[LINK] facebook wants to give your personal data to 3rd party developers.
Roger Clarke
Roger.Clarke at xamax.com.au
Wed Mar 2 12:14:22 AEDT 2011
At 9:57 +1100 2/3/11, Kim Holburn wrote:
> Congressmen, Facebook go back and forth over personal data sharing
>http://arstechnica.com/web/news/2011/03/congressmen-facebook-go-back-and-forth-over-personal-data-sharing.ars
Thanks for the heads-up Kim!
In response to a media enquiry to me in my APF role, I muttered as follows:
I referred to the dreadful history of Facebook's behaviour in
relation to privacy, and the untrustworthiness of its undertakings.
I said that my understanding was that was this feature was 'opt-in'
("That's American for consent").
If so, I said the next test is whether it's really consent. That
depends on two important characteristics:
- free, i.e. not under pressure.
If Facebook bundles the feature with other, desirable things, then
people may find themselves signing up even though they'd prefer not to
- informed, i.e. people have to know (not just be able to find out)
what they're getting themselves into, i.e. what data, to whom
Given the considerable sensitivity of some of the data in the
profile, considerable care has to be taken by Facebook to
communicate, and communicate clearly. (His examples were
home-address and mobile phone).
When asked, I said that *if* Facebook did all of that, then it would
be up to each individual to make their own decision. (Whether
Facebook can be trusted to respect the conditions and not change them
later is, of course, a further factor).
APF shouldn't and wouldn't go so far as to recommend people not sign
up. We *do* say that we strongly recommend that they get information
about the feature, and think about it, and only sign up if they're
satisfied that the risks for them personally are okay.
I explained to him that what we'd all been waiting for in eCommerce,
for a long time now, is secure data-storage, under our personal
control, from which we can select particular data-items to be sent to
particular organisations.
I said the Facebook design falls far short of that. You don't get to
decide which item of data for which organisation - if you sign up,
it's *all* data, to *all* organisations.
I pointed out that credit-card-details are inevitable, as Facebook
naturally expands into eCommerce. That raises the prospect of fraud
based on such identity data.
--
Roger Clarke http://www.rogerclarke.com/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
Visiting Professor in Computer Science Australian National University
More information about the Link
mailing list