Forensic Update

Reflections on information management within the legal and regulatory arena

Facebook privacy protections are neither private nor protected…

Posted by Johnny Lee on October 19, 2010

In addition to articles on this site about potential discovery issues related to social networking (q.v., Social Media Privacy = Wishful Thinking and Facebook Posts Deemed Discoverable), individuals and companies alike are now faced with another source of exposure for data housed by Facebook.  It now seems that Facebook is a gold mine for criminals intent on fraud and for online marketers intent upon building very detailed buying profiles of Facebook users without their knowledge or consent.

John Lawler, the chief executive of Australia’s Crime Commission, warned that elements of organized crime are taking personal information from Facebook in droves to obtain credit fraudulently.  These criminals are exploiting all manner of personal information (from family members to pet’s names) to establish credit and to circumvent the usual controls by which applicants legitimately authenticates themselves to financial institutions seeking to extend them credit.

In a related story (and new episode in a long series of prominent embarrassments) for the online networking company, the Wall Street Journal (“WSJ”) reported earlier this week that its investigation yielded significant control gaps in the way personal information could be mined from Facebook without the end user’s knowledge or permission.  Unlike prior complaints about lax privacy controls or confusing settings for users to “lock down” their information, the WSJ investigation reveals that Facebook is literally broadcasting (or, more precisely, permitting the broadcasting of) personal information to online marketers, advertisers, and Internet tracking companies.

To be clear, this latest reputation hit for Facebook affects only those who use Facebook applications or “apps” (as opposed to the native “friending” and “wall” features).  Users must take a secondary step of confirming that an app has permission to attach itself to a user profile.  That said, the personal details being shared with these online companies affect tens of millions of Facebook app users—including those who have elected the most stringent privacy setting for their profiles.

Technically, the dissemination practice by app developers uncovered by the WSJ violates Facebook’s rules.  However, the sheer magnitude of personal information being disclosed has renewed concerns that Facebook does precious little to keep its users’ information private and secure.  The compromised data from Facebook users allows online marketers to compile and sell “detailed dossiers of their activities and interests.”

For individuals using these apps, there is serious thinking to do about the continued use of these online gateways to personal data.  For companies employing such individuals, new thinking is required to educate its employee base about proper communication protocols.  This education could require companies to revisit their data management policies, their public disclosure rules, their online monitoring of employees, and even their code of conduct policies to ensure that employees using these compromised applications either discontinue such use or adjust that use commensurate with the company risk that travels with it.  For everyone, this is yet another example of how technology is forcing us to re-think existing notions about information privacy and whether such a concept can be taken seriously for much longer.

2 Responses to “Facebook privacy protections are neither private nor protected…”

  1. […] This post was mentioned on Twitter by Johnny Lee, Johnny Lee. Johnny Lee said: Facebook privacy protections are neither private nor protected: [ ] | […]

  2. […] Facebook privacy protections are neither private nor protected … […]

Sorry, the comment form is closed at this time.

%d bloggers like this: