Literally half of the Netherlands are now on Facebook. And yet hardly anyone seems to care whether their personal details are secure with this American company. Well, they probably should. There is an urgent need for computers that effectively prevent user privacy infringement.

“Privacy legislation and thirty years of discussion about privacy are being overtaken by technology at break-neck speed.” Professor Jeroen van den Hoven, professor of Philosophy at TU Delft, does not mince words as he leans back in his chair, reading glasses pushed up onto his forehead. His words, peppered with English phrases, sound ominous enough: Big data is coming’ and ‘we’re talking about data-mining on a massive scale.’

But what does it all mean? “We are all generating vast amounts of data when we make phone calls, perform internet searches or upload photos. At the same time technology enables companies to save data on the scale of terabytes and then analyse it. To give you some idea: one terabyte represents as much data as the total amount of phone traffic in the USA over a one-year period.”

But who would stand to gain from all this? Follow the money”, says Van den Hoven. “The Facebooks of this world are constantly thinking about how they can get the best out of our information. Now it’s just a question of waiting for the arrival of new business models and services that can capitalise on our data.”

Businesses, criminal investigation authorities, banks, insurance companies, potential employers – they all take a keen interest in our private information. It allows them to customise their advertising or pricing, to expose criminal activities, to assess whether we are credit-worthy, to check whether we have been partying too much over the last decade or whether we hold unconventional opinions.

Of course, the debate about internet privacy – or rather the lack of it – is not a new thing. Many doomsday scenarios have been suggested involving Facebook as well as electronic medical records, public transport chip cards and security cameras, all taking us rapidly down the road towards a Big Brother state where individuals are watched from all sides. (see inset) Facebook is receiving a lot of flak (see inset) and has been taken to court on numerous occasions over infringements of user privacy. Of course we could point to other companies too, but it’s just that Facebook is so huge. In the Netherlands alone, a staggering seven million people have an active Facebook account, and there are close to a billion Facebook members worldwide.


Students and student associations at TU Delft have a strong presence on Facebook too, and very often have public profiles. Students can quickly collect a few hundred ‘friends’ and will regularly be tagged in party pictures. If not, they are either so cool they don’t need Facebook or they are social misfits with no friends. “If you meet a nice girl and then find out she’s not on Facebook, you’re likely to think she’s not so nice after all”. (see Southpark inset)

That’s according to Karens Grigorjancs, who on 3 September became chair of Christiaan Huygens, the student association for mathematics and IT. Enrolling in a third-year course in ethics and law brought Grigorjancs face to face with the facts about privacy on Facebook. He wrote a short paper on Facebook’s opt in and opt out policy. “Many of the settings that allow access to your data are automatically set to ‘on’. If you don’t want that, you need to make an active choice to change your settings. Many people would rather have it the other way around.”

Alerted to the problem, Grigorjancs now closely watches his privacy settings. At the same time, he says he would not have any problems working for a company like Facebook. “Companies need to make a profit, and as long as they play it by the rules, I wouldn’t mind. It’s the one principle I live by.”

Regulations are under pressure, not only because they are constantly being overtaken by technology but also as a result of differences in legal requirements between the US and Europe. What will happen if society becomes even more digitised, with Facebook dominating the internet along with a few other major players such as Google and Apple, perhaps offering a range of services that are accessible only using their platforms? (see ‘the Lock-in Effect’ inset)


Private information

According to Professor Jeroen van den Hoven there are three options. First, tightening up privacy legislation - which will inevitably lead to enforcement problems. Secondly, privacy guardians could step in whenever a privacy issue occurs. An example might be if a person is denied a loan or health insurance on the basis of information that was obtained in a dubious manner.

Yet this will require companies to come clean about how they conduct their business. According to Van den Hoven, this may create problems, with banks as a case in point: “Banks sometimes top up the balance of hacked bank accounts to prevent news of security breaches from getting out. So far, people have not been confronted with the true cost of private data abuse.”

The third option is the most compelling one, in Van den Hoven’s opinion. “What if we develop technology that makes it impossible to obtain private information? It is called privacy by design. We need to develop computers that actually incorporate our privacy laws. Today, these laws are still hidden away in the software.” Hopefully that means we would not have to keep a constant watch on companies like Facebook."

This seems to make sense, but it also has scary connotations, as it impinges on our freedom. Yet Van den Hoven adds: “In the real world, we strike a balance between your freedom and my privacy. One ends where the other begins.”

The professor returns to the subject of banks. Online banking can be made pretty safe by putting a range of precautions in place. Even then things may go wrong, but the risk is negligible. “But yes, it will cost a lot of money. Security doesn’t come cheap.”


Public sphere

Meanwhile, experts are reflecting on a revolutionary new design for the internet, although it is still early days. Van den Hoven also mentions the European IT flagship initiatives: seven large projects that the EU hopes will stimulate economic growth and that are receiving billions of Euros worth of investment.

One of these initiatives focuses on the information society of the future. “We are thinking of creating a public sphere, except that it is online. We still need to work out what the model is going to look like. Of course, people should be persuaded to participate, which is why we need incentives. For example, logging in will reveal your location, but you will get useful information in return. Just like in any physical society, people will want to be noticed there, while valuing this on-line public sphere as a reliable and trusted environment for maintaining their personal data. You will be able to purchase services there, but without any strings attached.”

Particularly this last aspect will ease people’s minds, considering that Facebook is up for sale. On May 18, Facebook went public. The company was valued at €100 billion then. On 18 August, three months later, its value had halved. Van den Hoven comments: “What will happen to all our data if Facebook is taken over by some wealthy mobster from Kazakhstan?”

Facebook refuses to respond to questions like these. One line that the company often repeats is that it complies with US privacy legislation. But the Federal Trade Commission, which protects consumers in the US, was not satisfied this was the case. Starting August 2012, Facebook was put under close surveillance regarding privacy issues for a 20-year period.


Ten ways in which Facebook intrudes your private life

  • Always stretching minor points in the terms and conditions to their limits;
  • Setting up games and apps in such a way that users unwittingly share all their details with the companies that make these apps;
  • Sharing lists of contacts from your telephone with Facebook, thus making telephone numbers of non-Facebook users available to Facebook;
  • Deploying active algorithms on large quantities of user data to detect criminal behaviour;
  • Releasing data to crime detection services, whether on request or not;
  • Storing data for use in applications and services yet to be developed;
  • Real name policy: Facebook wants to eliminate fake accounts and aliases. This is for security reasons and because the site wants to move from being a profiles site to becoming more of a portal. By logging in to Facebook, you will be able to access all kinds of paid services, as is already the case with Spotify;
  • Face-recognition software, which makes it easier to tag people in photos and check for users with multiple accounts;
  • Monitoring surfing behaviour using like buttons on websites which then add cookies to your computer. This happens also if you do not click the like button, and even if you do not have a Facebook account;
  • Monitoring your log-in location – ostensibly to counter identity theft.


Southpark: ‘You have zero friends’

No social hype is safe from parody for the makers of the ‘Southpark’ cartoon series. Back in 2010, they did an episode featuring Facebook, with Kyle, Cartman and Kenny creating a Facebook profile for Stan. Never expecting it, he quickly got hooked on Facebook. His father complains about not being Stan’s friend and urges him to respond to his grandmother’s status update. His girlfriend wants to know if he really takes her seriously because his relationship status is not set to ‘in a relationship’. When Stan finally tries to delete his profile, he gets sucked into his computer. It turns out to be full of Facebook profiles, which all use Facebook-speak.


Sexual fantasies

It’s not just the Big Brother scenario that worries some Facebook researchers, but also the lock-in effect. Chris van ’t Hof, for example, used to carry out research at the Rathenau Institute and recently started his own communications bureau specialising in science and technology, Tek Tok. He says there is a lot wrong with our privacy these days, while describing the lack of choice we are heading for on the internet as Kafkaesque. As an individual he is losing out to large companies, which simply assign him to a profile for so-called marketing purposes. Search engines then use this profile to filter results, until eventually he can only use a particular account to access applications. “After a while, you have fed so much information to one company, it’s pointless trying to walk away.”

However, even Van ’t Hof admits that getting customised information can be quite useful. He does not expect to see any advertising for sanitary towels, for example. ‘But just think what would happen if your name got associated with the wrong profile,’ adds another researcher, Arnold Roosendaal. In 2010 he discovered that Facebook was adding cookies to computers using Connect (now Facebook for Websites) in order to monitor the surfing habits of internet users. Facebook for Websites is the application that allows you to log in to other websites than Facebook using your Facebook account, to write comments for example, or to ‘like’ things without having to log in to Facebook. Court cases are still underway in the United States concerning this practice.

Roosendaal is currently working as a privacy expert at TNO. He takes issue with the way Facebook assigns people to categories without disclosing information about it. “They can easily draw the wrong conclusions about you.”

Many people’s first response will be: ‘I’ve got nothing to hide’. Van ’t Hof will counter by asking: “What’s your most secret sexual fantasy? Google knows. And any embarrassing medical condition you may have had, the search engine will have a record of that too.”

Bits of Freedom, the citizen rights movement, puts it like this on its website: “Everyone has something to hide. Would you be prepared to show all your text messages to your partner, your employer or your insurer? Or let a total stranger see photos of your children? And would you reveal your PIN code or medical records to people you didn’t know? Is it okay for the postman to read all your letters before putting them through the letterbox? Having something to hide does not make you a bad person.”


Big Brother

Big Brother is watching you’- these words from George Orwell’s novel ‘1984’ sum up the dim prospect of a world where our every move is being monitored, which today seems more relevant than ever. When the book was published, in 1948, it was the Communist regime of the Soviet Union that was the main focus of Western fears of individuals being made subservient to a collective entity. In the book, nobody can do anything without ‘Big Brother’ finding out. The main character, Winston, hates this life, knowing his every move is being watched.

Now that the Cold War is over, phrases from the book often crop up in discussions about privacy. If it isn’t the government wanting to keep tabs on us with CCTV or digital medical records, it’s companies that arouse suspicion by showing undue interest in their customers’ personal details. Recently, Facebook has borne the brunt of criticism, but Google, Apple and Amazon are also under frequent attack.