Privacy in Social Network Sites

Privacy and Identity-relevant Information in Social Network Sites

Archive for July 2008

Prosecutors and lawyers turn to Social Network Sites

with 3 comments

Prosecutors and lawyers are using Social Network Sites to argue their cases. However, for prosecutors it is much easier to access information from these sites than it is for defense lawyers to get their clients to delete sensitive information.
The case of Joshua Lipton, a college junior who was charged in a drunken driving crash, has recently become a center point of attention. Read this bit from AP:

The Associated Press: Web networking photos come back to bite defendants

[T]he 20-year-old college junior attended a Halloween party dressed as a prisoner. Pictures from the party showed him in a black-and-white striped shirt and an orange jumpsuit labeled “Jail Bird.”

In the age of the Internet, it might not be hard to guess what happened to those pictures: Someone posted them on the social networking site Facebook. And that offered remarkable evidence for Jay Sullivan, the prosecutor handling Lipton’s drunken-driving case.

Sullivan used the pictures to paint Lipton as an unrepentant partier who lived it up while his victim recovered in the hospital. A judge agreed, calling the pictures depraved when sentencing Lipton to two years in prison.

This seems part of a larger trend, where prosecutors and lawyers use Social Network Sites (SNS) to find (primary or secondary) evidence and information to discredit the counter party.
Consider this quote from redOrbit:
Social Networks Help Detectives Solve Crimes – Technology – redOrbit

During the sentencing, prosecutors show the pictures, not only to embarrass defendants but to make it harder for them to convince a judge that they’re remorseful or that their drunken behavior was an accident.

Prosecutors do not always immediately turn to networking sites while preparing for sentencing, despite embarrassing photos of criminal defendants that are sometimes available in plain sight and accessible under a person’s real name.

However, in circumstances where they’ve had reason to suspect incriminating pictures online, or have been tipped off to a particular person’s MySpace or Facebook page, the sites have produced critical character evidence.

Darryl Perlin, a senior prosecutor in Santa Barbara County, California said, “It’s not possible to do it in every case.”

He said, “But certain cases, it does become relevant.”

Defense lawyers are aware of these techniques, and as long as both parties have equal opportunities to collect and delete the information from SNS, this looks like a fair equilibrium. Also from redOrbit:

Social Networks Help Detectives Solve Crimes – Technology – redOrbit

Santa Barbara defense lawyer Steve Balash said the day he met his client Jessica Binkerd, he automatically asked if she had a MySpace page. Binkerd was a recent college graduate charged with a fatal drunken driving crash. When she said yes, he told her to remove it, because he figured it might have pictures that cast her in a bad light.

But, Binkerd failed to remove the page, and right before she was sentenced in January 2007, the attorney was “blindsided” by a prosecutors report that featured photos posted on MySpace after the crash.

However, the effort to access the information is not proportional to the effort needed to delete information from a SNS. The NY Times ran a series of articles on how to delete your Facebook profile:

How Sticky Is Membership on Facebook? Just Try Breaking Free – New York Times

Some users have discovered that it is nearly impossible to remove themselves entirely from Facebook, setting off a fresh round of concern over the popular social network’s use of personal data.

Furthermore, it is unknown if and how SNS store information on their profiles on their servers for own use. This information could be requested by warrants, subpoenas or any legal equivalent. This raises grave concerns about how to protect your identity relevant information and questions about if and how SNS retain data that can haunt you later. I plan on a follow-up post.


Identity Relevant Information is a conceptualization of information relating to an individual that is broader than the commonly used ‘Personal Identifiable Information’. I find this term more appropriate for use with Social Network Sites. Noëmi Manders-Huits and Jeroen van den Hoven coined this term in their excellent paper ‘Moral Identification in Identity Management Systems’.


Manders-Huits, N.L.J.L. & van den Hoven. J (2008), “Moral identification in Identity Management Systems”, in Fisher-Hübner et al. (eds.), The Future of Identity in the Information Society, Springer Boston, pp 77-91.

Update 2:
An American investigator and his partner have started a business in educating law enforcement officers how to use Social Network Sites to investigate crimes.

Area police training to patrol Web sites | Lynchburg News Advance

Their business, Cyber Associates Training Seminars, held its first training seminar for investigators last week, teaching officers from the Lynchburg Police Depart- ment, the Liberty University Police Department, the Mecklenburg County Sheriff’s Office, and the FBI.

Although the article focuses on finding murderers and pedophiles, my post shows that law enforcement officers can also use SNS to track down less obviously malign behavior.

Written by davidrip

July 21, 2008 at 11:33 am

Posted in Uncategorized

Not verifying lies on Facebook, media get sued for breach of privacy

leave a comment »

An interesting case that has been prominently in the news quite a while ago, has gained renewed attention. In May 2008, British newspapers, as well as bloggers, mentioned that a party in Spain was thrashed because the organizer, a 15-year-old girl, posted the event on Facebook. The story was that the event spread quickly through the Social Network Sites and uninvited guests ruined the party and even stole objects.
Recall this paragraph:

VVIDE: Facebook Party Trashed

What started off as an innocent 16th birthday party turned in to a huge free for all[,] as 400 [gatecrashers] turned up drunk and started throwing TV’s, tables and other household goods in to the swimming pool, breaking doors and destroying carpets.[…..] How did this happen[,] I hear you ask, well[,] Jodie posted details of the party on Facebook and Bebo[,] two social networking sites and unfortunately included a full address of where the party was. In the details Jodie called it “party of the year” and said “Theres gone be a lot of alcohol, an amazing DJ.”

After the fact, the girl posted details of the party trashing on her profiles on the respective Social Network Sites. However, the mother of the girl claims that the posts on Facebook and Bebo are all lies. The Independent writes:

Mother sues over tale of ‘drunken party’ lifted from Bebo – Home News, UK – The Independent

But Jodie Hudson’s lurid description of the party on the social networking website Bebo, subsequently carried in a number of national newspapers, turned out to be fantasy.

So what recourse do people take when media spread false information about them? They sue the media for defamation. The accusation would be based on libel or, because it concerns private facts, public disclosure of private facts. This is exactly what happened:

Mother sues over tale of ‘drunken party’ lifted from Bebo – Home News, UK – The Independent

Jodie’s mother, Amanda Hudson, is suing six national newspapers for defamation and breach of privacy after they ran stories based on her daughter’s exaggerated claims about her party, [..] The case is expected to have far-reaching consequences for third parties who use or publish information from social networking sites. Lawyers say it could place a duty on all second-hand users to establish the truth of everything they want to republish from such sites.

And this is were it also gets interesting from a moral perspective. Knowingly disclosing untrue information with the intention to harm people is obviously morally wrong. The reporters in this case could have verified any of the facts by calling the police or asking for police records. The website posts mention involvement of the cops, so there must have been records of this.
This was just sloppy work from journalists, but what if you don’t know or don’t expect that the information is untrue? Prohibiting people to publish because they can’t verify the facts could chill free speech. Unknowingly spreading untrue information about people could still harm them. Even if there is no specific harm inflicted (such as lies about one’s reputation), this prohibits the person to engage in shaping his own moral personality.
The question here is really: when can a person be expected to unknowingly disclose untrue information about someone else? Should there be a reasonable attempt of the discloser to verify the information? And here, we have the problem with defining ‘reasonable’, and this will always happen on a case-by-case basis.

Consider the criteria for verifying the truthfulness of information, mentioned in the article:

Mother sues over tale of ‘drunken party’ lifted from Bebo – Home News, UK – The Independent

[In this case, there was] no legitimate public interest in publishing material from the site. [..] Mrs Hudson says that, because the information was inaccurate, the papers cannot rely on the [defense] of fair comment.[…]. [Also,] Mrs Hudson said her daughter has also suffered greatly because of the breach of her privacy

Also, mention the defense of fair comment. This comes again down to the question whether or not the media could reasonably easy verify the information. One could argue that the journalists should have been more careful, as it is well known that Social Network Sites contain fake information. See the Friendster case about fake profiles (Fakesters).

The claim of breach of privacy also is a difficult one. Social Network Sites are seen as not fully private spaces and the subjects on these website engage in self-disclosure of information. They disclose the information to a network that is surely not totally private. I have always wondered why people disclose sensitive information so easily, perhaps because the contextual cues are less present. This has been a topic of one of my earlier Dutch weblogs.
Take the example of the Facebook Group for girls that post pictures of themselves in a drunk state onlin:

Young women drink, party, post –

What you won’t find on this page — called “Thirty Reasons Girls Should Call it a Night” — is humiliation and embarrassment.

The lack of understanding of the risks for this behavior on a long term are evident:

Young women drink, party, post –

Many photos on the site are accompanied by full names and the colleges the women attend, apparently without much concern that parents, or potential employers, will take a look.

I will follow this case closely, as the results are very relevant for how we deal with information on Social Network Sites.
I recommend reading Daniel Solove’s book ‘The Future of Reputation. Gossip, rumor and privacy on the Internet‘ for more dilemmas concerning self-disclosure of information.

Written by davidrip

July 16, 2008 at 11:45 am

Posted in Uncategorized

Comparative study of SNS shows privacy controls lacking or difficult to find

leave a comment »

The Common Sense Media has released a short report on Web safety factors that their users deem important. I don’t necessarily agree with the scoring on those factors, but the report describes some interesting findings about privacy settings in Social Network Sites (SNS).

I see privacy settings in SNS as a way for users to bargain and unbundle. However, the unbundling and bargaining space that users have is very minimal. Bargaining about privacy is making informed choices about what of your information is visible to other and what information from other you have access to.
Unbundling includes not using every service of the SNS, for example using the function to post weblogs without having to use the photo share function or being confronted with your friend using the photo share service.

The report describes both Facebook and MySpace as putting many privacy controls in users hands. An important difference is that the tools to customize your privacy are built into MySpace’s registration process. This informs the user more than putting privacy controls six clicks away. The report mentions:

Sense Media Releases First-Ever Safety Analysis of Most Popular Social
Networking Sites for Tweens and Teens – Common Sense Media

addition, although many privacy and safety features were added to these
sites in the last two years, they are often difficult to find. 

Facebook users have many options to customize their privacy settings, but the effectiveness of these options depends on how useful these controls are and if users are able to make sense of them. When I talked to Adrienne Felt, she told me that a too granular approach to privacy settings can confuse users. With respect to Facebook she said that the terms used to describe the privacy controls are confusing and that Facebook doesn’t explain them very well.
In my opinion, privacy controls should be clear cut to the user and based on how you would give away information in real life. If you are not willing to show sensitive photos to relatives of your family, you should be easily able to do so. Earlier, I wrote a Dutch weblog on this subject.

Another remarking observation from the report is that users should disable Facebooks Beacon feature. The data collecting feature, that feeds information from third party websites to your Facebook profile, has been under fire for not implementing full informed consent. As I mentioned at the CFP2008 conference, I still think the implementation of Beacon is very in transparent to end users and that without good understanding users cannot give informed consent.

Internet Safety Scorecard

Parents need to know: Here’s a tip for more privacy: Disable Facebook’s “Beacon,” which reports users’ activities on third-party sites, by visiting this link: Click the box that reads, “Don’t allow any websites to send stories to my profile.” 

I am interested to see if parents, towards which this report is directed, or any Social Network Site, pick up these criticisms.

Written by davidrip

July 9, 2008 at 8:32 pm

Posted in Uncategorized

Tagged with

Social Network Sites and social spheres?

with one comment

Social Network Sites (SNS) are troubled by interactions that are only possible in the cyberworld and not in real world. Because the speed of information dissemination is much higher, more people get to know embarrassing fact faster than in the real world.

For example, imagine that your soccer team has a party after you’ve won the championship. The forward takes pictures of you all: happy, singing and drunk. You don’t mind that these pictures are posted on a SNS, visible for all your friends. But your feelings toward the disclosure change when your employer or your future in-laws get access to this information. Because you are unable to distinguish between friends, employers and family, you can’t withhold embarrassing information from them.

Genome, a new Social Network Site, says to change this all. Sarah Perez mentions in her post:

“Exclusive: First Look At Genome, A Next-Gen Social Networking Service – ReadWriteWeb

Privacy: Privacy levels will be set up to mirror real-life relationships: spouse or significant other, family, best friend, friend, buddy, colleague, business partner, high school acquaintance, contact, etc. Human relationships have detailed nuances – social networks should, too.

This could prove a promising technology, as the information flow from one social sphere to another can be controlled. Jeroen van den Hoven pointed out earlier that information traveling different spheres without our consent or knowledge could severely harm us.

He bases his analysis on the work of Michael Walzer, who claimed that what is especially offensive to us and goes against our sense of justice is the transfer of goods between different spheres of justice (Van den Hoven calls them ‘social spheres). Walzers solution is to practice separation and put blocked exchanges in place. Van den Hoven applies this to the good of information. And the remedy that he proposes is exactly what Genome claims to do.

We have seen multiple Social Network Sites that didn’t live up to their expectations, especially in terms of privacy, but I can’t wait to see if this Social Network Site can live up to its claims.

David Chartier from Ars Technica is skeptical about the more fine-grained relationship definitions.

Genome plans to solve social networking data sync problem

But these are at best just a foundation for improving the value of social networking, and at worst a clunky new control layer that could bury us under even more social networking busywork. A simple, unobtrusive UI and streamlined tools that harness these relationships will be the real test of whether Genome is on to something in this area.

Written by davidrip

July 9, 2008 at 2:18 pm

Posted in Uncategorized

Tagged with