Despite the neo-con conspiracy theory accusations, despite even the threats of Facebook The Movie (the specter of which I'm absolutely delighted about btw), Facebook continues to go from strength to strength in terms of empire building. According to recently released user & engagement stats, Facebook is currently the equivalent of the worlds fourth largest country, with around 240 million individual accounts. It's reporting a growth surge recently too – adding an incredible 700,000 to 750,000 new users per day.
The latest scandal to hit Facebook – and let's face it, one that isn't going to do their user stats any damage at all, is the tabloid and broadsheet friendly story centering on the British Secret Service, popularly known as MI6. Although MI6 has been recruiting on Facebook since September 2008, apparently their social media strategy hasn't stretched to the kind of employee guidance increasingly seen as critical in other industries. Recently recently appointed intelligence chief, John Sawers, ('C' as he will be codenamed in proper James Bond tradition), takes up his post in November. In the meantime, The Daily Mail are baying for Sawers blood (Daily Mail), following their crack investigation in to Mrs. Sawers completely unprotected Facebook pages.
Way back in October 2007, I asked the 200-ish audience members of the BIMA's Great Facebook debate – predominantly social media and related industry workers – to raise their hands if they felt 100% confident they understood who could see what on their Facebook accounts. About 4 hands went up, and mine wasn't one of them, despite the fact that I'd spent a year working on social networking service privacy settings. Since then, the third party application explosion has continued to muddy already the unfathomable waters of overly granular permissions settings. By January 2008, if came as little surprise to anyone working in the social networking service and privacy space that Facebook was being investigated by the UK's Information Commisioners Office for potential Freedom of Information Act infringements.
Currently, Facebook is rejigging it's operation model, simultaneously moving towards a more open platform and trying to make user permissions more understandable, including jettisoning it's regional networks in favor of sharing information between groups. All this is good news, and I look forward to tracking Facebook's progress. In the meantime, the best advice I can offer anyone is if you are using any service and aren't clear about who can see your content or how the permissions work, act as if the service is completely public. Don't post anything you would mind your mum, boss, colleague or local Daily Mail journo seeing.
The real story in the Sawers fiasco is, once again, is the one that research in the area has consistently pointed up. In general, people do not read terms of service or privacy statements. People like social networking services because of the warm glow of friendly, trusted association (some would say homophily) they submerge themselves in. Security and permissions settings are only as good as people can immediately or at least easily understand, leaving children, young people, vulnerable adults & MI6 potentially at risk.
Within increasingly connected societies, where the online is commonly integrated into our everyday social transactions, we need to be smarter about the implications of how we use services, and ensure that everyone has access to basic information. There was a huge fuss made when an leaked draft of the Rose Review mentioned a service – Twitter – as the kind of platform that digital literacy may support. Although there are obvious limitations in teaching platforms and applications rather than a focus on skills, competencies and understanding (and it only takes a cursory look our current Microsoft heavy curriculum to see the problems of this approach) – what the MI6 debacle demonstrates is the importance of recognising how and why people use services, and equipping them to use the social web in ways that don't compromise personal, or international, security.
The Information & Privacy Commisioner/Onterio has a recently updated PDF on How to protect your privacy on Facebook.
You can find basic information about online identity management relevant to people in all work places in my recent work on behalf of Childnet International for the UK Government's Department for Children, Schools and Families: Cyberbullying, supporting school staff (PDF)
If your organisation doesn't have a current employer and employee social web strategy in place, get in touch and I can help you design and implement one. I do special security service rates.
Related posts: ABC of permissions granularity