social media risks
TRANSCRIPT
Social Media Risks
Social Media – Dr. Giorgos Cheliotis ([email protected])Communications and New Media, National University of Singapore
Introduction
Millions of Internet users use social media platforms daily for self-expression, communication and collaboration
As social media becomes daily routine, we have to learn how to deal with the risks of computer-mediated communication
Some of these risks are more unique to social media, while some are relevant to nearly any form of communication but may take new forms online
Users continuously explore new ways of negotiating their need for privacy and safety, with their desire to communicate with more people and in more public ways
As all social media is hosted somewhere and facilitated by communication technologies, risks are also relevant to the intermediaries that operate online platforms and communication networks
In the meantime, law is evolving and trying to catch up with new technologies and new online behavior, while inevitably leaving many gray areas that both users and service providers try to navigate
CNM Social Media Module – Giorgos Cheliotis ([email protected])2
Types of user risks in social media space
CNM Social Media Module – Giorgos Cheliotis ([email protected])3
Privacy and safety
Self presentation
Self expression
• Involuntary information revelation• Involuntary transfer of ownership of
personal data or content to third party• Commercial exploitation of user data• Mismanaging visibility and searchability
of personal data online• Identity theft
• Reduced anonymity and increased traceability, especially in platforms encouraging use of real offline identity
• Network effects (privacy risks deriving from one’s online network of contacts)
• Stalking (online and offline)• Surveillance by state and third parties
• Harsh criticism and other negative reactions to one’s online profile by friends and others
• Usage of sensitive and/or inappropriate personal or third-party content in self presentation (incl. copyright infringement)
• Complexity of translating and separating offline roles and one’s image online
• Peer pressure to involuntarily disclose personal information to online network (e.g., top friends, religion, relationship status, etc.)
• Ease and speed of posting increases potential for social blunders
• Common private behavior crosses easily to public sphere where it may be considered inappropriate or offensive
• Insufficient separation of social circles
• Users can run afoul of laws that were previously more often applied to mass media, professional content producers and public persons (e.g., defamation and sedition laws)
• Copyright infringement
Risks
Types of service provider risks
CNM Social Media Module – Giorgos Cheliotis ([email protected])4
Liability for UGC
User data protection
User alienation
• Internet service providers and social media sites can be held liable for copyright infringing or otherwise illegal content that users post online
• Active moderation of UGC not very effective and can expose to greater liability when moderators fail to detect illegal content
• Failure to turn over user data to authorities may result in fines to the service provider
• Compliance may also lead to liability when proper procedure is not followed and user data is shared without care
• Commercial use of user data and sharing with third parties for such purposes may also expose to risk of lawsuit (though strength of laws on protection of user data vary across jurisdictions)
• If users feel that the terms of service are not fair or that the service provider will not protect their data and privacy, they may switch to other platforms or stage online protest
• When the terms of service attempt to transfer ownership of user data and/or UGC to provider, users will likely also react negatively and possibly also switch to competing platforms
Risks
Key privacy issues (1 of 2) Defaults: many users leave privacy
settings at their default values, exposing themselves to risks that they may not fully appreciate
Cognitive and user interface issues: users that do change their privacy settings have difficulty remembering what values they set them to and may find it cumbersome to manage these frequently
Mismatch of user needs and provided functions: binary simplicity of SNS (friend or not) and lack of contextual cues (whom am I addressing now?) make it difficult to express graded understanding of ‘friendship’ and manage different social circles appropriately*
CNM Social Media Module – Giorgos Cheliotis ([email protected])5
* SNS’s are starting to accommodate for such needs, but at the cost of increased cognitive and UI complexity
Key privacy issues (2 of 2) Peer pressure and herding: users imitate
others or succumb to social pressure, revealing more information than they perhaps should
Privacy paradox: identifiability, searchability, and the regular sharing of one’s daily experience online helps others find and connect to the user, but always at the expense of lost privacy
Network risks: one’s online ‘friends’ may invite unknown others to one’s network (as friends-of-friends who may be able to view one’s updates, or by forwarding content and data outside one’s managed network)
CNM Social Media Module – Giorgos Cheliotis ([email protected])6
* SNS’s are starting to accommodate for such needs, but at the cost of increased cognitive and UI complexity
The demographics of privacy Teenagers face greater risks in terms of self presentation as they playfully
explore and negotiate their online identity with others, while experimenting with different presentation styles, in the process exposing themselves to risks of rejection or ridicule by friends, stalking and abuse
Adults may be more conscious of certain types of risks and focus more on managing and expanding their wider and more complex online networks but are thus more prone to risks arising from the mismanagement of these professional and personal networks
CNM Social Media Module – Giorgos Cheliotis ([email protected])7
Gated communities (e.g., campus networks) can provide a sometimes false sense of security based on common identity and authentication mechanisms that are easy to undermine
As social media sites evolve and grow, what used to be a gated community may become a more open one, exposing behaviors that were targeted at a more narrow audience to wider public scrutiny (e.g., when Facebook spread beyond college campuses)
Data mining and re-identification
CNM Social Media Module – Giorgos Cheliotis ([email protected])8
With advances in computing power and data mining, our extensive network of partially-revealing online profiles and habits can be synthesized, to piece together our real-world identity
Data which is not available online can be inferred from voluntarily revealed information (e.g., address, postal code, birth date, affiliation with institutions, employment, etc. can help identify individual, or one’s online passwords)
Information that is pieced together online can be used to extract additional confidential information by means of social engineering and identity theft
Also, data may be shared with others without the user’s knowledge, or as a result of shifting privacy default settings in websites, possibly making millions of hitherto limited-access data public in one stroke
Finally, law enforcement may request that hidden user data be made available for further analysis
Limits to self-expression and resulting liability
CNM Social Media Module – Giorgos Cheliotis ([email protected])9
In interactions with close friends we often share freely content and ideas and let our guard down, jest about topics that we might not take lightly in public, feel free to comment on issues and individuals and may criticize everything and everyone, fairly or unfairly, without always carefully backing up our claims or even considering their validity outside of a closely-knit group (group-think)
When the same types of interactions that may be valuable in bonding with friends and like-minded people take place online, we expose ourselves to a number of risks that were hitherto of concern only to professional journalists, mass media producers and public personalities.
Any public or semi-public online communication is also a publication in the sense that it is recorded in a specific format and is traceable online, even long after it was performed
Private communication can also be similarly recorded, with or without the participating parties’ knowledge
Resulting to much greater risk of copyright infringement and possible violations of laws regulating (offline and online) speech
Singapore’s regulatory framework
CNM Social Media Module – Giorgos Cheliotis ([email protected])10
Defamation Sedition
Confidence
Copyright Act
Broadcasting Act
Regulation of speech
Self regulation
HIGHLY SIMPLIFIED
Industry Individuals
National Security Act
Films Act
Undesirable Publications
Act
Notes on regulatory framework (1 of 2) Long history and relatively frequent use of defamation law for
the protection of the reputation of political and judicial system and associated individuals
Defamation damages can be very high (hundreds of thousands of SGD), and are awarded in proportion to the social standing of the plaintiff and the defendant
CNM Social Media Module – Giorgos Cheliotis ([email protected])11
Defamation
Definition of sedition quite broad, to include major threats to social cohesion and national security; includes seeding contempt for the government, and racist or otherwise offensive remarks (e.g., offending religious and ethnic groups)
Application of law is strict and frequent in Singapore, with little tolerance for comments that are deemed to undermine the people’s respect for major institutions and for the diverse ethnic and religious groups of the country
Sedition
Protects secrets and confidential information from unauthorized disclosure (e.g., in business dealings)
Depends on presumption of confidentiality in communication, which is rather narrowly defined: not sufficient as privacy law
Confidence
Notes on regulatory framework (2 of 2) Enforcement rather strict, but with an increasing recognition of
the need for new licensing models (e.g., Creative Commons) and the development of a more open ecosystem for innovation
Some disparity between official pro-copyright stance and popular attitudes towards copying and sharing copyrighted content, as in other countries around the world
CNM Social Media Module – Giorgos Cheliotis ([email protected])12
Copyright
Aimed more at regulating rights to broadcast in traditional mass media, which are more proactively controlled by the MDA
Recognition of the impracticality of full-on Internet content regulation led to introduction of a ‘class license’ which allows anyone and everyone to post and disseminate content online
License could be revoked in principle for those who repeatedly post illegal content (resulting possibly to termination of Internet access), although there is no such precedent yet
Broad-casting Act
Gives government greater power to forbid the publication of content that is deemed a threat to national security (in addition to other laws, such as the Undesirable Publications Act and the Government Secrets Act)
Internal Security Act
Practical advice for social media users
Protect your privacy online by fine-tuning privacy settings on platforms that you use and being more careful with whom you invite to your online networks
Avoid sharing any information that could compromise your privacy, safety, or reputation in the eyes of your friends and others
Do not assume that because an online communication may be private, it is absolutely safe
Show appropriate respect for institutions and persons online, even in communications that are not public, and even while you may criticize people, institutions, or events
Be careful when posting comments that may be damaging to the reputation of third parties, especially when those are held in high esteem by a majority of a country’s citizens (although respectful criticism and disagreement should always be preferred, irrespective of one’s social standing)
Avoid discussing and promoting online topics that are de facto taboo in a given culture or country, or that may easily offend others, or may be easily misunderstood as offensive
Do not assume that posting with a pseudonym or as ‘anonymous’ is entirely safe; your IP address is probably logged by your ISP and can be requested by law enforcement
Be keenly aware of the potential for copyright infringement when you copy or share content created by others
CNM Social Media Module – Giorgos Cheliotis ([email protected])13
Practical advice for social media site owners Consider whether you should actively moderate user-supplied content on your site; it might
be better to act purely as an intermediary, thus also making clear that you provide a communication platform and are not responsible for what users post (this may work well in some jurisdictions only, depending on a country’s statutes and legal precedents)
Consider whether your site has significant legal use or whether it is more likely to be used for purposes that may be illegal in your jurisdiction, or in the jurisdiction(s) of your users
Comply with notice and take-down procedures for copyright-infringing material to avail of ‘safe harbors’ in copyright law (clauses providing indemnity to the operator of the site for infringing activities of users)
Provide also an easy mechanism for users to appeal such take-downs to avoid the chilling effects on speech that aggressive take-down policies may have
Make your policies on what is acceptable material absolutely clear to your users, especially to new members (also consider carefully whether you wish to allow for anonymous postings and/or access to content)
Promote the use of appropriate ‘netiquette’ and allow for the easy reporting of users who abuse the site’s policies or are an annoyance to other users
Do not reveal user data nor take down user-supplied content, unless proper procedure is followed by the party requesting the action, in accordance with jurisdiction and international law; seek legal advice where necessary, otherwise you risk alienating your users and possibly even a lawsuit for acting against your users’ interests when you shouldn’t have
CNM Social Media Module – Giorgos Cheliotis ([email protected])14
Thoughts on design…
CNM Social Media Module – Giorgos Cheliotis ([email protected])15
How can an SNS give more control to users over the content that others in their network post that may be compromising? (e.g., photos on Facebook)
How can we simplify privacy controls, while also promoting more user control and awareness of what is broadcast to whom?
When should an online community allow for anonymous access and should it actively moderate postings? Think about online
platforms you know and how they attempt to create virtual environments that users can trust; also, how
that trust can be compromised
How can a site empower its users to self-moderate and report abuses to the site administrator?
How can we create safer and more intimate private spaces for online communication that are less prone to manipulation by others and less risky for the individual?
How can an online community or SNS effectively verify the validity of user accounts or otherwise limit membership to ‘trusted’ members only, when this is desirable?
Credits and licensing Front page photo by cobalt123 (license: CC BY-NC)
Privacy photo by alancleaver_2000 (license: CC BY)
Drawing of network of different ages by lucas.leite (license: CC BY-NC-ND)
16 CNM Social Media Module – Giorgos Cheliotis ([email protected])
Original content in this presentation is licensed under the Creative Commons Singapore Attribution 3.0 license unless stated otherwise (see above)