Privacy: Facebook Lockout

When I was in another city today, I tried to log in to Facebook with my netbook.

But I couldn’t. Not because I don’t know the password or user name or email address. According to Facebook,

Facebook: Your account is temporarily locked.  We don't recognize the device you are using.  Please answer a few questions to keep your account safe."

Q: How can it not recognize this device? I’ve been using this computer a lot lately. I even logged into Facebook from it earlier today.

A: Facebook isn’t being strictly truthful here, because it isn’t really looking at the device (computer) I’m using. What it is actually doing is looking at the IP address my computer is using to log in. It isn’t my regular IP address.

Even so, I have logged into Facebook from this IP address, within the last month, in fact, but not often.

But what the hey, I wanted to check something, so I clicked “continue.”

But Facebook didn’t actually ask me to answer any security questions. There was a captcha which I answered correctly. But that wasn’t all. I was given two options:

  1. I could log in from my usual device. Well, as I said, I was using my usual device. But my usual IP address was in a different city, so that wasn’t an option at all.
  2. Or I could tag people. Facebook showed me several screens of photos, a few of people I know on Facebook, but most that I didn’t recognize. Some included minor children.

I declined to tag people, because that is something I never do. Well, almost never. I’ll tag someone who is promoting something I support.

When I got back today, Facebook allowed me to log in on this computer, because I am again connected via the usual IP address.

Q: Why does Facebook want us to tag people?

A: Before the Internet, marketing companies used to hire people to be focus groups, and to take surveys. Today they buy information about our socio-economic status, preferences, who we know, and what we do from websites like Facebook.

Our personal information is valuable, and not just to marketing departments who want to sell us things, but insurance companies, who might decide we are high risk, or potential schools or employers.

And we know, too, that this information is made available to government agencies, very often without even a search warrant.

Some people don’t think having the government looking over our shoulders is a problem. After all, we’ve done nothing wrong, we’ve nothing to hide, right?

Well. Thanks to Edward Snowden, we now know just how insidious NSA is. Funny thing, it isn’t just the emergence of Big Brother that is worrisome. Computer error is far more probable, and possibly even more devastating.

When the NSA sucks up everything on the Internet, it is far too much data for human beings to analyze. What happens is that automated processes will use face recognition software to identify bad guys, but instead of mug books, they use photos on the Internet. Photos on Facebook, for instance. And it is doubtful their robots are as clever as my bot friends @X11R5 and @question. Mistakes will be made.

Any science fiction fan can tell you just how insane it is to give machines dominion over human beings. The idea that machines get to decide whose door Homeland Security or GCHQ or CSIS decide to break down is pretty scary.

And if Facebook is going to lock me out because I won’t tag people, so be it. As a self publishing author, I give up lots of personal information online, but it is my choice, and my information. If I tag people I don’t know, or know only peripherally, it is their privacy I’m jeopardizing.

I don’t give out any more personal information than I absolutely have to. If this was really a security thing, my not tagging people should have proven my identity. I think what Facebook really wanted to find out was whether I knew the friends and families of my Facebook friends.

And that is none of Facebook’s business.


Post Script:
I’ve been asked to explain “tagging” for people who don’t use Facebook.

Tagging in Facebook is the act of identifying and naming the people in a photograph posted on Facebook. When tagging, you hover the cursor over a part of the photo, and then type in the name of the person. You used to be able to type any name, but they have changed it so that it has to be a name on a Facebook account. However, you can tag a photo with a wrong name.

When you tag a photo, the person whose name you use receives a notification. Because of this, a lot of people tag photos with the names of the people who they want to see the photo. If you’re an environmentalist, you might tag a photo of the Tar Sands with the name of your environmentalist Facebook friends. Or you might tag a photo of a rock star with the name of your friend who is a big fan. If you mis-identify someone, they know about it, and presumably can complain.

There are so many ways this information can be misinterpreted or abused.

Privacy vs. Telemarketers: Canada’s “Do Not Call List”

Although I still have misgivings, I am about to register my telephone number on Canada’s National Do Not Call List (DNCL).

I know, you are wondering: if this can stop telemarketing calls, what’s not to love?

In order to register on the National Do Not Call List (DNCL) personal information will be collected, used and disclosed by the National DNCL Operator in order to register, verify and de-register residential, wireless, fax or VoIP telephone number(s) on the National DNCL. The numbers registered by consumers on the National DNCL will be disclosed to telemarketers and clients of telemarketers and other subscribers to the National DNCL to prevent telemarketing calls to those numbers. The numbers may also be disclosed, on a confidential basis, by telemarketers and clients of telemarketers and other subscribers to the National DNCL to another person involved in supplying the subscriber with services to enable compliance with the National DNCL Rules.  In addition, personal information will be collected, used and disclosed by the National DNCL Operator, the CRTC and/or its Complaints Investigator Delegate in order to investigate complaints regarding violations of the Unsolicited Telecommunications Rules, to administer and enforce these rules, and for audit and quality assurance purposes. Personal information may also be disclosed to Canadian and/or foreign law enforcement agencies for the purpose of administering or enforcing any law or carrying out a lawful investigation.

The catch 22 is that I must first allow my personal information to be “collected, used and disclosed by the National DNCL Operator in order to register, verify and de-register residential, wireless, fax or VoIP telephone number(s) on the National DNCL.”

If that isn’t bad enough, the National DNCL will then “disclose my registered phone number to telemarketers and clients of telemarketers and other subscribers to the National DNCL to prevent telemarketing calls to those numbers.”

“The numbers may also be disclosed, on a confidential basis, by telemarketers and clients of telemarketers and other subscribers to the National DNCL to another person involved in supplying the subscriber with services to enable compliance with the National DNCL Rules.

In addition, personal information will be collected, used and disclosed by the National DNCL Operator, the CRTC and/or its Complaints Investigator Delegate in order to investigate complaints regarding violations of the Unsolicited Telecommunications Rules, to administer and enforce these rules, and for audit and quality assurance purposes. Personal information may also be disclosed to Canadian and/or foreign law enforcement agencies for the purpose of administering or enforcing any law or carrying out a lawful investigation.”

National Do Not Call List

So the deal is, to stop telemarketers from abusing my privacy, I must first give up my privacy by handing my phone number over to an absurdly long list of faceless people and agencies:

  • National DNCL Operator
  • telemarketers
  • clients of telemarketers
  • other subscribers to the National DNCL
  • another person involved in supplying the subscriber with services
  • the CRTC
  • CRTC Complaints Investigator Delegate
  • Canadian law enforcement agencies
  • Foreign law enforcement agencies
Ontario Privacy Commissioner Ann Cavoukian

Ontario Privacy Commissioner Ann Cavoukian

Canada has been a world leader in the field of Privacy Law, with both federal and provincial privacy commissioners.  Recently I heard Ann Cavoukian talk about how we deserve to have our privacy protected, and that corporations need to implement “Privacy By Design.”

Still, handing over personal data feels like the opposite of personal privacy protection, particularly for someone whose only “loyalty” membership is with my bank that knows how I spend my money.  What is the point of protecting personal information from Facebook and the like if I hand my data over to a government agency that promises to pass it to the very telemarketers I wish to discourage?

Why Now?

Today, I just had a call from a telemarketer who curtly informed me that they “have no list.” When I started to explain the “Do Not Call List” he hung up on me at “Canadian Law.” The alacrity of his hangup suggests the DNCL might actually work. 

So maybe it is time to give the DNCL a shot. If it works, the only disadvantage I can see is that my husband will lose out on the entertainment value he currently derives from telemarketer baiting. When he has time, he makes them work hard, answering questions, providing information, and generally toys with them for as long as possible. The theory is that the best way to make them stop is to cost them money, but the problem is that there are just so many of them — for every company you teach not to call, hundreds or thousands of new ones pop up every day.

experiment

These days it seems as though I’m getting a handful of telemarketer calls every day. Total strangers are calling me up and very often asking for me by name, so they already have some of my personal information. For the past few years I’ve interrupted telemarketer pitches at start with the instruction to “remove me from the list”. I can’t really say whether or not if that helps, because the number of telemarketing calls seems fairly constant, but that’s just an impression; I don’t have any hard data.

Telephone modele U43 MGR Lyon (Cc-by-sa-2.0-fr Rama)To frame this adventure as an experiment, beginning tomorrow, on May 21st, 2013, I will start making a log of all the telemarketing calls we get. A month later, on June 21st, I will register with the DNCL and log the telemarketing calls we get over the following month.

I’ll let you know how it comes out. :)


Image Credits:
Screen Capture from Canada’s National Do Not Call List (DNCL) website

Ontario Privacy Commissioner Ann Cavoukian at the 2013 #GOopendata Conference by laurelrusswurm licensed under a Creative Commons Attribution 3.0 Unported License.

Telephone Photograph by Rama, found on the Wikimedia Commons, released under a Cc-by-sa-2.0-fr License