Facebook by xiaopangnv

VIEWS: 12 PAGES: 22

									Facebook’s Beacon

  By Michael Phelps
           History of Beacon
• Facebook application launched on November
  6, 2007
• Triggered controversy over user privacy
• Resulted in a class-action law suit
• Shut down in September 2009
                   The Basics
• Monitoring of user’s internet activity
• User’s online activity data is stored
• User activity is published on Facebook

• Partner Sites:
  – Blockbuster, Fandango, eBay, Hotwire,
    Overstock.com, Gamefly, Zappos, and more.
  – List of all partners here
                    The Process

                      Web activity
   User visits                          Data is stored
                     data is sent to
  partner site                          by Facebook
                       Facebook



Internet activity    All this without
posted on user’s           user
  “NewsFeed”          authorization
              Privacy Issues
• Lack of notice to users
• Lack of consent from users
• Unauthorized transfers of personal
  information
• Data always sent and stored regardless of user
  authorization
          More Privacy Issues
• Opt-out set up as opposed to
  opt-in (active by default)

• Program found to be active
  despite user opt-outs

• Program active despite users
  being signed out
         Even More Privacy Issues
• Viloated multiple online privacy statutes:
     •   Video Privacy Protection Act
     •   Electronic Communications Privacy Act
     •   Computer Fraud and Abuse Act
     •   California Computer Crime Law
     •   California Consumer Legal Remedies Act
                   Critics
• MoveOn.org started a
  Facebook group/petition
  regarding Beacon’s privacy
  problems
• Cited the lack of user
  authorization as the most
  pressing issue
• Gained 50,000 members
  within 10 days
                    Resolutions
• Class-action law suit
• Settlement agreement:
      • Shut down Beacon program
      • Pay $9.5 million into a settlement fund
      • Facebook to start a foundation for increasing online
        privacy and security
• Class-action received and split $41k of the $9.5
  million paid to the settlement fund.
• Lawyers, not users, get a big payout
 Facebook’s Safety Advisory Board
• Composed of five organizations:
     •   Common Sense Media
     •   ConnectSafely
     •   WiredSafety
     •   Childnet International
     •   The Family Online Safety Institute
• Purpose of educating users, facilitators, and
  companies about online safety and protection.
  Similarities Around the E-World
• The Almighty Google
  – Gmail’s email scanning and ad seeding
  – Scanning of Google searches
  – Storing of private information
      The Dark Secrets of Gmail
• Every email is scanned finding key words and
  private data that are archived
• Incoming emails from non-Gmail users are
  scanned and stored
• User data is held for an indefinite amount of
  time
                      So What?
• Gmail monitors and stores
  private information
• Private data is sold and used
  in targeted advertisements
     • Keywords are cached and
       seeded to advertisers
     • Advertisements catered
       specifically to the contents in
       your emails and your internet
       searches
              Privacy Concerns
• Concerns about general privacy
  – Gmail Users
     • Give consent by simply using service
     • No opt-out options offered
  – Non-Gmail Users
     • No consent at all
• Gmail defends scanning claiming it reduces
  spam and removes malicious content
               Access to Data
• Concerns about private
  hacking
  – Recent attack on system that
    gained access to data about a
    Chinese human rights activist


• Worries about use by
  government and law
  enforcement agencies
       Use by Law Enforcement
• Warrant needed to access short term email
  storage
• More leniency about access to long term
  storage
• Abilities to subpoena data stored in Google
  archive
• Possibility of email profiling
  – 2001: FBI used in car navigation system to monitor
    in car conversations
                Critics of Gmail
• Thirty-one privacy advocate organizations
  urge Google to suspend Gmail until privacy
  issues are resolved
     • World Privacy Forum, Privacy Rights Clearinghouse,
       EPIC, and more <Open Letter to Google>
          Suggested Solutions?
1) Suspend Gmail’s email scanning and ad
  seeding
2) Set clear and defined limits on length of data
  retention
              What Can You Do?
• Use another email service
     •   Rediffmail
     •   Walla
     •   Spymac
     •   Adventure-mail
• Don’t discuss your criminal activity on Gmail
     • Save that for face-to-face interactions
    Question? Comments?
.
                                       References
Sean Lane, et al v. Facebook, Inc. et al. Case5:08-cv-03845-RS (US District Court, Northern District of CA, San
    Jose Division).

Yang, Grant. (2005). Stop the Abuse of Gmail. Duke Law and Technology Review, 14, 1-18.

Lane, et al, v. Facebook, Inc., et al FAQ. Retrieved February 1, 2010 from Beacon Class Settlement website:
    http://www.beaconclasssettlement.com/Index.html

EPIC, Privacy Rights Clearinghouse, World Privacy Forum, et al. (2004, April 60). Thirty-One Privacy and Civil
     Liberties Organizations Urge Google to Suspend Gmail. Retrieved February 1, 2010, from PRC website:
     http://www.privacyrights.org/ar/GmailLetter.htm

EPIC. (2004, August 18). Gmail Privacy Page. Retrieved February 1, 2010 from EPIC website:
     http://epic.org/privacy/gmail/faq.html#4

Google, Inc. (2010). Google Privacy Center. Retrieved February 1, 2010 from Google website:
   http://www.google.com/privacypolicy.html
                                     References
Berteau, Stefan. (2007, November 29). Facebook’s Misrepresentation of Beacon’s Threat to Privacy: Tracking
    users who opt out or are not logged in. Retrieved February 1, 2010 from California Security Advisor
    Research Blog:http://community.ca.com/blogs/securityadvisor/archive/2007/11/29/facebook-s-
    misrepresentation-of-beacon-s-threat-to-privacy-tracking-users-who-opt-out-or-are-not-logged-in.aspx

								
To top