Thursday, 26 February 2015

Facebook Policy Updates Not Sitting Well with Belgian Watchdog

With the publication of new privacy policies earlier this year, Facebook hoped to make its position more clear in the face of growing opposition to how it collects and uses member data however things are not working out as expected.  Facebook updates are not sitting well with the Belgian Privacy Commission; they may even be in violation of European law.

A study compiled by representatives from two Dutch universities seems to indicate that the new privacy policies make it too difficult for Facebook users to protect their own privacy.  Even though Facebook members retain the power to control how their personal information is used, the company prefers to use an opt-out approach rather than a more acceptable opt-in model favoured by European governments.

Authors of the Belgian study say that the opt-out model is a problem because of the European standard that says a failure to opt-out does not imply consent.  Making matters worse for Facebook are assertions among critics that finding the opt-out option is too confusing for most users and, because they cannot find where to opt-out, many do not bother.

In Facebook's defence, the study does acknowledge that the policy changes published by the company earlier this year are mostly clarifications of existing policies.  There is nothing in the updates so extraordinarily different as to define a new policy that was not previously in effect.  The study says:

"To be clear: the changes introduced in 2015 weren't all that drastic.  Most of Facebook's 'new' policies and terms are simply old practices made more explicit.”

Study authors also take issue with Facebook's 'take it or leave it' approach; in other words, the only option users have if they do not like the company's privacy policy is to stop using the service immediately.  Facebook is completely within its rights to maintain such a policy, but the policy excludes untold numbers of potential members who do not have access to the platform because they cannot, or will not, accept the company's privacy policies.

The Price of Networking

It is difficult to say whether Facebook is really doing anything wrong or not.  The whole idea of social media networking, from the perspective of a company such as Facebook, is to provide people with free access in exchange for advertising capabilities.  It is the position of service providers that data collection and analysis is part and parcel of accepting a service for which the consumer pays nothing.

On the other hand, critics say companies such as Facebook go too far in how they handle data communications and sharing.  They would prefer the data be collected, analysed and then immediately discarded in order to protect individual privacy.  Furthermore, they believe such a short-term policy would be more than capable of meeting the needs of service providers whilst still preserving the security of users.

Right now, Facebook's biggest concern is not unhappy users; it is the European Union.  All eyes will be on Brussels and its reaction to the Belgian report.

Thursday, 19 February 2015

Social Media Competitors Joining Forces to Handle Security Threats

In the cut-throat world of social media, one could hardly expect competitors to work together for mutual benefit, however that is exactly what is happening among some of the biggest players, including Facebook, Tumblr, and Pinterest.  The three companies are among a group of companies that have decided to work together in a joint effort to create something known as ThreatExchange.  The result of their collaboration will be a set of application programming interfaces (APIs) that the participating companies can use to thwart cyber-attacks.

Social media companies are under increasing attack by creative hackers who have figured out how to use the platforms to spread malware across the Internet.  Up to this point, the management of these kinds of attacks has been limited to individual efforts at each affected company.  Nevertheless, as soon as one platform is reinforced, hackers simply move on to the next.  ThreatExchange is intended to solve that problem by allowing participating companies to constantly share relevant information in real-time.

The current infant state of ThreatExchange makes it a programme that is not yet ready to do battle with hackers on a large scale.  There are only a small number of participating companies, at least for now, sharing a small amount of information.  Nonetheless, there are plans to grow the programme to eventually include communications from dozens of players and a fair amount of automation.

While information sharing and networking among social media companies is now being developed, these two strategies are not the first attempts at controlling increasingly more sophisticated cyber-attacks.  For example, Facebook and Google both have programmes in place offering cash rewards to outsiders to identify and report security problems, however such programmes are a far cry from competitors actually networking to share previously secret information.

A Better Solution?

The idea of competing companies working side-by-side to stop security threats is not so unusual in some industries such as banking and insurance.  Nevertheless, for social media to engage in this sort of networking and collaboration is unusual.  Is the ThreatExchange concept the best solution for protecting networks against hackers, or is it just a better solution compared to each company trying to handle security on its own?

Only time will provide the answer to that question.  Nonetheless, there is legitimate concern that the collaborative efforts could backfire.  If too much information is shared and access not tightly controlled, hackers could get in and eventually defeat any security measures put in place.  If not enough information is shared, the entire exercise could end up being a waste of time and resources.

One thing we know for certain is that cyber-attacks are not going away.  That means social media companies, as with everyone else, have to continually develop new ways to protect the security of their networks.  For the time being, that might mean joining forces with competitors to share real-time information and create workable security solutions.  It is a brave new world that no one imagined a decade ago.

Wednesday, 11 February 2015

The Internet of Things and the Loss of Privacy

The world was outraged, and rightly so, when news broke of the US National Security Agency's (NSA) extensive spying on enemies and allies alike however, why is anyone surprised?  We live in a world that is now being dominated by what is affectionately known as the 'Internet of Things', a world in which the loss of privacy is to be expected.

Illustrating where we are in the Internet of Things is news from Samsung that some of their new cutting-edge television sets will be listening in on the private conversations of customers.  Samsung's announcement will undoubtedly spark outcry among gadget lovers none too happy with the South Korean company monitoring their conversations.  As for Samsung, it claims that their new televisions will only be listening when users press a specific remote control button and speak into a microphone.

What is the point of such listening?  Samsung apparently wants to analyse the speech in order to glean any data that could help it improve marketing.  If the company is telling the truth, analysing consumer conversations is just the latest step in a Big Data strategy that is turning the world's consumers into objects of statistical analysis.

The Institute of Engineering and Technology's Professor Will Stewart says that the current incarnation of Samsung’s listening capabilities is probably harmless however he predicts that this may not hold true in the future, as more TV manufacturers follow Samsung's lead.

Where will it end?  It will not!

The modern era of data communications and worldwide networking means that individual privacy, as we once knew it, no longer exists.  Just Google your own name and you will know exactly what we mean.  The Internet stopped being a harmless commercial and social enterprise years ago.  It is now a digital behemoth that collects personal data and spreads it around the world indiscriminately.

Realistic View

The point of this blog post is not to sound like a paranoid IT services tech fearful of the government looking through his windows - rather, it is simply to bring to light the reality that we live in a new world in which the expectation of privacy does not truly exist.  It is a new reality that we must come to grips with unless we are willing to dismantle the Internet of Things and go back to life before electronic gadgets.  We doubt that very few people would go for that strategy.

So where does that leave us?  It leaves consumers in the position of having to pay close attention to the progressive nature of privacy intrusions for the purposes of drawing a line in the sand.  By that, we mean each individual consumer must decide what his or her limits of privacy intrusion are.  For some people, purchasing a TV that can listen in on private conversations crosses the line.  Others will be more than happy to allow the intrusion for the sake of enjoying what the new televisions have to offer.  It is all about individual tolerance and risk aversion.  That's where we are; like it or not.