Social networks: be careful
You know, the Office of the Privacy Commissioner doesn’t want to appear technophobic. We appreciate the benefits of new technology and the ease in communication that social networks like MySpace and Facebook can bring to society.
But we have to remind Canadians that they should be careful about the information they share online. We don’t just mean the usual suspects: birthday, address, social insurance number.
The same technological leaps that have provided us with these social networks have also provided companies with the computing power to scour the very same networks for reams of information. Information that can be used to categorize you.
And this is the subject of a New York Times article from earlier this week: “MySpace to Discuss Effort to Customize Ads”
“A 100-employee team inside the Fox Interactive Media offices … has designed computer algorithms to scour MySpace pages. In the first phase of the program, which the company calls “interest-based targeting,” the algorithms assigned members to one of 10 categories that represents their primary interest, like sports, fashion, finance, video games, autos and health.
The algorithms make their judgments partly on certain keywords in the profile. A member might be obvious by describing himself as a financial information enthusiast, for example. But more than likely the clues are more subtle. He might qualify for that category by listing Donald Trump as a hero, Fortune magazine as a favorite publication or “Wall Street” as a favorite movie.
The system also looks at the groups members belong to, who their friends are, their age and gender, and what ads they have responded to in the past. “Our targeting is a balance of what users say, what they do and what they say they do,” said Adam Bain, executive vice president for production and technology at Fox Interactive.” (New York Times)
September 21st, 2007 at 1:54 pm
Dude, anyone reading this site probably already is careful about putting private info online. Right message, but preaching to the choir.
September 21st, 2007 at 1:57 pm
I disagree. While privacy is covered in the media, most of the sites discussing privacy issues online are written by lawyers, privacy advocates, tech specialists and other members of the “choir.”
What we’re experimenting with here is a new way to communicate about privacy, and it’s going to bounce around from boring news release announcements to policy analysis to down-home advice.
Thanks to the magic of search technology, someone who’s “tone deaf” may stumble upon this information.
September 21st, 2007 at 2:41 pm
I whole heartedly support Commissioner Jennifer Stoddart and the office’s effort into talk more about privacy related issues. In the age of Google and web links, you never knows who may read this, how will they stumble upon this info, and what a simple discussion will lead to.
Just to make my comment more interesting. I want to use your post as an excuse to talk about institutions (e.g. bank, phone companies, etc.) using our birthdays and mother’s maiden names as security checks.
Re: Birthdays, more and more young people are putting their exact birthdays online. And with respect to mothers’ maiden names, since more and more women are keeping their maiden names after they got married, it is not difficult to find a person’s mother’s maiden names. For reasons listed above, I think the banks, etc. have to be warned of the security flaws in using these two pieces of info to verify who we are over-the-phone.
On these note, may be the Office of the Privacy Commissioner can initiate an informational guidelines to both the banks **and** the public via the media. This way, the banks can’t just ignore this concern as the public will also start to be more aware of the potential problems.
September 21st, 2007 at 5:25 pm
I’m not a security expert and so step out into the bright lights of this subject with trepidation… but I can’t help but ask: What is the problem with the above story? Is being categorized a problem? I like it when Amazon.ca categorizes me and shapes its adds and book selections are more likely to pique my interest. Same with Facebook… Not only do I enjoy the service, it saves me a tremendous amount of time. These are real and tangible benefits that need to be weighed. Does the privacy commissioner believe that Canadians are don’t understand these tradeoffs, or that when they do understand them, they are making the wrong choices?
The risks of sharing data on social networking sites feel like they are less from corporate entities then from criminal elements who can use the site to gain access or individuals or their property.
September 23rd, 2007 at 2:11 pm
Agreed with Colin. Sure, people who are subscribed to the RSS feed and are regular readers are guaranteed to be members of the “choir”, yet because of the nature of the web, it is quite likely that others will stumble upon it in a quest to learn more about social networks and the like.
A blog isn’t a magic bullet in any sense for raising awareness, but that shouldn’t stop you from writing. You never know who might be reading one day.
September 23rd, 2007 at 3:34 pm
David:
The issue to me they are highlighting, is you have no choice in who is categorizing you, and what information they can sell, or obtain. For example, if you read the Facebook terms of service, they claim to own everything you put there, including your picture. They can sell this information to whoever they want, what and who you communicate with. There is a great potential for abuse with this model.
Don’t post anything online (including private email to your friends and family!) that you don’t want to be public, to everyone in the world, forever.
September 24th, 2007 at 11:32 am
[…] Social networks: be careful of what info you post […]
September 25th, 2007 at 3:08 pm
I just found this blog - I think it is great! One of the problems I have been having as I try to get more into Canada’s political atmosphere is these .gc.ca sites are dry, hard to navigate, full of information that is impossible to find, etc.
I am very happy to discover a blog with a real human(s) behind it! It instantly makes the site more accessible and manageable.
Re: social network sites. One thing to keep in mind is that most/all are based in the US - where they are subject to the Patriot Act among others. All information you enter into facebook is free game for the US government data-mining computers.
A quick google of the no-fly-list shows how flawed these massive collation databases have been and how quickly and easily false-positives can really ruin someones life.
Combine “computers never forget” with “computers don’t understand context” and over-aggressive, very flawed pattern matching you can quickly become a ‘bad guy’ for no real reason.
And that isn’t even touching on the other lost-opportunity costs of these horrible facebook terms of services. (Like, if you upload a copy of your book for friends to read facebook now owns it).
It’s your data. And it is worth something. Make sure you keep it.
September 26th, 2007 at 9:09 am
I applaud the Commissioner and her staff for starting this initiative. There are few enough other Privacy resources around (Marc Rotenburg’s EPIC site south of the border comes to mind) - so I hope you continue with this - as a focal point for broad discussion on Privacy issues.
Now the topic in question - as a Privacy Analyst, and as an individual who plays on Myspace, I can say that the focused Ads. are just the tip of the iceberg.
The ubiquitous Tom - founder of Myspace - sold out to Rupert Murdoch’s media group last year. The signs of commercialization of that site have been creeping and insidious. What is more of a problem however, is all the hacking that takes place there. I suspect that the original software left much to be desired security-wise - and now with 200,000,000 profiles on there, it is ripe for picking for the identity theft crowd.
What is more troubling is the lack of concern of the average user.
I put up a brief blog the other day - summarizing the Commissioner’s recent concerns (along with a link back to this site) with Google’s latest ground level mapping feature.
Two or three people in my group commented - two quite concerned, the other taking the Scott Neely (?)- former CEO of Sun Microsystems’ blase comment of some years ago “Attitude” - along the lines of - get over it folks - all the data on you that companies need is already out there in the Internet….a troubling thought indeed.
Keep on pushing the facts in their faces out there - maybe the message will get rhough eventually - and hopefully not too late!
October 2nd, 2007 at 6:05 pm
Glad to see this blog is here.
Good advice being provided regarding social networks.
I have a topic suggestion for the Commissioner for this blog.
Your office is, I believe, funded by the taxpayers at the federal level.
I would like to know what types and amounts of authority Parliament has given (or not) to your office when it comes to enforcement and punishment for individuals and especially companies that breach someone’s privacy, where they had a “duty of care” and/or fiduciary responsibility (in the case of financial institutions) to protect their clients’ info, and they didn’t.
I called your office, and was told your office has the power to investigate problems and breaches, and then make “recommendations” about future preventative fixes. No powers of enforcement, and no powers of punishment, ie: fines, laying down process/monitoring rules for negligent firms.
If this is indeed true, it concerns me as a taxpayer as to what exactly we’re paying for, if your office doesn’t have the power to bring down the hammer on negligent companies. If it’s true, Parliament needs to finish the job and give your office a stick and some teeth.
If your friendly & professional front line staff person is wrong, then please correct and clarify.
Thanks.