Does FB have right to fix our privacy ?

Image

WSJ runs a great article on issues with FB current privacy position. It seems FB position themselves as a repairing mechanics not as a professional architect when they work on privacy controls.

The newspaper story started with an example of involuntary disclosure of sexuality when a teenage joined a chorus FB group. Her parents was informed about her sexuality via FB. The reporter Geoffrey A. FOWLER then explained some inevitable change to privacy: “For much of human history, personal information spread slowly, person-to-person if at all.”; “Personal worlds that previously could be partitioned—work, family, friendships, matters of sexuality—become harder to keep apart.” ;”Facebook is committed to the principle of one identity for its users.” ; “increasing privacy settings may actually produce what they call an “illusion of control” for social-network users.”

After reading this article, I noticed that although FB is responsive in fixing the technical issue, they did not discuss how they design and verify privacy BEFORE launch. Millions of FB users do the test for FB for free. The largest software testing I ever know. FB improves their system after their user already suffered the misbehave of their system.

Privacy settings affect every user and FB should design each new function or each disclosure with systematic impact analysis. There should be a clear document listing how each activities is displayed to friend and the public. FB should notify the user community what impact a new system feature will bring to such disclosure.

The idea that we letting FB continuously fixing their system scares me. Privacy should start with impact analysis and robust testing before thing happen.

This entry was posted in Privacy and tagged , , , , on by .

About antonyma

Engineering trained, Antony has the qualifications of CISA, Oracle DBA and BS7799 ISMS assessor. He also received a LLM in Intellectual Property & Information Technology Law from The University of Hong Kong. Founder of travel tech statup www.powerdata2go.com Antony was th Chairman of Professional Information Security Association (PISA) from 2009 to 2010. He also joined ISC2 workshop on developing a new cloud security certification. Current positions include: 1. Chairman of Cloud Security Alliance (Hong Kong & Macau Chapter) 2. Convenor of HK OGCIO Working Group on Cloud Security and Privacy 3. Hong Kong delegate to ISO SC 27 committee, which drafts security standards like ISO27001. email : antony.linkedin@gmail.com Specialties Retail Banking System & Process, IT Security, Copyright Law, Audit & Control, Technology Risk Management, Cloud Security

4 thoughts on “Does FB have right to fix our privacy ?

  1. jeanfrancoisraymond

    Good article – FB is clearly in reactive mode when it comes to privacy, and has been for a long time! Playing the devil’s advocate for a moment, the privacy related collateral damage may be the cost of keeping things open and not stifling innovation. The lack of a coherent and comprehensive approach to privacy may actually be leading to innovative use of FB. Things are changing so fast, including how people relate to FB and privacy.

    After having a quick look at the FB privacy policy – http://www.facebook.com/about/privacy/ it does not surprise me that they are reactive. They don’t seem to have high level privacy guiding principles; everything is very detail/technology orientated…

    Reply
  2. antonyma

    Hi JF, on the Internet, my observation is most of the regulations are reactive. What I learn from my law school class in Cyberspace Law is there is no security by default or privacy by design in our current cyberspace governance. I do agree with you that we shall not crush innovation by imaginary fear.

    Is there any institute has the authority to regulate data privacy practices a US-based Internet based company life FB or Google?

    Reply
  3. mengchow

    Regulations are by design reactive. We don’t need regulation when there’s no negative impact on doing something, and the negative impact is often something that is difficult to anticipate, especially for something that is new.
    It is perhaps useful if FB could indicate the outcomes of their privacy assessments, but I don think it will be comprehensive, and I think perhaps they are worried that if it is incomplete, they could mislead, and that could lead to legal troubles. They are therefore testing the ground, , 摸石过河 – “touching the stone to cross the river”, trying out a feature and see how it goes without any privacy commitment along the way, just like the stones in the river will not guarantee that you can safely cross the river, they are just there for you to use 😉

    Reply
  4. antonyma

    MC, the Internet is certainly a continuous testing field, new ideas and new software appear every second! Your description is true for the past 20 years.
    However, today the Internet’s impact is too large and deep to continue running this way. The river in your comment is engulfing everyone, young to old, poor to rich and educated to illiterate . The young, poor and illiterate will need protection before it is too late.

    Obviously, my comment is not apply to FB alone.

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s