While people remain really willing to share details of their lives via social media platforms such as Facebook, Twitter and Google Plus, the chief privacy officers at those companies say they’re hearing more questions about how their personal data is being used and want answers on how to better maintain privacy.
“It’s about being sensitive to users and understanding their priorities,” said Google senior corporate counsel for privacy Keith Enright during a discussion on privacy at the RSA Conference in San Francisco this week. “One consistent theme is that users are concerned about financial fraud and identity theft.”
Google has taken proactive security steps across its services, such as adding SSL encryption and the option to use a second form of authentication for logging in to Gmail accounts. Not only do these initiatives make services more secure, but keep users’ personal information and ultimately their privacy intact.
Facebook chief privacy officer Erin Egan understands her company is a lightning rod for privacy concerns. Not only are its users and their data the company’s principal product, but new features such as Facebook Graph Search which enables very narrow, plain English searches, have security professionals nervous. Attackers, experts say, have been given yet another tool to mine social media and build victim profiles for phishing and spam campaigns, and ultimately targeted attacks that can result in identity theft and a host of other bad consequences.
Egan said her teams are injected from the ground up on product development, including cross-functional internal organizations that include information security and legal.
“We look at every product feature as a team and look at all of the complexities (regulatory and legal) and analyze them together,” Egan said. “The way to manage and understand all of those complexities is to bring in experts in each area to analyze each product and feature review.”
Yet with targeted advertising still the company’s main revenue source, and innovation such as location-based services serving even further targeted ads and marketing, companies are examining the possibilities of contextual privacy interfaces which present users with privacy choices based on what they’re engaged in in real time.
“It will come down to contextual controls at the moment people are engaging with a service where they can determine what they want to share at that moment,” Egan said.
Location-based services make privacy advocates nervous. With these services in place, users could be fed automated marketing to a smartphone, for example, based on a physical location. Google’s Enright said there are ways to maintain a user’s expectation of privacy and still deliver on business goals.
“I do think there is a continuum of considerations with location-based services associated with anonymous identifier that are transient and could allow us to deliver services in a privacy sensitive way,” Enright said. “Other persistent anonymous identifier, meanwhile, can deliver more services and follow that same continuum where you are a logged in user and want location-based services optimized for you.
“It’s all about user expectations and building a product that’s useful for users that they want to engage with.”