Facebook

Politics 117: The Regulation of the InternetPrivacy

1Is this a safe Facebook entry?2I love my cat Henry!

3Kudos to my roommate for acing the GREs!

4Woah . . . I got really #$@#D!% up last night!

5My professor sucks!

6Half of employers in U.S. scan social networking sites to see what you say.45 percent in 2009, versus 22 percent in 2008Most popular sites to watch are FacebookLinkedInMySpaceTwitter

7

8Nine things to stop doing on Facebook1. Stop using a weak passwordA strong password includes letters, numbers, different cases, and symbolsBad: ilovehenryGood: i1oveHenryBad passwords lead to Facebook scams like the help Im in London and my wallet was stolen scam!

92. Stop leaving your full birth date on FacebookLots of banks, credit card companies use your DOB as a security IDBest practice: dont leave any of it at allBut if you cant do that, just leave the month and day, not year

103. Use your privacy controls! Go to whatever privacy controls Facebook is now deploying, and use themBest practice: everything should be just available for your friends only (not friends of friends)Check what applications you are using

115. Keep your childrens names off of captionsDont mention the names of your kidsDont identify them by name on photos or captionsIf someone else does, use the remove tag to delete the mention

126. Think twice about mentioning where you areEspecially if you are going on vacationIts like putting a nobodys home sign on your front doorAre you still ok with your 400 friends knowing where you are?

137. Dont let children go on Facebook unsupervisedYou dont want your kid going on Facebook and saying Mommy is at work right now, but Im here watching TV.

148. Dont say bad things about your peers on FacebookCould catch up to you via searchers and your friendsMakes you look like an unpleasant personGenerally, dont say or be critical of people

159. Other issuesThink about how political and critical of others you want to get on FacebookGive some thought to how much you want to be on Facebook every dayConsider how many apps, causes, and features you want to access on Facebook

16Best practicesUse Facebook to positively to network with friends and associatesUse Facebook privacy settings aggressivelyUse e-mail, Instant messaging, texting, etc for your more raunchy sideDo anonymous commenting if youve got some really outrageous to sayAssume that anything you write could be broadcast to the whole worldWatch your privacy settings and monitor any changes in Facebook policy

17Big social network fears

Your user data, including your name and browsing patterns, will be sold to third party vendorsYour ability to control how much of the user data you want processed and interpreted will be compromisedYour security data, including your logins, passwords and financial information, will be stolen

18CookiesWeb sites place a cookie, an ID number in your web browser/computerThe site then keeps track of your purchases, visits, patterns and associates it with that numberWhen you come back, the site remembers what you did before thanks to the Cookie

19Cookie examplessession-id-time 954242000 buybuybuy.com/session-id 002-4135256-7625846 buybuybuy.com/ UserID A9A3BECE0563982D www.goto.com/

20Hyper Text Transfer Protocol header informationThe HTTP protocol sends the site you are visitingThe pages you visitedWhen you visited themThe IP address of your serverThe name of the server you are working fromThe web page from where you arrived (the referrer)

21Site can associates all that header data with your cookie ID#, plusPurchasesSocial interactionsUploadsDownloadsAccount preferences

22Problem #1: Securing your PIIPersonally Identifiable Informationinformation which can be used to distinguish or trace an individual's identity either alone or when combined with other public information that is linkable to a specific individual.Your nameDate of BirthYour home addressYour telephone numberYour e-mailYour gender23AT&T labs study 2009: PII leaking to third party application providersAT&T: The results of our study clearly show that the indirect leakage of PII via Online Social Networks (OSNs) identifiers to third-party aggregation servers is happening.In addition, two of the OSNs directly leak pieces of PII to third parties with one of the OSNs leaking zip code and email information about users that may not be even publicly available within the OSN itself.

24EFF/Epic complaint (December 2009): too much publicly available information: every application and website, including those you have not connected withThen:a users name anda users network.

Now:users names,profile photos,lists of friends,pages they are fans of,gender,geographic regions, andnetworks to which they belong.25EPIC: Facebook in IranIranian Facebook commentators discovered that their posts were public on public Facebook pagesIran security agents checking Facebook accountsOne Facebook user who traveled to Iran said that security officials asked him whether he owned a Facebook account, and to verify his answer, they performed a Google search for his name, which revealed his Facebook page. His passport was subsequently confiscated for one month, pending interrogation.

26The big issuesWhat are the default privacy settings?How easy is it to change the settings and to know that they can be changed? Can all the settings be changed to absolutely private? Can you control what data gets to third party applications?

Then theres the problem of flash cookies ; cookies that you cannot delete27Two pro-active legislative strategiesExpand opt-in requirements for all social websitesThe site must ask permission from you up front for everything privateExpand the age of consent rules for social networks to collect private data28Boucher/Stearns draft Privacy legislationMust have opt-in to useMedical records, including medical history, mental or physical condition, or medical treatment or diagnosis by a health care professionalRace or ethnicityReligious beliefsSexual orientationFinancial records and other financial information associated with a financial account, including balances and other financial informationPrecise geolocation information

Must allow you to opt-out of allowing useThe first name or initial and last nameA postal addressA telephone or fax numberAn e-mail addressUnique biometric data, including a fingerprint or retina scanA Social Security number, tax identification number, passport number, driver's license number, or any other government-issued identification numberA financial account number, or credit or debit card number, and any required security code, access code, or password that is necessary to permit access to an individuals financial accountAny unique persistent identifier, such as a customer number, unique pseudonym or user alias, Internet Protocol address, or other unique identifier, where such identifier is used to collect, store, or identify information about a specific individual or a computer

29The Childrens Online Privacy and Protection Act (Coppa)Regulates general and childrens web sites that serve children under thirteenParental consent required before data on children (younger than 13) given to third parties, including:

(A) a first and last name; (B) a home or other physical address including street name and name of a city or town; (C) an e-mail address; (D) a telephone number; (E) a Social Security number; (F) any other identifier that the Commission determines permits the physical or online contacting of a specific individual; or (G) information concerning the child or the parents of that child that the website collects online from the child and combines with an identifier described in this paragraph.

Video 43.0330Reactive legal strategiesCase of Sarah Palin hacker (David Kernell)Guilty of misdemeanor computer intrusion and felony obstruction of justice (deleting records)Sentenced to one year in prisonRelevant laws:Stored Communications ActComputer Abuse and Fraud ActCommunications Privacy Act

31Reactive legal strategiesCase of Britney Binger hackerHacked into Playboy bunny account to get Grady Sizemore photographsUsed personal data on Facebook page to get into Yahoo! E-mail Charged with gross misdemeanor

Grady Sizemore in a self-reflective moment

32