You are on page 1of 38

Virtually Ignored:

The Nexus of the Right to Privacy and National Security

on Social Networking Sites

David Grimes
Summer 2010

Prepared for Human Rights and National Security Class at Florida State University College of Law.
Not submitted to meet Upper Level Writing Requirement.
Part I: Introduction

Social networking sites have revolutionized the way in which we stay in contact. These

sites allow us to communicate by sharing audio and visual content, joining common interest

groups, sending messages, and disseminating written communications to large audiences. With

few exceptions, social networking sites know no national boundaries in any traditional sense.

These sites allow us to instantly communicate with individuals half the world away. The utility

of the sites has continued to increase as they have migrated off our computer screens and into

our pockets by way of smart phones and other connective devices. In many ways, these sites

put our entire social world literally at our fingertips.

As social networking sites have become more and more integrated into our daily lives, it

has become important to question what role the government should have in being able to

access the information contained on these sites. As individuals have increasingly relied on

these sites to express their opinions, associate with other, and coordinate their lives, it

becomes more and more imperative to ask what the government should and more importantly

should not be able to do with the content individuals entrust the social networking sites. What

was once considered a laughable or irrelevant inquiry can now be made very seriously: to what

extent does the right to privacy attach to the use of web based social networking sites?

As we examine the question of what rights should attach to social networking sites, we

must also be attentive to the very real risks to national security posed by the sites. The vast

majority of social networking sites are anonymous. While most users divulge their true

identities, there is little to require that they do so. Social networking sites can be used for
recruitment of operatives and intelligence gathering. These sites allow those who pose a threat

to national security a platform though which they can connect and disseminate information

quickly and anonymously across national borders. This set of circumstances leads us to our

second inquiry- to what extent can we protect interactions on social networking sites without

posing a serious threat to national security?

This paper will address those two inquiries. It will be shown that social networking sites

have become too integrated and fundamental in modern society to be considered unprotected

by the right to privacy. Rather government access of the sites must be tempered by the

traditional notions of privacy as they are embodied in the International Covenant on Civil and

Political Rights and the Fourth Amendment to the United States Constitution. However, the

paper will also highlight threats to national security posed by these sites, identify the

appropriate balance between the individual’s right to privacy and the state’s interest in national

security, and identify ways in which governments can achieve that balance.

Throughout this paper references will be made to the social networking giants

“Facebook” 1 and “Twitter”. 2 When functionality or phenomenon associated with one site is

identified it should unless otherwise noted be understood as not exclusive to the site itself, but

rather as an example of a more widespread aspect of social networking sites generally.

Part II: Social Networking Sites and Their Expanded Role in Modern Society

Social networking sites comprise a wide variety of internet websites which are utilized

by individuals in many different ways. A survey of all the sites which exist would be a work unto

itself, and at any rate is not necessary to the discussion. What is necessary however is a broad

definition of social networking site which will demarcate the types of sites at issue. For the

purposes of our paper a social networking site will be defined as any web-based internet utility

which is peer-driven and capable of disseminating content between users. 3

What is meant by web-based internet utility is that the site must be hosted and

accessed primarily though the world-wide-web; this differentiates social networking sites from

other similar utilities which require specific stand-alone applications to be installed on a device

in order to employ the utility. A peer-driven site is one in which content and connections are

generated or identified primarily by the users rather than those administering the site. A site

capable of disseminating information between users is one in which users can “share” content

directly with other users; this can be done passively though controlling static content to be

accessed or viewed by other users , or can be done actively by allowing message clients and

chat clients to instantly send specific information to specific users, or any combination thereof.

The earliest social networking sites to be popularized were “Geocities” and

“” which both launched in 1994. Though we would not consider them in the

same vein as more popular modern sites, they did in fact match the definition of social

See Alessandro Acquisti & Ralph Gross, Imagined communities: Awareness, information sharing, and privacy on
the Facebook. In P. Golle & G. Danezis (Eds.), Proceedings of 6 Workshop on Privacy Enhancing Technologies, at 2.
Cambridge, UK: Robinson College (2006). See Also Opinion of the Article 29 Data Protection Working Party on
‘Online Social Networking’ (May 2009), available at (last visited Aug. 4, 2010).
David Krikpatrick, The Facebook Effect 67 (Simon & Schuster 2010).
networking sites and allowed individuals to communicate with each other sharing content

between users. These sites however lacked what would later become a distinguishing feature

of the modern social networking site- the user profile.5 User profiles based upon the real

identities of individuals. When it is paired with an email address this can allow users to connect

with other users though to create an online community that in many ways reflects the realities

of relationships in a physical community. 6 The first of the modern social networking site based

almost completely off the user profile model was “SixDegrees” which while wildly successful at

one point was a victim of the dot-com but and is now extinct.7

Facebook began as a social networking site operating off the user profile model but with

an important variant; Facebook was a closed social network. Users profiles could only be

generated based upon access to an authorized official email account at specific institutions of

higher education. 8 This feature defined Facebook in its early years, and allowed users a great

deal of privacy control for the content they generated. This resulted because user profiles

could not be accessed outside of the educational network in which the user was enrolled. 9

Content could only be accessed by individuals outside of the users social network if the user

approved a “friend request” from a specific user outside the network. 10 This model did not

continue indefinitely however. In 2006 Facebook opened its user profile access so that any

Id. at 67-8.
Id. at 67-8.
Id. at 67-9.
Acquisti, supra note 3 at 2.
Id. at 2.
Samantha L. Miller, Note, The Facebook Frontier: Responding to the Changing Face of Privacy on the Internet, 97
Ky. L.J. 541, 544 (2008-2009).
individual with an email account could create a profile, even outside of educational

environments. 11 This caused a fundamental shift in use for facebook.

In July 2006, the social networking site “Twitter” was launched. 12 Twitter is a micro-blog

social networking service; users create a unique profile and can post “tweets” which are small

blocks of written text no longer than 140 characters. 13 Users “follow” other users which allows

them to view the tweets of individuals they are interested in.14

As social networking sites such as Facebook and Twitter have grown and expanded, so

too has the role they have played in culture and society.

Notably, social networking sites have allowed individuals to express opinions, associate,

and assemble in a virtual manner to demonstrate political power. In some respects, these

campaigns have been less than serious. Take for example the successful campaign launched on

Facebook to have Betty White host “Saturday Night Live”. 15 However, as will be discussed later,

in other ways social networking sites have altered the trajectory of entire nations.

Social networking sites have not been exclusively used by individuals in order to wield

political power. Individuals also use social networking sites to organize their personal and

private lives.

Steven Levy, Mob Rule! How Users Took Over Twitter, Wired, Nov. 2009, 148, 151.
Id. at 148.
Lisa de Moraes, Facebook campaign for Betty White pays off” ‘SNL’ posts election season numbers, Wash. Post,
May 11, 2010 available at
According to one recent survey, thirty percent of web users employ online dating

services. 16 Individuals have their choice of over 1,000 sites such as, or in order to meet other individuals with similar interests to engage in romantic

or other relationships.17 Additionally, a solicitor’s office in the United Kingdom demonstrated

the extent to which social networks have been integrated with life outside computers when

they found that twenty percent of all divorce petitions mentioned Facebook. 18

The extent to which individuals organize their private lives using social networking sites

is not limited to the creation or dissolution of romantic relationships. Individuals often use

social networking sites such as or facebook to disseminate personal photos to other

important people in their lives. 19 Additionally many events from birthday parties to weddings

are coordinated on social networking sites. 20 Beyond this type of sharing and coordination,

many family members use the messaging components of social networking sites to discuss

important personal issues with other members of their families.21

It is important to note that it is not simply private individuals who have begun

integrating social networking sites into their daily lives. There are in fact numerous examples of

Rosemary Black, Online dating grows in popularity, attracting 30 percent of Web users: poll, N.Y. Daily News,
Feb. 16, 2010, available at
Shaheen Pasha, Online dating feeling less attractive, CNN/Money, Aug. 18, 2005 available at
Wang Fangging, UK law furm says Facebook involved in 20% of divorce cases, Digital Journal, Dec. 23, 2009,
available at
See Krikpatrick, supra note 4 at 153-9.
See Josh Catone, HOW TO: Plan a DIY Wedding Using Social Media, Mashable, Sept. 23, 2009,
Opinion of the Article 29 Data Protection Working Party on ‘Online Social Networking’ (May 2009), available at (last visited Aug. 4, 2010) at 3.
governments around the world using social networking sites to carry out their duties. A few

examples may be useful.

In 2008 the U.S. State Department was able to secure the release of a US citizen in Egypt

who tweeted his arrest.22 Recently the Supreme Court of the State of Florida began using

Twitter to inform the public of its proceedings. 23 It is not just the United States that has

adapted to this new technology.

President Hugo Chavez of Venezuela has been known to use his Twitter account to make

public statements on behalf of the state; it was in fact this venue which he chose to use to

announce the sinking of a state owned natural gas rig in 2010. 24 Interestingly, President Chavez

has also actively encouraged individuals to use Twitter as a way to report illegal activities of

their fellow citizens.25 Beyond the use of his personal Twitter account which generated

674,000 followers in its first three months of existence, 26 President Chavez has encouraged his

comrades to infiltrate all the social networking platforms available to them, especially to

identify and report students who agitate against the government.27

Of great interest to lawyers and law students throughout the world in Australia and New

Zealand social networking sites have become enmeshed in the process of the judiciary itself. In

Levy, supra note 12 at 151.
Florida Supreme Court begins using Twitter, The Fla. Bar News, May 1, 2010 (revised Aug. 5, 2010) available at
Venezuelan natural gas rig sinks, BBC News, May 13, 2010, available at
Arthur Brice, Chavez says he’s gotten nearly 288,000 help requests though Twitter, CNN, July 20, 2010, available
Rory Carroll, Hugo Chavez embraces Twitter to fight online ‘conspiracy’, Guardian, April 28, 2010, available at
2008 the Supreme Court of the Australian Capital Territory ruled that service of process via

facebook was permissible if no other approach was successful.28 New Zealand was not far

behind; there service of process was authorized via facebook in 2009.29

It is clear considering the expanded role and scope of social networking sites in modern

society that we must now take seriously the impact these sites have on national security and

the expectation of privacy of their users.

Part III: Social Networking Sites and Threats to National Security

Social networking sites pose a unique threat to national security. These threats are as

multifaceted as the social networking sites themselves. The size of social networking sites and

diversity of content makes individual users virtually immune from scrutiny. The instantaneous

nature of information sharing can thwart efforts by national governments to control situations

and reduce panic giving organizations which threaten national security an advantage. The

anonymous nature of most user interfaces allows social networking sites to be easily employed

by terrorist organizations. Social networking sites provide terrorist organizations with an

important base to recruit and equip new members. Social networking sites can also be used to

gather importance intelligence information which can threaten national security. Additionally,

social networking sites have become so incorporated into daily communication that when they

are attacked, our limited communications infrastructure can be overwhelmed causing

unrelated sites which exercise important functions to go offline. While this list is in no way

Ronald J. Hedges, Kenneth N. Rashbaum, & Adam C. Losey, Electronic Service of Process at Home and Abroad, 4
The Fed. Courts L.Rev. 55, 68 (2009).
exhaustive, it does provide sufficient information to highlight the need to reexamine our

attitudes towards privacy and national security on social networking sites.

Many of these features which have been highlighted are in fact the reasons that

individuals use social networking sites in the first place. The vast majority of users will not

employ the sites in a way in which these features become a national liability rather than an

asset. However, as with most tools, the fact remains that in the wrong hands these features of

social networking sites pose a very serious risk to national security.

The sheer size of many of the population of the users itself is daunting when considering

policing. As of June 2008 Twitter has 190 million monthly users, 30 only slightly shy of the

population of the fifth most populous country in the world, Brazil.31 Facebook alone has over

500 million users32 exceeding the population of the twenty-seven nation European Union. 33 As

Tom Osborne, the chief of the Counterterrorism Internet Targeting Unit at the FBI said, the

overwhelming number of users on social networking sites causes “a certain level of detection

avoidance.” 34 When you consider that hundreds of social networking sites exist, 35 and consider

that many of the sites are connected with each other through access sharing authorized by

Erick Schonfeld, Costolo: Twitter Now Has 190 Million Users Tweeting 65 Million Times A Day, TechCrunch, June
8, 2010 (Quoting figures announced by Twitter Chief Opperations Officer Dick Costolo tweeted at the
Conversational Media Summit in New York June 2010), available at
CIA World Fact Book Entry—Brazil—People,
Krikpatrick, supra note 4 at 9.
CIA World Fact Book Entry—European Union—People,
Hoda Osman, Alleged Terrorists Used Social Network Sites, CBS News Investigates, May 19, 2010 available at
Acquisti, supra note 3 at 1.
users, 36 one begins to understand just how difficult it would be to effectively monitor social

networking sites. This is compounded by the fact that each user may post multiple times in a

day. Twitter for example is limited to 140 characters per post, however as of February 2010 in

a single day 35 million tweets are sent- that is an average of 600 tweets per second.37 At that

rate one could expect over one billion tweets per month. This demonstrates not only that

keeping track of individual users poses a challenge, but also that keeping track of their activity is

an obstacle.

The diversity of content uploaded to the sites also makes them difficult to police. On

many sites a variety of media can be loaded including pictures which can signal hidden codes, 38

videos which can covey hidden meanings or be used for propaganda purposes, 39 third party

applications which can be programmed for a host of different uses, 40 and written messages

capable of conveying instructions or being used for propaganda and misinformation purposes. 41

The complexity and sophistication of content uploaded and shared though the sites makes

identifying threats to national security much more difficult.

See Amanda Hardin & Haiwang Yuan, Twitter & Facebook: How to Sync Twitter with Facebook, DLPS Faculty
Publications, May 2009. Available at See also Nick O’Neill, Facebook
Now Promoting Twitter Export Feature To Page Admins. Are The Two Companies Moving Toward An Open
Relationship?, All Facebook, Aug. 27, 2009, available at
Measuring Tweets, Twitter Blog, posted by @kevinwell, February 22, 2010.
Timothy L. Thomas, Al Qaeda and the Internet: The Danger of “Cyberplanning”¸ 33 Parameters 112, 119 (2003).
Lt. Col. Gerald R. Gendron, Jr., Maj. Herminio Blas-Irizarry, Jesse W. Boggs, Next-Generation Strategic
Communication: Building Influence Through Online Social Networking, at 7, June 1, 2009 available at
See Al-Qaeda ‘plans to wage a holy war on Facebook’, Telegraph, Dec. 21, 2008, available at
See Thomas, supra note 38 at 116.
The threats to national security posed by social networking sites are further exacerbated

when one considers the instantaneous nature of communications made though the sites.

Facebook status updates or Twitter tweets are updated immediately and available for

widespread consumption. It has been observed that news often arrives via tweet before the

story has broke in major media outlets.42 Communications on social networking sites can be

made instantly from any number of devices and accessed instantly by just as many devices. 43

Without delay individuals can send a message from a computer at an unsecured cyber-café in

Paris and it can be accessed almost instantly by someone with an iPhone in Seattle or someone

with a satellite laptop in Jerusalem. The instantaneous nature of communications made on

social networking sites, and the mobility and accessibility these sites offer in terms of

communication consumption poses a two-pronged threat: First, individuals and organizations

who pose a threat to national security can communicate propaganda and misinformation to a

vast audience before traditional authorities can mount any response, let alone an effective one.

Second, individuals can use the accessibility and instantaneous nature of the sites as a

command and control structure for their operatives in the field.

A further threat to national security posed by social networking sites rests in the fact

that most sites operate off an anonymous user system. 44 While some sites require users to

register personal information which authenticates their identity, the vast majority, especially

U.S. Army Says Blogging Site ‘Twitter’ Could Become Terrorist Tool, FOX News, Oct. 27, 2008, available at,2933,444089,00.html.
See Juwel Rana, Johan Kristiansson, Josef Hallberg, and Kåre Synnes, Challenges for Mobile Social Networking
Applications in Communications Infrastructure. Systems and Applications in Europe, Vol. 16, 275-276 (Springer
Berlin Heidelberg 2009).
See Thomas, supra note 38 at 115.
the most populous sites do not. These sites pair a user profile to an email. 45 Sometimes this

allows for authentication of the users identity, but that is not necessarily the case. Many email

accounts can be created on services such as “yahoo”, “hotmail”, and “gmail” without

registering any information such as a credit card which would allow for authentication of

identity. This anonymity of identity can be abused by enemies of the state in order to mask

their true identities and filter communications though a non-suspect internet site. Essentially,

social networking sites allow individuals and organizations who pose a threat to national

security an additional way to play a “shell game” with their identities by allowing them to

quickly form new identities and continue communications with their peers. 46

Another threat to national security is created by social networking sites because they

allow terrorist organizations and other groups who pose a risk to national security a fertile

ground in which to recruit and retain new operatives. 47 Individuals post a vast amount of

personal data on social networking sites and this data is more often than not accurate when

present. 48 Much of this data concerns the religious, political, and philosophical opinions of the

users which allow these groups easy contact points to identify individuals and approach them

as members of a common interest community. 49

The availability of social networking sites as a recruitment tool has not escaped the

attention of terrorist organizations. In 2008 Al-Qaeda members leaked information onto a

See generally Miller, supra note 10 at 554.
See Thomas, supra note 38 at 115.
See Id. at 117-118.
Acquisti, supra note 3 at 13.
See Thomas, supra note 38 at 118.
message board which was subsequently identified and translated indicating their intent to use

the social networking giant Facebook for recruitment purposes.50 One post on the message

board expressly stated “Facebook is perfect for reaching young people and fight the media.” 51

In another disturbing post it was stated “If American politicians like Barack Obama can use it to

win an election we can use it to take over the world.” 52 While we do not know what part

facebook now plays in the “radicalization and recruitment of terrorists”, both Faisal Shahzad

the Times Square Bomber and Umar Farouq Abdulmutallab the Christmas Bomber had active

facebook accounts. 53 The potential for groups which would threaten national security to use

social networking sites as a recruitment tool is in no way unique to Facebook. In 2008 when the

site was significantly smaller than it is now, the U.S. Army reported that Twitter had the

potential to be co-opted as a tool for terrorists.54

An additional threat to national security posed by social networking sites rests in the

ability of organizations which would threaten national security to use the sites as intelligence

gathering mechanisms.55 Many users disclose intimate and personal details on sites such as

facebook and twitter, and when this information is not secured intentionally or unintentionally

it can become way for hostile groups to learn facts which can compromise national security.

One very public example of such an opportunity occurred in the United Kingdom in 2009.

Almost immediately after it was disclosed that Sir John Sawyers was to become chief of the

Telegraph, supra note
Osman, supra note 34.
FOX News, supra note 42.
See generally Thomas, supra note 38 at 114.
Secret Intelligence Service, what we used to know as MI6, the Daily Mail discovered large

numbers of unsecured publically accessible pictures posted by Sir Sawyer’s wife which could

identify where the family traveled, who their friends were, and where they lived.56 These kind

of details in the hands of an organization hostile to national security interests could prove

disastrous. Sir Sawyer’s experience highlights yet another way in which social networking sites

can threaten national security.

Finally, the nature of these sites could lead to widespread system failures due to limited

infrastructure. On August 6, 2009 a cyber attack was launched against the site Twitter. 57

Shortly thereafter Twitter went offline for several hours. 58 Almost immediately the social

networking site Facebook began to experience serious problems. 59 The glitches with facebook

may have been a result of linked content between twitter and facebook which was exacerbated

when users tried to access the sites.60 Right after Facebook and Twitter were attacked users

began to report problems with some services offered by Google which operates a popular

search engine and email service among other products.61 While this might seem only a minor

inconvenience, such a perspective ignores the fact that expanding segments of state and local

governments as well as the federal government are contracting with Google to provide

important services such as education services and data storage for coordinated emergency

Krikpatrick, supra note 4 at 300.
John D. Sutter, Twitter hit by denial-of-service attack, CNN, August 6, 2010 available at
responses. 62 One remarkable aspect of this widespread attack which affected two of the

largest social networking sites on the planet is that it was perpetrated by a single man in an

effort to silence a political opponent for one day. 63 This attack demonstrated the vulnerabilities

of communications reliant on social networking infrastructure, and showed how cyber attacks

against social networking sites can spiral out of control implicating the continuity of important

services which are significantly more imperative to our lives than keeping track of friends.

It is important to remember that social networking sites themselves are not inherently

bad; they can be used to promote democracy, the rule of law, and human rights. Twitter was

used by pro-democracy demonstrators to protest the 2009 elections in Iran. 64 What began in

2009 as one man’s Facebook group against the Columbian rebel group F.A.R.C. became a

twelve-million person worldwide march which resulted in the freeing of four hostages and

emboldened Columbian citizens to actively oppose F.A.R.C. 65 Young Egyptians organized on

Facebook to protest rising food prices and were able to “…challenge the perception that there

is no prospect for independent, secular opposition in the country.” 66 However, the celebrated

successes of social networking sites in facilitating positive change are no reason to neglect the

very real threats these sites pose to national security. In their current form social networking

Kevin McLaughlin, Google Targets Federal, State Government With New Apps Offering, CRN, July 26, 2010.
Accessible at;jsessionid=MPKOOO2DNW3PFQE1GHPSKH4ATMY32JVN;
See Also Matthew Shaer, Google Apps to be a part of every classroom in Oregon, Christian Science Monitor, April
28, 2010. Accessible at
Bobbie Johnson, Internet attacks ‘targeted Georgian blogger’, Guardian, Friday August 7, 2009 available at
Lev Grossman, Iran Protests: Twitter, the Medium of the Movement, Time, June 17, 2009 available at,8599,1905125,00.html.
See Krikpatrick, supra note 4 at 1-6.
Sherif Mansour, Op-Ed, Egypt’s Facebook Showdown, The Los Angeles Times, June 2, 2008 accessible at
sites are large communities, capable of instantaneous transmission of largely unfiltered and

unverified information, capable of cooptation for propaganda and misinformation purposes,

serve as important recruiting tools for those who threaten national security, can serve as an

intelligence gathering mechanism, and are capable of disrupting national communication and

possibly government services, all realities which are compounded by the fact that users can

elect to remain anonymous.

It is obvious that governments around the world must adapt current social networking

sites so that these risks can be eliminated or minimized. However in the search for answers we

must also remember that the individual users of these sites possess an inherent and

fundamental right to privacy.

Part IV: The Right to Privacy

The use of social networking sites raises a number of concerns about human and civil

rights. For instance in the European Union and in states governed by the European Convention

on Human Rights there is an ongoing debate regarding to what extent the use of social

networking sites to broadcast opinions implicates the right to expression of opinions and

freedom of speech and thus requires protection. 67 In the United States there is a debate as to

the extent of protection which the First Amendment offers to activities on social networking

See Douwe Korff, Social Networking Sites and Freedom of Expression, 10 EU Data Protection Review (October
2009) available at
sites. 68 While these are pressing and fundamental questions, for the purposes of this paper the

examination of the human rights aspects of social networking sites will be limited to an

examination of the right to privacy of the individual against intrusion by the state.

At its core, the right to privacy is the right to be let alone by other people. 69 The right to

Privacy has been understood to include many components. In the United States the right to

privacy has been understood to protect dwellings and other private places, 70 the reproductive

choices of marital couples and individuals, 71 personal relationships including those of

homosexuals, 72 and the right to the confidentiality of conversations where a reasonable

expectation of privacy exists. 73 The European Court of Human Rights (ECHR) has concluded

that the right to a private life recognized in Article 8 of the European Convention on Human

Rights and Fundamental Freedoms is “a broad term not susceptible to exhaustive definition.” 74

However, the ECHR has determined that the right to a private life includes the physical and

psychological integrity of the person; multiple aspects of the person’s physical and social

identity including elements such as gender identification, name, sexual orientation, and sexual

life; means of personal identification and of linking to a family; information about a person’s

health; an individual’s ethnic identity; the right to personal development including the right to

See Brandon James Hoover, The First Amendment Implications of Facebook, Myspace, and other Online Activity
of Students in Public High Schools, 18 S. Cal. Interdisc. L.J. 309 (2009).
Katz v. United States, 389 U.S. 347, 350 (1967) (citing Warren & Brandeis, The Right to Privacy, 4 Harv. L. Rev.
193 (1890).
Lawrence v. Texas, 539 U.S. 558, 562 (2003).
Id. at 564-5, (citing Griswold v. Connecticut, 381 U.S. 479(1965).
Id. at 578.
Katz, 389 359.
S. & Marper v. The United Kingdom, [GC] nos. 30562/04 and 30566/04 §66 ECHR-2008, available at
establish and develop relationships with other human beings and the outside world; and

elements relating to a person’s right to their image. 75 Interestingly, the ECHR has also

determined that “the mere storing of data relating to the private life of an individual amounts

to an interference within the meaning of Article 8.” 76

Privacy exists as a legal patchwork arising from constitutions, court precedents,

legislative enactments, and multilateral agreements such as the European Convention on

Human rights which protects the right to privacy in Article 8 77 of all nationals within its

signatory jurisdiction and the American Convention on Human Rights which does the same in

Article 11 78. The vast majority of western countries have also recognized the right to privacy

though the International Covenant on Civil and Political Rights, which the United States helped

author, which expressly protects the right to Privacy in Article 17. 79 Taken together these

instruments of national law, multi-lateral agreements, and the UN convention demonstrate

Id. at §66.
Id. at 04 §66, ECHR-2008 (citing Leander v. Sweden, 26 March 1987, § 48, Series A no. 116).
Convention for the Protection of Human Rights and Fundamental Freedoms art. 8, Apr. 11, 1960, 213 U.N.T.S.
1. Everyone has the right to respect for his private and family life, his home and his correspondence.
2. There shall be no interference by a public authority with the exercise of this right except such as is in
accordance with the law and is necessary in a democratic society in the interests of national security,
public safety or the economic well-being of the country, for the prevention of disorder or crime, for
the protection of health or morals, or for the protection of the rights and freedoms of others.
American Convention on Human Rights art. 11, Nov. 22, 1969, 1144 U.N.T.S. 143.

1. Everyone has the right to have his honor respected and his dignity recognized.

2. No one may be the object of arbitrary or abusive interference with his private life, his family, his
home, or his correspondence, or of unlawful attacks on his honor or reputation.

3. Everyone has the right to the protection of the law against such interference or attacks.
International Covenant on Civil and Political Rights, 999 U.N.T.S. 171
that while the outer bounds of the right to privacy may be subject to some debate, the

importance of privacy as a protected right in modern civilization is without question.

The right to Privacy is an individual right which protects persons, not places or things. 80

While the right to privacy was historically limited to persons, their papers, and perhaps their

reputations, as technology has changed, the right to privacy has expanded to incorporate those


Consider for example a Supreme Court case from the United States which arose in 1967.

At issue was whether or not the right to privacy extended to a public phone booth that the

petitioner was using to conduct illegal business transactions. 81 The government argued that

the right to privacy could not cover the phone booth because the booth was constructed of

glass and the surveillance techniques employed involved no physical penetration of the

booth. 82 The Supreme Court disagreed. The court held that the right to privacy is intended to

cover people, not simply places or “areas”.83 The court noted that this outcome was required

by “…the vital role that the public telephone has come to play in private communication.” 84

Any intrusion into the phone booth for the purposes of monitoring conversations would require

prior court authorization in accordance with due process guarantees. 85 This case, it is

important to note, was interpreting the Fourth Amendment to the United States Constitution

which, while it protects privacy interests, has only been held to protect certain privacy

Katz, 389 U.S. at 350.
Id. at 348.
Id. at 352.
Id. at 353.
Id. at 352.
Id. at 358-9. (citing Beck v. Ohio, 379 U.S. 89, 96-97).
interests, not all privacy interests which could be protected. 86 However, it does demonstrate

two things: the first being that the right to privacy is an individual right which protects persons

not just places, and the second that not all privacy interests are surrendered when an individual

uses a third-party apparatus to engage in protected activities.

These two premises show that social networking sites merit the protection of the right

to privacy. The content that individuals communicate via social networking sites is the same

content designed to be protected by the right to privacy. Essentially what persons and papers

were to enlightenment era thinkers, and what phone booths were at the end of the 20th

Century, so facebook posts and tweets have become to modern patriots.

Social networking sites purport to grant users the ability to control what information is

shared with the world though privacy control features on the sites themselves. As more and

more users have added more and more content to the sites, users have demanded increased

control over the information that is shared via the sites.87 While it may be true that privacy

settings are not as extensive as all users would like them to be, this does not excuse users from

the responsibility of effectively using the tools they have to secure information. The user in

large part is the final gatekeeper of what information is disclosed to the public. When users

elect not to secure their information and it is made public, the user bears some responsibility

for that disclosure. Users in the digital world are best able to indicate that they have a

reasonable expectation of privacy for information and content by securing that information and

Id. at 350.
See Krikpatrick, supra note 4 at 208-9.
content: indeed there is little other way to communicate such an expectation prior to content

being disclosed and the damage being done.

If a user elects not secure information, they have given the government the same access

as any other individual on the site. With the government in the same position as everyone else,

it can hardly be argued that the government is infringing upon the right to privacy; it is

completely acceptable for the government to collect, maintain, and mine such data. Such a

program was recently undertaken by the Library of Congress when they began archiving all

tweets which were not set to private. 88 This program, which was greeted which much

enthusiasm by the academic community, in no way offends the right to privacy of individuals

whose minor reflections on the day will be memorialized for all time. Though the government

though the Library of Congress now has access to a great deal of personal and probably private

information, the users in electing not to securing the information when given the choice

abandoned any expectation of privacy they had.

There are those who argue that the right to privacy does not attach to information

which is voluntarily disclosed in a forum like the internet because in disclosing the information

the individual has abandoned all expectations of privacy. 89 Essentially these individuals claim

that privacy is automatically foreclosed when information is posted online, including on social

networking sites.

Cecilia Kang, Library of Congress plan for Twitter: a big, permanent retweet, The Wash. Post, April 16, 2010,
available at
Miller, supra note 10 at 551 (citing United States v. Gines-Perez, 214 F. Supp. 2d 205, 224-26 (D.P.R. 2002).
This argument misses the point on several fronts. First, as Katz demonstrates, not all

expectation of privacy is lost simply because an individual is using a public instrument of

communication. Second, in the social networking world in which advanced privacy protections

exist information does not become less private because it has been shared with another user;

content loaded to social networking sites is not disclosed in the same way as it would be were

two individual to talk face to face on a crowded street. As has been shown, many

communications made via social networking sites are intended to be private. To extrapolate

that all sites on the internet are third party public forums would be the same as saying that no

expectation of privacy can exist once an outgoing letter has been handed over to Fed-Ex. We

would balk at the idea that the government could open out Fed-Ex packages on demand and

read through our most personal correspondence; the only difference between the Fed-Ex

example and the social networking example is that we hand the Fed-Ex employee paper while

we transfer electric signals to facebook. Either way, the right to privacy should not be defeated

simply because a third party is involved.

Another counter argument made by those who seek disclosure of protected content on

social networking sites is that while the content may be protected, the relationship has changed

from user vis-à-vis site to site vis-à-vis government; if the sites elect to disclose information to

the government in the interests of national security, that is their choice to make. This

argument again misses an essential feature of the right to privacy which is that the right to

privacy is a personal right. If third party sites are allowed to disclose protected information,

then they have waived the right to privacy on behalf of their users without their users knowing-

this defeats the right to privacy in its entirety.

In the final analysis, though the government clearly has an interest in the information

content of social networking sites, the information is private in nature when the user has

elected to make it so, and as such the content is protected from government intrusion, either

by the government or through third parties acting as their agents, by the right to privacy.

Government access to the information must be conducted in conformity with the due process

guarantees inherent in the right to privacy. Arguments which assail this point elevate form over

function and create arbitrary categories of protected and unprotected information. The digital

desktop is no less private than a physical desktop, and a facebook photo album no less

meaningful than its counterpart on a coffee table. In a world in which our lives are migrating

from the physical world into the digital realm, despite the associated risks, the right to privacy

must follow.

Part V: Government Responses

I. Responses in the United States

Discussion and debate concerning social networking sites in the United States has

largely focused on information sharing between private vendors, that is between social

networking utilities and other private corporate entities. While discussions of privacy and the

right to privacy have been an important public discourse, the debate has tended to leave out

national security and government implications with respect to social networking sites. This

situation however has begun to change.

Recently the Cybersecurity Bill was introduced into the 111th Congress. 90 The bill has

moved quickly though the legislative process and is now awaiting a final vote in the full

Senate. 91 The bill in its findings recognizes the threats posed by cyber attacks against the

United States, and recognizes the threats posed by the compromising of private information

networks. 92 It gives the President of the United States authority to declare a “cyber

emergency” and shut down critical networks on the internet whether public or private.93 While

the bill is drafted to protect larger cyber national security issues, it implicates social networking

sites, because these sites could conceivable by included within those which the President has

the authority to shut down. By temporarily suspending service to websites including social

media networking, the government will be able to terminate or suspend communications made

through these sites, and protect national cyber infrastructure— both concerns which were

highlighted earlier in this paper with respect to national security threats posed by social

networking sites. Because the bill does not grant the government access to information on the

sites it shuts down, it respects the right to privacy of the individual users of the sites, even if it is

executed without judicial oversight or any other due process considerations.

90 th
S. 773, 111 Cong. (2010).
Algela Moscaritolo, Rockefeller-Snowe bill clears Senate Committee, SC Magazine (Mar. 25, 2010), available at
S. 773 at §2.
S. 773, at §201.
S. 773 also takes meaningful steps towards increasing overall cybersecurity which will

protect users of social networking sites. In addition to establishing a panel of experts to advise

the president on cybersecurity matters, 94 the bill would also create incentives for government

funded research into determining the origin of any message sent on the internet and methods

of authentication. 95 The bill is also important in that it repeatedly recognizes that

improvements to the national cybersecurity infrastructure must be compatible with, and not

made at the expense of, civil liberties and privacy. 96

While the proposed Cybersecurity Bill should be applauded as a step in the right

direction, it is not yet law, and also does not do enough to combat the unique threats to

national security posed by social networking sites.

II. Responses in the European Union

Similar to the situation in the United States, social networks have played an increasingly

important role in the lives of citizens of the European Union. As social networks have become

increasingly important, the governments of the European Union have begun to take an interest

in the privacy implications of cyber data, especially on social networking platforms. 97 The

debate in the European Union has been similar to that in the US in and of that EU legislators

have tended to focus on individual privacy concerns in conjunction with third parties more than

they have focused on privacy from government intrusion and national security concerns.

S. 773, at §401.
S. 773, at §302.
S. 773, at §210.
See ENISA Position Paper No. 1, Security Issues and Recommendations for Online Social Networks, Ed. Giles
Hogben (Oct. 2007) available at
However, there have been several developments in the EU which have taken a different path

than in the US.

First, the European Union has taken a much more proactive approach to ensuring the

privacy of data on social networking sites. In fact, the EU recently established that social

networking providers themselves are responsible for ensuring the privacy of the information of

their users.98 This places the burden for protecting information content on those who design

the user interfaces themselves. These providers are in the best position to ensure that private

data is not compromised even though they are not the final gatekeepers.

Additionally, the EU has taken the approach of engaging social networking sites on a

collaborative volunteer basis in a coordinated effort to tackle privacy concerns rather than

acting solely from a legislative perspective. 99 While this effort has again focused on protecting

the right to individual privacy from other users especially in the case of protecting minors, 100 it

is nonetheless important because it identifies a third way to engage social networking sites

beyond legislation and market principles.

Also, the European Union has established an independent agency to monitor and

coordinate internet security issues. This agency is the European Network and Information

Security Agency (ENISA). ENISA works to develop a culture of internet security which benefits

citizens, consumers, businesses, and public sector organizations in the European Union. 101

Article 29 Data Protection Working Party, supra note 21 at 3.
Safer Social Networking Principles for the EU, pg. 1 (Feb. 10, 2009) available at
About ENISA, (last visited Aug 6, 2010).
ENISA works with the European Commission, EU Member States, and the business community

to respond and especially prevent network and information security problems. 102 ENISA is a

“body of expertise” set up to carry out specific technical and scientific tasks within the field of

information security. 103 ENISA also assists the European Commission in technical and

preparatory work for updating and developing EU wide legislation in the field of network and

information security. 104 The European Network and Information Security Agency is an

important instrument in preserving both the privacy and national security interests of

stakeholders in social networking sites. By creating a dynamic institution which works with the

public and private sector and is simultaneously charged with defending both privacy concerns

and public sector security issues. The technical expertise of ENISA also works to the advantage

of the European Commission in developing legislation.

Another important component in the EU fight to protect and secure social networking

sites is that EU privacy directives have extraterritorial application.105 Even if a social networking

provider is headquartered outside of the European Economic Area, their sites must comply with

the privacy and security requirements of social networking EU directives. This is important

since data and information on social networking sites are routinely accessed and

communicated across national lines.

When taken together, EU engagement with social networking site providers, their

willingness to require privacy and user friendly default settings, their foresight in establishing

Article 29 Data Protection Working Party, supra note 21 at 5.
ENISA, and the extraterritoriality component of EU privacy directives work together to protect

user privacy and defend public sector security interests.

Part VI: Potential Improvements to Social Networking Sites

As has been demonstrated, there are serious national security threats posed by social

networking sites. However almost all new technologies can be co-opted to negative ends and

pose a threat to national security. That having been said, these technologies, including social

networking sites, can create increased efficiency in our daily lives and help us realize protected

rights. As such we must be mindful therefore when we are seeking solutions which will

improve national security that we protect our rights with respect to these new technologies.

There will be times when a decrease in our rights, such as the right to privacy, will lead to an

increase in our national security. However, that is not always the case, and even when it is

there may be times when the protected rights are more important than the incremental

increase in national security. The best solution whenever possible will be to seek those

adjustments to technologies, including social networking sites, which will best protect our

national interest without sacrificing our protected rights, including the most cherished right to


I. User Authentication

One way to decrease the threat posed by social networking sites is to remove their

anonymity. This can be achieved in any number of ways.

A common method of verification employs a nominal financial fee to authenticate

identity. This is the method employed by the United States Postal Service to authenticate

online orders for mail forwarding. 106 In this method the financial data collected though the

processing of the nominal fee is cross-referenced with the forwarding information to validate

the identity of the individual ordering the service. The same type of fee verification system

could be used by social networking sites to ensure the identity of their profile holders.

Another method of user authentication could be achieved through the use of some

sensitive identification information which could be paired to user profiles. An example would

be use of a social security number, driver’s license number, or some other equivalent. Pairing

profiles with this sensitive information would allow providers of social networking sites to

authenticate their user profiles.

None of these authentication measures are fool proof; both of them are capable of

failure as a result of identity theft which occurs frequently online.107 Additionally, the social

networking site service providers themselves may be hostile to the concept of user

authentication; the sites derive their value from the number of users, and any additional

hurdles to creation or maintenance of user profiles will decrease their attractiveness thereby

hindering the value of the service they provide. 108 There is also the concern that user

See Official Change of Address Form—US Postal Service (USPS),
5CC828FFFE19_k96CC9254-B53D-70C9-89DC-5EC7F9833541, (stating “A valid credit card and a valid email address
are required to complete the Online Change of Address process. For your security, the credit card billing address
MUST match the address you are moving from or the address you are moving to (for business moves it must
match the address you are moving from).”(emphasis added)).
See Hogben, supra note 97 at 12-4.
Acquisti, supra note 3 at 2.
authentication could be abused by governments hostile to dissent in order to identify and

suppress opposition- indeed the anonymity with which these sites operate is one of the key

reasons they are employed by opposition members in such states.

That having been said, all of the authentication measures would allow governments

increased ability to track and identify threats to national security without infringing upon the

users right to privacy for information and content contained on social networking sites.

Governments following traditional due process requirements would now be able to effectively

serve warrants for information to social network providers when they have met the

requirements for such warrants. In this way national security is increased without any

corresponding decrease in the privacy interests of users. Especially in developed western

democracies, this form of protection should be adopted.

II. Default Privacy Settings

One way to protect the right to privacy of users of social networking sites without

threatening national security would be to require social network providers to set the default

settings on their sites to not share data, that is require the default setting to be private. This is

what some governments have done or advocated for, especially where at risk populations such

as children are concerned. 109 Users frequently leave intact whatever default settings are

Safer Social Networking Principles for the EU, supra note 99 at 7.
suggested by the provider. 110 Requiring default settings to be set to private will protect

privileged information and create incentives for users to learn privacy settings.

One study of facebook users showed that almost 77% of users did not read the sites

privacy disclosures and reading the disclosures did not make users more knowledgeable about

the sites activities. 111 With this information in mind it becomes easy to understand why default

settings which protect privacy should be preferred.

There have been those who have argued that the massive adoption social networking

sites indicates that privacy is dead.112 However social networking site users themselves have

vehemently refuted this claim. Facebook recently dabbled with user privacy in early 2010 they

made the choice to alter privacy settings to share information with third parties. The idea was

to use facebook information on third party sites to allow for instant “personalization” of the

third party site. 113 As a part of the changes, information which previously could have been kept

private by the user was made public. 114 This decision was met with outrage by many, including

four United States Senators who wrote a letter to Facebook CEO Mark Zuckerberg asking him to

reverse the policy. Instead of unrestricted sharing “[t]he default policy should be one of

privacy, and users should have to choose to share their information, not the other way

Acquisti, supra note 3 at 77.
Id. at 18.
See Helen A.S. Popkin, Privacy is Dead on Facebook. Get Over It., (Jan. 13, 2010) (discussing Mark
Zuckerburg’s statements about the social norm of privacy evolving over time),
Letter from Charles Schumer, Unites States Senator, to Mark Zuckerburg, CEO of Facebook (April 27, 2010)
(available at
around.” 115 The Senators observed that “[t]he current policy puts at risk users who are not

technically proficient enough to change the settings, or are not aware of the changed privacy

policy.” 116 In addition to submitting the letter to Mr. Zuckerburg, Senator Charles Schumer

asked the Federal Trade Commission to examine the privacy disclosures of social networking

sites and provide guidelines for the use of private information and prohibit access without user

permission. 117 This event is important in no small part because it demonstrates that key

members of the government recognize the privacy interests of individual in the content on their

social networking sites and the importance of default settings.

Default privacy settings are also important to national security concerns because they

would deprive hostile groups access to much information that is currently broadcast for the

world to see. As has already been demonstrated, users tend not to adjust default privacy

settings, and users tend to post much information private in nature. While we can not

speculate whether or not situations like that of Sir John Sawyer would continue even with more

secure default settings, it would make it more difficult for these types of incidents to take place.

Adjusting the default privacy setting on social networking sites to private protects the

privacy interests that the constitution and the International Covenant on Civil and Political

Rights were designed to protect and helps restrict information access to organizations which

pose a threat to national security. As such it should be adopted.

III. Traditional Actors Should Employ Social Networking Sites

Part of the threat social networking sites pose to national security rests in the ability of

terrorist organizations and other groups which pose a threat to national security to use social

media sites as recruitment tools and media outlets. One way to combat this threat if for

traditional actors to get in the social networking game.

The government national security apparatus and national news media can use social

networking sites to their advantage. Instead of misinformation being distributed, the media

can use the speed of twitter or facebook to connect to millions of users instantly with verifiable

information consumers can rely on. The United States Military can beat the terrorists at their

own game and use social networking sites to identify and recruit individuals who are at risk of

being enlisted by radical organizations. All the opportunities which social networking sites

present to terrorists and others who would threaten the security of the nation are also present

for those who would defend it.

There is some evidence that this reality is beginning to be understood by the United

States national security apparatus and traditional media players. Facebook and Twitter profiles

are now common for many news outlets such as CNN and NPR. Additionally, the US State

Department recently began a Twitter feed in an effort to promote accessibility and increased

communication about the activities of the State Department throughout the world.118 These

pioneers of engaging social networking sites should be applauded, and others should follow in

their path.

StateDep (StateDep) on Twitter, (last visited Aug. 6, 2010).
Entering the new social networking environment may be difficult for some traditional

actors, and especially where the government is concerned we must ensure that human rights

and civil liberties are respected. However given the massive popularity that these sites possess,

not engaging them ignores a potentially vital national security asset.

IV. Uses of Facial Recognition Software

According to one recent assessment users post over 3 billion photos per month— or

almost 1,000 pictures a second— on one social networking site: facebook. 119 With an

astonishing number like that, it is difficult to see what one could do which would improve

privacy and national security. The answer to both employs facial recognition software.

Facial recognition software is a computer program which uses set search parameters

extrapolated from a sample image to identify the same facial parameters in other images.120

The idea is to allow computer programs to scan pictures and identify who is in them.

As it currently stands, users of facebook and other social networking sites do not have

control over pictures of themselves on the sites. In fact many users may not know that others

have uploaded their picture to the site. While facebook does require users to assert that they

have the right to use the picture, this does not extend to requiring consent from the subject of

the picture. As a result, many individuals may unwittingly have photos of themselves in

compromising circumstances posted online for all to see. 121 Facebook does notify users that

Global data storage to reach one zettabyte, BBC World Service, (first broadcast July 26, 2010),
Miller, supra note 10 at 560-1.
Id. at 561.
they have been “tagged” in a photo, but there is no requirement that those uploading the

photos actually tag individuals present. One could also go though each picture on facebook and

make sure they are not a subject. However, with over 1,000 photos a second being uploaded it

would be a tremendous understatement to say that a few are bound to slip through the cracks.

There is however a solution to this affront to privacy—facial recognition software.

Governments could require that social networking site providers who allow users to

upload photos also employ facial recognition software to identify the individual subjects of each

photo. Governments could further require that when a user has been identified as a subject

that the site notify the user and give the user the ability to either tag the photo or request its

removal. Users who did not wish to allow social networking sites to create a facial recognition

profile could be given an opt-out ability to ensure the anonymity of their facial parameters. If

facial recognition software is employed in this way it can empower users of social networking

sites and give them the tools necessary to manage online privacy at 1,000 photos per second.

There is an added national security benefit to instituting an embedded facial recognition

program in social networking sites. That benefit derives from the fact that law enforcement

agencies and national security officers could, with proper authorization which respects human

rights and civil liberties, issue a warrant for pictures on social networking sites of persons of

interest. With the vast amount of photos uploaded each and every day it is quite possible that

suspects will be identified in some pictures even if they do not have profile pictures themselves.

The specter of such an Orwellian conglomeration of raw information and ease of identification

ability makes hesitancy to embrace such a program, or outright rejection of such an idea, more

than understandable. However the reality remains that facial recognition software properly

incorporated into social networking sites has the potential to simultaneously be a tremendous

asset to national security and an important tool to maintaining individual privacy.

Part VII: Conclusion

Social networking sites such as facebook and twitter have become too important in

modern society to allow unrestricted access by the government. Individual users employ these

sites for many functions including written intrapersonal communication, visual content sharing,

and planning personal and family life. As such, the content on social networking sites must be

protected by the Right to Privacy as it has been expressed in the International Covenant on Civil

and Political Rights and the 4th Amendment to the United States Constitution. However, the

information content and structure of social networking sites pose a very real threat to national

security. As such the information cannot be entirely above government access.

A balance must be struck between the right to privacy and national security interests.

That balance rests where it has always rested; in due process by governments seeking to obtain

information. However there are several steps which could and should be taken to amend the

operation of social networking sites to protect both the right to privacy and national security.

First, social networking sites should require authentication of user profiles. There are

several ways to do this each with their own strengths and weaknesses. However such

authentication would help governments identify threats to national security and engage in the

appropriate processes to abate the threat. Second, social networking sites should take

responsibility for the privacy interests of their users and set the default setting to private; doing

so helps protect users who might otherwise not understand that they are waiving their right to

privacy and denies organizations hostile to national security access to such information. Third,

traditional media players and members of the national security apparatus should embrace

social networking sites as a key recruitment and communications tool. Not doing so allows

others who may be hostile to our national interests an advantage. Fourth, social networking

sites should be required to adopt facial recognition software which can be used by national

security officials to identify the location of known suspects and by users to ensure the integrity

of their privacy online.

Social networking sites have revolutionized the way we communicate with one another

and have become an integral part of our social identities. Unrestricted government access to

social networking sites would be a serious affront to the right to privacy. Nonetheless social

networking sites in their current form pose a serious and largely unrealized threat to national

security. Governments can and should regulate these sites in such a way as to maximize the

right to privacy and minimize the threat to national security. What government cannot do is to

continue to virtually ignore the problem.