Facebook Applications: Back Doors for Law Enforcement?

Via Google News I hear of a new Facebook Application: GMP Updates. The application, also known as “The Greater Manchester Police Updates,” gives you a feed of crime updates and links to a form for reporting crimes, according to the article. It’s the first time I’ve seen a law enforcement based Facebook application.

GMP Updates

There have been several articles about law enforcement using its normal user-level access to Facebook for criminal prosecutions (For example: “Facebook Helps Law Enforcement“, “Site Used to Aid Investigations,” “Student Arrested After Police Facebook Him“). In these cases, law enforcement or their tipsters browse Facebook like a normal user, looking at the information made available to that user.

Expanded Viewing Powers

Law enforcement use of applications will significantly expand the reach of what law enforcement can see, and also provide a more surreptitious viewing ability. It’s been noted that some 90% of popular applications have access to more information than they need, but this seems like a significant first — giving law enforcement more access than it needs. Why the expansion? Because application providers get access to just about all of your Facebook information, as described in the “Platform Application Terms of Use“:

In order to allow you to use and participate in Platform Applications created by Developers (“Developer Applications”), Facebook may from time to time provide Developers access to the following information (collectively, the “Facebook Site Information”):

(i) any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information, and

(ii) the user ID associated with your Facebook Site profile.

Facebook provides some examples of what this means. Like:

The Facebook Site Information may include, without limitation, the following information, to the extent visible on the Facebook Site: your name, your profile picture, your gender, your birthday, your hometown location (city/state/country), your current location (city/state/country), your political view, your activities, your interests, your musical preferences, television shows in which you are interested, movies in which you are interested, books in which you are interested, your favorite quotes, the text of your “About Me” section, your relationship status, your dating interests, your relationship interests, your summer plans, your Facebook user network affiliations, your education history, your work history, your course information, copies of photos in your Facebook Site photo albums, metadata associated with your Facebook Site photo albums (e.g., time of upload, album name, comments on your photos, etc.), the total number of messages sent and/or received by you, the total number of unread messages in your Facebook in-box, the total number of “pokes” you have sent and/or received, the total number of wall posts on your Wallâ„¢, a list of user IDs mapped to your Facebook friends, your social timeline, and events associated with your Facebook profile.

[I've highlighted some of my favorites]

Note that applications can access your data even if you’ve marked it as not viewable by the police in your geographic network or school. Even if you’ve used a “friend list” to restrict who sees a photo, it’s still available to the third party application providers. So its not enough to carefully tune your privacy vis-a-vis other Facebook users. You also have to avoid adding in applications like the GMP Updater — avoid getting updates from your local law enforcement.

Inadvertent Snitching

That’s not all that is happening. When you add an application, by default it can see what you can see on Facebook. So you’re also sharing your friends’ information with law enforcement. Your friends may opt-out of this sharing, but until they do you’ll be the eyes and ears of law enforcement by adding a law enforcement-based Facebook app. The defaults include quite a bit of information:

API Defaults

When you add applications, you’re told they get to see your information:

Add GMP Updates

But you’re not told you’re also sharing your friends’ info.

Content Too?

One thing that is unclear to me is whether applications can see the content of my Facebook messages and other communications I make within the site. Content fits the definition (“any information provided by you and visible to you on the Facebook Site, excluding any of your Contact Information”) of information available to third party providers, but it would be quite shocking if this was being made available to third parties. In the US, intercepting a communication requires a warrant — pursuant to the 4th Amendment as well as ECPA, and accessing a stored communication requires court orders or warrants, depending on the age of the information. This is why I’m skeptical that content is being shared with law enforcement via the API. It would be quite a scandal.

Posted: April 16, 2008 in:

“Do Not Track” lists and registries

Several consumer groups have proposed a do not track list in response to the problem of behavioral profiling online. The idea is that domains which use technologies that track users via the internet register with the Federal Trade Commission. Internet users who do not want to be tracked can then download this list to block the tracking technologies. This would be accomplished with a browser extension, plugin or some other technical method on the user end. The groups have provided a pdf image that describes how the system works.

The idea is not without its critics. Declan McCullagh writes:

The pro-regulation lobbyists and activists are most upset about behavioral advertising, meaning computer-generated ads that are based on pages a visitor previously viewed. Someone who spends a lot of time reading a newspaper’s Asia travel articles may see ads for trips to China even when perusing sports scores. Quelle horreur!

Messaging

I think some of the messaging on this is a bit off. At least, it gives people the wrong idea as to how this works. Note this Washington Post article:

Privacy, consumer and technology groups yesterday proposed the creation of a Do Not Track list similar to the Do Not Call phone list, allowing people to prevent companies from tracking which Web sites they visit.

Under Do Not Call, you sign up your number for a list. Telemarketers are then prohibited from using this list. Likening this recent proposal to do not call gives people the idea that they have to sign up for a do-not-track list. That someone will be keeping track of all the people that don’t want to be tracked. Thats not quite how this works. This works more like an sex offender registry — the people we are on the lookout for (the trackers/sex offenders) are the ones that are tracked. Not the consumers.

Of course it is problematic messaging to compare servers that track online consumers to sex offenders. But it does describe the interaction better: users are not signing up with the government, they’re using the government list to know who to avoid.

Limitations

The system does have some limitations. It doesn’t address all the data collection and use practices out there. One major item left off the list is data collection by search engines. That’s data that can be used for behavioral profiling. Specially since search engines like google keep individually identified information.

It’s also basically an opt-out system. I’ve talked about the problems with opt-out before. And also how opt-in is better.

But it does mitigate some problems with opt-out. Under opt-out, the data collector has no incentive to explain its data collection practices to the users. In fact, the incentive is to not explain it. Also under opt-out, the consumer has to go to each place and opt-out of that one place. Burdensome. This proposal fixes those problems by legislating the incentive on to the collector to disclose. It also allows one easy opt-out, rather than many.

It basically complements and facilitates many self-defense measures that are out there. I’m quite tech savvy. I use adblock, I manage my cookies. I block most third party scripts on the sites I visit. It seems like it would be more efficient to let all users simply make one choice — be tracked or not — than to have to make each choice like I do. And it would make it easier if the law facilitated this, by mandating that trackers disclose this information to the FTC. Investors make decisions based on mandated disclosures. Consumers should be able to as well.

Posted: November 4, 2007 in:

Facebook Takes More Steps to Spread Your Data

Social networking website Facebook recently announced that they would be sharing some of their user’s information with the world:

Starting today, we are making limited public search listings available to people who are not logged in to Facebook. We’re expanding search so that people can see which of their friends are on Facebook more easily.

However, it is not just your friends who will be able to find you:

In a few weeks, we will allow these Public Search listings (depending on users’ individual privacy settings) to be found by search engines like Google, MSN Live, Yahoo, etc.

If you object to these steps. Facebook will allow you to avoid this:

As always, if you do not want your public search listing to be visible to people searching from outside of Facebook, you can control that from the Search Privacy page.

So Facebook has decided to share data without asking for permission, and instead posted on its blog this fact, and has given people about 30 days notice to go and change this. They’ve done this before: when they set up their applications to share data with third parties, and when they set up their news feed to spread a users actions to that users network.

In privacy, this is known as an opt-out system: the holder of the data has decided to use your data in a certain way, and lets you stand up to object. This is in contrast to an opt-in system. Under an opt in system, the owner of the data asks for your permission before going off and sharing it further.

The major difference? Think about who has the incentives and costs here. Under opt-out, a person has to continuously monitor what Facebook is doing, they can never expect that what is happening is something they previously ok’ed. Under opt-in, a person can rest easy knowing that no surprises will come along. Under opt-in, Facebook has the incentive to describe the benefits of sharing the information, in order to get user’s permission. Under opt-out, Facebook’s incentive is to not give much notice: the more notice they give, the more people will choose not follow Facebook’s plan for sharing the data. Thus individuals are more informed under opt-in.

Facebook offers a lot of choice in privacy settings. Which is a good feature. But they should stop taking liberties with data, and start asking for permission before spreading it.

UPDATE
This article shows exactly how Facebook is getting away with avoiding the “opt-in/opt-out” distinction:

“The only data that will be available is your profile picture and your name – and then only if you agree that your profile should be searchable,” said [Facebook privacy chief] Chris Kelly.

But the problem is they’re not asking if you agree: they’re assuming you do. Now 40 million people have to find out about this and edit their privacy settings. This instead of Facebook simply selling the program on its merits to users.

Posted: September 9, 2007 in: