When a 14-year-old Johannesburg schoolgirl’s Facebook account was “broken into” and abusive messages and material sent to friends and family, she was deeply traumatised. But at least, she imagined, Facebook would assist in tracking down the perpetrators. It was not to be.
Facebook is easily able to fend off spurious complaints about wasting productive time, but issues of privacy threaten to topple it from its social-networking throne. Much has been written and debated about the extent to which the site can be used for data mining — both internally in order for Facebook to sell data and externally in order for outsiders to extract data for commercial and other purposes.
Some attention has also been focused on users’ ability to manage their existence on Facebook: only since the end of February this year has Facebook allowed users to delete their own accounts — but only by contacting Facebook and requesting this. People who find fake accounts purported to have been set up by themselves have an even more difficult process to follow, but at least there is a procedure.
For all the genius of its developers, however, Facebook has been unable to figure out how to respond to users when their own accounts are compromised.
This poses a serious risk to both users and Facebook itself, as the latter runs the risk of being an accessory to abusive behaviour. However, Facebook, which makes a big deal of acceptable use in creating profiles or groups, has no equivalent appreciation of the severity of users’ own rights being violated.
Right now, a Johannesburg family is dealing with the trauma of their teenage daughter’s Facebook account being accessed maliciously and used to spread pornography and abuse to this girl’s friends and associates. Aside from appalling damage to her reputation, the child herself is deeply traumatised, and the family shares in her trauma.
It is easy to blame the child for not protecting her log-in information adequately. But this happens regularly and easily in a world of teenage users. When they set up a web-based email account through Hotmail or Gmail, and use that account to sign on to Facebook, they are often not savvy enough to protect their email account details adequately, and that opens them up to malicious acts — often from their own school “friends”.
The easy way to track down the perpetrators would be to obtain the IP addresses of those who had logged into her account, and then submit those to the relevant ISP to whom the IP addresses are assigned, in order to identify the user through the ISP’s log files.
Or not so easy. Facebook requires a court order to release the information. The ISP will require a court order. This, one would say, is a reasonable approach to take when members of the public call for internal data of this nature. The owner of this data has a duty to protect the privacy of its users, not so?
However, when there is a clear violation of one user’s rights, surely the balance of rights tilts away from the perpetrator and towards the victim? If someone vandalises your car in a mall parking lot, is the mall owner obliged to refuse access to video footage from the security cameras because it wants to protect the privacy of the vandals?
In the South African case, the father wrote to Facebook from his own email address, explaining the situation and demanding action. Facebook responded first with an automatic response, referring the father to its Privacy and Security Help page, and then with a personal response, advising that: “Unfortunately we cannot discuss this account over this email address for security and privacy reasons. We will await a correspondence from the log-in email address or a secondary email address owned by the account holder.”
Then, using his daughter’s secondary account, which was linked to her Facebook account after the original email address had been compromised, the father once again explained the situation, providing times and details of the offence.
All this time this 14-yearold girl was engaging in a massive damage-control exercise, having to convince friends and family that she had not been responsible for abusive messages and material sent to them.
As explained to Facebook, “not only were pornographic messages and images posted in her name, but she was added to racist and sexist groups while being removed from groups that she had voluntarily joined at other times”.
He argued in his letter that the culprits needed to be brought to justice, “not only for the sake of our daughter’s good name, but to act as a deterrent to other malicious people who might be similarly inclined to impersonate and abuse the identity of innocent people”.
Not entirely unreasonable, you may think. But then a Facebook representatitive responded with this amazing comment: “Your daughter needs to write to me from this email address so I can correspond with her concerning her account. Please have her do so. The account in question has been removed from the site in the interim.”
While that is not the equivalent of some South African courts requiring victims of child abuse to face their violators in court, it smacks of the same kind of insensitivity.
It is not enough that the child has given her parents access to her account to make contact with Facebook. Now this 14-year-old, utterly confused and feeling emotionally violated, is required to step up to the witness box before Facebook will take any further steps. Okay, so you may argue that Facebook is entitled to a direct comment from the victim — who incidentally did not want her Facebook profile removed; she merely wanted to avoid it being violated again in the future.
But the big question for the family was, what is Facebook going to do with her testimony?
In that same response they had said:
“Unfortunately, we cannot release the information you requested regarding IP addresses unless we receive a valid subpoena or court order. Additionally, please be aware that there are situations where we may be unable to retrieve the information that you have requested due to technical limitations. You should contact a lawyer or your local law-enforcement agency and discuss this issue with them. If you decide to pursue legal action, have the lawyer or officer contact us at [email protected], and we’ll communicate with them regarding the issue.”
The implication was that, if their daughter would step up to the plate with her own story, they would take it more seriously. With this end in mind, the daughter then agreed to write in her personal capacity to Facebook representative.
She explained the situation and added, among other things: “I can’t tell you how this has affected me … For the first day or two I was scared to go out or even to switch on my computer because of what these people did to me … I’m so worried that if we don’t find out who they are and stop them legally, they might do something even worse.
“When I went on to Facebook, I trusted the site enough that I thought that now that something bad has happened to me on the site, you would care a little bit about what might happen next. I’m worried that people who can do such things could easily think up something even worse if they aren’t stopped.”
And this was Facebook’s helpful, caring, cooperative response:
“I would suggest contacting the authorities, because unfortunately we cannot release the information you requested unless we receive a valid subpoena or court order. Additionally, please be aware that there are situations where we may be unable to retrieve the information that you have requested due to technical limitations. You should contact a lawyer or your local law enforcement agency and discuss this issue with them. If you decide to pursue legal action, have the lawyer or officer contact us at [email protected], and we’ll communicate with them regarding the issue.”
You guessed it: a form letter!
There are many arguments for not releasing IP addresses, but when there is such clear and present violation, it simply intensifies the abuse when the family is required to go to court to enable it to get action from Facebook. The latter is lightning fast off the mark in responding to minor infractions of its commercial rules, but intensely bureaucratic when it comes to responding to violation of its users’ rights. It needs to find a way to cross this gap, or it will lose both trust and credibility — the true currency of the internet.
A collegue’s child got caught up in one of these Facebook viral sprirals and the fall-out was pretty ugly, especially among parents of her school friends.
Showing how poorly Facebook handles its reponsibilities in these situations is one thing; but the fact is parents are very poorly prepared as well; many have no idea how these services work and what happens on them.
Schools have a responsibility here too: teaching children life-skills in the 21st Century includes teaching them how to fuction in virtual communities, about identity deception and theft.
I’m sorry but I think the use of the word “trauma” in relation to something like this is an over-exageration.
The bottom line is that you should know that the information that goes into facebook, or just about any other computer site for that matter, is very far from being private.
No-one is forced to put stuff up on FB, it is totally voluntary. It is the responsibility of the users to protect their information and to be circumspect about what kind of information they send out into the ether. If they’re that worried about their privacy being compromised, then they should stay away from Facebook altogether.
Simple, close facebook down for a week, greedy people with minimum morals always become reasonable when faced with money problems
Brent
I joined Facebook once and within 3 weeks I had closed my account followed by a 3 week fight with them to delete my details properly. And that was before the Christmas shopping fiasco. I have warned all friends, siblings and daughters against it but my first-born is a firm believer in it. I guess she feels she can handle it and it helps with social-networking. I personally find email more than sufficient especially with the blogosphere as well.
I don’t think that trauma is an exaggeration. Any level of violation is traumatic and at the very least causes one to do a mental double take.
It’s abuse on facebook, but it would have the same effect if someone hacked into your email and started sending mails from your email address to your friends, family and business associates claiming to be you. You’d feel violated, wouldn’t you? Imagine the damage control you would have to do!
Yes, we all know about the privacy issues on facebook, but that does not excuse facebook from the way they have responded to this instance of abuse.
I recently wrote to facebook and complained about the sexist ads I was getting simply because of the network I belong to (good old South Africa). I asked if they could add a “remove” function to ads that appear. First I got their template response and then I got a personal response where the person said they did not have that facility at the moment.
I admit that it’s all fun and extremely narcissistic. It can also be a great forum to discuss things related to work – depending on the field you work in.
I am, however, feeling the need more and more to close my account.
All users should protect their usernames and passwords, that’s the bottom line. If this child had done this simple sthing, she wouldn’t be going through this ‘trauma.’
Websites and especially social networking websites have warnings and disclaimers all over the place. People who don’t have the sense or intelligence to take notice, shouldn’t be on the web.
This is absolutely ridiculous. If you do not have the ability to safeguard your login information, or are brainless enough to post vital contact information on the web, you deserve to have your computer taken away, and your internet connection cut. You cannot blame facebook for the general parental guidance that seems to be lacking in our modern day society. Parents seem to take the easy way out and blame media, games etc. for their lack of parental involvement every time something goes wrong. Maybe you should stop pointing fingers at everyone else, and make an effort to instill some common sense in your family.
Maybe you should learn about the legal system. Facebook, by law, cannot just supply anybody with private information such as an IP address. The fault is solely with the girl who let her login information available in some way. Why complain about Facebook’s views on privacy when you have no concept of privacy yourself? And I do believe that the whole “trauma” thing is greatly over exaggerated.
The law is the law. If someone were to steal from a shop, in order for the shop to do anything, charges would have to be put into place. Same on the internet, if a person’s profile & email have been stolen due to the fact that a password has been aquired, charges would have to be made. The reason been quite simple, in that we all deserve our privacy and that cannot be compromised based on an unwarranted claim, proper legal channels need to be followed, to ensure the correct people involved are brought to justice. Once the correct procedures are in place, professionals are used to resolve the matter, keeping innocent people from getting caught up due to amateur investigations going about. As much as it is a nuisance that this facebook dilema happened, so much so is it also to accuse innocent people of crimes , which would open facebook, as well as the family, to law suits for not following the proper channels in dealing with this matter. The law is to protect everybody and if you have been abused, it is the law that is required to bring justice.
I don’t really understand the oomplaint. If the girl wants the nonsense to stop, have her simply close her Facebook account. If she wants Facebook to prosecute her alleged abusers, they are not the police. If she wants Facebook to release private information about others to her and/or her family so that they may engage in vigilante justice, I think Facebook is making the right decision. If she has a valid complaint and evidence to prove her complaint, the courts are the right place to assess and award damages or an injunction.