Security and Privacy Issues in Social Networks
The European Network and Information Security Agency (ENISA) has released its first issue paper with the very timely title "Security Issues and Recomendations for Online Social Networks". The authors distinguish four groups of threats: privacy related threats, variants of traditional network and information securitys threats, identity related threats, social threats. They give a number of recommendations for governments (oversight and adaption of existing data protection legislation), companies that run such networks, technology developers, and research and standardisation bodies. Most of the text looks pretty thought-through and very up to date at first glance. For example, they recommend to not ban social networking sites at schools, but to make sure that pupils are adequately educated to use them.
What concerns me is the recommnendation to use automated filters against "offensive, litigious or illegal content". This brings potential freedom of speech issues. European Digital Rights has just started a campaign against a similar recommendation by the Council of Europe.
The text also addresses the issue of portability of profiles and the recent discussion around the social graph. But the authors, like many others, fail to address the central point: Information about social links is not about only one user, but also the others which he is linked to. They have to agree if this information is moved to different platforms.