Headlines are always difficult, and the headline for this post was no exception. It should probably have read Digital social graphs reduce the protection of privacy, by lowering the inherent barrier cost of access, but then no one would even get through the headline.

However, the point remains, that by doing the hard work of mapping and documenting our social relationships on social media such as Facebook, we reduce the cost of investigative work from thousands of dollars to the mere cost of a court order. Our network and relations is a key ingredient in e.g. many police investigations, and requires the police to spend countless hours talking to friends, neighbors, etc. to learn. With social media, we've done all the hard work up front, and this significantly changes the inherent protection of the privacy of the individual.

Until now, the cost of obtaining information, private or otherwise, about individuals has been an important defense mechanism in protecting privacy. Much can be learned about any given individual if you hire a private investigator to do the digging, but the cost of doing so ensures that it rarely happens. Social medias generally don't make private information publicly available unless you choose to publicize it, but here the power of a court order slightly redefines your choice. You're no longer making the information to difficult to obtain, you're only making it difficult to obtain for anyone without a court order.

By all means, the police should certainly utilize all means within the boundaries of the law, to perform the best and most effective investigation, and if valuable information is available at the "click of a court order" this information should be obtained. I'm advocating a limitation of the access granted by a court order, however, we should carefully consider how usage is governed.

Consider the following scenario. You create a profile on Facebook, and add an application by a developer in China, granting the developer access to your information. Chinese law dictate that the government has unrestricted access to all data available to a Chinese company (I have no idea if this is the case), including your profile data you gave the developer access to. In your profile you've stated your political view as liberal, and a Chinese foreign exchange student you know from college, as a friend. Some time later, Chinese intelligence services trawl Facebook data available to them through application developers for Chinese people who are friends with people with stated liberal views for the purpose of extended monitoring.

This scenario is certainly technically feasible, and if not this then many other similar scenarios would be of great interest to many parties.

Our societies implement many inherent checks and balances through barrier costs, and Identity fraud is a good example. Identity fraud is not new, but "in the old days" it required expert skills in forging documents, operating money printing presses, etc. If you haven't seen Catch Me If You Can it's a great introduction into how difficult identity fraud was "in the old days". The Internet is reshaping the barrier cost or the cost of entry into identity fraud, and supply and demand dictates that a lower price means a greater uptake.

This translates directly to access to and use of private information. When the cost of both dramatically decrease so will interest in expand use similarly increase. Most countries screen airline passengers for known terrorists. Why shouldn't they be allowed to compare friends' lists of passengers with the list of known terrorists? On the basis that if you are a friend of a known terrorist, we really don't want you inside our country.

I'm not aware of any cases, where a person's digital social graph have been used in court or otherwise, but the use case seems obvious.

blog comments powered by Disqus


25 November 2007