A Call to Action: Protecting the Right to Consumer Privacy Online
1. Brown 1
Brenden Brown
Professor Clauser
WRD 104
18 November 2010
A Call to Action: Protecting the Right to Privacy
Ever heard about the internet being a secure and private place where people can visit any
site freely, do what they want to do, without any worry about who is watching or recording their
every step throughout their session? The internet is not a private place. By definition, it is a
public highway where people can visit websites and transfer information from their computer to
the site’s network. Ever heard of such terms like identity theft, viruses, phishing scams, malware,
worms, or trojans? Wait, what are these terms and why should anyone care? These terms are
causing security issues that affect the world’s computers every day, whether or not most people
are aware of the privacy issues in the internet today. It is worth considering how much risk is
involved in surfing the internet when there are so many security threats that exist in the world
online. One area of particular interest is social networking sites because advertising and
marketing companies target these sites for customer’s information and the recent news stories
about data privacy that have been made public knowledge.
In today’s digital economic world, social networking creates a world of opportunity to
connect with friends, family, colleagues, neighbors, etc. Social networkers can share pictures,
email addresses, phone numbers, blogs, and allow others to view and publish information on
their pages using Facebook, Twitter, Foursquare to name a few. As innocent as these aims seem,
the information shared on these sites are collected and shared with third parties, raising a number
of concerns around privacy issues to literate users in the computing community. Since social
2. Brown 2
networking consumers have a choice to utilize social networking services and publish personal
or private information, it is the responsibility of the consumer and not the governing corporate
organizations to protect the right to privacy on the internet.
Post-doctoral researchers Arvind Narayanan and Vitaly Shmatikov that study anonymity,
privacy and security issues at Stanford University, point out that “The digital economy relies on
the collection of personal data about our searches, browsing history, social relationships, medical
history, and so forth is collected and shared with advertisers, researchers, and governmental
agencies. (1) The digital economy relies on this data to target their customer base and to build
profiles that focus on marketing to certain individuals in certain categories. This reliance on
personal data for the digital economy is a realization that every social networking site users
should be aware of in order to protect their private information from being distributed in an
unanticipated way.
Companies in charge of running these sites have a vested interest in protecting their
consumer’s data to avoid bad press and avoid deteriorating their customer base; however, the
increasing reliance on personal data is becoming an important factor in its growth and popularity
due to the financial means that social networking and advertising achieve for obtaining money
for running and maintaining their sites. This trend continues to occur and will increase, according
to an article about Facebook’s revenue by insidefacebook.com, it states that Facebook made
most of its money around advertising (Eldon), which explains why the reliance on personal data
is becoming an increasingly important factor in social networking popularity and growth. So, it’s
no wonder why data privacy is a concern especially when “college students are increasingly
sharing their lives online through social networking sites with little concern for who may be
viewing their information” (Timm 1). When college students display photos of their weekend
3. Brown 3
activities or connect with certain individuals, they open themselves up to sharing information
that may not be warranted on their part. If the reliance on personal data in the digital economy is
on these college students, it explains how social networking site’s growth and popularity has
given the ultimate choice for the consumer.
Just recently, an article appearing in The Wall Street Journal titled, “Facebook in Privacy
Breach” found during a Wall Street Journal investigation that “many of the most popular
applications, or ‘apps’ on the social-networking site Facebook Inc. have been transmitting
identifying information—in effect, providing access to people’s names and, in some cases, their
friends’ names—to dozens of advertising and Internet tracking companies.” The article explains:
The information being transmitted is one of Facebook’s basic building blocks: the
unique ‘Facebook ID’ number assigned to every user on the site. Since a
Facebook user ID is a public part of any Facebook profile, anyone can use an ID
number to look up a person's name, using a standard Web browser, even if that
person has set all of his or her Facebook information to be private. For other
users, the Facebook ID reveals information they have set to share with
"everyone," including age, residence, occupation and photos (Fowler 1).
How did this happen? Facebook does not own or develop the applications, but allows their users
to download the applications. This type of issue, categorized by a personally identifiable data
breach, is considered one of the more controversial subjects about social networking today. Not
one party is responsible for protecting the information of their customers, not even any
government agency since information protection laws are at a national level, not a global level.
4. Brown 4
To reiterate the problem and how wide the gap is about private information on the
internet and how public private information is, Charles Davis, an associate professor at Missouri
School of Journalism who specializes in journalism and media, interviewed a panel of people
from a wide range of media sources and schools internationally. Davis’ goal was to question
whether the protection of personal data is a fundamental right and if the internet companies
should continue to be able to pass on personal data to third parties. At the end of the interview
Davis states, “For better or worse, government, businesses, and even our friends and family have
more access to our personal data than ever before. It has led to some complex legal and political
questions forcing a serious discussion about privacy and access to information.” As Davis points
out, personal information has been made public more than ever before and has led to hard
questions about legal and political situations that beg to a discussion about privacy and access to
information.
In order to further understand the issue of data privacy in regards to social networking
consumers, post-doctoral researchers Arvind Narayanan and Vitaly Shmatikov studying
anonymity, privacy and security issues at Stanford University explain the issue of privacy and
security of personally identifiable information (PII) is questioned when society is supplying their
PII by exposing it online. They explain that it remains difficult to draw a line between what is
considered protected and what is free domain. Defining PII is extremely difficult to do with
different standards and interpretations of laws and amendments within the United States
Constitution concerning the right to free speech and invasion of privacy. They explain that it is
this lack of definition that creates holes in litigation surrounding personal information. However,
some institutions have found a working definition of PII, defined by authors of the National
Institute of Standards and Technology as:
5. Brown 5
Any information about an individual maintained by an agency, including (1) any
information that can be used to distinguish or trace an individual’s identity . . .
and (2) any other information that is linked or linkable to an individual . . .
including but not limited to personal characteristics, including photographic
image (McAllister, et. al ES-1)
It is the social networking companies that have a vested interest in protecting their consumer’s
data to avoid bad press and avoid deteriorating their customer base, but at the same time, not one
particular party responsible for protecting consumer’s data in the internet today because it is a
shared responsibility. See the dilemma? The next question that arises, is it more about the
consumer taking safeguards to protect their own data or the corporations running these social
networking sites? Cautionary steps can be taken by each individual to help keep their own
information private such as abstaining from using these sites or opt to only share certain
information with certain individuals and keep private information offline.
David Flint, an Australian legal academic known for his tenure as head of the Australian
Broadcasting Authority, wrote about this and questions who is responsible for the issue at hand, even
when these social networking companies cannot control what their users do outside of the social
networking world. Flint asks important questions that illustrates a gap between human nature and
the use of social networking site, Facebook:
The question has been raised: ‘What are sites such as Facebook doing to protect
our data and our privacy?’ Consider a politician who takes all steps including
injunction to prevent newspapers printing pictures of his children in order to
protect their privacy yet sends out thousands of Christmas cards showing those
children – is that privacy or hypocrisy? Maybe social networking sites have no
6. Brown 6
obligation to protect our data – at least insofar as we have chosen to make it
publicly available on those sites. (5)
Flint makes a strong point, suggesting that social networking sites may not have an obligation to
protect the data of their users. In order to understand how Facebook protects their user’s privacy,
one must read and understand the privacy policy. Several notable items exist that represent an
un-biased, well-rounded, and shared responsibility between Facebook, their users, marketing and
advertising companies. For example, Facebook’s site explains that Facebook shares information
with others–friends and people in the user’s communities–while providing users with privacy
settings to restrict others from accessing some of their information. Facebook shares information
with third parties when they believe the sharing is permitted by the user, “reasonably necessary
to offer our services, or when legally required to do so” (Facebook.com). The policy lists out
examples in which they share information about their users, and is repeatedly stated clearly that
privacy settings can be personalized to meet customer’s privacy requirements. After
understanding Facebook’s privacy policy, does it give the warm and fuzzy feeling that
information is being protected and distributed with Facebook user’s authorization?
An employee of Facebook’s Online Sales Operations department, Charlie Taylor, agreed
to respond to a question concerning the issue at hand; whether or not social networking sites such
as Facebook, Twitter, and YouTube do an adequate job protecting their user’s privacy in regards
to using customer data for adding value in marketing and advertising strategies and whether it is
the responsibility of the corporations running the social networking site to protect their
customer’s data. Taylor thinks that most social networking sites such as Facebook do a pretty
good job with protecting user’s privacy. Working for Facebook for the past year and a half,
Taylor constantly finds himself in the crosshairs of media scrutiny because Facebook has
7. Brown 7
changed the way the public shares and connects in an enormous way. He claims that anyone who
understands web practices with personal information, for instance, should not be shocked to
know that cookies follow consumer behavior and serve ads based on prior activity. However, he
says that it seems that many internet users are blithely unaware of this issue, or at best just naïve.
He suggests it is a dangerous mentality for any web user on social networking sites or otherwise
to deflect accountability elsewhere and that it is ultimately up to the user to govern the
information that you publish and to learn how to utilize privacy controls.
The key point Taylor wants to make is about user’s choice and how they should not be
posting material online that they think could pose a threat if used in a manner that you don't
anticipate. For example, Facebook does not ask for social security numbers at any time, but
Taylor would not provide it on his personal profile even if there were some functionality
assigned to it. Taylor claims that accountability does lie on Facebook's end as well and it goes to
great lengths to give users control over how their information is going to be used.
Taylor’s comments support the claim about it being the consumer’s responsibility to
choose which information they share on their pages, and which information is kept private; it is
not the corporate owning organizations whose responsibility is to protect it. What is the lesson
for social networking site users going forward? Understand that there is certain information
visible to everyone because it’s essential to helping others connect, and that it is imperative to
keep certain information blocked from certain individuals of the consumer’s choice. This
practice will help protect the right to privacy on the internet.
8. Brown 8
Works Cited
Davis, Charles. “GLOBAL JOURNALIST: Privacy in the age of online social networking.”
Missourian. 12 November 2010. Web. 14 November 2010.
Eldon, Eric. “Facebook Revenues Up to $700 Million in 2009, On Track Towards $1.1 Billion in
2010.” Inside Network, Inc. 2 Mar. 2010. Web. 8 Nov. 2010.
Flint, David. "Law shaping technology: Technology shaping the law.” International Review of
Law, Computers & Technology 23.1/2 (2009): 5-11. Academic Search Premier. EBSCO.
Web. 5 Oct. 2010.
Fowler, Geoffrey A. and Emily Steel. "Facebook in Privacy Breach." The Wall Street Journal.
18 October 2010. Web. 27 October 2010.
Narayanan, Arvind, and Shmatikov, Vitaly. "Privacy and Secuity Myths and Fallacies of
"Personally Identifiable Information." Communications of the ACM 53.6 (2010): 24-26.
Academic Search Premier. EBSCO. Web. 5 Oct. 2010.
National Institute of Standards and Technology. Guide to Protecting the Confidentiality of
Personally Identifiable Information (PII). Maryland: GPO, 2010.
Taylor, Charlie, employee of Facebook, Inc. Personal interview. 25 Oct. 2010.
Timm, Dianne M., and Carolyn J. Duven. "Privacy and social networking sites." New Directions
for Student Services 124 (2008): 89-101. Academic Search Premier. EBSCO. Web. 28
Oct. 2010.