Online privacy and the issues it brings along are becoming increasingly important as potential

RELATED ARTICLES How privacy vanishes online, byte by byte Facebook to set up centre in Hyderabad Attraction of numbers adds value to Facebook As Facebook draws ads, a hint of consumer recoil Facebook CEO in no rush for IPO: Report

invasions of privacy become more omnipresent on the internet. Social networking systems like Facebook facilitate getting introductions from people you trust to people they trust (or friends of friend) and this provides significant new capabilities to users of the system. But if correct design and privacy policies aren't applied, the social networking systems also have the power to further attack privacy.

Important work in the study and understanding of social networks began 70 years ago. However, the inspiration for social networking software was really born around the same time as the internet, when many first began to see its global connection potential. An ideal social networking system would be one which includes: (a) rich profiles, to enhance both searches and personal evaluations of matches that are found; (b) personalised and sophisticated access controls, to give people the ability to selectively share rich profiles, (c) a network broker that could safeguard mutual interest and also find mutual connections for personal introductions, and (d) methods to verify that people are who they claim to be, including ways to find mutual contacts as well as other trusted means.

In a social network, the actions of each person ripple through the network, affecting many others. If someone st­eals some of my information on a social network by faking a relationship with me then they harm not only me, but also my close contacts, and potentially the contacts of my close contacts. As new social networking systems are still evolving, there are the potentials for this kind of abuse. Also, some new social networking systems encourage their users to upload information about their non-user contacts. In some social networking systems, the percentage of searchable non-users in the system is actually a great majority of their searchable contact database. To provide adequate protections to non-users requires more than bare care and vigilance by the users who contribute information about th­em, because users can be careless, and in some systems users may not fully realise the implications of their actions.

The most desirable thing for a social network to have to protect people’s privacy is the ability of users to know who is collecting what and why. Wit­h­­­­­out this information, it becomes virtually impossible for anyone to know if his or her privacy is being violated. Some systems not only collect names and email addresses of people who have sent messages, but also automatically collect the “cc” information in emails sent to users – that is, the email addresses of people that the users' contacts presumably know, but may not actually know. Thus, such systems are collecting names of non-user contacts of users, and also the names of non-user contacts of non-users. Some of these same systems then make all of these names searchable by users (and even by non-users). In this regard, all social networking systems have a responsibility to protect the privacy and rights of both users and non-users.

The second most desirable thing that a social network needs to protect people’s privacy is the ability to opt-out or opt-in. Once someone has been notified about both the potential benefits and about what information is being collected and how it is used, then many will opt-in. But they also have the right to opt-out, which can mean the right to be assured of removal of all information they have contributed or that has been contributed by others. Also, if I am a non-user and I discover that certain individuals can act as watchdogs to my usable data, and then I should have the right to indicate which of those users I do and don't want to act as watchdogs for me.

The third privacy-enhancing step on social networks is for the social network provider to provide clear privacy policies as well as notification of their changes. The biggest problems with many privacy policies are: (1) lack of adequate notification; (2) lack of clarity in general; and (3) a specific lack of clarity regarding which policies can be changed and which can’t be at the sole discretion of the system operator. Any network should aspire to develop methods that promote work that address aforementioned three points.

The next addition to the privacy toolkit for social networks is to provide users with the ability to control access to information posted on the network. In social networking systems, people need to be able to make complex decisions about who can have access to what information about themselves and their contacts, and for what purposes. Users need the ability to give instructions to the system regarding who can see which parts of their data, and under what circumstances.

As a final measure, the social networks should provide the ability to its users to participate. Here, many believe that it is in the interest of both providers and users of social networking systems to also guarantee that users have the right to participate without restrictive barriers, such as prohibitive fees, or other special requirements. However, removing barriers to general participation should not limit individual and group access controls. This is because in a social networking system, each individual, and likewise each participating group, has the ability to restrict who can access their data and attention.

Taking these basic principles and issues into account in the near future in user agreements, privacy policies and procedures, and effective design would ensure a safer internet use in the rapidly changing world of technology.

The writer is a doctoral scholar at Carnegie Mellon University, Pittsburgh