacy in the social networking sites area, namely user surveillance (including trust mechanism) and industry self-regulation. This essay offers additional analysis on a few more Facebook’s social impacts, such as psychological addiction and profile check where privacy issues and concerns once again arise. In the end, the essay concludes with a section of discussion on the Facebook phenomenon worthy of further investigations.
2. Literature Review
The research undertook by the OII further reveals that, in the UK, Internet has a prominent role in ‘maintaining social interaction and supplementing other forms of sociability’, and surfing and browsing web pages are the two most frequent uses of the Internet. The primary purpose for most Internet users is to gather specific information (74%) (Dutton et al. 2005), and for social networking sites it is to connect users with their friends and family members, as well as their colleagues. In the mean time, research indicates the public in general is not much aware of how information relating to them is being used and how their law-protected privacy right is being violated (Kruck et al. 2002). It thus has been unsurprisingly a controversial issue of whether without any permission beforehand people can obtain others’ personal information on the Internet, and whether individuals’ lives either public or private would become globally ‘transparent’ (51% agree whilst 49% disagree) (PEW 2006). As such, privacy has been considered as a constant source of worry amongst all concerns of the Internet.
“People should be able to surf the Web anonymously, or as a well-defined entity, and should be able to control the difference between to two. I would like to be able to decide who I will allow to use my personal information and for what.” (Berners-Lee and Fischetti 2000)
Indeed, Internet has today provided an effective means of communication (Kruck et al. 2002), however, research shows that personal data (both public and private) on the Internet have been used for fundamentally different purposes from one’s original intention (Collier 1995). New and advanced technologies enable firms to collect, use, disseminate, disclose, and sell Internet users’ personal information. Privacy concerns are thus revealed (Lee 2003). Protection against privacy threats to personal information thus become a real priority and it is the most important policy issue in cyberspace to date (HBR 2000, Lee 2003, McRobb and Rogerson 2004). The interplay between privacy and the Web is increasingly complex.
Spinello (2000) underscores the threats to one’s personal security which are heightened by using the Internet because one’s zone of privacy is appreciably diminished in this open and fluid environment. Rezgui further proposes individual’s privacy in cyberspace as a multi
dimensional feature of Web service (Rezgui et al. 2002) involving three basic elements as
-User privacy (perception by Web service consumer)
-Data privacy (support at the data level)
-Service privacy (exposition of specific Web service)
Specially, Web services consumers expect or require many different levels of privacy in accord with their perception of the information sensitivity. Moreover, their perceptions of privacy are directly affected by who will receive the specific information and the particular purpose for which the information is being used (Rezgui et al. 2002). It is of great importance that consumers know who is gathering information about them and that they will be willing participants (HBR 2000).
Moreover, Spinello (2000) considers the possibility to distinguish several types of privacy, such as psychological privacy or communication privacy. He however emphasises the information privacy primarily brings into the focus of attention because it concerns the collection, use and dissemination of information about individuals. The right to informational privacy is the right to control the disclosure of and access to one’s personal information.
‘The problem is serious, and two aspects of the Web make the worry worse. One is that information can be collected much more easily, and other is that it can be used very easily to tailor what a person experiences.’ (Berners-Lee and Fischetti 2000)
In the context of social networking privacy, it is also critical to address that service privacy in general comprises three types of policy: usage policy, storage policy, and disclosure policy (Rezgui et al. 2002). Present new and advanced information communication technologies (ICT) allow businesses to monitor on-line customers’ navigation choices and purchasing behaviours, extract personal preferences, and ultimately collect customer information as a whole (Lee 2003). Further to this, storing, analysing, interpreting, comparing and exchanging the vast amounts of information about millions of citizens has once again raised the issue of safeguarding the online privacy (Collier 1995, Lee 2003, Rezgui et al. 2002).
3. User surveillance
Social web is originally designed to promote and facilitate the interaction between real people in cyberspace, and the notion of social networking is basically all about ‘share content, find items of interest, connect people and form online communities’ (Economist 2005, Lee 2006). Because of this very nature of social networking websites, its collection on users’ personally identifiable information (PII) is inescapable (Lynch 2004).
It is evident that, upon registration, Facebook has made every effort to collect the ‘unique identifier’ (Hildebrandt 2007) from client side by requesting the ‘real’ name of its user-inwaiting. In order to join any school or company network, the user has to give out a unique and valid e-mail address provided by that particular school or company, and such e-mail address is always a genuine unique identifier which other users can identify with accordingly.
The ability to represent and link users’ information and relationships existed in real life makes the Web work as anticipated (Berners-Lee and Fischetti 2000). Participators of social networking sites, not necessarily of the Facebook, have turned their offline world online. In other words, their social networks in real life will have been represented in cyberspace and existing relationships with others can be properly maintained (Metz 2006) (Hildebrandt 2007). Facebook has therefore successfully established a great number of people-based networks, and these networks are in the form of school networks, company networks, regional networks and many interests groups. Moreover, detailed information of relationships between users are requested by the Facebook (see Figure 2) and recorded to the database system afterwards. The more we get involved the more they’ll know about us and consequently the more vulnerable we’re to being manipulated and controlled (Duquenoy et al. 2005).
In addition, Facebook’s collection on personal information is not only limited to individual profiles and further contributions made by its users on the Facebook. Rather intelligently, its one-stop mechanisms allow users to import their existed personal information from external sources though simply entering the URL of their blogs for example. A fairly detailed picture of any particular user will be building up, including any private information which would make him vulnerable in the future without realising it.
3.1. News Feed
Profiling users has been seen as one of the controversial issues where the problem is resulting from the core of Web 2.0 notion. ‘News Feed’ (shows as Figure 3) is one of the most distinguishing social networking features Facebook has launched so far, and it thus makes things altogether more problematic. It updates registered users automatically about recent profile and status changes of people located in their social networks (their friends), such as someone adding a friend or attending an event (Soat 2006). This dynamic feature however involves technologies which can perform sophisticated surveillance and monitoring (Lynch 2004, Spinello 2000). It does also perform real time profiling and ‘adaptation’ (Hildebrandt 2007). All of users’ on-site activities and social behaviours in the form of ‘clicking stream’ information (Berners-Lee and Fischetti 2000) is very closely watched, logged (time-stamped), aggregated, and ultimately displayed to their friends across the Facebook. The ‘scope and speed’ of its data pattern identification have made users feel rather surprised because their privacy is now at risk (Kruse 2006).
Moreover, it is noticeable that the ‘News Feed’ feature is capable of generalising users’ similar on-site behaviours into groups so as to present to their friends more informatively (see Figure 4 above). Since the very first second the surfer started to explored the Facebook, each possible move of him has been paralleled with at least one pre-defined ‘behavioural pattern’ (Stock 2004). Fully computerised observation and analysis based on such data patterns (interpretation of one’s behaviour profile) tells the system which parts of the Facebook the user has accessed to, and as a result, other people can extract ‘psychological privacy’ about him from the News Feed update.
The more threatening scenario is that, Facebook has been equipped to identify differences between updates of an individual profile rather than merely telling people it has been changed. Updates on nearly every item listed in Figure 1 will have been checked against with their previous version stored in its metric system, especially those favourites such as music, TV shows and movies which users edit regularly. All such (behaviour) data update checks are done within a second regardless of users’ knowledge.
Tagging is a massively popular feature which has been exploited fully in social networking sites (Metz 2006), especially in the Facebook. Users have been enabled to tag other users but on their friend list where appropriate, such as photographs, notes and so on. Tagging information (also known as meta-tag) will be displayed widely through News Feeds across as many networks on the Facebook as possible. Such ‘massive descriptions’ (Economist 2005) are highly informative and in practice most of the time they are pointing at the exact person because these information are provided by real people rather than by the artificial intelligence technologies. In such case, information that people assume is safeguarded now will be easily ‘attainable’ on the Web (Hubert 2007) and thus some information about a Facebook user which he would never volunteer on a form may, at the discretion of others, be released to the public (Berners-Lee and Fischetti 2000).
Even worse, the tagging feature is now allowed contribution from distributed intelligence (collaborative works). In other words, users can suggest tags for photographs uploaded by their friends, either to their own albums or to affiliated group albums where the tagging can be seen by more other people. This thus raises the possibility that tagging a user in embarrassing photos may end up with a gossip among people who have seen them and not necessarily his friends. Gossip exchanged freely through such informal networks within small communities could cause much more harm than before.
Such ‘user-generated contents’ (meta-tags) (Nielsen 2006-2, Nielsen 2006-3, Nielsen 2006-4) has made the Facebook a great data-mining project in which people takes over what Facebook originally cannot make. This characteristic feature now has the power to ‘capture, recombine and classify’ the information of particular user more efficiently (Spinello 2000). As a consequence of News Feed and Tagging, this sophisticated information technology system will have the demographic information, interests, and social networks of millions by voluntary contributions (Lupsa 2006).
3.3. Trust mechanism
One of the major reasons makes Facebook popular is not it successful campaign, rather, it is the rapid spread of its existence by speculation, which is associated with trust. Trust in cyberspace is identical to the one in real life where people trust someone or something largely by inheriting from who has been already in their trust circles (Berners-Lee and Fischetti 2000). Theoretically speaking, users could read privacy policies carefully and decide whether to proceed, but in practice they usually do not have time to read it before rushing in. This largely because of this so-called trust-but-not-verify system mentioned above. However, due to a wide range of levels of experience people have in the Internet-based cyber society, a trust crisis has been triggered. Hence, users will suffer from this painfully.
4. Industry self-regulation
The importance of providing privacy protection for Internet users has been widely recognised (Lee 2003). Unfortunately, there are however no laws currently available dealing specifically with the regulation of users’ data in the United States (Kruck et al. 2002). In other words, even you are using the Facebook social networking services in the United Kingdom, your information stored on the Facebook server are still vulnerable. The governmental agencies in the United States have expected some industry self-regulations to work for long due to the fact that most recent laws in both the United States are woefully incapable of having influence over issues on reselling or giving away consumers’ information (Berners-Lee and Fischetti 2000). The Administration and commentators also share a view that the Internet industry can have more benefits from its self-regulations (Lee 2003) partly because the industry in fact is moving far faster than the law (Hubert 2007).
In such contexts, TRUSTe, an US-based international initiative on privacy has thus been launched for regulating the industry (Gritzalis 2004). Facebook is one of TRUSTe’s affiliated member institutions and it is making every effort to convince its users their service is sufficiently safe. However, a review of TRUSTe certification done in the past determined that TRUSTe are not guaranteeing whether its affiliated sites have met even the Privacy Act of 1974 in the United States, which covers government agencies (Kruck et al. 2002). This indeed weakens the ‘credibility’ of TRUSTe. Thus, it is now of questions whether any proposals for self-regulation will have real effect in achieving the goals so as to overcome obstacles (Lee 2003). It is probably not the prescription for privacy and it is merely a ‘backup’ for consumers.
Moreover, even the company, like Facebook has promised they would not release its users information to any third party, however, observers have still expressed their worries that such users’ information based companies can track and disseminate information in ways that their customers have not yet approved (HBR 2000). In the Facebook case, the company is disclosing users’ information to other users either by the default setting (open to all) or by user defined rules. In such grey area, consumers with enquiries have no particular laws on hand to protect themselves other than some general moral principles which in this case are of less power. Hence, they will have to either turn their privacy settings on Facebook to a more strict level, or declining the comprehensive social networking services Facebook offer.
5. Further social impacts
5.1. Psychological addiction
The attractive and dynamic nature of social networking sites has led to serious addiction problems for many (PEW 2006), and users are keeping visits to the Facebook continually mostly because of this interactive nature (Nielsen 2006-3). News reports highlight a constant increase in the number of Facebook users who are keen to check their exclusive News Feed and update their profiles on a regular basis (Lee 2006, Tulshyan and Wang 2007). This is as crazy as it is amazing. For them, the best way to make the most of social networking sites, in this case of the Facebook, is to have an eye on everything happened in cyberspace and at the same time make their personal contributions to this virtual-reality world largely by violating their own privacy.
Accord with Nick Carr’s recent comment on this significant shift of people’s attention to Internet-based ‘information, media, entertainment and communities’ (PEW 2006), it would be now of much ease to see the mindlessly typing and clicking (Hubert 2007) tap into the strong desire for self-expression from the ‘on-demand’ younger generation’(Kruse 2006, Metz 2006) (Lee 2006). However, sacrificing privacy and future security (HBR 2000) is not the only option to consider in the next wave of Internet life (Lee 2006). Educating users about Facebook is a priority now (Kruck et al. 2002, Lupsa 2006).
5.2. Profile checks
In this Information Age of free flowing of personal data on social networking sites, people are at most vulnerable on the occasion of profile (background) checks conducted by external actors, such as their parents, university admissions officers and prospective employers (HBR 2000, Hubert 2007, Metz 2006). A large number of surveys have found firms routinely check prospective employees’ profiles on popular social networking sites, where necessary they make hiring decisions after the check and unsurprisingly the Facebook is on their watch list (Lupsa 2006).
Specifically, users’ profiles on the Facebook are ruled by the system not to show up in a external search engine query. Instead, they will appear when a Facebook user tracks them down by executing a Facebook ‘global search’ and they are very determined to find your social networking contributions to date. In this instance, photographs can make an immediate impact on how these external actors view a particular person, and with not doubt, self-disclosure does have the possibility to come back and harm him (Metz 2006, Spanbauer 2006).
‘We can use the power of the Web to connect anything and everything to great effect, or to do devastating damage.’ (Berners-Lee and Fischetti 2000)
Social networking is no longer a fad. Rather, it is a fact that its profound impact of privacy on users’ online experience can be significant and long-lasting (Lupsa 2006, Nielsen 2006-3) (Spinello 2000).
The essay attempted to explore the most threatening features to personal privacy on the Facebook website to date. Online personalisation techniques, social networking sites in particular, require additional information disclosure to website users (Lynch 2004). This stream essay demonstrated that people have now been deliberately categorised and profiled so that the Facebook can serve them better by meeting their heavy demand on social networking and alike. Its extensive collection on personal information and the action on profiling users have been met with a huge amount of criticism from the general public. In previous sections, the research revealed Facebook users have become easy and obvious targets of privacy threat on exploring the benefits of such smarter web environment and their personal information is thus at real risk. Still, the ‘acceptance of profiling users’ (Fleischer 2005) is currently fairly high and the Facebook is growing rapidly, in part because most of them are not yet aware of any of those threatening scenarios in above and the inheritance of trust has also caused problems. It is noticeable, as well, the number of well educated and fully equipped users in the context of social networking are not woefully sufficient.
Furthermore, users are human and their instinctive and insatiable curiosity has sometimes made them ‘browsing beyond’ (Metz 2006) what they have originally planned to do on the social networking site. Most of them are innocent of revealing information about their friends since they had limited knowledge on such issues. However, the social networking ‘industry’ ought to take more responsibilities to caution existing users as well as those new to this.
In a nutshell, the ongoing ‘second wave of websites’ (Economist 20006) is virtually a good thing as it has accelerated the free flow of information by the spread of the Internet (HBR 2000) although part of it are private and ‘sensitive’. Websites of this immensely interactive genre are, nevertheless, posing a serious threat to our privacy. It is all about the matter of knowledge (Fleischer 2005). Knowledge is power (Collier 1995, Hildebrandt 2007) and IT is a rather competitive weapon. In this instance, the next challenge lying ahead is to ensure that advanced technologies for the protection and enhancement of online privacy being introduced (Lee 2003) and both governmental and industrial regulations will come into force soon possibly by establishing a privacy regulatory authority in the future.
Berners-Lee, T. and M. Fischetti (2000) Weaving the Web : The Original Design and Ultimate Destiny of the World Wide Web by Its Inventor, (1st pbk. ed) HarperCollins Publishers, New York.
Collier, G. (1995) “Information Privacy: Just How Private Are the Private Details of Individuals in a Company’s Database?” Information Management & Computer Security, 3 (1), pp. 41-45.
Duquenoy, P., S. Jones, H. Rahanu and D. Diaper (2005) Social, Legal and Professional Issues of Computing, MU Press, London.
Dutton, W. H., C. d. Gennaro and A. M. Hargrave (2005) “The Internet in Britain” Oxford Internet Institute, University of Oxford http://www.oii.ox.ac.uk/research/oxis/oxis2005_report.pdf
Economist (2005) “Websites of Mass Description” in The Economist, 15 September 2005.
Economist (20006) “The Enzyme That Won” in The Economist, 11 May 2006.
Fleischer, J. (2005) “Secure Data Saves Customers –Why Protecting Information About Customers Is Vital to Retaining Them” in Call Center, 1 December 2005, p. 8.
Grayson, I. (2007) “Net-Working -the Anywhere Machine” in The Australian, 23 January 2007, p. 1.
Gritzalis, S. (2004) “Enhancing Web Privacy and Anonymity in the Digital Era”, Information Management & Computer Security, 12 (3), pp. 255-288.
HBR (2000) “Chief Privacy Officer”, Harvard Business Review, 78 (6), pp. 20-22.
Hildebrandt, M. (2007) in SSIT 7London School of Economics, London, England.
Hubert, C. (2007) “A Private Life? Are You Kidding?; the Computer Has Made Privacy an Illusion” in Sacramento Bee, 13 January 2007, p. K1.
IBLS (2005) “Online Profiling Concerns” in Internet Law -Legal -Privacy, 1 May 2005, p. NA.
Kruck, S. E., et al. (2002) “Protecting Personal Privacy on the Internet”, Information Management & Computer Security, 10 (2), pp. 77-84.
Kruse, M. (2006) “Too Much of an Open Facebook for Students” in Ottawa Citizen, 18 October 2006, p. H3.
Lee, E. (2006) “Social Sites Becoming Too Much of a Good Thing; Many Young Folks Burning out on Online Sharing” in The San Francisco Chronicle (California), 2 November 2006, p. A1.
Lee, Y.-C. (2003) “Will Self-Regulation Work in Protecting Online Privacy?” Online Information Review, 27 (4), pp. 276-283.
Lohr, S. (2006) “Web Science Is ‘Big Next Step’ in Information” in The International Herald Tribune, 3 November 2006, p. 13.
Lupsa, C. (2006) “Facebook: A Campus Fad Becomes a Campus Fact” in Christian Science Monitor, 13 December 2006, p. 13.
Lynch, B. (2004) “Web-Privacy Management Increases in Importance” in Wall Street & Technology, 1 March 2004, p. 48.
McRobb, S. and S. Rogerson (2004) “Are They Really Listening? An Investigation into Published Online Privacy Policies at the Beginning of the Third Millennium”, Information Technology & People, 17 (4), pp. 442-461.
Metz, C. (2006) “Myspace Nation” in PC Magazine, 25 (12), 7 November 2006, pp. 76-87.
Musser, J. and T. O’Reilly (2006) “Web 2.0 Principles and Best Practices” O’Reilly Radar www.oreilly.com/catalog/web2report/chapter/web20_report_excerpt.pdf
Nielsen (2006-2) “The Hottest Online Brands in 2006” Nielsen NetRatings http://www.nielsen-netratings.com/pr/pr_060914_unitedkingdom.pdf
Nielsen (2006-3) “Social Networking Sites Grow 47 Percent, Year over Year, Reaching 45 Percent of Web Users, According to Nielsen//Netratings” Nielsen NetRatings http://www.nielsen-netratings.com/pr/pr_060511.pdf
Nielsen (2006-4) “User-Generated Content Drives Half of U.S. Top 10 Fastest
Growing Web Brands, According to Nielsen//Netratings” Nielsen NetRatings http://www.nielsen-netratings.com/pr/PR_060810.PDF
O’Reilly, T. (2005) Web 2.0: Compact Definition? O’Reilly Last accessed: 25 March 2007 Last updated: 1 October 2005 Address: http://radar.oreilly.com/archives/2005/10/web_20_compact_definition.html.
PEW (2006) “The Future of the Internet Ii” http://www.pewinternet.org/pdfs/PIP_Future_of_Internet_2006.pdf
Rezgui, A., M. Ouzzani, A. Bouguettaya and B. Medjahed (2002) “Preserving Privacy in Web Services”. in the 4th international workshop on Web information and data management, McLean, Virginia, USA,8 November 2002, pp. 56-62, ACM Press.
Soat, J. (2006) “Privacy the Problem That Won’t Go Away; Your Privacy Mistakes Are Now Everybody’s Business. Here’s How to Keep Your Company, and Career, in Line.” in InformationWeek, 20 November 2006, p. 34.
Spanbauer, S. (2006) “Be Social, Be Safe: Safeguard Your Reputation While Sociallly Networking.” in Australian PC world, 1 December 2006, p. 79(3).
Spinello, R. A. (2000) Cyberethics : Morality and Law in Cyperspace, Jones and Bartlett, Boston.
Stock, K. (2004) “Web Profiling Ah: Tracking User Habits Invasive but Not Likely to Stop Special Section: Business Outloook 2004” in The Post and Courier, 25 June 2004, p. 25S.
Tulshyan, R. and S. Wang (2007) “Facebook Taking over Lives” in the Beaver, 13 March 2007, p. 5.