In a 32-page report, "Security Issues and Recommendations for Online Social Networks," the EU's European Network and Information Security Agency highlighted a number of potential privacy pitfalls for users of social networking sites.
Information in users' social networking profiles can be "a dangerously powerful tool in the hands of spammers, unscrupulous marketers and others who may take criminal advantage of users," the study warns. "New technologies ... combined with the false sense of intimacy often cared by SNSs [social networking sites], can lead to a serious erosion of personal and even physical privacy," the report continues. Contributors include professors from Carnegie Mellon University and Michigan State University, as well as a security advisor from Cisco Systems and a Hewlett-Packard researcher.
Jeff Chester, executive director of the Center for Digital Democracy, says he hopes the report will spur regulatory action in the United States. "The report lays out a compelling analysis of the various risks to privacy--and frankly, to the personal security--of social networking site users," he says.
Specifically, the agency criticized sites for "vague and uninformative" written policies about how and why they share data with third parties. The report also blasts sites like Facebook for failing to clarify how they use former members' data after they delete their profiles. "[I]n general, there is ambiguity as to whether information will be deleted upon account closure," states the report. "Upon 'deactivating' an account, users of some providers such as Facebook receive an e-mail telling them how to 'reactivate' their account--implying that a copy is kept of personal data."
Among other recommendations, the group urges social networking sites to revamp their written policies to make them easier to understand. "Descriptions of practices should be conveyed in a user-friendly way, with important information being conveyed in the context in which it is relevant, rather than being buried in terms and conditions," states the report.
This study comes as Facebook has roiled privacy advocates with two new ad programs--SocialAds, which publicize the names of "fans" of particular brands, and Beacon, which publishes information about people's online shopping activity to their friends. Those platforms, which attempt to harness users on marketers' behalf, have spurred the Center for Digital Democracy and Electronic Privacy Information Center to prepare an FTC complaint, which will likely be filed early next year.
Last week, confronted with mounting protests to the Beacon program, Facebook changed that program so that users must affirmatively consent to sharing information about their activity at other sites.