Facebook Privacy is a Balancing Act

Growing Facebook membership illustrates that privacy is a matter of preference and backlash is not majority.

Despite the headlines and hyperbole around Facebook information privacy issues--and the public exodus of notable online personalities in protest--the reality is that Facebook membership is actually still growing. Social networking and data privacy are, in many ways, directly at odds and the solution comes down to user awareness and choice.

The latest changes to Facebook policies, and the ways information is shared and distributed by it shouldn't come as any huge surprise. Facebook has had policies in place pretty much from its inception that seem to overtly infringe on personal privacy. I initially avoided Facebook after a fellow information security professional pointed out that Facebook policy essentially claimed ownership of virtually anything published on the site to be used, shared, or distributed to meet Facebook's needs.

Eventually, though, I accepted the risk in order to take advantage of the benefits of Facebook. I wanted to share with family, friends, and old high school acquaintances and I determined that "privacy" is subjective and that the responsibility is ultimately mine to find a comfortable balance between being social and being private.

A few days ago I wrote an article stressing that other Facebook users need to accept responsibility in a similar way, and highlighting the importance of user education and awareness. Many of the comments and e-mails I received in response to that article focused not on the topic of the post, but on my use of the infamous McDonald's coffee lawsuit to illustrate a point.

In retrospect, it does seem that a more appropriate example of misplaced responsibility would be the scenario of someone taking an over-the-counter sleeping aid and then driving heavy machinery, or any of the other cases of a void of common sense on the part of the user leading to some sort of legal or financial burden being placed on the manufacturer.

As a side note, I personally believe that McDonald's should have proactively offered to cover medical expenses in this case, but I can also understand the Pandora's Box of frivolous litigation that would open up for it--customers knocking on McDonald's door seeking compensation when they bite their tongue while eating a Big Mac. Still, there are aspects of the McDonald's case that apply to the Facebook privacy issue.

McDonald's served its coffee very hot, leading to the plaintiff in that case receiving third degree burns after spilling the coffee on her lap. McDonald's had received earlier warnings regarding the temperature of the coffee, so apparently the burden was on McDonald's to change the temperature of its coffee or implement some additional safety controls to prevent injury from it.

Fair enough. However, was it the victim's first cup of McDonald's coffee ever? Was it her first cup of coffee ever? Because the proper temperature for coffee is between 155 and 185 degrees Fahrenheit, and third degree burns can result from liquids at 180 degrees.

McDonald's coffee was about five degrees hotter than the high end of proper--primarily a response to customer demand that the coffee be fresh and piping hot--but the reality is that the woman could just as easily have received third degree burns had McDonald's served the coffee 10 degrees cooler, or by spilling coffee on herself virtually anywhere that coffee is served. I checked the temperature of the coffee from my coffee maker at home and found it to be 175. I guarantee that if i spill that in my lap there will be some painfully uncomfortable results.

Complaining that McDonald's coffee is too hot is like complaining that a scoop of ice cream at Baskin Robbins is too cold. Is it the responsibility of McDonald's, or any business for that matter, to modify products or practices to cater to a minority even though the market and customer demand don't support it?

This brings us back to Facebook. Privacy is subjective. What is appropriate, or how much is too much is a matter of personal opinion and comfort levels--especially where the goal is to share information. The simplest solution to achieve privacy is to not voluntarily share information, so any use of social networking requires some sort of compromise.

Obviously, there are many who are uncomfortable with Facebook privacy policies, and the impact that recent changes have had on the distribution and transparency of personal information. However, with membership approaching half a billion users and still growing, it does not seem that those parties are necessarily in the majority. Should Facebook cease innovation or expansion of its business model to cater to those concerns?

I have said it before, and I will reiterate it here--I do feel Facebook should implement new practices to be more open about upcoming features rather than simply springing them on users, and that Facebook should disclose the implications of using the new features and make them opt-in by default. Doing so would stifle much of the criticism Facebook is currently dealing with, and most likely have little impact on its bottom line because a majority of users will still accept the risk and opt to use the new service.

The issue of personal information online extends well beyond Facebook, and the solution comes down to user education and user awareness. That means that entities like Facebook have to be up front with users about how data will be used, and IT administrators need to ensure that users are aware of the potential issues of putting information online.

Those who take sleeping pills should understand that the pills will make them sleepy. Those who drink coffee should understand that it's a hit beverage with potentially painful results if it comes in contact with skin. And, those who use social networking should understand that information will be shared. In all cases, the vendor needs to be clear about the risks, but the user is ultimately responsible for accepting that risk.

You can follow Tony on his Facebook page , or contact him by email at tony_bradley@pcworld.com . He also tweets as @Tony_BradleyPCW .

Join the CSO newsletter!

Error: Please check your email address.

Tags securityFacebook

More about FacebookMcDonald'sReality Check

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Tony Bradley

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place