[LINK] facebook wants to give your personal data to 3rd party developers.

Roger Clarke Roger.Clarke at xamax.com.au
Wed Mar 2 12:14:22 AEDT 2011 

At 9:57 +1100 2/3/11, Kim Holburn wrote:
>  Congressmen, Facebook go back and forth over personal data sharing
>http://arstechnica.com/web/news/2011/03/congressmen-facebook-go-back-and-forth-over-personal-data-sharing.ars

Thanks for the heads-up Kim!

In response to a media enquiry to me in my APF role, I muttered as follows:

I referred to the dreadful history of Facebook's behaviour in 
relation to privacy, and the untrustworthiness of its undertakings.

I said that my understanding was that was this feature was 'opt-in' 
("That's American for consent").

If so, I said the next test is whether it's really consent.  That 
depends on two important characteristics:
-   free, i.e. not under pressure.
     If Facebook bundles the feature with other, desirable things, then
     people may find themselves signing up even though they'd prefer not to
-   informed, i.e. people have to know (not just be able to find out)
     what they're getting themselves into, i.e. what data, to whom

Given the considerable sensitivity of some of the data in the 
profile, considerable care has to be taken by Facebook to 
communicate, and communicate clearly.  (His examples were 
home-address and mobile phone).

When asked, I said that *if* Facebook did all of that, then it would 
be up to each individual to make their own decision.  (Whether 
Facebook can be trusted to respect the conditions and not change them 
later is, of course, a further factor).

APF shouldn't and wouldn't go so far as to recommend people not sign 
up.  We *do* say that we strongly recommend that they get information 
about the feature, and think about it, and only sign up if they're 
satisfied that the risks for them personally are okay.

I explained to him that what we'd all been waiting for in eCommerce, 
for a long time now, is secure data-storage, under our personal 
control, from which we can select particular data-items to be sent to 
particular organisations.

I said the Facebook design falls far short of that.  You don't get to 
decide which item of data for which organisation - if you sign up, 
it's *all* data, to *all* organisations.

I pointed out that credit-card-details are inevitable, as Facebook 
naturally expands into eCommerce.  That raises the prospect of fraud 
based on such identity data.


-- 
Roger Clarke                                 http://www.rogerclarke.com/

Xamax Consultancy Pty Ltd      78 Sidaway St, Chapman ACT 2611 AUSTRALIA
                    Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au                http://www.xamax.com.au/

Visiting Professor in the Cyberspace Law & Policy Centre      Uni of NSW
Visiting Professor in Computer Science    Australian National University

More information about the Link mailing list