Social Networks
Part One

Online Social Network Sites or Social Networking Sites (SNSs) are one of the most remarkable technological phenomena of the 21st century. User numbers have been increasing at a dramatic rate for several years. For example, as of June 2007, MySpace was the most visited website in the US with more than 114 million global visitors, representing a 72% increase on 2006. Facebook increased its global unique visitor numbers by 270% in the year ending June 2007
The defining characteristics of an SNS are:

  • Tools for posting personal data into a person’s ‘profile’ and user-created content linked to a person’s interests and personal life
  • Tools for personalized, socially-focused interactions, based around the profile (e.g. recommendations, discussion, blogging, organization of offline social events, reports of events)
  • Tools for defining social relationships which determine who has access to data available on SNSs and who can communicate with whom and how.

SNSs may be seen as informal but all-embracing identity management tools, defining access to user-created content via social relationships. The value of SNSs lies not just in the content provided (which is group-specific), but in its replication in electronic form of the web of human relationships and trust connections.
SNSs provide many benefits to their members:

  • A sense of connectedness and intimacy (which is a healthy social enhancement), most often to an existing offline community but also to new online-only communities. There is evidence [2] that there is considerable social capital associated with the use of Facebook by US college students, which suggests that SNS use might contribute to increased self-esteem and satisfaction with life for some students.
  • Tools which allow like-minded individuals to discover and interact with each other
  • Identity-management and access-control tools for user-created content, allowing users to have control over who views their data (which is not generally permitted by blogs, for example)
  • A forum for new modes of online collaboration, education, experience-sharing and trust-formation, such as the collection and exchange of reputation for businesses and individuals.


Part Two

In addition to the benefits to members, SNSs have significant business value because of the marketing applications they offer. On SNSs, people profile themselves for free, and voluntarily disclose detailed maps of their social relationships.
MySpace was sold in 2005 for a price that corresponded approximately to 35 US$ per user profile. In 2006 Facebook sources suggested a valuation for their network of 2 billion US$ (which would translate to 286 US$ per user profile) and, by September 2007, this figure had risen far higher.
Since the success of an SNS depends on the number of users it attracts, there is pressure on SNS providers to encourage design and behavior which increase the number of users and their connections. As with every fast-growing technology, however, security and privacy have not been the first priority in the development of SNSs. As a result, along with the above benefits, significant privacy and security risks have also emerged.
Users are often not aware of the size of the audience accessing their content. The sense of intimacy created by being among digital ‘friends’, often leads to inappropriate or damaging disclosures. Social Networking may be seen as a ‘digital party’. In general, the more contacts you have, the more popular you are, and the more influence you have. However, compared with a real-world party, SNS members broadcast information much more widely, either by choice or by mistake. For example, a brief survey of popular SNSs shows several people openly publishing answers to ‘surveys’ with questions such as:
• Have you ever stolen money from a friend?
• Have you ever been in a fist fight?
• Have you ever cheated on a boyfriend/girlfriend?
• Have you ever drunk a bottle of alcohol by yourself?
Replies often appear in conjunction with a recognizable facial image of the person answering the survey. When combined with improvements in search technology this is likely to result in a significantly increased risk of incidents of personal damage.
The natural human desire to be connected with others, combined with the multiplying effect of
SNS technology, can lead to a tendency to be inclusive rather than exclusive in accepting friend requests (i.e. lower the threshold for accepting friends). This is certainly not true of all users or all communities – certain more exclusive SNS communities have much higher average privacy thresholds. However, it is a prevailing driver and, since it tends to lead to faster network growth, it inevitably affects the sites with the largest number of users. This undermines the first line of defense for a user’s data in SN security – the possibility of restricting access to a smaller network of contacts. It also contributes to the threat from viruses and worms spread via SNSs.
Such possibilities, along with the threats posed by secondary data revealed to the service provider, suggest that there may be a need to review current practice on SNSs with respect to data protection legislation and best practice.
Conversely, since many of the trends emerging with SNS were not envisaged when these documents were drafted, there may also be a need for a review of best practice and legislation in the light of SNS scenarios.

Source: ENISA Position Paper No.1 Security Issues and Recommendations for Online Social Networks