Sophos Cloud Optix
There’s no doubt about it: The US has mixed motives when it comes to user privacy in social media.
That became obvious this week with the juxtaposition of the FBI voicing its voracious desire to suck up social media data vs. the FTC’s 1) recent bemoaning of Facebook’s and Google’s wanton privacy policy changes and 2) call for a one-stop shop to tweak privacy settings.
On the more-user-data-the-better side is the FBI, which is asking for ideas on developing an application that can sift through social media to feed its intelligence-gathering appetite.
On January 19, the agency put out a Request For Information (RFI) on a data-mining application that could monitor Facebook, Twitter, news and other sites for real-time information.
On the agency’s wish list is the ability to automatically search and scrape social networking and open-source news sites for information about breaking world events. At a minimum, the FBI wants to keep a watch on, and to translate into English, social networking material in 12 foreign languages.
As pointed out by InformationWeek’s Elizabeth Montalbano, the FBI is certainly not the first or only US agency interested in mining social networking for breaking news, clues to public opinion or early warnings about global events.
The CIA, the Department of Homeland Security (DHS) and the Intelligence Advanced Research Projects Agency (IARPA) are also researching for better ways to milk the social media cow to further their respective missions – be it surveillance or disaster preparedness.
Why should we care that the FBI wants to better reap intelligence? The agency’s RFI comes swaddled in the dialect of benevolent care for national security. From the document:
Intelligence analysts will monitor social media looking for threatening responses to news of the day such as major policy announcements by the federal government, for responses to natural disasters like an earthquake or hurricane, or indicators of pending adverse events.
Yes, of course we want our intelligence agencies to have advanced intelligence when it relates to terrorism or natural disasters. But do we really want these agencies to have better ways to pinpoint us if they associate our online personas with given keywords, rightly or wrongly drawing assumptions and gathering ever-more information that can and will be used against us in a court of law?
On the other side sits the FTC, and thank goodness it’s attempting to act as a counterbalance.
At a talk on Tuesday morning at a cybersecurity forum in Washington D.C., FTC Commissioner Julie Brill took Google and Facebook to task for violating user privacy, saying the companies “learned … the hard way” from the FTC that they should not change user privacy settings without getting expressed, affirmative approval from users.
The FTC last year charged Facebook with unfair and deceptive practices, settling the matter in November by subjecting the company to regular privacy audits for the next 20 years.
The FTC also in the past year charged Google with deceptive privacy practices in its rollout of the Buzz social network, which had baffling privacy controls. Buzz was eventually rolled into Google+, while Google was also given a 20-year privacy audit decree.
In a prepared statement (.PDF), Ms. Brill had this to say about Facebook’s broken promises on user privacy:
We called Facebook out for promises it made but did not keep. It told users it wouldn’t share information with advertisers, and then it did; and it agreed to take down photos and videos of users who had deleted their accounts, and then it did not.
And this to say about Google’s failings:
We believed that Google did not give Gmail users good ways to stay out of or leave Buzz, in violation of Google's privacy policies. We also believed that users who joined, or found themselves trapped in, the Buzz network had a hard time locating or understanding controls that would allow them to limit the personal information they shared. And we charged that Google did not adequately disclose to users that the identity of individuals who users most frequently emailed could be made public by default.
Are social media sites playing fast and loose with user privacy, ignoring even their own policies?
Ms. Brill is calling for a one-stop shop for users to easily control, from one centralized site, their privacy settings.
Would that help if companies such as Google and Facebook have difficulty abiding by their own policies? Especially if such sites don’t even delete personal information in accordance with users’ directions to do so?
I hope Ms. Brill gets her one-stop privacy shop. I hope that it ushers in real power to users to control what they choose to share and keep private. I hope that the settlements with Facebook and Google bring about more faithful adherence to their own policies.
With intelligence agencies eager to data mine our personal lives to ever finer degree while the FTC fights for our rights to keep that information private, there does indeed seem to be some discordance in the US.
Hopefully, such apparent cross-signals indicate the push and pull of a healthy democracy.
But in lieu of a one-stop privacy shop, may we all learn to guard our privacy before the FBI et al. get their hands on ever-more sophisticated means to track us.
There's a tremendous difference between corporations' and government agencies' privacy incursions. The former can easily become abuse. The latter can just as easily become prevention of terrorism.
They should ALL MIND THEIR OWN BUSINESS, including the FBI & other Police services; UNLESS some has commited a crime!
But what if you could have prevented that crime? I mean if there is a terrorist attack (that could have been prevented) and People die? Wouldn't it have been better to stop it BEFORE it happend? I understand that nobody wants his or her private Data being spied, but you can't say that they should do nothing until it's to late.
I agree in part as any humane person would feel exactly the same, "If I let you take all this from me then I might help to prevent this"
As a Nation do you fight such acts in order to live as free individual's in a safe environment ?
So how far do you go ? Is there a line in the sand somewhere where freedom stops ?
Because it seems to me all we have done so far is to imprison ourselves in order to sustain our freedom!
Better to live a free man/woman for a day than spend an eternity in chains.
I agree that if one individual can be protected from terrorism, then that’s fine by me because the alternative is really very simple: if you don’t want to make ‘YOUR’ profile visible, don’t put it up there in the first place! People know, are warned, are told, every day; be aware that social networking sites can and do disseminate your information across the web and that crawlers can and do trawl for personal information, every second of every day. Nothing is sacred, or secret anymore unless you actively promote your own secrecy.
Surveillance & privacy are the simplistic cover stories; in fact the fbi/cia/nsa program is used to surveil, harass, intimidate, threaten, force suicide, murder selected Targets.