Facebook has had to deal with privacy issues quite a bit in recent times. In 2012, the Irish Data Protection Commissioner (DPC) said Facebook has to explain better to users what happens to their personal data and give them more control.

The DPC report also called on Facebook to allow users to delete old messages, friend requests, pokes, tags and posts. The report also said that Facebook’s implementation of its facial recognition feature, allowing users to identify or "tag" people in photos, should have been handled "in a more appropriate manner."

The commissioner found that, in order to fully understand the use of their information the user has to read Facebook’s full privacy policy, statement of rights and responsibilities, advertising policy and information on the use of social plugins among other information. It is clearly impractical to expect the average user, never mind a 13-year-old joining the site for the first time to digest and understand this information and make informed choices, the report said.

Facebook's indefinite retention of information of what adverts users had clicked on was also "unacceptable," it said. Facebook said in response it would "move immediately to a two-year retention period." The DPC conducted the audit, aimed at determining whether Facebook complied with Irish and by extension European Union law, because Facebook Ireland is the entity with which non-US and non-Canadian users have a contract, the DPC said.

Facebook said in response that the DPC had "highlighted several opportunities to strengthen our existing practices". "Facebook has committed to either implement, or to consider, other 'best practice' improvements recommended by the DPC, even in situations where our practices already comply with legal requirements," it said in a statement available here.

The Electronic Frontier Foundation (EFF) whose subtitle is "Defending Your Rights in the Digital World." recently output a document titled "The Disconcerting Details:How Facebook Teams Up With Data Brokers to Show You Targeted Ads." This is highly recommended.

The EFF explains nicely that companies get their data, what information they share with Facebook and what this means for privacy. It turns out that data brokers are companies that trade in information on people - names, addresses, phone numbers, details of shopping habits, and personal data such as whether someone owns dogs or is married.

This information comes from easily accessible public data, such as
data from the phone book, as well as from less accessible sources, such as the Division of Motor Vehicles which sells information like your name, address, and the type of car you own.

One of the big players is the Acxiom Corporation. It can easily find out your age, race, sex, weight, height, marital status, education level, politics, buying habits, household health worries, holiday destinations etc. Data brokers make money by selling access to this information. So data brokers, their business is to build databases on actual people, on real-world physical people. And so their whole economic model is to make money selling access to that. They have all this organized and online and accessible in some means.

It turns out that many data brokers work closely with governments. For example, the FBI has been paying a data broker called ChoicePoint for access to its extensive database in order to screen for terrorist threats and for other purposes.

To give an example of how a data broker would interface with Facebook as follows. A company asked the data broker for an audience such as people interested in buying caravans. As strange as that sounds, a data broker is able to answer that.

So, it creates an email list of all people in its database who is interested in buying a caravan. They then do a good thing with regards security. That is, they create cryptographic hashes of the email list to that no other company can know what those emails are. They then send this to Facebook who in turn generate cryptographic hashes of all Facebook users. Whenever a hash of an email matches, then Facebook can identify that user as a person seeking to buy a caravan.

People may be glad to see here that no email addresses are actually known by Facebook at any time for the given target ad group. There is a little more to it and Facebook also allow third-party cookies to serve up ads on pages but what is just described is a summary of the little spoken about interconnecting world of social media sites and third party data brokers and advertising networks.

It must always be remember that no one involved in the early Internet design ever foreseen the pervasiveness of its involvement in everyday life. That is why we have so many security & privacy issues today.


By Kevin Curran,  senior lecturer in Computer Science at the University of Ulster and group leader for the Ambient Intelligence Research Group.

PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.

comments powered by Disqus