Category: Social Network Websites


ConTwittering Opinions?

It’s been interesting to watch the GlomTwittering (TwitGlommering?) experiment over the past few months. It’s different to see the advent of ambient awareness popping up on a familiar legal blog. And it does add an interesting dimension to my perception of the GlomTwitterers. (Who knew that Gordon spent so much time thinking about cheese? Oh, wait.)

Is this the wave of the future? Should we start thinking about ConTwittering over here? I have to admit, I’m a little skeptical. For one thing, I’m not sure what I would Twitter about, anyway. (“Kaimi is blogging, again” — is that really interesting or useful?) Another downside — I’m not sure I always _want_ to announce my status to everyone. Students might realize that I’m procrastinating grading their exams for no good reason.

Read More


Facebook, Myspace, and College Admissions

social-network1.jpgLast year, I noted that employers and others were increasingly looking at applicants’ social network website profile pages in their hiring decisions. Apparently, now college admissions officers are also using social network sites like Facebook and MySpace to make decisions on applicants. According to the Wall St. Journal:

A new survey of 500 top colleges found that 10% of admissions officers acknowledged looking at social-networking sites to evaluate applicants. Of those colleges making use of the online information, 38% said that what they saw “negatively affected” their views of the applicant. Only a quarter of the schools checking the sites said their views were improved, according to the survey by education company Kaplan, a unit of Washington Post Co.

Some admissions officers said they had rejected students because of material on the sites. Jeff Olson, who heads research for Kaplan’s test-preparation division, says one university did so after the student gushed about the school while visiting the campus, then trashed it online. Kaplan promised anonymity to the colleges, of which 320 responded. The company surveyed schools with the most selective admissions.

The article notes that most colleges don’t have policies with regard to when and how college admissions officers can use social network website profiles in making admissions decisions. The article illustrates that we need to make much greater progress in educating what I call “Generation Google” — the generation currently in high school and college who are chronicling their own lives and those of their classmates online — about the risks, consequences, and ethics of what they post on the Internet.

Moreover, many companies and college and graduate school admissions officers lack a policy or guidelines about the appropriate and inappropriate use of what they find online about a candidate. Policies are sorely needed, as there are many issues that need to be thought about:

* Should such information be used? When?

* How heavily should it be relied upon?

* What kinds of things should negatively impact an applicant? Information about sex life? Drug use? Drinking? Bad behavior?

* What steps should be taken to make sure that the information was accurate?

* Should a distinction be made between information that people post about themselves and information that others have posted about them, perhaps invading their privacy without their consent?

* What steps should be taken to make sure that the information used in fact relates to the applicant and not to somebody else with the same name?

* Should people be notified that information online was used against them and be given an opportunity to be heard to explain it?


I have to write this, or else Nate will get to define me

A fascinating article in the NYT discusses some of the social aspects of online communities (particularly Facebook). One quote captures the unique sort of self-imposed captivity that online communities can create:

Yet Ahan knows that she cannot simply walk away from her online life, because the people she knows online won’t stop talking about her, or posting unflattering photos. She needs to stay on Facebook just to monitor what’s being said about her. This is a common complaint I heard, particularly from people in their 20s who were in college when Facebook appeared and have never lived as adults without online awareness. For them, participation isn’t optional. If you don’t dive in, other people will define who you are. So you constantly stream your pictures, your thoughts, your relationship status and what you’re doing — right now! — if only to ensure the virtual version of you is accurate, or at least the one you want to present to the world.

It’s a great description of one of the addictive aspects of online discussion.

The article also gives a good explanation of who exactly your Facebook friends are — and why they (might) matter:

Read More


A Not So Pretty Picture

ZDNet reports that over 1,000 Facebook users adopted a Photo of the Day application featuring National Geographic images that also embedded malicious code, creating a botnet of users that launched distributed denial of service attacks. The good news is that information security researchers orchestrated the “Facebot” in order to expose this security flaw. The bad news is that given the flaws in social network platforms, real attacks could be worse. (Here is the research paper that the group produced, which is entitled “Antisocial Networks: Turning a Social Network into a Botnet”). Although Facebook has fixed the vulnerability identified by the researchers, concerns remain about the security risks of third-party applications on social networking sites. The serious downside of a pretty picture, to be sure.


Politics in the Age of MySpace and Facebook

myspace.jpgRecently, I was interviewed for an article in the Globe and Mail about the young teenage father-to-be involved in the media circus surrounding vice presidential candidate Sarah Palin’s pregnant teenage daughter. I believe that the media should restrain itself from prying further into Palin’s daughter’s private life, as well as that of the father-to-be. He was referred to only as “Levi” by the media until recently, when a few media entities and bloggers started identifying him by his full name. I don’t believe he should be identified by his last name unless he consents to it. His identity is of little relevance to the issues in the campaign.

Apparently, he had a MySpace page. According to the Globe and Mail:

According to his MySpace page, he loved camping, fishing and riding dirt bikes. He wasn’t much for babies (“I don’t want kids”) or political optics: “Ya fuck with me I’ll kick ass,” the page says. . . .

The Alaskan teen’s MySpace page was taken down yesterday, but the damage had been done.

“I’m a little bit surprised the campaign didn’t ask him to take these pages down,” said Daniel Solove, author of The Future of Reputation: Gossip, Rumor, and Privacy on the Internet. “It’s become a very distracting sideshow.”

Information about his identity and MySpace page are all over the Internet and media now. More and more, we’ll be seeing the media and bloggers mining the social network profiles of the kids of politicians. I think that this is unfortunate, but it is hard to stop people from gawking at a public website, especially when a politician’s child falls into the vortex of a media storm. The fact that Levi’s MySpace page remained publicly available for so long indicates that there is far too little thought and attention to social network websites and the Internet by parents and others outside of what I call “Generation Google” — the teenagers today who are posting more and more personal information online, which will be available to anybody doing a Google search.

If Sarah Palin and the McCain campaign knew about the pregnancy, they certainly must have expected that with today’s media, it would sooner or later find its way into the news. With that risk in mind, why not try to make sure that public MySpace or Facebook pages of those involved are removed before the media frenzy begins? This strikes me as a fairly substantial oversight. The teenagers involved in this incident are far from ready to confront the media frenzy they are now subjected to. Somebody should have told Levi to remove his profile (or make it accessible only to his friends) long before the story broke. Perhaps the McCain campaign. Perhaps Sarah Palin. Perhaps his parents. This illustrates part of the problem facing members of Generation Google — their parents, teachers, and others who advise them are not well-versed enough in what’s going on.


Trolls, cyberbullying, Dan

This week’s New York Times magazine has a fascinating article about online trolls and cyberbullying, which includes a quote from Dan. The article itself is well worth reading. An excerpt:

That the Internet is now capacious enough to host an entire subculture of users who enjoy undermining its founding values is yet another symptom of its phenomenal success. It may not be a bad thing that the least-mature users have built remote ghettos of anonymity where the malice is usually intramural. But how do we deal with cases like An Hero, epilepsy hacks and the possibility of real harm being inflicted on strangers?

Several state legislators have recently proposed cyberbullying measures. At the federal level, Representative Linda Sánchez, a Democrat from California, has introduced the Megan Meier Cyberbullying Prevention Act, which would make it a federal crime to send any communications with intent to cause “substantial emotional distress.” In June, Lori Drew pleaded not guilty to charges that she violated federal fraud laws by creating a false identity “to torment, harass, humiliate and embarrass” another user, and by violating MySpace’s terms of service. But hardly anyone bothers to read terms of service, and millions create false identities. “While Drew’s conduct is immoral, it is a very big stretch to call it illegal,” wrote the online-privacy expert Prof. Daniel J. Solove on the blog Concurring Opinions.

To steal a line from Glenn Reynolds — go read the whole thing.


Should (legal) academics use Facebook? (Part 527 of a continuing series.)

True, the “should academics use Facebook?” article is fast becoming passe. (See also: “should academics blog?”, “should academics use MySpace?”, and “should academics navel-gaze?”) However, a recent post on the HNN (History News Network) is a particularly good example of the species. In a discussion of whether historians should use Facebook, historian Jesse Lemisch sets out some helpful analysis:

Why should historians be on Facebook? I think it has the potential to be an electronic version of the halls of the AHA: a place of lively and utterly informal talk about what historians are doing and saying, and what’s going on in their lives. Just as Facebook threatens to replace college reunions, it can constitute something like a professional meeting, between professional meetings. (Note that “something like”: I have no desire with this proposal to replace professional meetings, but rather to extend them.)

I value the papers given at the AHA and OAH, but I generally come away from these meetings as well educated by conversations in the halls, and while prowling the book exhibits. Somebody has mounted a stupid and uncomprehending attack on me in a book whose galleys are available at booth 432. And there he is, at booth 927, hiding, but available for animated conversation. Here’s somebody you haven’t seen in years, and, thank goodness, she has a name badge. And, you find, she is doing fascinating work. Here is somebody who responds to regards to the spouse with a facial expression that tells you immediately that your information is no longer accurate. And here are historians of all stripes, and information about new sources and new work and controversies not yet erupted. And so on: readers of HNN know what happens in the halls of the AHA. For better or worse, all these things can happen on Facebook.

This sounds like an admirable enough goal. Why not chat about books, vacations, restaurants, and whatever else on Facebook?

There are interesting parallels to law. For instance, of conversations I’ve had at AALS, I’d say maybe a quarter of them have been purely law conversations of the type it would be hard to have online. But the majority have been general-topic chats of one kind or another. Ideally, Facebook and sites like it can facilitate the broad, cocktail-party mingling that helps keep law professors — a notoriously socially awkward group — connected and in general contact with one another. In theory, this could be good. (On the other hand, it’s awfully tricky to gossip on a public forum.) Right? What’s not to like about it?

I would write a lot more about how law professors could use Facebook, but duty calls. II have an urgent appointment to attack Nate’s zombie with my vampire before my daily attacks expire. Then, perhaps after a few games of Word Twist, I’ll be back with Part 2.


(More) stupid things not to do on Facebook

facebook3.jpgTo add to the ever-growing list:

While waiting to be sentenced for your drunk driving conviction — and trying to convince the judge that you take the process seriously, that you are remorseful, and so on — do not post lots of pictures of yourself partying and drinking.

(You would think some things would be obvious, wouldn’t you?)

The CNN story has some interesting nuggets, like: “Santa Barbara defense lawyer Steve Balash said the day he met client Jessica Binkerd, a recent college graduate charged in a fatal drunken driving crash, he asked whether she had a MySpace page. When she said yes, he told her to take it down because he figured it might have pictures that cast her in a bad light.”

That sounds reasonable. If you’re a defense lawyer these days, and your client has a Facebook or MySpace page, you’re going to tell them to take it down, aren’t you?

(Query: Is it enough to merely set it to private? What if it’s a private page? Can the prosecutor send a friend request, and get access to the page? Seek a forwarded copy from the person’s friends?

For that matter, how do you prevent your friends from posting pictures of you to their Facebook pages? (That’s what happened in one of the cases in the CNN article.) Don’t go to parties while waiting for sentencing, I guess. Or if you are partying, don’t let anyone take your picture.)

Technology — a tool for inventing all sorts of brand-new bad ideas.


Is the Computer Fraud and Abuse Act Unconstitutionally Vague?

At the National Law Journal, attorney Nick Akerman (Dorsey & Whitney) contends that the Computer Fraud and Abuse Act (CFAA) indictment of Lori Drew (background about the case is here) is an appropriate interpretation of the statute:

While this may be the first prosecution under the CFAA for cyberbullying, the statute neatly fits the facts of this crime. Drew is charged with violating §§ 1030(a)(2)(C), (c)(2)(B)(2) of the CFAA, which make it a felony punishable up to five years imprisonment, if one “intentionally accesses a computer without authorization . . . , and thereby obtains . . . information from any protected computer if the conduct involved an interstate . . . communication” and “the offense was committed in furtherance of any . . . tortious act [in this case intentional infliction of emotional distress] in violation of the . . . laws . . . of any State.”

There is no question that the MySpace network is a “protected” computer as that term is defined by the statute. Indeed, “[e]very cell phone and cell tower is a ‘computer’ under this statute’s definition; so is every iPod, every wireless base station in the corner coffee shop, and many another gadget.” U.S. v. Mitra, 405 F.3d 492, 495 (8th Cir. 2005). There is also no question that a violation of MySpace’s TOS provides a valid predicate for proving that the defendant acted “without authorization.” What the commentators ignored in their critique of this indictment is that the “CFAA . . . is primarily a statute imposing limits on access and enhancing control by information providers.” EF Cultural Travel B.V. v. Zefer Corp., 318 F.3d 58, 63 (1st Cir. 2003). A company “can easily spell out explicitly what is forbidden.” Id. at 63. Thus, companies have the right to post what are in effect “No Trespassing” signs that can form the basis for a criminal prosecution.

If this interpretation of the law is correct, then the law is probably unconstitutionally vague. A vague law is one that either fails to provide the kind of notice that will enable ordinary people to understand what conduct it prohibits; or authorizes or encourages arbitrary and discriminatory enforcement. The CFAA, as construed by the prosecution in the Drew case, will probably be found vague because it authorizes or encourages arbitrary and discriminatory enforcement.

Suppose I put a notice on this post that says: “No attorneys may post a comment to this blog.” Suppose Nick Ackerman comes to this site, sees this post, and and writes a comment that is defamatory. Under his theory, he can be prosecuted for violating the CFAA. He has “trespassed” on this site. Moreover, if a blog has a policy that it will not tolerate “rude, uncivil, or off-topic comments,” then commenters who make such comments that are tortious (intentional infliction of emotional distress, public disclosure of private facts, false light, defamation, etc.) can be liable for a CFAA violation. Moreover, any use of a website that goes against whatever terms the operator of that site has set forth that constitutes a negligence tort is also criminal.

The problem here is that the CFAA’s applicability would be extremely broad — so broad that the cases likely to be prosecuted would be arbitrary. Since tort law is common law, and is very flexible, broad, and evolving, people would not have adequate notice about what conduct would be legal and not legal. There’s a reason why tort law is different from criminal law — we are willing to accept a lot more ambiguity and uncertainty in tort law than in criminal law, where the stakes involve potential imprisonment.

Moreover, Nick Akerman only focuses on the CFAA § 1030(c)(2)(B)(2), which makes it a felony to exceed authorized access if the offense was committed in furtherance of any tortious act.

The CFAA § 1020(a)(2)(C) makes it a criminal misdemeanor to “intentionally accesses a computer without authorization or exceeds authorized access, and thereby obtains . . . information from any protected computer if the conduct involved an interstate or foreign communication.” If I’m interpreting this correctly (and I don’t purport to be an expert on the CFAA), under the Drew prosecutor’s interpretation of the CFAA, any time a person violates a website’s terms of service and access any information from the site, there’s a criminal violation. That means that if I post on this blog a notice that says: “No attorneys may access any other parts of this blog other than the front page,” and an attorney accesses any other page on my blog, then there’s a CFAA violation. Could the law possibly be this broad? I think it would require a narrowing interpretation in order to avoid problems of unconstitutional vagueness.

The CFAA strikes me as a very poorly drafted statute. The Drew indictment demonstrates the problems with the law. Either courts should fix the CFAA interpretively by narrowing its scope, or else strike it down as unconstitutionally vague. But what clearly cannot stand is for the law to be interpreted as the Drew prosecutor seeks to interpret it.

Hat tip: Dan Slater at the WSJ Blog


The Privacy Virus

I’ve been thinking recently about social networking services and privacy. Certainly, they raise profiling and investigation concerns that seem quite familiar from debates about ISP and search engine surveillance. I’m becoming increasingly convinced, however, that they also present some quite distinctively social privacy issues. The flow of information within a Facebook or a LiveJournal both is deeply embedded in a particular set of social relationships and also regularly defies the expectations of the participants in those relationships. Hilarity, or rather privacy trouble, regularly ensues.

One of things I did when starting to ponder these privacy problems was to make a list of the ways in which social networking services encourage users to supply personal information. There are actually quite a few. Here’s an incomplete list:

  • Explicit appeals to reciprocity: If someone tries to add you as a friend, it seems impolite to refuse.
  • Implicit appeals to reciprocity: If friends have pictures on their pages, you’re spurning their social advances if you don’t have pictures on your page.
  • Norming the network as “private” space: Facebook started on a college campus; people use it in ways that recreate the informality of students scribbling jokes on whiteboards posted to each others’ dorm-room doors.
  • Norming the network as “safe” space: It’s hard to estimate the risk that releasing a little private information now will bite you later, so we use our peers’ actions as a heuristic to tell us whether it’s safe to speak freely here. If they share, you share.
  • Creating a barter economy in personal information: By affiliating with new groups and adding more friends, you decrease the distance between you and others. That means more access: it opens up more profiles to your inspection (and vice-versa).
  • Encouraging status competition: Facebook helpfully lists how many friends your friends have; can you blame Robert Scoble for wanting to have more than 5,000?

I could go on, but have you noticed the common pattern? All of these mechanisms use other people’s personal information to convince you to supply more of your own. Facebook is a privacy virus: an organism that reproduces itself within a social network by convincing infected hosts to use their own replication mechanisms to spread it to others. And the way it gets past our privacy defense mechanisms is to turn them against us: social network service interactions have almost all the indicia we look for in reassuring ourselves that we’re in a private setting, rather than out in public.