Faced with Forcebook

The security continuum dictates that we trade convenience for security. Leaving your front door unlocked means you never need to worry about forgetting your keys, but do you want to abandon that level of security? Of course you don't.

Choosing to lock our front door is a habit--one of the tradeoffs we make for security. We use a passcode on our mobile phones for enhanced security. We guard our private details (credit card details, passwords, HKID number) for enhanced security.

But security is inconvenient. Who can remember all their passwords? There are apps and software that will encrypt and manage multiple-passwords, but many simply use the same password for multiple Web sites, creating a single-point-of-failure cyber-thieves love. Yes, it's convenient, but you've traded security for convenience: if a hacker breaks your password on one site, well, what other accounts do you have?

As online-gathering spots become more centralized, Netizens are increasingly easier to target. With Facebook now more common than bottled water, organizations are beginning to use it as a quick-and-dirty way to create an online presence. Hey, everyone's on Facebook, right?

Check a poster for an event or a sign in a shopfront and you may see a Facebook-owned URL as their "Web site." There's perceived value to crawling under the FB umbrella: create a group and the grid of friend-icons grows like bacteria in a Petri dish.

But take a moment to think things through. Fine, you get "free" service and tap into an existing network. But before you start posting everything on Facebook, read this (source: Facebook's policy page on legal issues):

"For content that is covered by intellectual property rights, like photos and videos (IP content), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it."

As I'm not a lawyer, let me pose this in the form of a question: can it be that any photos/videos or other creative-content you post on Facebook immediately cease to become your intellectual property, and are now owned by Facebook? And I sent the above paragraph (extracted from context--Facebook's "Statement of Rights and Responsibilities" is https://www.facebook.com/legal/terms?ref=pf in its entirety) to a source whose specialty is intellectual property law for an informal interpretation.

"I don't believe Facebook provides users with an option to directly deny [Facebook] the right to use your content," said the source, "but you can configure your privacy settings to forbid others from re-distributing your content, which would seem to mean that if you have set your account to block others from sharing, then you later choose to completely delete your content from Facebook, you effectively block Facebook from future use of that content."

"But, bottom line," concluded the source, "it's a broad grant of rights and one that most people will never be able to retract in any meaningful fashion."Especially as genuinely deleting a Facebook account isn't a simple task. The social network's response to "How do I permanently delete my account?" begins: "If you deactivate your account..." (italics mine). In the world of Facebook, deactivation of an account is different from "if you'd like your account permanently deleted with no option for recovery" (bold-text theirs). So different that when the "Web2.0 suicide machine site" (which hosts scripts allowing users to permanently delete their accounts) posted one for Facebook, the site was slapped with a cease-and-desist letter from FB. You can still run their delete-scripts for Twitter, LinkedIn and the moribund MySpace.

I've focused on Facebook mainly because I increasingly see SMEs and other organizations slapping up a Facebook URL instead of taking ownership of their online presence. Perhaps online behemoths like Google are similarly avaricious in the IP realm, but Google's region-specific Terms and Conditions reads, in part: "Some of our Services allow you to submit content. You retain ownership of any intellectual property rights that you hold in that content. In short, what belongs to you stays yours."

The devil may be in the details, but individuals and SMEs who see value in retaining their intellectual property rights are advised to read and understand the terms & conditions of the sites that host their content. You may have paid for those lovely wedding photos or pictures of your business, but if you post them online, you may no longer own them.

As Net-borne info increasingly becomes the norm, awareness of intellectual property rights becomes ever-more important. Users shouldn't go for the easiest option, just as they shouldn't go for the simplest passwords. This is the 21st century cyberworld we live in, and as we enjoy its conveniences, so too must we recognize the need to protect our private information, our security-information and our intellectual-property rights.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Stefan Hammond

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place