Sunday, June 17, 2012
Mechanisms of Social Network Privacy Violations
How do privacy violations occur in social networks? In this when I say “social network,” I mean the real social network and not software like Facebook that models a social network. If you need more clarification on this definition, please refer to my previous here.
Volitional or Accidental Privacy Violations
People can volitionally or accidentally violate your privacy. An accidental violation could arise from an acquaintance mentioning a personal attribute of yours you intended to keep private to another person. This other person would have been someone from whom you chose to hide this personal attribute. Or the mention could have been intentional with the mentioning party intending you harm or just disregarding the implied privacy. Accidental privacy violations seem to occur more commonly than the volitional or intentional privacy violations even though the opposite might seem true. Volitional privacy violations generally reveal themselves more readily whereas accidental violations are not preempted because they are more inconspicuous.
Accidental Privacy Violations
Almost all accidental violations originate with the person for whom the information revealed was private. In other words, the person who is violated by an accidental revelation was the original source of the information. A person could tell another person something while assuming the recipient of the information understood implicitly the nature of the information and therefore that the information was for them only and that they were to not retransmit the information. If the recipient did not understand the implicit privateness of the information, then they might just retransmit.
Other times, accidental privacy violations originating from the owner of the information happen as a result of ignorance. The person reveals something from which others can gather or infer more information. As an example, a person could say, "I was talking to Dr. Jack yesterday afternoon and so on and so forth," and the other person might know that Dr. Jack was on a remote hike yesterday afternoon. Knowing where Dr. Jack was and that this person was talking to Dr. Jack at that time, they might surmise that this person was with Dr. Jack on the hike and this would also mean that this person and Dr. Jack were close associates. Combinatory in its construction, the privacy violation in that example illustrates a commonly executed and less readily recognized accidental or even general privacy violation.
Sometimes a single piece of information can compose a privacy violation and other times, like the previous example, the violations can come from the combination of disparate and seemingly unconnected information.
Volitional Privacy Violations
People can volitionally violate your privacy. In other words, they take a piece of information which they know you consider private and retransmit that information to people whom you would not.
We commonly refer to a subtype of the volitional violations as a rumor. One person hears something private about another person and they pass it along. Rumors, whether true or not, violate a person's privacy in a much more emotional way. It seems the intensity with which people listen to rumors motivates the violator to spread the rumor, but that lies more in the psychological realm where I should not play.
Another type of volitional violation lies on the opposite side of the seediness spectrum where the violator does not think the information requires privacy. A person might not want other people in their community to know they grew up without a father. Maybe this embarrasses the person because the separation between their parents brings shame upon them. But, the privacy violator may not think parents separating brings shame to anyone and so they casually express to another person the fact of the divorce.
The last form of volitional privacy violations arise from a true intent to harm another person or protect others. A person may have committed a crime. Another person finds out about the crime and then alerts others in the community or their circle of friends because they find the criminal potentially dangerous or they want the criminal punished. A violation of this type seems less of a violation because the criminal desired to keep their crime private. Regardless of whether or not others find the violation justified and ethical, the violation remains just that by definition. But the information in the privacy violation may have been less nefarious and simply damaged a person's reputation in a community such as a sexual orientation frowned upon by the community in general.
We have seen that privacy violations can be accidental or volitional. And, they can be autonomous in their violation or they can be combinatory. These attributes of a privacy violation describe the type of violation and the potential mechanisms in a natural social network. In software modeling a social network, like google+ or LinkedIn, these privacy violations occur with the same attributes. People have relationships, they communicate information about themselves, and other people retransmit that information. So, the potential and actual occurrences happen all the same but in a different setting than the hometown coffee shop or over the phone.
This different setting provides new mechanisms and also new aspects of the violations. People share information in an online social network the same they do person to person. But, due to the nature of online communication, transmitted information is less transient. A third party for whom information is not intended can not hear what a person says in the coffee shop at a time after it was said. If Bob tells Sally that Joe had a medical procedure, Antwerp will not hear it when he arrives at the shop a minute later. The information has been transmitted and resides only in Sally's memory. And, even her memory might lose the information making the information unretrievable.
Online, information transmission is more permanently retrievable. You may post something online for your current circle of friends in your social network or circle of friends. That information was suitable for their eyes and ears in that you trust them and you consider the information private outside of that circle. Later, you add a new friend to your network while forgetting that you had shared the previously private information. Your new friend could retrieve the information you would not tell them given the chance. So the information you would consider private when communicating with your new friend, your new friend now knows. Had you told your friends this private information in a physical gathering like a party, then your new friend would never have heard it because the information transmission at the party was transient. It ceased to occur as soon as your voice ceased vocalizing it.
Information shared online becomes closely permanently retrievable. Because of this, the severity, frequency, and quantities of privacy violations occurring naturally in a social network will be magnified because each revelatory mistake is close to permanent. Information revealed in different social networks with different circles of friends can be combined by others accidentally or intentionally to reveal compound attributes you would consider private. A date in your profile in one network combined with a post in another network and then joined with an email you sent to your boss, can reveal to your boss that you lied about being sick on Tuesday and in fact you were at a car show.
Software Privacy Violations
Because online social networks model natural social networks and the models created by people inherently contain mistakes, online social networking software will at some point reveal information you considered private if you posted private information on a network or networks. It seems that almost every network has violated users' privacy either by allowing hackers to enter into the network or by exposing information intended for one limited circle of friends to another circle of friends or even just one other acquaintance. These violation mechanisms are difficult for an end user to control and account for most of the distrust people have of online social networks. If you add mistakes in the software modeling the social network to a person's accidental revelations, you will find that the privacy violations do not just add up but become multipliers.
In communication within or between social networks, people have to contend with the information they shared and the audience with whom they shared the information. They have to cognizant of the nature of the information and the character of their audience. A person has to consider how to describe the nature of the information to their audience and even how they might allow that audience too retransmit the information. That is just in a natural social network. If you then add in the proxy of software modeling a natural social network, you have so many more considerations of which you may not even be aware. Look at all the various privacy settings in online social networks and their ambiguous definitions. It is no wonder accidental violations occur so frequently online. But, understanding how these violations occur will help a person recognize one or more of the mechanisms and attempt to fix the violation. The mechanisms of privacy violations in social networks are not difficult to understand and recognize but the effort involved to seek them out is not trivial.