[Fredslist] Social Networking enables Identy theft
Ester Horowitz
witsowitz at verizon.net
Wed Jun 10 22:35:54 EDT 2009
Leaving 'Friendprints': How Online Social Networks Are Redefining Privacy
and Personal Security
Published: June 10, 2009 in Knowledge at Wharton
A generation is growing up with social networking web sites such as Facebook
and MySpace, casually posting accounts of their lives for their friends --
and the world -- to see. Few of these users realize that the information
they post, when combined with new technologies for gathering and compiling
data, can create a fingerprint-like pattern of behavior. The information
provides opportunities not only for legitimate business purposes, but also
for the nefarious aims of identity thieves and other predators, according to
faculty at Wharton and elsewhere.
"The way privacy has traditionally been defined is being challenged,"
according to Wharton legal studies professor Andrea Matwyshyn
<http://www.wharton.upenn.edu/faculty/matwyshyn.html> , who earlier this
year organized the Information Security Best
<http://lgst.wharton.upenn.edu/isbp2009/> Practices Conference at Wharton.
Among other topics, the conference addressed security and safety issues
raised by the social networks.
Research on online social networking and how it may alter privacy norms is
just beginning, according to technology observers. "Our kids today will give
everything [in terms of personal information] away, but it's not at all
clear how this will shake out in the long run," says Wharton marketing
professor Peter S. Fader <http://www.wharton.upenn.edu/faculty/faderp.html>
. "Privacy is a moving target."
Researchers say that privacy thresholds vary by individual and that those
boundaries are being tested by social networking. It is hard, they say, to
pinpoint the exact impact of social networking on the web. However, it is
clear that individuals are increasingly using these sites to keep in touch
with friends, find jobs and enhance their careers. Social networking sites
drew 139.8 million visitors in April, a 12% increase from 124.4 million in
March, according to comScore, a service that measures web traffic. The April
survey found that MySpace led the category with 71 million visitors, while
Facebook attracted 67.5 million, and Twitter drew 17 million -- an 83%
increase.
Mining the Data
Articles
Social <http://knowledge.wharton.upenn.edu/article.cfm?articleid=2225>
Media for Social Causes: Alex Brown's Passion for the Welfare of Horses
Knowledge at Wharton
Advertising <http://knowledge.wharton.upenn.edu/article.cfm?articleid=2208>
Yourself: Building a Personal Brand through Social Networks
Knowledge at Wharton
Luxury <http://knowledge.wharton.upenn.edu/article.cfm?articleid=2203>
Fashion Executive Domenico De Sole: 'Stay the Course with the Brand'
Knowledge at Wharton
<http://knowledge.wharton.upenn.edu/results.cfm?cx=002165406565303217927%3Ay
lmr_kgk1xa&cof=FORID%3A11&ie=UTF-8&q=social%20network> [More results for:
social network]
Articles
Warning: <http://knowledge.wharton.upenn.edu/article.cfm?articleid=2259>
Big Financial Firms May Be Riskier Than They Appear
Knowledge at Wharton
So You <http://knowledge.wharton.upenn.edu/article.cfm?articleid=2257>
Think Owning a Home Will Make You Happy? Don't Be Too Sure
Knowledge at Wharton
Carbon <http://knowledge.wharton.upenn.edu/article.cfm?articleid=2247>
Cutting with Cap and Trade: A 'Step in the Right Direction, but ... Far from
Ideal'
Knowledge at Wharton
<http://knowledge.wharton.upenn.edu/results.cfm?cx=002165406565303217927%3Ay
lmr_kgk1xa&cof=FORID%3A11&ie=UTF-8&q=public%20policy> [More results for:
public policy]
Lance Hoffman, a George Washington University computer science professor who
spoke at the Wharton conference, noted that by giving up such information as
their name, birth date, and a list of their network of friends, users are
revealing far more than they know. Third-party applications, he argued, can
take that data outside of the friendly confines of a social networking site
and combine it with data from other sources to piece together enough
information to steal a person's identity. Just a person's name and birth
date -- routinely found on a Facebook profile -- can be a useful lever for
an identity thief, said Hoffman.
"I've had students who used third-party applications that took friends of
friends and used facial recognition to identify them," explains Hoffman.
"They didn't know what to do with the information, but someone else might.
What happens when the collecting of this information is automated?"
At the conference, Hoffman illustrated how social connections are made
online and the ease with which a stranger can become part of a network. He
noted that he is regularly added to mailing lists and invited to become a
friend -- or "friended" in the social network parlance -- of businesses that
use the sites as a marketing tool. Indeed, pages used by businesses on
Facebook were recently redesigned to look more like those of individuals.
In addition, the line between professional networking on a site such as
LinkedIn, and social networking on sites such as Facebook, "has become very
thin," said Hoffman. Many Facebook users might create a more casual persona
for themselves on that site than they would on LinkedIn, where they would
include nothing but professional information. But both sites can be seen by
potential employers and clients -- and complications can ensue. One such
complication: When a business contact from the LinkedIn world wants to
become your friend on Facebook, do you accept the invitation, giving them
access to the photos on your Facebook profile from last summer's rowdy beach
party?
And what about the person you don't really know who wants to be your friend
because you have some friends in common? According to Hoffman, that new
friend may just be mining your social circle for information. As networks
grow and more friends of friends (and their friends) are accepted by users,
it's unclear who can be trusted.
Ultimately, social networking security rests with each user of the service
(those friend invitations can always be declined). Hoffman recommended that
social network denizens know the privacy policies -- governing, among other
things, how the information you provide can be used -- of the sites they
frequent.
At the same time, Hoffman said, web site operators need to make privacy
policies easier to understand. "Privacy policies differ in theory and
practice. In theory, consumers know about a site's privacy policy and trust
the network. The reality is that no one reads the policies. I don't read
them myself." Hoffman cited Facebook's privacy policy -- which promises that
users have control over their data and what information is shared -- as
typically murky. (The most recent version is more than 3,700 words -- more
than twice as long as this article.) Hoffman advocates new formats for
privacy policies that act as simplified "nutrition labels," like those on
food products.
Private Here, Not There
Research conducted by Alessandro Acquisti, a Carnegie Mellon University
professor of public policy and management who also spoke at the conference,
has found that individuals' notions of privacy are malleable depending on
the context of an interaction. According to Acquisti, people are more likely
to divulge key personal information -- their photo, birthday, hometown,
address and phone number -- on social networking sites than they would on
other web sites. His 2005 study highlighted privacy concerns such as online
and physical stalking.
"People [say] privacy [is] important to them, yet they engage in behaviors
that indicate a remarkable lack of concern," Acquisti told the conference
participants. "Privacy decision making and valuations are malleable," but
it's unclear what factors lead to more disclosure. One of those factors
might be a "herding effect," he said. In one study, Acquisti found that that
people will divulge information when they see others doing so. That
tendency, he believes, may explain why so many people are willing to dish
out personal information on the networks.
Information gleaned from such sites is useful not only to identity thieves,
but to marketers and other legitimate business interests. Sometimes, the
information can be used to find thieves, according to research co-authored
by Shawndra <http://www.wharton.upenn.edu/faculty/hill.html> Hill, a
Wharton professor of operations and information management, and AT&T
researchers Deepak K. Agarwal, Robert Bell and Chris Volinsky. Hill says a
person's pattern of behavior on various networks can reveal tell-tale
signatures, similar to fingerprints -- or perhaps "friendprints" -- that can
be used to solve a wide range of business challenges, from targeted
marketing and advertising to fraud detection.
The study, titled "Building an
<http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1281322> Effective
Representation for Dynamic Networks," originated as an approach to fraud in
the telecommunications industry. The authors were interested in the problem
of identifying phone service subscribers who repeatedly default on their
bills by signing up for service under an alias. The problem is not new.
However, the focus of the paper was to show how to clearly identify a
customer's social network signature and match it to signatures created by
customers who had previously defaulted. "Repetitive defaulters may be
identified despite their aliases over time by their 'social network
signature,'" according to the paper.
"In other words, consumers are who they call, e-mail or IM," says Hill.
"Though it is not difficult to sign up under an alias, it is extraordinarily
difficult to change one's friends and family." Large telecommunications
firms, Internet providers and social networking sites such as MySpace and
Facebook may have rich sets of data in which social network signatures can
be identified. Hill says the technique is still being perfected; its
accuracy rate is currently about 95%.
Still, the security and privacy questions pose tricky issues for marketers,
who have been looking for successful social network advertising models.
According to research firm eMarketer, spending on such advertising will be
about $1.29 billion this year, up from a projected $1.17 billion in 2008.
MySpace garners half of the revenue pie. Social network advertising is only
a small slice of the projected $25.7 billion that will be spent on online
ads in 2009, according to eMarketer.
Wharton marketing professor Eric T. Bradlow
<http://www.wharton.upenn.edu/faculty/bradlow.html> says the Holy Grail for
marketers is to track consumers and their friends -- and what they say about
a product -- via social networks. "People are more willing to divulge
information for social purposes, and the lead users are 18 to 25 years old,"
Bradlow notes. "The social norms around privacy aren't going to be what they
were before."
But just as Acquisti noted, acceptable social norms will be subject to
context. "Let's imagine that a credit card company had the information you
put on Facebook," Bradlow says. "You'd be appalled. It's context. People
want to say when and where data is shared."
Please take note that my email address is changing to witsowitz at verizon.net
Warmest Regards
Ester Horowitz
Certified Management Counselor
Certified Identity Theft Risk Mgmt Specialist
Temporary website
<http://mysite.verizon.net/m2powerinc> http://mysite.verizon.net/m2powerinc
516 409-0849
888 609-6828
"Some men see things as they are and say why?
I see things that never were and say why not?"
-George Bernard Shaw-
Is your business compliant with the NEW Identity Theft Laws?
Identity Theft Protection & Compliance Solutions
Confidentiality Notice:
This message is intended exclusively for the individual(s) to whom it is
addressed. This communication may contain information that is proprietary,
privileged, confidential or otherwise legally exempt from disclosure. If
you are not the named addressee, you are not authorized to read, print,
retain, copy or disseminate this message or any part of it. If you have
received this message in error, please notify the sender immediately by
replying to this email, and delete all copies of this message. Thank you for
your cooperation.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.gothamnetworking.com/pipermail/fredslist/attachments/20090610/168d32bb/attachment-0001.html
More information about the Fredslist
mailing list