“Publication is a self-invasion of privacy.” -Marshall McLuhan
As if foreshadowing the birth of social media and the hue and cry around online privacy and security issues, Marshall McLuhan summed it up in one succinct sentence: Publication is a self-invasion of privacy. And in a day and age when everyone and their mother (literally) is a publisher, whether via Twitter or LinkedIn, through a blog or on a Facebook page, it begs the question: If you are putting yourself out there, then where does online privacy and security even fit in? What if, when it comes to social media and its many platforms, privacy and security have gone the way of the Dodo bird?
Let’s face it, before social media crashed the online party, security and privacy tended to be more of an ‘in versus out’ issue. Corporations needed security to make sure nothing came ‘into’ their online corporate bubble, to make sure their online properties were secured so information wasn’t easily accessible by outside individuals. ‘Hack’ was the new four-letter dirty word. Corporations used firewalls for security lest employees ventured somewhere unsavoury. They also made things secure for their consumer with encrypted payment pages for online buying, that sort of thing.
As for the general public, they had to be careful of what they were putting ‘out’ onto the Internet, that their blog privacy settings were set and secure, that they didn’t use their birthdays or their kids names as passwords, and maybe, most importantly, that they didn’t reveal too much sensitive or private personal information — birth dates, where they live, where they were born, job info — you know, the stuff identity thieves use.
Then along came social media. Facebook, Twitter, LinkedIn and other social networking sites are fundamentally non-private and by extension not secure. Their value, for business, and their fun, for everyone else, lies in the sharing and publishing of personal information. And its a level of online sharing that even those of us at a *ahem* reasonably young age still find astonishing. Yet these networks seem to be at the root of more privacy/security concerns than anything else online. Huh?
We mentioned the business value of social networking sites up there, and we talk about it here daily. It’s no secret that corporations make money using customer information and statistics. The sudden tsunami of personal data available online — published voluntarily, however, via social networking sites — raised that bar, and blurred the lines between what companies should have access to and what they shouldn’t.
For the sake of argument only, let’s use Facebook as an example. Google ‘Facebook’ and ‘privacy’. What you’ll see is article after article describing one or another attempt by Facebook to tweak its privacy settings, and the inevitable backlash by its members who rabidly protest these changes as an attack on personal privacy. And here’s why: With the latest software, everything from our age range, what neighbourhood we live in, our average salary, what car we drive and whether Black Swan or Inception might tickle our fancy can be determined from a few clicks of a mouse or select keywords. The Wall Street Journal wrote a great article on data sharing, which is extremely lucrative, and one of the fastest growing businesses on the web.
There’s no denying that Facebook is a business, and a mighty successful one at that. And in 2007 it got its hand slapped for exactly this type of data sharing. For members who thought it was more of a benevolent sorority club that anyone could join, the idea that their personal information might be ‘used’ was a bit of a shock. And they freaked out. Online petitions were circulated. Pundits wondered if this might be the tipping point, if people were going to be scared away from Facebook and social media in droves because of risks of privacy invasion. But, a bit like Chicken Little, that didn’t happen. And it’s still not happening. Just last April, the company was called on the carpet for the same type of data sharing. Yet, today, Facebook has 500 million active users. Think about that. For all the teeth gnashing around its privacy hiccups, people still joined — and are still joining — in droves. Here’s why: What Mark Zuckerberg does in response to the rallying cries of ‘off with their heads’ is a little bit of crafty and a whole lot of smart. He gives people the tools to opt out, the opportunity to change their settings. Which makes them feel more secure. Are they completely private? No. Is their information completely secure? No. But as long as they can control, within reason, their page settings, they feel better.
The bottom line is, social media changed the Internet landscape. It’s always seemed a bit hypocritical to get up in arms about online privacy and security in between posting to Twitter, sharing on Facebook, detailing your job history on LinkedIn and becoming mayor of your local Starbucks on Foursquare. (And we haven’t even touched on sites like Blippy, where you share your credit card purchases with friends.) In researching the online privacy/security issue, and asking relevant questions regarding where and how it fit into this new world of social networking, we concluded it didn’t. It couldn’t. Privacy and security are virtually the antithesis of the transparency and immediacy of social media. There has been an evolution, though. What you can have — indeed should insist you do have — is CONTROL.
Below are some tips that will give you a bit more control, both personally and professionally, while adapting to and adopting social media.
Tighten your privacy settings: Remember that Facebook, MySpace, and other social sharing sites want your information to be shared. That’s why the default privacy settings are usually as loose as they can be. But Facebook, and many other similar sites, offer customizable privacy settings that allow you to limit who can see what. Limit sensitive data, like email addresses and phone numbers, to only your friends, to better protect your privacy.
Share less: If there’s something about you — information or a picture — that you don’t want the world to potentially see, then don’t share it online. Pictures showing you out drinking or at a party, for example, might be something you want to keep to yourself and out of the hands of possible employers or even from family. The easiest way to keep info private is to not share it at all.
Use dedicated e-mail accounts: Thinking of signing up for a new social network or starting a blog? Worried that you’ll be flooded with spam and phishing emails if you do? Then take the steps to protect your e-mail and set up dedicated email addresses, something like “firstname.lastname@example.org”, for example. Use this account for your social networking sites and other online activities. That way, if you do become a victim of spam or other unwanted emails, your primary email is still safe and protected.
Increase employee awareness: People can change the way they behave in social networks only if they are aware of the security risks. Therefore, organizations should inform their employees about the risks present in the social media and raise their awareness of the fact that even seemingly harmless information can reveal too much about the company or people’s private lives. Providing continuous information about new threats and maintaining rules of conduct can further help with employee awareness. It is helpful to appoint a social media expert within the company who acts as a permanent contact for employees with questions and concerns.
Establish firm processes: Administrators need to remain up-to-date about the most recent risks on the web. It is therefore advisable to establish firm processes that are systematically linked to daily workflows. For example, administrators should make sure to download the latest security updates. These seemingly mundane mechanisms enable IT administrators to identify network attacks quickly or to avoid them altogether.
Maintain a strong set of rules: With in-house guidelines, network administrators can define the network areas and applications that can be accessed by specific people at specific times. This makes it possible to control and monitor access to critical data, and to track such access at any time, which reduces the risk of information falling into wrong hands through unauthorized channels. Companies should also take compliance requirements into account. The important thing is to keep the policies up to date and adapt them to changing circumstances.
So, what do you think? Has social media nullified the principles of online privacy, and by extension security? Do you agree with our theory that privacy and security, when it comes to social networks, have gone the way of the Dodo bird? And if not, why not?