Beruflich Dokumente
Kultur Dokumente
David Grimes
Summer 2010
Prepared for Human Rights and National Security Class at Florida State University College of Law.
Not submitted to meet Upper Level Writing Requirement.
Part I: Introduction
Social networking sites have revolutionized the way in which we stay in contact. These
sites allow us to communicate by sharing audio and visual content, joining common interest
groups, sending messages, and disseminating written communications to large audiences. With
few exceptions, social networking sites know no national boundaries in any traditional sense.
These sites allow us to instantly communicate with individuals half the world away. The utility
of the sites has continued to increase as they have migrated off our computer screens and into
our pockets by way of smart phones and other connective devices. In many ways, these sites
As social networking sites have become more and more integrated into our daily lives, it
has become important to question what role the government should have in being able to
access the information contained on these sites. As individuals have increasingly relied on
these sites to express their opinions, associate with other, and coordinate their lives, it
becomes more and more imperative to ask what the government should and more importantly
should not be able to do with the content individuals entrust the social networking sites. What
was once considered a laughable or irrelevant inquiry can now be made very seriously: to what
extent does the right to privacy attach to the use of web based social networking sites?
As we examine the question of what rights should attach to social networking sites, we
must also be attentive to the very real risks to national security posed by the sites. The vast
majority of social networking sites are anonymous. While most users divulge their true
identities, there is little to require that they do so. Social networking sites can be used for
1
recruitment of operatives and intelligence gathering. These sites allow those who pose a threat
to national security a platform though which they can connect and disseminate information
quickly and anonymously across national borders. This set of circumstances leads us to our
second inquiry- to what extent can we protect interactions on social networking sites without
This paper will address those two inquiries. It will be shown that social networking sites
have become too integrated and fundamental in modern society to be considered unprotected
by the right to privacy. Rather government access of the sites must be tempered by the
traditional notions of privacy as they are embodied in the International Covenant on Civil and
Political Rights and the Fourth Amendment to the United States Constitution. However, the
paper will also highlight threats to national security posed by these sites, identify the
appropriate balance between the individual’s right to privacy and the state’s interest in national
security, and identify ways in which governments can achieve that balance.
Throughout this paper references will be made to the social networking giants
“Facebook” 1 and “Twitter”. 2 When functionality or phenomenon associated with one site is
identified it should unless otherwise noted be understood as not exclusive to the site itself, but
Part II: Social Networking Sites and Their Expanded Role in Modern Society
1
Facebook, http://www.facebook.com
2
Twitter, http://www.twitter.com
2
Social networking sites comprise a wide variety of internet websites which are utilized
by individuals in many different ways. A survey of all the sites which exist would be a work unto
itself, and at any rate is not necessary to the discussion. What is necessary however is a broad
definition of social networking site which will demarcate the types of sites at issue. For the
purposes of our paper a social networking site will be defined as any web-based internet utility
What is meant by web-based internet utility is that the site must be hosted and
accessed primarily though the world-wide-web; this differentiates social networking sites from
other similar utilities which require specific stand-alone applications to be installed on a device
in order to employ the utility. A peer-driven site is one in which content and connections are
generated or identified primarily by the users rather than those administering the site. A site
capable of disseminating information between users is one in which users can “share” content
directly with other users; this can be done passively though controlling static content to be
accessed or viewed by other users , or can be done actively by allowing message clients and
chat clients to instantly send specific information to specific users, or any combination thereof.
same vein as more popular modern sites, they did in fact match the definition of social
3
See Alessandro Acquisti & Ralph Gross, Imagined communities: Awareness, information sharing, and privacy on
th
the Facebook. In P. Golle & G. Danezis (Eds.), Proceedings of 6 Workshop on Privacy Enhancing Technologies, at 2.
Cambridge, UK: Robinson College (2006). See Also Opinion of the Article 29 Data Protection Working Party on
‘Online Social Networking’ (May 2009), available at
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp163_en.pdf (last visited Aug. 4, 2010).
4
David Krikpatrick, The Facebook Effect 67 (Simon & Schuster 2010).
3
networking sites and allowed individuals to communicate with each other sharing content
between users. These sites however lacked what would later become a distinguishing feature
of the modern social networking site- the user profile.5 User profiles based upon the real
identities of individuals. When it is paired with an email address this can allow users to connect
with other users though to create an online community that in many ways reflects the realities
of relationships in a physical community. 6 The first of the modern social networking site based
almost completely off the user profile model was “SixDegrees” which while wildly successful at
one point was a victim of the dot-com but and is now extinct.7
Facebook began as a social networking site operating off the user profile model but with
an important variant; Facebook was a closed social network. Users profiles could only be
generated based upon access to an authorized official email account at specific institutions of
higher education. 8 This feature defined Facebook in its early years, and allowed users a great
deal of privacy control for the content they generated. This resulted because user profiles
could not be accessed outside of the educational network in which the user was enrolled. 9
Content could only be accessed by individuals outside of the users social network if the user
approved a “friend request” from a specific user outside the network. 10 This model did not
continue indefinitely however. In 2006 Facebook opened its user profile access so that any
5
Id. at 67-8.
6
Id. at 67-8.
7
Id. at 67-9.
8
Acquisti, supra note 3 at 2.
9
Id. at 2.
10
Samantha L. Miller, Note, The Facebook Frontier: Responding to the Changing Face of Privacy on the Internet, 97
Ky. L.J. 541, 544 (2008-2009).
4
individual with an email account could create a profile, even outside of educational
In July 2006, the social networking site “Twitter” was launched. 12 Twitter is a micro-blog
social networking service; users create a unique profile and can post “tweets” which are small
blocks of written text no longer than 140 characters. 13 Users “follow” other users which allows
As social networking sites such as Facebook and Twitter have grown and expanded, so
too has the role they have played in culture and society.
Notably, social networking sites have allowed individuals to express opinions, associate,
and assemble in a virtual manner to demonstrate political power. In some respects, these
campaigns have been less than serious. Take for example the successful campaign launched on
Facebook to have Betty White host “Saturday Night Live”. 15 However, as will be discussed later,
in other ways social networking sites have altered the trajectory of entire nations.
Social networking sites have not been exclusively used by individuals in order to wield
political power. Individuals also use social networking sites to organize their personal and
private lives.
11
Id.
12
Steven Levy, Mob Rule! How Users Took Over Twitter, Wired, Nov. 2009, 148, 151.
13
Id. at 148.
14
Id.
15
Lisa de Moraes, Facebook campaign for Betty White pays off” ‘SNL’ posts election season numbers, Wash. Post,
May 11, 2010 available at http://www.washingtonpost.com/wp-
dyn/content/article/2010/05/10/AR2010051004399.html.
5
According to one recent survey, thirty percent of web users employ online dating
services. 16 Individuals have their choice of over 1,000 sites such as Match.com, or
Chemistry.com in order to meet other individuals with similar interests to engage in romantic
the extent to which social networks have been integrated with life outside computers when
they found that twenty percent of all divorce petitions mentioned Facebook. 18
The extent to which individuals organize their private lives using social networking sites
is not limited to the creation or dissolution of romantic relationships. Individuals often use
social networking sites such as Flicker.com or facebook to disseminate personal photos to other
important people in their lives. 19 Additionally many events from birthday parties to weddings
are coordinated on social networking sites. 20 Beyond this type of sharing and coordination,
many family members use the messaging components of social networking sites to discuss
It is important to note that it is not simply private individuals who have begun
integrating social networking sites into their daily lives. There are in fact numerous examples of
16
Rosemary Black, Online dating grows in popularity, attracting 30 percent of Web users: poll, N.Y. Daily News,
Feb. 16, 2010, available at http://www.nydailynews.com/lifestyle/2010/02/16/2010-02-
16_online_dating_grows_in_popularity_attracting_30_percent_of_web_users_poll.html.
17
Shaheen Pasha, Online dating feeling less attractive, CNN/Money, Aug. 18, 2005 available at
http://money.cnn.com/2005/08/18/technology/online_dating/index.htm.
18
Wang Fangging, UK law furm says Facebook involved in 20% of divorce cases, Digital Journal, Dec. 23, 2009,
available at http://www.digitaljournal.com/article/284401
19
See Krikpatrick, supra note 4 at 153-9.
20
See Josh Catone, HOW TO: Plan a DIY Wedding Using Social Media, Mashable, Sept. 23, 2009,
http://mashable.com/2009/09/23/diy-wedding/.
21
Opinion of the Article 29 Data Protection Working Party on ‘Online Social Networking’ (May 2009), available at
http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp163_en.pdf (last visited Aug. 4, 2010) at 3.
6
governments around the world using social networking sites to carry out their duties. A few
In 2008 the U.S. State Department was able to secure the release of a US citizen in Egypt
who tweeted his arrest.22 Recently the Supreme Court of the State of Florida began using
Twitter to inform the public of its proceedings. 23 It is not just the United States that has
President Hugo Chavez of Venezuela has been known to use his Twitter account to make
public statements on behalf of the state; it was in fact this venue which he chose to use to
announce the sinking of a state owned natural gas rig in 2010. 24 Interestingly, President Chavez
has also actively encouraged individuals to use Twitter as a way to report illegal activities of
their fellow citizens.25 Beyond the use of his personal Twitter account which generated
674,000 followers in its first three months of existence, 26 President Chavez has encouraged his
comrades to infiltrate all the social networking platforms available to them, especially to
Of great interest to lawyers and law students throughout the world in Australia and New
Zealand social networking sites have become enmeshed in the process of the judiciary itself. In
22
Levy, supra note 12 at 151.
23
Florida Supreme Court begins using Twitter, The Fla. Bar News, May 1, 2010 (revised Aug. 5, 2010) available at
http://www.floridabar.org/DIVCOM/JN/JNNews01.nsf/Articles/24230DBBEB1E49798525770D004F703A.
24
Venezuelan natural gas rig sinks, BBC News, May 13, 2010, available at http://news.bbc.co.uk/go/pr/fr/-
/2/hi/americas/867991.stm.
25
Arthur Brice, Chavez says he’s gotten nearly 288,000 help requests though Twitter, CNN, July 20, 2010, available
at http://www.cnn.com/2010/WORLD/americas/07/20/venezuela.chavez.twitter/index.html.
26
Rory Carroll, Hugo Chavez embraces Twitter to fight online ‘conspiracy’, Guardian, April 28, 2010, available at
http://www.guardian.co.uk/world/2010/apr/28/hugo-chavez-twitter-venezuela.
27
Id.
7
2008 the Supreme Court of the Australian Capital Territory ruled that service of process via
facebook was permissible if no other approach was successful.28 New Zealand was not far
It is clear considering the expanded role and scope of social networking sites in modern
society that we must now take seriously the impact these sites have on national security and
Social networking sites pose a unique threat to national security. These threats are as
multifaceted as the social networking sites themselves. The size of social networking sites and
diversity of content makes individual users virtually immune from scrutiny. The instantaneous
nature of information sharing can thwart efforts by national governments to control situations
and reduce panic giving organizations which threaten national security an advantage. The
anonymous nature of most user interfaces allows social networking sites to be easily employed
important base to recruit and equip new members. Social networking sites can also be used to
gather importance intelligence information which can threaten national security. Additionally,
social networking sites have become so incorporated into daily communication that when they
unrelated sites which exercise important functions to go offline. While this list is in no way
28
Ronald J. Hedges, Kenneth N. Rashbaum, & Adam C. Losey, Electronic Service of Process at Home and Abroad, 4
The Fed. Courts L.Rev. 55, 68 (2009).
29
Id.
8
exhaustive, it does provide sufficient information to highlight the need to reexamine our
Many of these features which have been highlighted are in fact the reasons that
individuals use social networking sites in the first place. The vast majority of users will not
employ the sites in a way in which these features become a national liability rather than an
asset. However, as with most tools, the fact remains that in the wrong hands these features of
The sheer size of many of the population of the users itself is daunting when considering
policing. As of June 2008 Twitter has 190 million monthly users, 30 only slightly shy of the
population of the fifth most populous country in the world, Brazil.31 Facebook alone has over
500 million users32 exceeding the population of the twenty-seven nation European Union. 33 As
Tom Osborne, the chief of the Counterterrorism Internet Targeting Unit at the FBI said, the
overwhelming number of users on social networking sites causes “a certain level of detection
avoidance.” 34 When you consider that hundreds of social networking sites exist, 35 and consider
that many of the sites are connected with each other through access sharing authorized by
30
Erick Schonfeld, Costolo: Twitter Now Has 190 Million Users Tweeting 65 Million Times A Day, TechCrunch, June
8, 2010 (Quoting figures announced by Twitter Chief Opperations Officer Dick Costolo tweeted at the
Conversational Media Summit in New York June 2010), available at http://techcrunch.com/2010/06/08/twitter-
190-million-users/.
31
CIA World Fact Book Entry—Brazil—People, https://www.cia.gov/library/publications/the-world-
factbook/geos/br.html.
32
Krikpatrick, supra note 4 at 9.
33
CIA World Fact Book Entry—European Union—People, https://www.cia.gov/library/publications/the-world-
factbook/geos/ee.html.
34
Hoda Osman, Alleged Terrorists Used Social Network Sites, CBS News Investigates, May 19, 2010 available at
http://www.cbsnews.com/8301-31727_162-20005405-10391695.html.
35
Acquisti, supra note 3 at 1.
9
users, 36 one begins to understand just how difficult it would be to effectively monitor social
networking sites. This is compounded by the fact that each user may post multiple times in a
day. Twitter for example is limited to 140 characters per post, however as of February 2010 in
a single day 35 million tweets are sent- that is an average of 600 tweets per second.37 At that
rate one could expect over one billion tweets per month. This demonstrates not only that
keeping track of individual users poses a challenge, but also that keeping track of their activity is
an obstacle.
The diversity of content uploaded to the sites also makes them difficult to police. On
many sites a variety of media can be loaded including pictures which can signal hidden codes, 38
videos which can covey hidden meanings or be used for propaganda purposes, 39 third party
applications which can be programmed for a host of different uses, 40 and written messages
capable of conveying instructions or being used for propaganda and misinformation purposes. 41
The complexity and sophistication of content uploaded and shared though the sites makes
36
See Amanda Hardin & Haiwang Yuan, Twitter & Facebook: How to Sync Twitter with Facebook, DLPS Faculty
Publications, May 2009. Available at http://works.bepress.com/haiwangyuan/31. See also Nick O’Neill, Facebook
Now Promoting Twitter Export Feature To Page Admins. Are The Two Companies Moving Toward An Open
Relationship?, All Facebook, Aug. 27, 2009, available at http://www.allfacebook.com/facebook-promoting-twitter-
2009-08.
37
Measuring Tweets, Twitter Blog, posted by @kevinwell, February 22, 2010.
http://blog.twitter.com/2010/02/measuring-tweets.html
38
Timothy L. Thomas, Al Qaeda and the Internet: The Danger of “Cyberplanning”¸ 33 Parameters 112, 119 (2003).
39
Lt. Col. Gerald R. Gendron, Jr., Maj. Herminio Blas-Irizarry, Jesse W. Boggs, Next-Generation Strategic
Communication: Building Influence Through Online Social Networking, at 7, June 1, 2009 available at
http://jsoupublic.socom.mil/publications/jsou/JSOU09-6NextGenStratCom_Other.pdf.
40
See Al-Qaeda ‘plans to wage a holy war on Facebook’, Telegraph, Dec. 21, 2008, available at
http://www.telegraph.co.uk/news/worldnews/3885367/Al-Qaeda-plans-to-wage-holy-war-on-Facebook.html.
41
See Thomas, supra note 38 at 116.
10
The threats to national security posed by social networking sites are further exacerbated
when one considers the instantaneous nature of communications made though the sites.
Facebook status updates or Twitter tweets are updated immediately and available for
widespread consumption. It has been observed that news often arrives via tweet before the
story has broke in major media outlets.42 Communications on social networking sites can be
made instantly from any number of devices and accessed instantly by just as many devices. 43
Without delay individuals can send a message from a computer at an unsecured cyber-café in
Paris and it can be accessed almost instantly by someone with an iPhone in Seattle or someone
social networking sites, and the mobility and accessibility these sites offer in terms of
who pose a threat to national security can communicate propaganda and misinformation to a
vast audience before traditional authorities can mount any response, let alone an effective one.
Second, individuals can use the accessibility and instantaneous nature of the sites as a
A further threat to national security posed by social networking sites rests in the fact
that most sites operate off an anonymous user system. 44 While some sites require users to
register personal information which authenticates their identity, the vast majority, especially
42
U.S. Army Says Blogging Site ‘Twitter’ Could Become Terrorist Tool, FOX News, Oct. 27, 2008, available at
http://www.foxnews.com/story/0,2933,444089,00.html.
43
See Juwel Rana, Johan Kristiansson, Josef Hallberg, and Kåre Synnes, Challenges for Mobile Social Networking
Applications in Communications Infrastructure. Systems and Applications in Europe, Vol. 16, 275-276 (Springer
Berlin Heidelberg 2009).
44
See Thomas, supra note 38 at 115.
11
the most populous sites do not. These sites pair a user profile to an email. 45 Sometimes this
allows for authentication of the users identity, but that is not necessarily the case. Many email
accounts can be created on services such as “yahoo”, “hotmail”, and “gmail” without
registering any information such as a credit card which would allow for authentication of
identity. This anonymity of identity can be abused by enemies of the state in order to mask
their true identities and filter communications though a non-suspect internet site. Essentially,
social networking sites allow individuals and organizations who pose a threat to national
security an additional way to play a “shell game” with their identities by allowing them to
quickly form new identities and continue communications with their peers. 46
Another threat to national security is created by social networking sites because they
allow terrorist organizations and other groups who pose a risk to national security a fertile
ground in which to recruit and retain new operatives. 47 Individuals post a vast amount of
personal data on social networking sites and this data is more often than not accurate when
present. 48 Much of this data concerns the religious, political, and philosophical opinions of the
users which allow these groups easy contact points to identify individuals and approach them
The availability of social networking sites as a recruitment tool has not escaped the
45
See generally Miller, supra note 10 at 554.
46
See Thomas, supra note 38 at 115.
47
See Id. at 117-118.
48
Acquisti, supra note 3 at 13.
49
See Thomas, supra note 38 at 118.
12
message board which was subsequently identified and translated indicating their intent to use
the social networking giant Facebook for recruitment purposes.50 One post on the message
board expressly stated “Facebook is perfect for reaching young people and fight the media.” 51
In another disturbing post it was stated “If American politicians like Barack Obama can use it to
win an election we can use it to take over the world.” 52 While we do not know what part
facebook now plays in the “radicalization and recruitment of terrorists”, both Faisal Shahzad
the Times Square Bomber and Umar Farouq Abdulmutallab the Christmas Bomber had active
facebook accounts. 53 The potential for groups which would threaten national security to use
social networking sites as a recruitment tool is in no way unique to Facebook. In 2008 when the
site was significantly smaller than it is now, the U.S. Army reported that Twitter had the
An additional threat to national security posed by social networking sites rests in the
ability of organizations which would threaten national security to use the sites as intelligence
gathering mechanisms.55 Many users disclose intimate and personal details on sites such as
facebook and twitter, and when this information is not secured intentionally or unintentionally
it can become way for hostile groups to learn facts which can compromise national security.
One very public example of such an opportunity occurred in the United Kingdom in 2009.
Almost immediately after it was disclosed that Sir John Sawyers was to become chief of the
50
Telegraph, supra note
51
Id.
52
Id.
53
Osman, supra note 34.
54
FOX News, supra note 42.
55
See generally Thomas, supra note 38 at 114.
13
Secret Intelligence Service, what we used to know as MI6, the Daily Mail discovered large
numbers of unsecured publically accessible pictures posted by Sir Sawyer’s wife which could
identify where the family traveled, who their friends were, and where they lived.56 These kind
of details in the hands of an organization hostile to national security interests could prove
disastrous. Sir Sawyer’s experience highlights yet another way in which social networking sites
Finally, the nature of these sites could lead to widespread system failures due to limited
infrastructure. On August 6, 2009 a cyber attack was launched against the site Twitter. 57
Shortly thereafter Twitter went offline for several hours. 58 Almost immediately the social
networking site Facebook began to experience serious problems. 59 The glitches with facebook
may have been a result of linked content between twitter and facebook which was exacerbated
when users tried to access the sites.60 Right after Facebook and Twitter were attacked users
began to report problems with some services offered by Google which operates a popular
search engine and email service among other products.61 While this might seem only a minor
inconvenience, such a perspective ignores the fact that expanding segments of state and local
governments as well as the federal government are contracting with Google to provide
important services such as education services and data storage for coordinated emergency
56
Krikpatrick, supra note 4 at 300.
57
John D. Sutter, Twitter hit by denial-of-service attack, CNN, August 6, 2010 available at
http://edition.cnn.com/2009/TECH/08/06/twitter.attack/index.html.
58
Id.
59
Id.
60
Id.
61
Id.
14
responses. 62 One remarkable aspect of this widespread attack which affected two of the
largest social networking sites on the planet is that it was perpetrated by a single man in an
effort to silence a political opponent for one day. 63 This attack demonstrated the vulnerabilities
of communications reliant on social networking infrastructure, and showed how cyber attacks
against social networking sites can spiral out of control implicating the continuity of important
services which are significantly more imperative to our lives than keeping track of friends.
It is important to remember that social networking sites themselves are not inherently
bad; they can be used to promote democracy, the rule of law, and human rights. Twitter was
used by pro-democracy demonstrators to protest the 2009 elections in Iran. 64 What began in
2009 as one man’s Facebook group against the Columbian rebel group F.A.R.C. became a
twelve-million person worldwide march which resulted in the freeing of four hostages and
Facebook to protest rising food prices and were able to “…challenge the perception that there
is no prospect for independent, secular opposition in the country.” 66 However, the celebrated
successes of social networking sites in facilitating positive change are no reason to neglect the
very real threats these sites pose to national security. In their current form social networking
62
Kevin McLaughlin, Google Targets Federal, State Government With New Apps Offering, CRN, July 26, 2010.
Accessible at http://www.crn.com/software/226200290;jsessionid=MPKOOO2DNW3PFQE1GHPSKH4ATMY32JVN;
See Also Matthew Shaer, Google Apps to be a part of every classroom in Oregon, Christian Science Monitor, April
28, 2010. Accessible at http://www.csmonitor.com/Innovation/Horizons/2010/0428/Google-Apps-to-be-a-part-
of-every-classroom-in-Oregon.
63
Bobbie Johnson, Internet attacks ‘targeted Georgian blogger’, Guardian, Friday August 7, 2009 available at
http://www.guardian.co.uk/technology/2009/aug/07/internet-attacks-georgia-cyxymu.
64
Lev Grossman, Iran Protests: Twitter, the Medium of the Movement, Time, June 17, 2009 available at
http://www.time.com/time/wotld/article/0,8599,1905125,00.html.
65
See Krikpatrick, supra note 4 at 1-6.
66
Sherif Mansour, Op-Ed, Egypt’s Facebook Showdown, The Los Angeles Times, June 2, 2008 accessible at
http://articles.latimes.com/2008/jun/02/opinion/oe-mansour2.
15
sites are large communities, capable of instantaneous transmission of largely unfiltered and
serve as important recruiting tools for those who threaten national security, can serve as an
intelligence gathering mechanism, and are capable of disrupting national communication and
possibly government services, all realities which are compounded by the fact that users can
It is obvious that governments around the world must adapt current social networking
sites so that these risks can be eliminated or minimized. However in the search for answers we
must also remember that the individual users of these sites possess an inherent and
The use of social networking sites raises a number of concerns about human and civil
rights. For instance in the European Union and in states governed by the European Convention
on Human Rights there is an ongoing debate regarding to what extent the use of social
networking sites to broadcast opinions implicates the right to expression of opinions and
freedom of speech and thus requires protection. 67 In the United States there is a debate as to
the extent of protection which the First Amendment offers to activities on social networking
67
See Douwe Korff, Social Networking Sites and Freedom of Expression, 10 EU Data Protection Review (October
2009) available at
http://www.madrid.org/cs/Satellite?c=CM_Revista_FP&cid=1142570421730&esArticulo=true&idRevistaElegida=1
142560167740&language=en&pag=1&pagename=RevistaDatosPersonalesIngles%2FPage%2FRDPI_home_RDP&sit
eName=RevistaDatosPersonalesIngles.
16
sites. 68 While these are pressing and fundamental questions, for the purposes of this paper the
examination of the human rights aspects of social networking sites will be limited to an
examination of the right to privacy of the individual against intrusion by the state.
At its core, the right to privacy is the right to be let alone by other people. 69 The right to
Privacy has been understood to include many components. In the United States the right to
privacy has been understood to protect dwellings and other private places, 70 the reproductive
expectation of privacy exists. 73 The European Court of Human Rights (ECHR) has concluded
that the right to a private life recognized in Article 8 of the European Convention on Human
Rights and Fundamental Freedoms is “a broad term not susceptible to exhaustive definition.” 74
However, the ECHR has determined that the right to a private life includes the physical and
psychological integrity of the person; multiple aspects of the person’s physical and social
identity including elements such as gender identification, name, sexual orientation, and sexual
life; means of personal identification and of linking to a family; information about a person’s
health; an individual’s ethnic identity; the right to personal development including the right to
68
See Brandon James Hoover, The First Amendment Implications of Facebook, Myspace, and other Online Activity
of Students in Public High Schools, 18 S. Cal. Interdisc. L.J. 309 (2009).
69
Katz v. United States, 389 U.S. 347, 350 (1967) (citing Warren & Brandeis, The Right to Privacy, 4 Harv. L. Rev.
193 (1890).
70
Lawrence v. Texas, 539 U.S. 558, 562 (2003).
71
Id. at 564-5, (citing Griswold v. Connecticut, 381 U.S. 479(1965).
72
Id. at 578.
73
Katz, 389 U.S.at 359.
74
S. & Marper v. The United Kingdom, [GC] nos. 30562/04 and 30566/04 §66 ECHR-2008, available at
http://cmiskp.echr.coe.int/tkp197/view.asp?item=1&portal=hbkm&action=html&source=tkp&highlight=30562/04
&sessionid=57924444&skin=hudoc-en.
17
establish and develop relationships with other human beings and the outside world; and
elements relating to a person’s right to their image. 75 Interestingly, the ECHR has also
determined that “the mere storing of data relating to the private life of an individual amounts
Human rights which protects the right to privacy in Article 8 77 of all nationals within its
signatory jurisdiction and the American Convention on Human Rights which does the same in
Article 11 78. The vast majority of western countries have also recognized the right to privacy
though the International Covenant on Civil and Political Rights, which the United States helped
author, which expressly protects the right to Privacy in Article 17. 79 Taken together these
75
Id. at §66.
76
Id. at 04 §66, ECHR-2008 (citing Leander v. Sweden, 26 March 1987, § 48, Series A no. 116).
77
Convention for the Protection of Human Rights and Fundamental Freedoms art. 8, Apr. 11, 1960, 213 U.N.T.S.
221.
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in
accordance with the law and is necessary in a democratic society in the interests of national security,
public safety or the economic well-being of the country, for the prevention of disorder or crime, for
the protection of health or morals, or for the protection of the rights and freedoms of others.
78
American Convention on Human Rights art. 11, Nov. 22, 1969, 1144 U.N.T.S. 143.
1. Everyone has the right to have his honor respected and his dignity recognized.
2. No one may be the object of arbitrary or abusive interference with his private life, his family, his
home, or his correspondence, or of unlawful attacks on his honor or reputation.
3. Everyone has the right to the protection of the law against such interference or attacks.
79
International Covenant on Civil and Political Rights, 999 U.N.T.S. 171
18
that while the outer bounds of the right to privacy may be subject to some debate, the
The right to Privacy is an individual right which protects persons, not places or things. 80
While the right to privacy was historically limited to persons, their papers, and perhaps their
reputations, as technology has changed, the right to privacy has expanded to incorporate those
changes.
Consider for example a Supreme Court case from the United States which arose in 1967.
At issue was whether or not the right to privacy extended to a public phone booth that the
petitioner was using to conduct illegal business transactions. 81 The government argued that
the right to privacy could not cover the phone booth because the booth was constructed of
glass and the surveillance techniques employed involved no physical penetration of the
booth. 82 The Supreme Court disagreed. The court held that the right to privacy is intended to
cover people, not simply places or “areas”.83 The court noted that this outcome was required
by “…the vital role that the public telephone has come to play in private communication.” 84
Any intrusion into the phone booth for the purposes of monitoring conversations would require
prior court authorization in accordance with due process guarantees. 85 This case, it is
important to note, was interpreting the Fourth Amendment to the United States Constitution
which, while it protects privacy interests, has only been held to protect certain privacy
80
Katz, 389 U.S. at 350.
81
Id. at 348.
82
Id. at 352.
83
Id. at 353.
84
Id. at 352.
85
Id. at 358-9. (citing Beck v. Ohio, 379 U.S. 89, 96-97).
19
interests, not all privacy interests which could be protected. 86 However, it does demonstrate
two things: the first being that the right to privacy is an individual right which protects persons
not just places, and the second that not all privacy interests are surrendered when an individual
These two premises show that social networking sites merit the protection of the right
to privacy. The content that individuals communicate via social networking sites is the same
content designed to be protected by the right to privacy. Essentially what persons and papers
were to enlightenment era thinkers, and what phone booths were at the end of the 20th
Social networking sites purport to grant users the ability to control what information is
shared with the world though privacy control features on the sites themselves. As more and
more users have added more and more content to the sites, users have demanded increased
control over the information that is shared via the sites.87 While it may be true that privacy
settings are not as extensive as all users would like them to be, this does not excuse users from
the responsibility of effectively using the tools they have to secure information. The user in
large part is the final gatekeeper of what information is disclosed to the public. When users
elect not to secure their information and it is made public, the user bears some responsibility
for that disclosure. Users in the digital world are best able to indicate that they have a
reasonable expectation of privacy for information and content by securing that information and
86
Id. at 350.
87
See Krikpatrick, supra note 4 at 208-9.
20
content: indeed there is little other way to communicate such an expectation prior to content
If a user elects not secure information, they have given the government the same access
as any other individual on the site. With the government in the same position as everyone else,
it can hardly be argued that the government is infringing upon the right to privacy; it is
completely acceptable for the government to collect, maintain, and mine such data. Such a
program was recently undertaken by the Library of Congress when they began archiving all
tweets which were not set to private. 88 This program, which was greeted which much
enthusiasm by the academic community, in no way offends the right to privacy of individuals
whose minor reflections on the day will be memorialized for all time. Though the government
though the Library of Congress now has access to a great deal of personal and probably private
information, the users in electing not to securing the information when given the choice
There are those who argue that the right to privacy does not attach to information
which is voluntarily disclosed in a forum like the internet because in disclosing the information
the individual has abandoned all expectations of privacy. 89 Essentially these individuals claim
that privacy is automatically foreclosed when information is posted online, including on social
networking sites.
88
Cecilia Kang, Library of Congress plan for Twitter: a big, permanent retweet, The Wash. Post, April 16, 2010,
available at http://www.washingtonpost.com/wp-dyn/content/article/2010/04/15/AR2010041505752.html.
89
Miller, supra note 10 at 551 (citing United States v. Gines-Perez, 214 F. Supp. 2d 205, 224-26 (D.P.R. 2002).
21
This argument misses the point on several fronts. First, as Katz demonstrates, not all
communication. Second, in the social networking world in which advanced privacy protections
exist information does not become less private because it has been shared with another user;
content loaded to social networking sites is not disclosed in the same way as it would be were
two individual to talk face to face on a crowded street. As has been shown, many
communications made via social networking sites are intended to be private. To extrapolate
that all sites on the internet are third party public forums would be the same as saying that no
expectation of privacy can exist once an outgoing letter has been handed over to Fed-Ex. We
would balk at the idea that the government could open out Fed-Ex packages on demand and
read through our most personal correspondence; the only difference between the Fed-Ex
example and the social networking example is that we hand the Fed-Ex employee paper while
we transfer electric signals to facebook. Either way, the right to privacy should not be defeated
Another counter argument made by those who seek disclosure of protected content on
social networking sites is that while the content may be protected, the relationship has changed
from user vis-à-vis site to site vis-à-vis government; if the sites elect to disclose information to
the government in the interests of national security, that is their choice to make. This
argument again misses an essential feature of the right to privacy which is that the right to
privacy is a personal right. If third party sites are allowed to disclose protected information,
22
then they have waived the right to privacy on behalf of their users without their users knowing-
In the final analysis, though the government clearly has an interest in the information
content of social networking sites, the information is private in nature when the user has
elected to make it so, and as such the content is protected from government intrusion, either
by the government or through third parties acting as their agents, by the right to privacy.
Government access to the information must be conducted in conformity with the due process
guarantees inherent in the right to privacy. Arguments which assail this point elevate form over
function and create arbitrary categories of protected and unprotected information. The digital
desktop is no less private than a physical desktop, and a facebook photo album no less
meaningful than its counterpart on a coffee table. In a world in which our lives are migrating
from the physical world into the digital realm, despite the associated risks, the right to privacy
must follow.
Discussion and debate concerning social networking sites in the United States has
largely focused on information sharing between private vendors, that is between social
networking utilities and other private corporate entities. While discussions of privacy and the
right to privacy have been an important public discourse, the debate has tended to leave out
23
national security and government implications with respect to social networking sites. This
Recently the Cybersecurity Bill was introduced into the 111th Congress. 90 The bill has
moved quickly though the legislative process and is now awaiting a final vote in the full
Senate. 91 The bill in its findings recognizes the threats posed by cyber attacks against the
United States, and recognizes the threats posed by the compromising of private information
networks. 92 It gives the President of the United States authority to declare a “cyber
emergency” and shut down critical networks on the internet whether public or private.93 While
the bill is drafted to protect larger cyber national security issues, it implicates social networking
sites, because these sites could conceivable by included within those which the President has
the authority to shut down. By temporarily suspending service to websites including social
media networking, the government will be able to terminate or suspend communications made
through these sites, and protect national cyber infrastructure— both concerns which were
highlighted earlier in this paper with respect to national security threats posed by social
networking sites. Because the bill does not grant the government access to information on the
sites it shuts down, it respects the right to privacy of the individual users of the sites, even if it is
90 th
S. 773, 111 Cong. (2010).
91
Algela Moscaritolo, Rockefeller-Snowe bill clears Senate Committee, SC Magazine (Mar. 25, 2010), available at
http://www.scmagazineus.com/rockefeller-snowe-bill-clears-senate-committee/article/166557/.
92
S. 773 at §2.
93
S. 773, at §201.
24
S. 773 also takes meaningful steps towards increasing overall cybersecurity which will
protect users of social networking sites. In addition to establishing a panel of experts to advise
the president on cybersecurity matters, 94 the bill would also create incentives for government
funded research into determining the origin of any message sent on the internet and methods
improvements to the national cybersecurity infrastructure must be compatible with, and not
While the proposed Cybersecurity Bill should be applauded as a step in the right
direction, it is not yet law, and also does not do enough to combat the unique threats to
Similar to the situation in the United States, social networks have played an increasingly
important role in the lives of citizens of the European Union. As social networks have become
increasingly important, the governments of the European Union have begun to take an interest
in the privacy implications of cyber data, especially on social networking platforms. 97 The
debate in the European Union has been similar to that in the US in and of that EU legislators
have tended to focus on individual privacy concerns in conjunction with third parties more than
they have focused on privacy from government intrusion and national security concerns.
94
S. 773, at §401.
95
S. 773, at §302.
96
S. 773, at §210.
97
See ENISA Position Paper No. 1, Security Issues and Recommendations for Online Social Networks, Ed. Giles
Hogben (Oct. 2007) available at http://www.enisa.europa.eu/act/res/other-areas/social-networks/security-issues-
and-recommendations-for-online-social-networks.
25
However, there have been several developments in the EU which have taken a different path
First, the European Union has taken a much more proactive approach to ensuring the
privacy of data on social networking sites. In fact, the EU recently established that social
networking providers themselves are responsible for ensuring the privacy of the information of
their users.98 This places the burden for protecting information content on those who design
the user interfaces themselves. These providers are in the best position to ensure that private
data is not compromised even though they are not the final gatekeepers.
Additionally, the EU has taken the approach of engaging social networking sites on a
collaborative volunteer basis in a coordinated effort to tackle privacy concerns rather than
acting solely from a legislative perspective. 99 While this effort has again focused on protecting
the right to individual privacy from other users especially in the case of protecting minors, 100 it
is nonetheless important because it identifies a third way to engage social networking sites
Also, the European Union has established an independent agency to monitor and
coordinate internet security issues. This agency is the European Network and Information
Security Agency (ENISA). ENISA works to develop a culture of internet security which benefits
citizens, consumers, businesses, and public sector organizations in the European Union. 101
98
Article 29 Data Protection Working Party, supra note 21 at 3.
99
Safer Social Networking Principles for the EU, pg. 1 (Feb. 10, 2009) available at
http://ec.europa.eu/information_society/activities/social_networking/index_en.htm.
100
Id.
101
About ENISA, http://www.enisa.europa.eu/about-enisa (last visited Aug 6, 2010).
26
ENISA works with the European Commission, EU Member States, and the business community
to respond and especially prevent network and information security problems. 102 ENISA is a
“body of expertise” set up to carry out specific technical and scientific tasks within the field of
information security. 103 ENISA also assists the European Commission in technical and
preparatory work for updating and developing EU wide legislation in the field of network and
information security. 104 The European Network and Information Security Agency is an
important instrument in preserving both the privacy and national security interests of
stakeholders in social networking sites. By creating a dynamic institution which works with the
public and private sector and is simultaneously charged with defending both privacy concerns
and public sector security issues. The technical expertise of ENISA also works to the advantage
Another important component in the EU fight to protect and secure social networking
sites is that EU privacy directives have extraterritorial application.105 Even if a social networking
provider is headquartered outside of the European Economic Area, their sites must comply with
the privacy and security requirements of social networking EU directives. This is important
since data and information on social networking sites are routinely accessed and
When taken together, EU engagement with social networking site providers, their
willingness to require privacy and user friendly default settings, their foresight in establishing
102
Id.
103
Id.
104
Id.
105
Article 29 Data Protection Working Party, supra note 21 at 5.
27
ENISA, and the extraterritoriality component of EU privacy directives work together to protect
As has been demonstrated, there are serious national security threats posed by social
networking sites. However almost all new technologies can be co-opted to negative ends and
pose a threat to national security. That having been said, these technologies, including social
networking sites, can create increased efficiency in our daily lives and help us realize protected
rights. As such we must be mindful therefore when we are seeking solutions which will
improve national security that we protect our rights with respect to these new technologies.
There will be times when a decrease in our rights, such as the right to privacy, will lead to an
increase in our national security. However, that is not always the case, and even when it is
there may be times when the protected rights are more important than the incremental
increase in national security. The best solution whenever possible will be to seek those
adjustments to technologies, including social networking sites, which will best protect our
national interest without sacrificing our protected rights, including the most cherished right to
privacy.
I. User Authentication
One way to decrease the threat posed by social networking sites is to remove their
28
A common method of verification employs a nominal financial fee to authenticate
identity. This is the method employed by the United States Postal Service to authenticate
online orders for mail forwarding. 106 In this method the financial data collected though the
processing of the nominal fee is cross-referenced with the forwarding information to validate
the identity of the individual ordering the service. The same type of fee verification system
could be used by social networking sites to ensure the identity of their profile holders.
Another method of user authentication could be achieved through the use of some
sensitive identification information which could be paired to user profiles. An example would
be use of a social security number, driver’s license number, or some other equivalent. Pairing
profiles with this sensitive information would allow providers of social networking sites to
None of these authentication measures are fool proof; both of them are capable of
failure as a result of identity theft which occurs frequently online.107 Additionally, the social
networking site service providers themselves may be hostile to the concept of user
authentication; the sites derive their value from the number of users, and any additional
hurdles to creation or maintenance of user profiles will decrease their attractiveness thereby
hindering the value of the service they provide. 108 There is also the concern that user
106
See Official Change of Address Form—US Postal Service (USPS),
https://moversguide.usps.com/icoa/flow.do?_flowExecutionKey=_c6BED6D8D-1D83-107E-8237-
5CC828FFFE19_k96CC9254-B53D-70C9-89DC-5EC7F9833541, (stating “A valid credit card and a valid email address
are required to complete the Online Change of Address process. For your security, the credit card billing address
MUST match the address you are moving from or the address you are moving to (for business moves it must
match the address you are moving from).”(emphasis added)).
107
See Hogben, supra note 97 at 12-4.
108
Acquisti, supra note 3 at 2.
29
authentication could be abused by governments hostile to dissent in order to identify and
suppress opposition- indeed the anonymity with which these sites operate is one of the key
That having been said, all of the authentication measures would allow governments
increased ability to track and identify threats to national security without infringing upon the
users right to privacy for information and content contained on social networking sites.
Governments following traditional due process requirements would now be able to effectively
serve warrants for information to social network providers when they have met the
requirements for such warrants. In this way national security is increased without any
One way to protect the right to privacy of users of social networking sites without
threatening national security would be to require social network providers to set the default
settings on their sites to not share data, that is require the default setting to be private. This is
what some governments have done or advocated for, especially where at risk populations such
as children are concerned. 109 Users frequently leave intact whatever default settings are
109
Safer Social Networking Principles for the EU, supra note 99 at 7.
30
suggested by the provider. 110 Requiring default settings to be set to private will protect
privileged information and create incentives for users to learn privacy settings.
One study of facebook users showed that almost 77% of users did not read the sites
privacy disclosures and reading the disclosures did not make users more knowledgeable about
the sites activities. 111 With this information in mind it becomes easy to understand why default
There have been those who have argued that the massive adoption social networking
sites indicates that privacy is dead.112 However social networking site users themselves have
vehemently refuted this claim. Facebook recently dabbled with user privacy in early 2010 they
made the choice to alter privacy settings to share information with third parties. The idea was
to use facebook information on third party sites to allow for instant “personalization” of the
third party site. 113 As a part of the changes, information which previously could have been kept
private by the user was made public. 114 This decision was met with outrage by many, including
four United States Senators who wrote a letter to Facebook CEO Mark Zuckerberg asking him to
reverse the policy. Instead of unrestricted sharing “[t]he default policy should be one of
privacy, and users should have to choose to share their information, not the other way
110
Acquisti, supra note 3 at 77.
111
Id. at 18.
112
See Helen A.S. Popkin, Privacy is Dead on Facebook. Get Over It., msnbc.com (Jan. 13, 2010) (discussing Mark
Zuckerburg’s statements about the social norm of privacy evolving over time),
http://www.msnbc.msn.com/id/34825225/.
113
Letter from Charles Schumer, Unites States Senator, to Mark Zuckerburg, CEO of Facebook (April 27, 2010)
(available at http://schumer.senate.gov/record.cfm?id=324226&)
114
Id.
31
around.” 115 The Senators observed that “[t]he current policy puts at risk users who are not
technically proficient enough to change the settings, or are not aware of the changed privacy
policy.” 116 In addition to submitting the letter to Mr. Zuckerburg, Senator Charles Schumer
asked the Federal Trade Commission to examine the privacy disclosures of social networking
sites and provide guidelines for the use of private information and prohibit access without user
permission. 117 This event is important in no small part because it demonstrates that key
members of the government recognize the privacy interests of individual in the content on their
Default privacy settings are also important to national security concerns because they
would deprive hostile groups access to much information that is currently broadcast for the
world to see. As has already been demonstrated, users tend not to adjust default privacy
settings, and users tend to post much information private in nature. While we can not
speculate whether or not situations like that of Sir John Sawyer would continue even with more
secure default settings, it would make it more difficult for these types of incidents to take place.
Adjusting the default privacy setting on social networking sites to private protects the
privacy interests that the constitution and the International Covenant on Civil and Political
Rights were designed to protect and helps restrict information access to organizations which
115
Id.
116
Id.
117
Id.
32
Part of the threat social networking sites pose to national security rests in the ability of
terrorist organizations and other groups which pose a threat to national security to use social
media sites as recruitment tools and media outlets. One way to combat this threat if for
The government national security apparatus and national news media can use social
networking sites to their advantage. Instead of misinformation being distributed, the media
can use the speed of twitter or facebook to connect to millions of users instantly with verifiable
information consumers can rely on. The United States Military can beat the terrorists at their
own game and use social networking sites to identify and recruit individuals who are at risk of
being enlisted by radical organizations. All the opportunities which social networking sites
present to terrorists and others who would threaten the security of the nation are also present
There is some evidence that this reality is beginning to be understood by the United
States national security apparatus and traditional media players. Facebook and Twitter profiles
are now common for many news outlets such as CNN and NPR. Additionally, the US State
Department recently began a Twitter feed in an effort to promote accessibility and increased
communication about the activities of the State Department throughout the world.118 These
pioneers of engaging social networking sites should be applauded, and others should follow in
their path.
118
StateDep (StateDep) on Twitter, http://twitter.com/statedept (last visited Aug. 6, 2010).
33
Entering the new social networking environment may be difficult for some traditional
actors, and especially where the government is concerned we must ensure that human rights
and civil liberties are respected. However given the massive popularity that these sites possess,
According to one recent assessment users post over 3 billion photos per month— or
almost 1,000 pictures a second— on one social networking site: facebook. 119 With an
astonishing number like that, it is difficult to see what one could do which would improve
privacy and national security. The answer to both employs facial recognition software.
Facial recognition software is a computer program which uses set search parameters
extrapolated from a sample image to identify the same facial parameters in other images.120
The idea is to allow computer programs to scan pictures and identify who is in them.
As it currently stands, users of facebook and other social networking sites do not have
control over pictures of themselves on the sites. In fact many users may not know that others
have uploaded their picture to the site. While facebook does require users to assert that they
have the right to use the picture, this does not extend to requiring consent from the subject of
the picture. As a result, many individuals may unwittingly have photos of themselves in
compromising circumstances posted online for all to see. 121 Facebook does notify users that
119
Global data storage to reach one zettabyte, BBC World Service, (first broadcast July 26, 2010),
http://www.bbc.co.uk/worldservice/news/2010/07/100726_data_wt_sl.shtml.
120
Miller, supra note 10 at 560-1.
121
Id. at 561.
34
they have been “tagged” in a photo, but there is no requirement that those uploading the
photos actually tag individuals present. One could also go though each picture on facebook and
make sure they are not a subject. However, with over 1,000 photos a second being uploaded it
would be a tremendous understatement to say that a few are bound to slip through the cracks.
Governments could require that social networking site providers who allow users to
upload photos also employ facial recognition software to identify the individual subjects of each
photo. Governments could further require that when a user has been identified as a subject
that the site notify the user and give the user the ability to either tag the photo or request its
removal. Users who did not wish to allow social networking sites to create a facial recognition
profile could be given an opt-out ability to ensure the anonymity of their facial parameters. If
facial recognition software is employed in this way it can empower users of social networking
sites and give them the tools necessary to manage online privacy at 1,000 photos per second.
program in social networking sites. That benefit derives from the fact that law enforcement
agencies and national security officers could, with proper authorization which respects human
rights and civil liberties, issue a warrant for pictures on social networking sites of persons of
interest. With the vast amount of photos uploaded each and every day it is quite possible that
suspects will be identified in some pictures even if they do not have profile pictures themselves.
The specter of such an Orwellian conglomeration of raw information and ease of identification
ability makes hesitancy to embrace such a program, or outright rejection of such an idea, more
35
than understandable. However the reality remains that facial recognition software properly
incorporated into social networking sites has the potential to simultaneously be a tremendous
Social networking sites such as facebook and twitter have become too important in
modern society to allow unrestricted access by the government. Individual users employ these
sites for many functions including written intrapersonal communication, visual content sharing,
and planning personal and family life. As such, the content on social networking sites must be
protected by the Right to Privacy as it has been expressed in the International Covenant on Civil
and Political Rights and the 4th Amendment to the United States Constitution. However, the
information content and structure of social networking sites pose a very real threat to national
A balance must be struck between the right to privacy and national security interests.
That balance rests where it has always rested; in due process by governments seeking to obtain
information. However there are several steps which could and should be taken to amend the
operation of social networking sites to protect both the right to privacy and national security.
First, social networking sites should require authentication of user profiles. There are
several ways to do this each with their own strengths and weaknesses. However such
authentication would help governments identify threats to national security and engage in the
appropriate processes to abate the threat. Second, social networking sites should take
36
responsibility for the privacy interests of their users and set the default setting to private; doing
so helps protect users who might otherwise not understand that they are waiving their right to
privacy and denies organizations hostile to national security access to such information. Third,
traditional media players and members of the national security apparatus should embrace
social networking sites as a key recruitment and communications tool. Not doing so allows
others who may be hostile to our national interests an advantage. Fourth, social networking
sites should be required to adopt facial recognition software which can be used by national
security officials to identify the location of known suspects and by users to ensure the integrity
Social networking sites have revolutionized the way we communicate with one another
and have become an integral part of our social identities. Unrestricted government access to
social networking sites would be a serious affront to the right to privacy. Nonetheless social
networking sites in their current form pose a serious and largely unrealized threat to national
security. Governments can and should regulate these sites in such a way as to maximize the
right to privacy and minimize the threat to national security. What government cannot do is to
37