Photo: James & Vilija
All big companies, including Facebook, make choices when it comes to protecting customer data. This is as true for banks and brokerages as it is for companies that do a much smaller volume, and seemingly, less important amount of business.How much security is enough security and is it solely up to the company that we’re doing business with to make those choices for us?
Many businesses are regulated, and while regulations don’t necessarily translate into the best protection for a customer, they at least ensure some basic level of security, which at least implies that it might be better. But, if simple compliance is not even enough, then who or what is looking out for you and me when it comes to social network security?
The problem with unregulated industries, such as social networking, is that the consumers of the service are not savvy enough to know what they’re not getting. They don’t get to ask questions. They don’t get to influence changes. They’re dealt a hand that they don’t understand, and asked whether to hit or stay. You wouldn’t gamble your money if you didn’t understand the rules of the game yet Facebook doesn’t take the time to explain the game, and they change the rules constantly.
What we need is an outside entity to at least define the game, to set some rules, and to hold Facebook accountable for what they do. If there was some sort of consortium to develop a set of security parameters that could then be legislated and regulated, then we could at least level the playing field. I’m in favour of taking some of the control that Facebook has over my data, and giving it to a third party that is focused, concerned, and can properly influence change. Then, let’s turn it over to the politicians to decide how it’s going to be enforced.
In the meantime, let’s make Facebook provide the same security controls that Google uses to protect its Adwords business and apply them to the social media sites. Let’s further stipulate that changes to the system can’t be made without more evaluation and better transparency to the customer. I’d be willing to bet that with Facebook’s vast audience that at least some of its members must be security specialists.
Perhaps a consumer advocacy group could be developed who at least has responsibility to make sure that any change is well thought out, well documented, well communicated, and has the least negative impact on usability of the site. Let’s make that group the channel that finds out what security requirements the Facebook community has so that they can be developed into features, features that not only protect us, but give us the ability to make choices about how we want to be protected.
Finally, if the ramifications of a security breach were as significant to Facebook as they were to say a payment processor, then I’d be willing to bet that Facebook would be doing a lot less gambling with our security, and would be much more reliant on tried and tested methods of data and privacy protection. Let’s let Facebook know that we care about the information we put on Facebook even though we make it available for our friends and family.
Social networking is a communication phenomenon, but let’s also remember that telephone party lines quickly became a thing of the past. So, too, should unintended and unauthorised disclosure of personal information.