Archives

Maritza Johnson, Tara Whalen & Steven M. Bellovin, The Failure of Online Social Network Privacy Settings II – Policy Implications

Maritza Johnson, Tara Whalen & Steven M. Bellovin, The Failure of Online Social Network Privacy Settings II – Policy Implications

Comment by: Aaron Burstein

PLSC 2011

Workshop draft abstract:

The failure of today’s privacy controls has a number of legal and policy implications.  One concerns the Fourth Amendment.  Arguably, people have a reasonable expectation of privacy in data they have marked “private” on Facebook; conversely, such an expectation is not reasonable if they have made it available to Facebook’s 500,000,000 users.  Our results, though, show that people often cannot carry out their intentions, and that they are unaware of this fact.  Given this, we suggest that a broader view of a reasonable expectation of privacy is necessary.

There are also implications for privacy regulations.  In jurisdictions that regulate collection of data (e.g., Canada and the EU), the existence of access controls could be viewed as a consent mechanism: a user who has marked an item as publicly accessible has voluntarily waived privacy rights.  We assert that such a waiver is not a knowing one, in that people cannot carry out their intentions.

Michelle Madejski, Maritza Johnson & Steven M. Bellovin, A Study of Privacy Setting Errors in Online Social Networks

Michelle Madejski, Maritza Johnson & Steven M. Bellovin, A Study of Privacy Setting Errors in Online Social Networks

Comment by: Aaron Burstein

PLSC 2011

Workshop draft abstract:

Increasingly, people are sharing sensitive personal information via online social networks (OSN). While such networks do permit users to control what they share with whom, access control policies are notoriously difficult to configure correctly; this raises the question of whether users’ privacy settings match their intentions. We present the results of an empirical evaluation that measures privacy attitudes and sharing intentions and compares these against the actual privacy settings on Facebook. Our results indicate a serious mismatch: every one of the 65 participants in our study had at least one sharing violation. In other words, OSN users are sharing more information than they wish to. Furthermore, a majority of users cannot or will not fix such errors. We conclude that the current approach to privacy settings is fundamentally flawed and cannot be fixed; a fundamentally different approach is needed. We present recommendations to ameliorate the current problems, as well as providing suggestions for future research.