From: Jax Russo <jax.russo@gmail.com>
  To  : <CPC@emoglen.law.columbia.edu>
  Date: Fri, 12 May 2006 18:14:13 -0400

Paper 2: The Facebook Invasion and the Real Enemy to Privacy

  The Facebook/Friendster/MySpace explosion is undeniable. Over 11.1 
million people are on Facebook, and over 26.7 million people are on 
MySpace.[1] <# ftn1> Electronic communities provide a sense of belonging 
in a sometimes cold and isolated world. They provide humans with an 
enhanced sense of interaction. Not only is it validation that you have 
friends, but it allows the exhibitionist in us all to emerge and parade 
around the web. Went to three parties on Saturday? Well, you can post 
all 150 photos, and tag your friends! Have an inside joke to share with 
a friend? Why pick up the phone when you can write it as a MySpace 
comment? And of course let’s not forget the vast amount of personal 
information these sites allow you to display to the world. There is a 
spot for everything from education to relationship status, all postable 
for the world to see at the click of a mouse.

It wasn’t until I read /No Place to Hide /that I thought there was 
anything wrong with being a member of an electronic community. Although 
O’Harrow made many valid points about the intrusion into our personal 
lives and the constant surveillance we rarely see or can even 
comprehend, none of it struck me as hard as the story of Amy Boyer. 
Boyer was murdered by her stalker, Liam Youens. Youens obtained Boyer’s 
Social Security number from a broker in the gray market online.[2] 
<# ftn2> Once he had obtained her Social Security number, Youens could 
get almost any item of information he wanted. After obtaining her work 
address for only $75, he confronted his victim outside her office, shot 
her numerous times, and then killed himself.[3] <# ftn3>

Privacy advocates cite the Boyer incident in their attempts to display 
the evils and the dangers of data mining. But what if Boyer had a 
Facebook profile? Or a MySpace profile? What if her killer found her 
work address from a Friendster testimonial that referred to her place of 
business?

While MySpace is unprotected and visible to all on the Internet, 
Facebook and Friendster give the illusion of security: that only people 
you are friends with can see your profile, access your information, or 
send you a message. In fact, it’s just the opposite. As O’Harrow details 
in his book, hackers “can crack passwords such as 1111 or those based on 
the names of children, pets, and favorite words or phrases…almost as 
easily as they crack their knuckles. They use computer programs that can 
test millions of number or word permutations to unlock accounts.”[4] 
<# ftn4> Most people have one password for everything, and it’s usually 
an easy to remember word or phrase regarding something personal in their 
life. If Boyer had been a member of one of these online communities, 
Youens certainly would have saved time and money in his pursuit of her 
murder by simply hacking a password to log on and seeing all of her 
information: information that is likely far more personal than anything 
he could buy from ChoicePoint.

It seems ironic that people can be so concerned with the security of the 
information they dole out on the web for online banking and similar 
services, yet have no problem writing their address, birthday, favorite 
pets name, high school, and favorite movies for the world to see. How 
interesting it is that those categories are often the very same ones the 
online banking systems ask when you forget your password. Why do we 
continue to share these details when the danger of doing so is blatantly 
apparent?

One possible answer is convenience. It’s convenient to post your cell 
phone number on Facebook, so that if your friends lose their cell phones 
or need it quickly, they can get it. It’s convenient to post where you 
went to school, or where you lived in college, so that an old chum who 
may want to contact you can do it with ease. And people post the biggest 
gateway to their life, their AOL screen names, so that anyone who has it 
can now know where that person is at any time. Any day.

Another possible answer is the regression of adults to a high school 
clique mentality. On Facebook, a person is given the chance to be as 
cool as possible. People with other 500 friends are deemed “popular.” 
Instead of a lunch table with the “cool” kids, there are now groups 
devoted to inside jokes that serve to show others that they are out of 
the loop. The never-ending posting of photographs is the best way to say 
“I did something cooler than you did this weekend” without ever having 
to open your mouth.

Whatever the rationale may be, the dangers of social network site 
exhibitionism are slowly coming to light. Employers can now log on to 
Facebook and read the profiles of potential applicants.[5] <# ftn5> 
University administrators can troll the Facebook pages of underage 
students looking for signs of alcohol and drug use in photos and 
groups.[6] <# ftn6> Even the Police have begun using Facebook as a tool 
to make arrests.[7] <# ftn7> However, these dangers are on the more mild 
side of the spectrum, and easily avoidable if a person takes care not to 
post embarrassing photographs or make explicit references to illegal 
behavior. The posting of crucial information, such as telephone numbers, 
addresses, birthdays and class schedules, will likely remain 
commonplace, leaving the door open for an Amy Boyer incident to occur in 
the near future.

While companies like ChoicePoint and Seisint are monitoring our every 
move, we cannot mount a legitimate attack against the practice when we 
ourselves release such vital information to the world at large. A 
fundamental shift in the way people view the safety of the internet must 
occur for them to realize that while ChoicePoint is most surely an 
enemy, one often need look no further than a mirror to see another enemy 
to our privacy. The illusion of the internet as a safe space will only 
be dispelled when another Amy Boyer incident occurs, only that time, 
ChoicePoint will have clean hands.


------------------------------------------------------------------------

[1] <# ftnref1> Latest SNS Numbers = MySpace Streaks Ahead, 
http://www.readwriteweb.com/archives/latest sns numb.php (last visited 
May 12, 2006).

[2] <# ftnref2> Robert O’Harrow,  No Place   to Hide.  Pg. 149.

[3] <# ftnref3> /Id./

[4] <# ftnref4> /Id./ at 168.

[5] <# ftnref5> Google + Facebook + Alcohol = trouble, 
http://arstechnica.com/news.ars/post/20060119-6016.html (last visited 
May 12, 2006).

[6] <# ftnref6> /Id./

[7] <# ftnref7> /Id./ In the Fall of 2005 at Penn State University, 
police officers made arrests of students who charged the football field 
after a game and started a riot. Although the police officers did not 
know the names of the students directly following the riot, they were 
able to log on to the Facebook and decipher which students were involved 
because they had all joined a Facebook group, entitled “I Rushed the 
Field After the OSU Game (and Lived!).”



-----------------------------------------------------------------
Computers, Privacy, and the Constitution mailing list