Social media's dark side: The privacy dilemma

A hot topic in social media circles is privacy protection, both for members of the public and federal employees and officials

If your military command held a discussion on homosexuality on its Facebook page, would you publicly air your views? If a federal health agency offered assistance in identifying and treating alcoholism to all who respond on Twitter, would you tweet a response? Would you sign your name to a GovLoop open discussion sponsored by the Internal Revenue Service on tips for identifying tax delinquents?

Those hypothetical situations all point to a common concern that is increasingly becoming a hot topic in social media circles: protection of privacy, both for members of the public and federal employees and officials.

Federal agencies have made strong inroads in using social media such as Facebook, Twitter, YouTube, LinkedIn and GovLoop, in addition to similar tools such as wikis and blogs. Twenty-two of 24 major federal agencies are applying social networking tools to engage the public, industry and employees, the Government Accountability Office reported July 22. A survey of 321 federal employees by Market Connections released July 27 found that 60 percent of the workers were using social media at work or home.

Yet the significant privacy concerns related to social media are just now starting to emerge. A coalition of consumer privacy groups has written to Congress asking for stronger protections. Federal privacy policies for social media are still in the works, and privacy concerns have yet to be fully examined and addressed, GAO said in its July 22 report.

“We have to make sure that agencies limit their collection and use of personally identifiable information,” said Gregory Wilshusen, director of information security issues at GAO.

The problems are being exacerbated because commercial entities with mixed privacy records run many social networks. Facebook caused a stir recently when it unilaterally changed privacy settings without notifying members. Members, once informed, could choose to opt out. Government Web sites should always carry a disclaimer when they link to a nongovernment site such as Facebook because the privacy rules are looser at nongovernment sites, said John Simpson, an advocate at Consumer Watchdog.

However, many government agencies are not posting those disclaimers. Even the House Oversight and Government Reform Committee, which held a hearing on social media July 22, linked its hearing video directly to YouTube without a disclaimer, though YouTube has cookies that track consumer use of the site, Simpson said.

“Congress is just starting to become aware of the situation,” Simpson said. Two social network privacy bills are pending.

Aside from consumers, however, there are undercurrents of concern about federal employee privacy on social networks. One of the General Services Administration’s unions recently halted collective bargaining because of a proposed new social media policy that the union said would create censorship and compromise privacy. The GSA policy, in part, asked employees to comport themselves like employees on social media, with no expectation of privacy. “This is like Russia,” said Charles Paidock, a union spokesman. A GSA official said talks will resume shortly, and the agency is hopeful the two sides will reach a resolution.

Other scenarios are troubling, too. If a federal employee’s supervisor notices photos on Facebook of the worker at a Gay Pride parade or notes that the worker’s friends are commenting from drug abuse rehabilitation centers, there is a risk of personal information leaking out that the employee might prefer to keep hidden.

“There is personal information, perhaps sensitive information, and other government employees may have access to it,” Wilshusen said. He said federal employees should be trained to safeguard against “a blending of personal and professional roles” that sometimes occurs on social media sites.

Steve Ressler, founder of GovLoop, said the scenarios demonstrate that all social media carries privacy risks, just as e-mail, video and many other technologies do.

“I’m sure you can find a downside,” Ressler said. “But the solution is not to avoid being on Facebook.”

Reader comments

Wed, Sep 1, 2010 cogniti.wordpress.com

Alice, this article does more to feed myth rather than address issues. So let's draw some clear points. First, people conflate privacy into anonymity on the Internet. Your initial examples are clear examples of this. They are not the same. And this mindset permeates the purpose of social networks. Second, there's a persistent thought that a social network user has limited, if any control, over content. Again, not true. The community you're posting to are your friends and colleagues. If you think someone would use posted material against you, perhaps you should re-evaluate their 'status' in your network (or life for that matter). If a hacker or third party obtains material, there are legal ramifications to handle libel and slander (and computer hacking). And, lastly, I'd agree that any agency trying to enforce "acceptable use" policies while employees are not working nor representing the agency is wrong-sighted. People should work to change the culture of those policies. Because if I know someone's car and see it parked at a place of ill-repute, is that not the same as viewing a posted picture on Facebook? damage to the individual's reputation is still damaged. Simply stated, operating in social networks is not an anonymous activity. It is inherently onymous. It's who we are as people. It's the conversations at the water cooler, on the phone, and the backyard barbeques. Arguing that they jeopardize our privacy removes the responsibility for appropriate behavior and people taking time to learn how to use technology effectively.

Tue, Aug 10, 2010 John

MM seems to be the new and up coming breed of "young whipper-snappers" who consider all risk the same, and ignorable (like I was in my teens too). While RayW did get a wee bit carried away with his roulette example, MM was off trying to make fruit salad using vegetables when he brought up credit cards. CCs are assumed to be data mined by most users while most folks on "social" sites assume that they have some privacy control (or so it seems in reading various articles), a difference in perception and facts. While I personally have not had much experience with the common "social" sites, I do have neighbors who have complained about getting infections from them, so RayW may have a good point there. And like RayW, when I see a statement like that from Mr. Ressler touting something he has a more than a slight pecuniary interest in, I also wonder if it is the old snake oil salesman at work. All that said, social sites will have to grow up, and then like the software on the old bulletin boards of the 60's to 80's that eventually evolved into the email that we know today (now modified by excessive bells and whistles that make a malevolent hacker smile), variations on the so called social networking sites will probably become indispensable too. By the way, why are they called "social" sites? They seem to be depersonalizing relationships more than socializing them, like voice mail, email, and instant messaging have sort of done.

Tue, Aug 10, 2010 WOR

"MM" You don't seem to understand risk management. There is a common "view" or operational mindset, that risk is risk is risk. Not the case. Correct, one should not let fear (at least irrational fear) drive their decision making processes. However, if you want to manage risk at all, one should take into account “what if scenarios”.

Sat, Aug 7, 2010 MM

Geeze... face it (no pun intended), the world is a different place and social media is how we are choosing to communicate. If you don’t like it, don’t use it – but leave the rest of us alone (especially at home)! I agree with Steve Ressler, social media carries privacy risks, just as e-mail, video and many other technologies and we should all be conscious of this; however, we just can’t live in a world where fear and “what if scenarios” drive our decision making processes. Here’s a news flash, BI-LO and Visa know more about you just by tracking your purchases than Facebook could ever dream to know (or share). Are we going to create a policy that prohibits the use of “discount” store cards? The visceral reaction doesn’t surprise me - people are afraid of change and things they really don’t understand. GSA’s score of 4 out of 28 in the “Effective Leadership” category on the 2009 “Best Places to Work” survey explains a lot.

Fri, Aug 6, 2010 RayW

1. Privacy. Social media as constructed today is akin to living in a house with clear glass walls. Yes, there are 'protections' and 'permissions' you can apply, but are they really all that good? Some technical reviewers say that testing shows they only keep the casual snoop from seeing the data. And if someone else who is 'trusted' does not have the same 'protections' and 'permissions' in place will your supposedly secure posting all of a sudden be distributed via another path?

2. Safety. The only two infections on my family computer (MY computer does not have them) were traced to facebook and youtube. Both infection sources were confirmed by talking to the sources of the infection to verify that they really were infected. In one case she said it was from another source, and in the other case it was unknown how she became infected.

“I’m sure you can find a downside,” Ressler said. “But the solution is not to avoid being on Facebook.” Right. It is also mostly safe to drive/walk through a bombing range, but the downside is that there may be a bombing run or unexploded munitions, so the solution is not to avoid the bombing range? Taking a revolver (six shooter to some) and putting one cartridge in it, spinning the cylinder, and pulling the trigger is safe too, 5 out of 6 times on a statistical average....the downside is that 1 in 6 chance that can pop up and when it will. But that one in six chance is not a reason to not play the roulette game is it?

Maybe a study (yuck) ought to be made for Ressler to determine what the relative safety/privacy, given normal protections and prudence (just got a message thanking me for my Macy's purchase, please click on this link or copy and paste it if it does not work), of the various items he refers to like email and video. Maybe it will prove this dissertation to be so many wasted electrons, maybe not. Or does he have a vested interest in folks using the 'social' media? Ressler being the founder of govloop makes me think his reputation is on the line, and all that matters is making it big and getting out before the collapse.

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above