Facebook lands in the eye of a storm over privacy

Fri, May 21, 2010, 01:00

Changes to Facebooks privacy policies have led to concerns being raised in Europe and the US, writes CIARA O'BRIEN

FACEBOOK HAS had a rough time of it recently. The social networking website has come under fire for taking steps towards what is considered eroding the privacy of its users.

From targeted ads to sharing information between third party sites, Facebook is pushing the envelope over what it thinks users should be doing with their data online. And with more than 400 million registered users, thats a lot of data.

In January, Facebook founder and chief executive Mark Zuckerberg gave an indication of the company’s stance on privacy in an interview with TechCrunch founder Mike Arrington at the Crunchies awards.

“People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time,” Zuckerberg said.

“We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are.”

Facebooks attempts to push these social norms have been raising some privacy hackles all over Europe and the US. Four US senators wrote a letter to Zuckerberg expressing concern at the changes to its privacy policies.

At a European level, the Article 29 group has been running a careful rule over Facebook and its privacy. The group, which is made up of representatives of European data protection authorities, has criticised Facebook’s most recent changes, saying it was “unacceptable” to change the default privacy settings to the detriment of a user.

The culmination of the past few weeks was what was described as a “crisis” meeting between Zuckerberg and staff, and the announcement of some new security controls to protect users.

It wasn’t always this complicated for Facebook and its users. Back in the days when it was a small network aimed at college students, the site promised it would not share details with anyone the user did not give express permission to have access to personal information. In other words, unless you were a Facebook friend or a member of a certain group, you were out in the cold.

That’s altered considerably over the past five years. The first change came in 2006, when Facebook amended its policy to include access by those in a user’s school and local area.

It was a simple policy, easily understood and clear to users. But as the site has grown, so has its privacy policy. Instead of getting tighter, Facebook has moved towards more openness with users’ data, pushing members to share more with the community.

The next change, in 2007, used some information in search results on the site. New changes in 2009 saw Facebook introduce a system that allowed users to choose which data could be seen by the wider Facebook community, what was restricted only to friends or acquaintances, and what was kept strictly private.

The personalisation of ads was a step too far for some users, who objected to their information being used to target ads at them every time they logged in to the site.

The ad network is one of Facebooks methods of making money and justifying the $240 million investment that Microsoft made for a 1.6 per cent stake in the firm in 2007 – valuing the site at a cool $15 billion.

Then came instant personalisation, and with it a new set of criticisms of Facebook. The deal allowed selected sites – Microsoft Docs, Yelp and Pandora – access to information that users had made public on Facebook.

The upshot is complicated privacy settings and privacy policies that have become more confusing over the years, leaving users unsure of what information is public and what remains private.

In a blog posting last month, Zuckerberg extolled the virtues of instant personalisation. “This flow of social information has profound benefits – from driving better decisions to keeping in touch more easily – and we’re really proud that Facebook is part of the shift toward more social and personalized experiences everywhere online,” he wrote.

Not everyone sees it quite as positively as Zuckerberg, however. Following the introduction of the feature, protests have been mounted by the Electronic Frontier Foundation and even Facebook users themselves.

Even leaving the site, however, is not simple. Rather than simply deleting your account, Facebook deactivates it for you, which means you could reactivate it at any point and all your data such as photos and friends remain intact. This has caused some concern about the site’s adherence to European data privacy laws.

“Facebook claims safe harbour status, which means it must meet equivalent European law data security levels,” said Simon McGarr, of McGarr solicitors.

“It’s difficult to make them confirm that they’ve deleted the data instead of just making it unavailable to people.”

The backlash of the past few months should have been somewhat of a wake-up call for Facebook. For its part, the social networking site has tried to implement some new security settings that will protect the confidential data of people.

The new features are designed to control what devices you can access your Facebook account from. Each time you log in from a new one, it will ask you to give it a name, and send you an e-mail to remind you that you logged in from an unknown device for the first time.

If the system believes there is a “suspicious” log in attempt taking place, it will ask for additional verification questions to prove your identity. You might be asked to confirm some private data, or identify friends.

But users don’t have to depend on Facebook alone. They can take certain steps to minimise just how much of their data is available for other users to see.

However, the problem is that Facebook’s ongoing changes sometimes mean that what you thought was private can suddenly become visible to other users.

ReclaimPrivacy.org has developed a tool to scan your Facebook privacy settings and tell you exactly what’s public.

Ultimately, it’s up to users to decide when sharing has gone too far. Although Facebook’s new security measures have been welcomed, experts have stressed that it is only a step in the right direction.

“Facebook is taking responsibility for more security – it’s a good step,” says Conor Flynn, technical director with information security specialists Rits. “It’s only a step though; I think they can do more over time.”