25 March 2009

Proposals for monitoring social networking sites

There is an outcry today by privacy activists about the government`s proposal to monitor social networking sites such as Facebook and Bebo. Under the proposal, the details of users of such sites will be kept in a central database which is operated by a private company.

The Government is quick to point out that it is not interested by the content of the exchanges passing between users. However, it is not clear what safeguards it will put in place to ensure that the content per se is protected from such monitoring. However, and perhaps more crucially, it still does not deal with the objections related to the use/storage of personal and sensitive data by the Government. The Government justifies this proposal on the grounds of enabling the police and security services to keep up-to-date with the technological advances. However, it seems that the proposal does not contemplate imposing conditions for monitoring such sites (e.g. a minimum threshold before the details of a user are deemed to qualify for monitoring). Under the current proposals, the Government seems to be asking for a 'blank cheque' liberty to monitor all the data of all users of social networking sites which is not commensurate with the alleged security interests.

22 March 2009

Of blurring technologies and mapping technologies

The launch of Street View in the United Kingdom was never going to be a quiet affair. Beyond the usual fanfare of publicity and the slogans presenting it as the thing we need most, Street View was also going to attract a lot of issues related to protection of privacy of the individuals who are captured on the displayed images.

Hence it does not surprise CyberPanda in the least that Street View had to pull some of the displayed images after receiving a number of complaints from the individuals who were shown in those images. The images captured a lot of moments deemed to be private as an individual entering his home or individuals being arrested. Street View acted promptly and removed the offending pictures as soon as the complaints were received.

However the real issue is why such pictures were deemed fit to appear on the website in the first place. It is surely obvious to any data controller that such pictures will infringe the expectations of privacy of those captured in the images. To be fair to Street View, this situation is not entirely its fault. Other equally important actors are involved, namely, the Information Commissioner and legislators. The Information Commissioner gave the go ahead earlier in 2008 for such web sites to used images deemed to be private as long as identifying features as faces or registration plates were blurred. However, what the IC has failed to recognise is that the use of blurring technology is not sufficient on its own to displace the expectations of privacy of captured individual who can still be easily identified by his/her attire, location and other seemingly innocent but yet incriminating information. Finally, the notion of reasonable expectation of privacy is not easily protected in the UK when it comes to such websites as the legislators and policy-makers are yet to decide on when virtual spaces are private or public. The challenge of course is to determine the boundaries of such a divide which is not an easy task in cyberspace in any event.

Disclaimer: The image used above is subject to the intellectual property rights of third parties. Click here to view the image in its original context.

3 March 2009

Another week where Facebook is in the press for the wrong reasons...

Another week and Facebook is yet again in the news for all the wrong reasons. It has been reported by BBC News that Facebook has been hit by five different security attacks in the past 7 days. The aim of these attacks have been to access the personal information of millions of Facebook users and resale them to third parties as commodities for various purposes including fraud and identity theft.

The attacks were concealed in what are commonly known as 'rogue applications.' This brings to light yet again Facebook`s worrying practice of not vetoing third party applications before they are published on the site. As a matter of fact, any individual can create an application and publish it on the site. S/he, then, has access to all the personal data of all the users of Facebook, irrespective of whether or not the users have subscribed to the application. Facebook justifies this practice on the grounds on 'open source,' namely, any user should be able to participate in the Facebook both as a user and as a developer of applications. However, this only serves to highlight the problem of the concept of open source or creative commons. The unfettered and unchecked proliferation of code by net users in such websites not only threatens the fundamental rights of other net users but also, and more importantly, yet again highlight the increasing risk posed by a regulatory framework which is based on technological determinism.
Disclaimer: The rights to the image used above belongs to a third party. The original image can be accessed here.