The Nexus of the Right to Privacy and National Security on Social Networking Sites
David Grimes Summer 2010
Prepared for Human Rights and National Security Class at Florida State University College of Law. Not submitted to meet Upper Level Writing Requirement.
Part I: Introduction Social networking sites have revolutionized the way in which we stay in contact. These sites allow us to communicate by sharing audio and visual content, joining common interest groups, sending messages, and disseminating written communications to large audiences. With few exceptions, social networking sites know no national boundaries in any traditional sense. These sites allow us to instantly communicate with individuals half the world away. The utility of the sites has continued to increase as they have migrated off our computer screens and into our pockets by way of smart phones and other connective devices. In many ways, these sites put our entire social world literally at our fingertips. As social networking sites have become more and more integrated into our daily lives, it has become important to question what role the government should have in being able to access the information contained on these sites. As individuals have increasingly relied on these sites to express their opinions, associate with other, and coordinate their lives, it becomes more and more imperative to ask what the government should and more importantly should not be able to do with the content individuals entrust the social networking sites. What was once considered a laughable or irrelevant inquiry can now be made very seriously: to what extent does the right to privacy attach to the use of web based social networking sites? As we examine the question of what rights should attach to social networking sites, we must also be attentive to the very real risks to national security posed by the sites. The vast majority of social networking sites are anonymous. While most users divulge their true identities, there is little to require that they do so. Social networking sites can be used for
recruitment of operatives and intelligence gathering. These sites allow those who pose a threat to national security a platform though which they can connect and disseminate information quickly and anonymously across national borders. This set of circumstances leads us to our second inquiry- to what extent can we protect interactions on social networking sites without posing a serious threat to national security? This paper will address those two inquiries. It will be shown that social networking sites have become too integrated and fundamental in modern society to be considered unprotected by the right to privacy. Rather government access of the sites must be tempered by the traditional notions of privacy as they are embodied in the International Covenant on Civil and Political Rights and the Fourth Amendment to the United States Constitution. However, the paper will also highlight threats to national security posed by these sites, identify the appropriate balance between the individual’s right to privacy and the state’s interest in national security, and identify ways in which governments can achieve that balance. Throughout this paper references will be made to the social networking giants “Facebook” 1 and “Twitter”. 2 When functionality or phenomenon associated with one site is identified it should unless otherwise noted be understood as not exclusive to the site itself, but rather as an example of a more widespread aspect of social networking sites generally. Part II: Social Networking Sites and Their Expanded Role in Modern Society
Facebook, http://www.facebook.com Twitter, http://www.twitter.com
Social networking sites comprise a wide variety of internet websites which are utilized by individuals in many different ways. A survey of all the sites which exist would be a work unto itself, and at any rate is not necessary to the discussion. What is necessary however is a broad definition of social networking site which will demarcate the types of sites at issue. For the purposes of our paper a social networking site will be defined as any web-based internet utility which is peer-driven and capable of disseminating content between users. 3 What is meant by web-based internet utility is that the site must be hosted and accessed primarily though the world-wide-web; this differentiates social networking sites from other similar utilities which require specific stand-alone applications to be installed on a device in order to employ the utility. A peer-driven site is one in which content and connections are generated or identified primarily by the users rather than those administering the site. A site capable of disseminating information between users is one in which users can “share” content directly with other users; this can be done passively though controlling static content to be accessed or viewed by other users , or can be done actively by allowing message clients and chat clients to instantly send specific information to specific users, or any combination thereof. The earliest social networking sites to be popularized were “Geocities” and “Theglobe.com” which both launched in 1994.
Though we would not consider them in the
same vein as more popular modern sites, they did in fact match the definition of social
See Alessandro Acquisti & Ralph Gross, Imagined communities: Awareness, information sharing, and privacy on th the Facebook. In P. Golle & G. Danezis (Eds.), Proceedings of 6 Workshop on Privacy Enhancing Technologies, at 2. Cambridge, UK: Robinson College (2006). See Also Opinion of the Article 29 Data Protection Working Party on ‘Online Social Networking’ (May 2009), available at http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp163_en.pdf (last visited Aug. 4, 2010). 4 David Krikpatrick, The Facebook Effect 67 (Simon & Schuster 2010).
networking sites and allowed individuals to communicate with each other sharing content between users. These sites however lacked what would later become a distinguishing feature of the modern social networking site- the user profile.5 User profiles based upon the real identities of individuals. When it is paired with an email address this can allow users to connect with other users though to create an online community that in many ways reflects the realities of relationships in a physical community. 6 The first of the modern social networking site based almost completely off the user profile model was “SixDegrees” which while wildly successful at one point was a victim of the dot-com but and is now extinct.7 Facebook began as a social networking site operating off the user profile model but with an important variant; Facebook was a closed social network. Users profiles could only be generated based upon access to an authorized official email account at specific institutions of higher education. 8 This feature defined Facebook in its early years, and allowed users a great deal of privacy control for the content they generated. This resulted because user profiles could not be accessed outside of the educational network in which the user was enrolled. 9 Content could only be accessed by individuals outside of the users social network if the user approved a “friend request” from a specific user outside the network. 10 This model did not continue indefinitely however. In 2006 Facebook opened its user profile access so that any
Id. at 67-8. Id. at 67-8. 7 Id. at 67-9. 8 Acquisti, supra note 3 at 2. 9 Id. at 2. 10 Samantha L. Miller, Note, The Facebook Frontier: Responding to the Changing Face of Privacy on the Internet, 97 Ky. L.J. 541, 544 (2008-2009).
individual with an email account could create a profile, even outside of educational environments. 11 This caused a fundamental shift in use for facebook. In July 2006, the social networking site “Twitter” was launched. 12 Twitter is a micro-blog social networking service; users create a unique profile and can post “tweets” which are small blocks of written text no longer than 140 characters. 13 Users “follow” other users which allows them to view the tweets of individuals they are interested in.14 As social networking sites such as Facebook and Twitter have grown and expanded, so too has the role they have played in culture and society. Notably, social networking sites have allowed individuals to express opinions, associate, and assemble in a virtual manner to demonstrate political power. In some respects, these campaigns have been less than serious. Take for example the successful campaign launched on Facebook to have Betty White host “Saturday Night Live”. 15 However, as will be discussed later, in other ways social networking sites have altered the trajectory of entire nations. Social networking sites have not been exclusively used by individuals in order to wield political power. Individuals also use social networking sites to organize their personal and private lives.
Id. Steven Levy, Mob Rule! How Users Took Over Twitter, Wired, Nov. 2009, 148, 151. 13 Id. at 148. 14 Id. 15 Lisa de Moraes, Facebook campaign for Betty White pays off” ‘SNL’ posts election season numbers, Wash. Post, May 11, 2010 available at http://www.washingtonpost.com/wpdyn/content/article/2010/05/10/AR2010051004399.html.
According to one recent survey, thirty percent of web users employ online dating services. 16 Individuals have their choice of over 1,000 sites such as Match.com, or Chemistry.com in order to meet other individuals with similar interests to engage in romantic or other relationships.17 Additionally, a solicitor’s office in the United Kingdom demonstrated the extent to which social networks have been integrated with life outside computers when they found that twenty percent of all divorce petitions mentioned Facebook. 18 The extent to which individuals organize their private lives using social networking sites is not limited to the creation or dissolution of romantic relationships. Individuals often use social networking sites such as Flicker.com or facebook to disseminate personal photos to other important people in their lives. 19 Additionally many events from birthday parties to weddings are coordinated on social networking sites. 20 Beyond this type of sharing and coordination, many family members use the messaging components of social networking sites to discuss important personal issues with other members of their families.21 It is important to note that it is not simply private individuals who have begun integrating social networking sites into their daily lives. There are in fact numerous examples of
Rosemary Black, Online dating grows in popularity, attracting 30 percent of Web users: poll, N.Y. Daily News, Feb. 16, 2010, available at http://www.nydailynews.com/lifestyle/2010/02/16/2010-0216_online_dating_grows_in_popularity_attracting_30_percent_of_web_users_poll.html. 17 Shaheen Pasha, Online dating feeling less attractive, CNN/Money, Aug. 18, 2005 available at http://money.cnn.com/2005/08/18/technology/online_dating/index.htm. 18 Wang Fangging, UK law furm says Facebook involved in 20% of divorce cases, Digital Journal, Dec. 23, 2009, available at http://www.digitaljournal.com/article/284401 19 See Krikpatrick, supra note 4 at 153-9. 20 See Josh Catone, HOW TO: Plan a DIY Wedding Using Social Media, Mashable, Sept. 23, 2009, http://mashable.com/2009/09/23/diy-wedding/. 21 Opinion of the Article 29 Data Protection Working Party on ‘Online Social Networking’ (May 2009), available at http://ec.europa.eu/justice_home/fsj/privacy/docs/wpdocs/2009/wp163_en.pdf (last visited Aug. 4, 2010) at 3.
governments around the world using social networking sites to carry out their duties. A few examples may be useful. In 2008 the U.S. State Department was able to secure the release of a US citizen in Egypt who tweeted his arrest.22 Recently the Supreme Court of the State of Florida began using Twitter to inform the public of its proceedings. 23 It is not just the United States that has adapted to this new technology. President Hugo Chavez of Venezuela has been known to use his Twitter account to make public statements on behalf of the state; it was in fact this venue which he chose to use to announce the sinking of a state owned natural gas rig in 2010. 24 Interestingly, President Chavez has also actively encouraged individuals to use Twitter as a way to report illegal activities of their fellow citizens.25 Beyond the use of his personal Twitter account which generated 674,000 followers in its first three months of existence, 26 President Chavez has encouraged his comrades to infiltrate all the social networking platforms available to them, especially to identify and report students who agitate against the government.27 Of great interest to lawyers and law students throughout the world in Australia and New Zealand social networking sites have become enmeshed in the process of the judiciary itself. In
Levy, supra note 12 at 151. Florida Supreme Court begins using Twitter, The Fla. Bar News, May 1, 2010 (revised Aug. 5, 2010) available at http://www.floridabar.org/DIVCOM/JN/JNNews01.nsf/Articles/24230DBBEB1E49798525770D004F703A. 24 Venezuelan natural gas rig sinks, BBC News, May 13, 2010, available at http://news.bbc.co.uk/go/pr/fr//2/hi/americas/867991.stm. 25 Arthur Brice, Chavez says he’s gotten nearly 288,000 help requests though Twitter, CNN, July 20, 2010, available at http://www.cnn.com/2010/WORLD/americas/07/20/venezuela.chavez.twitter/index.html. 26 Rory Carroll, Hugo Chavez embraces Twitter to fight online ‘conspiracy’, Guardian, April 28, 2010, available at http://www.guardian.co.uk/world/2010/apr/28/hugo-chavez-twitter-venezuela. 27 Id.
2008 the Supreme Court of the Australian Capital Territory ruled that service of process via facebook was permissible if no other approach was successful.28 New Zealand was not far behind; there service of process was authorized via facebook in 2009.29 It is clear considering the expanded role and scope of social networking sites in modern society that we must now take seriously the impact these sites have on national security and the expectation of privacy of their users. Part III: Social Networking Sites and Threats to National Security Social networking sites pose a unique threat to national security. These threats are as multifaceted as the social networking sites themselves. The size of social networking sites and diversity of content makes individual users virtually immune from scrutiny. The instantaneous nature of information sharing can thwart efforts by national governments to control situations and reduce panic giving organizations which threaten national security an advantage. The anonymous nature of most user interfaces allows social networking sites to be easily employed by terrorist organizations. Social networking sites provide terrorist organizations with an important base to recruit and equip new members. Social networking sites can also be used to gather importance intelligence information which can threaten national security. Additionally, social networking sites have become so incorporated into daily communication that when they are attacked, our limited communications infrastructure can be overwhelmed causing unrelated sites which exercise important functions to go offline. While this list is in no way
Ronald J. Hedges, Kenneth N. Rashbaum, & Adam C. Losey, Electronic Service of Process at Home and Abroad, 4 The Fed. Courts L.Rev. 55, 68 (2009). 29 Id.
exhaustive, it does provide sufficient information to highlight the need to reexamine our attitudes towards privacy and national security on social networking sites. Many of these features which have been highlighted are in fact the reasons that individuals use social networking sites in the first place. The vast majority of users will not employ the sites in a way in which these features become a national liability rather than an asset. However, as with most tools, the fact remains that in the wrong hands these features of social networking sites pose a very serious risk to national security. The sheer size of many of the population of the users itself is daunting when considering policing. As of June 2008 Twitter has 190 million monthly users, 30 only slightly shy of the population of the fifth most populous country in the world, Brazil.31 Facebook alone has over 500 million users32 exceeding the population of the twenty-seven nation European Union. 33 As Tom Osborne, the chief of the Counterterrorism Internet Targeting Unit at the FBI said, the overwhelming number of users on social networking sites causes “a certain level of detection avoidance.” 34 When you consider that hundreds of social networking sites exist, 35 and consider that many of the sites are connected with each other through access sharing authorized by
Erick Schonfeld, Costolo: Twitter Now Has 190 Million Users Tweeting 65 Million Times A Day, TechCrunch, June 8, 2010 (Quoting figures announced by Twitter Chief Opperations Officer Dick Costolo tweeted at the Conversational Media Summit in New York June 2010), available at http://techcrunch.com/2010/06/08/twitter190-million-users/. 31 CIA World Fact Book Entry—Brazil—People, https://www.cia.gov/library/publications/the-worldfactbook/geos/br.html. 32 Krikpatrick, supra note 4 at 9. 33 CIA World Fact Book Entry—European Union—People, https://www.cia.gov/library/publications/the-worldfactbook/geos/ee.html. 34 Hoda Osman, Alleged Terrorists Used Social Network Sites, CBS News Investigates, May 19, 2010 available at http://www.cbsnews.com/8301-31727_162-20005405-10391695.html. 35 Acquisti, supra note 3 at 1.
users, 36 one begins to understand just how difficult it would be to effectively monitor social networking sites. This is compounded by the fact that each user may post multiple times in a day. Twitter for example is limited to 140 characters per post, however as of February 2010 in a single day 35 million tweets are sent- that is an average of 600 tweets per second.37 At that rate one could expect over one billion tweets per month. This demonstrates not only that keeping track of individual users poses a challenge, but also that keeping track of their activity is an obstacle. The diversity of content uploaded to the sites also makes them difficult to police. On many sites a variety of media can be loaded including pictures which can signal hidden codes, 38 videos which can covey hidden meanings or be used for propaganda purposes, 39 third party applications which can be programmed for a host of different uses, 40 and written messages capable of conveying instructions or being used for propaganda and misinformation purposes. 41 The complexity and sophistication of content uploaded and shared though the sites makes identifying threats to national security much more difficult.
See Amanda Hardin & Haiwang Yuan, Twitter & Facebook: How to Sync Twitter with Facebook, DLPS Faculty Publications, May 2009. Available at http://works.bepress.com/haiwangyuan/31. See also Nick O’Neill, Facebook Now Promoting Twitter Export Feature To Page Admins. Are The Two Companies Moving Toward An Open Relationship?, All Facebook, Aug. 27, 2009, available at http://www.allfacebook.com/facebook-promoting-twitter2009-08. 37 Measuring Tweets, Twitter Blog, posted by @kevinwell, February 22, 2010. http://blog.twitter.com/2010/02/measuring-tweets.html 38 Timothy L. Thomas, Al Qaeda and the Internet: The Danger of “Cyberplanning”¸ 33 Parameters 112, 119 (2003). 39 Lt. Col. Gerald R. Gendron, Jr., Maj. Herminio Blas-Irizarry, Jesse W. Boggs, Next-Generation Strategic Communication: Building Influence Through Online Social Networking, at 7, June 1, 2009 available at http://jsoupublic.socom.mil/publications/jsou/JSOU09-6NextGenStratCom_Other.pdf. 40 See Al-Qaeda ‘plans to wage a holy war on Facebook’, Telegraph, Dec. 21, 2008, available at http://www.telegraph.co.uk/news/worldnews/3885367/Al-Qaeda-plans-to-wage-holy-war-on-Facebook.html. 41 See Thomas, supra note 38 at 116.
The threats to national security posed by social networking sites are further exacerbated when one considers the instantaneous nature of communications made though the sites. Facebook status updates or Twitter tweets are updated immediately and available for widespread consumption. It has been observed that news often arrives via tweet before the story has broke in major media outlets.42 Communications on social networking sites can be made instantly from any number of devices and accessed instantly by just as many devices. 43 Without delay individuals can send a message from a computer at an unsecured cyber-café in Paris and it can be accessed almost instantly by someone with an iPhone in Seattle or someone with a satellite laptop in Jerusalem. The instantaneous nature of communications made on social networking sites, and the mobility and accessibility these sites offer in terms of communication consumption poses a two-pronged threat: First, individuals and organizations who pose a threat to national security can communicate propaganda and misinformation to a vast audience before traditional authorities can mount any response, let alone an effective one. Second, individuals can use the accessibility and instantaneous nature of the sites as a command and control structure for their operatives in the field. A further threat to national security posed by social networking sites rests in the fact that most sites operate off an anonymous user system. 44 While some sites require users to register personal information which authenticates their identity, the vast majority, especially
U.S. Army Says Blogging Site ‘Twitter’ Could Become Terrorist Tool, FOX News, Oct. 27, 2008, available at http://www.foxnews.com/story/0,2933,444089,00.html. 43 See Juwel Rana, Johan Kristiansson, Josef Hallberg, and Kåre Synnes, Challenges for Mobile Social Networking Applications in Communications Infrastructure. Systems and Applications in Europe, Vol. 16, 275-276 (Springer Berlin Heidelberg 2009). 44 See Thomas, supra note 38 at 115.
the most populous sites do not. These sites pair a user profile to an email. 45 Sometimes this allows for authentication of the users identity, but that is not necessarily the case. Many email accounts can be created on services such as “yahoo”, “hotmail”, and “gmail” without registering any information such as a credit card which would allow for authentication of identity. This anonymity of identity can be abused by enemies of the state in order to mask their true identities and filter communications though a non-suspect internet site. Essentially, social networking sites allow individuals and organizations who pose a threat to national security an additional way to play a “shell game” with their identities by allowing them to quickly form new identities and continue communications with their peers. 46 Another threat to national security is created by social networking sites because they allow terrorist organizations and other groups who pose a risk to national security a fertile ground in which to recruit and retain new operatives. 47 Individuals post a vast amount of personal data on social networking sites and this data is more often than not accurate when present. 48 Much of this data concerns the religious, political, and philosophical opinions of the users which allow these groups easy contact points to identify individuals and approach them as members of a common interest community. 49 The availability of social networking sites as a recruitment tool has not escaped the attention of terrorist organizations. In 2008 Al-Qaeda members leaked information onto a
See generally Miller, supra note 10 at 554. See Thomas, supra note 38 at 115. 47 See Id. at 117-118. 48 Acquisti, supra note 3 at 13. 49 See Thomas, supra note 38 at 118.
message board which was subsequently identified and translated indicating their intent to use the social networking giant Facebook for recruitment purposes.50 One post on the message board expressly stated “Facebook is perfect for reaching young people and fight the media.” 51 In another disturbing post it was stated “If American politicians like Barack Obama can use it to win an election we can use it to take over the world.” 52 While we do not know what part facebook now plays in the “radicalization and recruitment of terrorists”, both Faisal Shahzad the Times Square Bomber and Umar Farouq Abdulmutallab the Christmas Bomber had active facebook accounts. 53 The potential for groups which would threaten national security to use social networking sites as a recruitment tool is in no way unique to Facebook. In 2008 when the site was significantly smaller than it is now, the U.S. Army reported that Twitter had the potential to be co-opted as a tool for terrorists.54 An additional threat to national security posed by social networking sites rests in the ability of organizations which would threaten national security to use the sites as intelligence gathering mechanisms.55 Many users disclose intimate and personal details on sites such as facebook and twitter, and when this information is not secured intentionally or unintentionally it can become way for hostile groups to learn facts which can compromise national security. One very public example of such an opportunity occurred in the United Kingdom in 2009. Almost immediately after it was disclosed that Sir John Sawyers was to become chief of the
Telegraph, supra note Id. 52 Id. 53 Osman, supra note 34. 54 FOX News, supra note 42. 55 See generally Thomas, supra note 38 at 114.
Secret Intelligence Service, what we used to know as MI6, the Daily Mail discovered large numbers of unsecured publically accessible pictures posted by Sir Sawyer’s wife which could identify where the family traveled, who their friends were, and where they lived.56 These kind of details in the hands of an organization hostile to national security interests could prove disastrous. Sir Sawyer’s experience highlights yet another way in which social networking sites can threaten national security. Finally, the nature of these sites could lead to widespread system failures due to limited infrastructure. On August 6, 2009 a cyber attack was launched against the site Twitter. 57 Shortly thereafter Twitter went offline for several hours. 58 Almost immediately the social networking site Facebook began to experience serious problems. 59 The glitches with facebook may have been a result of linked content between twitter and facebook which was exacerbated when users tried to access the sites.60 Right after Facebook and Twitter were attacked users began to report problems with some services offered by Google which operates a popular search engine and email service among other products.61 While this might seem only a minor inconvenience, such a perspective ignores the fact that expanding segments of state and local governments as well as the federal government are contracting with Google to provide important services such as education services and data storage for coordinated emergency
Krikpatrick, supra note 4 at 300. John D. Sutter, Twitter hit by denial-of-service attack, CNN, August 6, 2010 available at http://edition.cnn.com/2009/TECH/08/06/twitter.attack/index.html. 58 Id. 59 Id. 60 Id. 61 Id.
responses. 62 One remarkable aspect of this widespread attack which affected two of the largest social networking sites on the planet is that it was perpetrated by a single man in an effort to silence a political opponent for one day. 63 This attack demonstrated the vulnerabilities of communications reliant on social networking infrastructure, and showed how cyber attacks against social networking sites can spiral out of control implicating the continuity of important services which are significantly more imperative to our lives than keeping track of friends. It is important to remember that social networking sites themselves are not inherently bad; they can be used to promote democracy, the rule of law, and human rights. Twitter was used by pro-democracy demonstrators to protest the 2009 elections in Iran. 64 What began in 2009 as one man’s Facebook group against the Columbian rebel group F.A.R.C. became a twelve-million person worldwide march which resulted in the freeing of four hostages and emboldened Columbian citizens to actively oppose F.A.R.C. 65 Young Egyptians organized on Facebook to protest rising food prices and were able to “…challenge the perception that there is no prospect for independent, secular opposition in the country.” 66 However, the celebrated successes of social networking sites in facilitating positive change are no reason to neglect the very real threats these sites pose to national security. In their current form social networking
Kevin McLaughlin, Google Targets Federal, State Government With New Apps Offering, CRN, July 26, 2010. Accessible at http://www.crn.com/software/226200290;jsessionid=MPKOOO2DNW3PFQE1GHPSKH4ATMY32JVN; See Also Matthew Shaer, Google Apps to be a part of every classroom in Oregon, Christian Science Monitor, April 28, 2010. Accessible at http://www.csmonitor.com/Innovation/Horizons/2010/0428/Google-Apps-to-be-a-partof-every-classroom-in-Oregon. 63 Bobbie Johnson, Internet attacks ‘targeted Georgian blogger’, Guardian, Friday August 7, 2009 available at http://www.guardian.co.uk/technology/2009/aug/07/internet-attacks-georgia-cyxymu. 64 Lev Grossman, Iran Protests: Twitter, the Medium of the Movement, Time, June 17, 2009 available at http://www.time.com/time/wotld/article/0,8599,1905125,00.html. 65 See Krikpatrick, supra note 4 at 1-6. 66 Sherif Mansour, Op-Ed, Egypt’s Facebook Showdown, The Los Angeles Times, June 2, 2008 accessible at http://articles.latimes.com/2008/jun/02/opinion/oe-mansour2.
sites are large communities, capable of instantaneous transmission of largely unfiltered and unverified information, capable of cooptation for propaganda and misinformation purposes, serve as important recruiting tools for those who threaten national security, can serve as an intelligence gathering mechanism, and are capable of disrupting national communication and possibly government services, all realities which are compounded by the fact that users can elect to remain anonymous. It is obvious that governments around the world must adapt current social networking sites so that these risks can be eliminated or minimized. However in the search for answers we must also remember that the individual users of these sites possess an inherent and fundamental right to privacy. Part IV: The Right to Privacy The use of social networking sites raises a number of concerns about human and civil rights. For instance in the European Union and in states governed by the European Convention on Human Rights there is an ongoing debate regarding to what extent the use of social networking sites to broadcast opinions implicates the right to expression of opinions and freedom of speech and thus requires protection. 67 In the United States there is a debate as to the extent of protection which the First Amendment offers to activities on social networking
See Douwe Korff, Social Networking Sites and Freedom of Expression, 10 EU Data Protection Review (October 2009) available at http://www.madrid.org/cs/Satellite?c=CM_Revista_FP&cid=1142570421730&esArticulo=true&idRevistaElegida=1 142560167740&language=en&pag=1&pagename=RevistaDatosPersonalesIngles%2FPage%2FRDPI_home_RDP&sit eName=RevistaDatosPersonalesIngles.
sites. 68 While these are pressing and fundamental questions, for the purposes of this paper the examination of the human rights aspects of social networking sites will be limited to an examination of the right to privacy of the individual against intrusion by the state. At its core, the right to privacy is the right to be let alone by other people. 69 The right to Privacy has been understood to include many components. In the United States the right to privacy has been understood to protect dwellings and other private places, 70 the reproductive choices of marital couples and individuals, 71 personal relationships including those of homosexuals, 72 and the right to the confidentiality of conversations where a reasonable expectation of privacy exists. 73 The European Court of Human Rights (ECHR) has concluded that the right to a private life recognized in Article 8 of the European Convention on Human Rights and Fundamental Freedoms is “a broad term not susceptible to exhaustive definition.” 74 However, the ECHR has determined that the right to a private life includes the physical and psychological integrity of the person; multiple aspects of the person’s physical and social identity including elements such as gender identification, name, sexual orientation, and sexual life; means of personal identification and of linking to a family; information about a person’s health; an individual’s ethnic identity; the right to personal development including the right to
See Brandon James Hoover, The First Amendment Implications of Facebook, Myspace, and other Online Activity of Students in Public High Schools, 18 S. Cal. Interdisc. L.J. 309 (2009). 69 Katz v. United States, 389 U.S. 347, 350 (1967) (citing Warren & Brandeis, The Right to Privacy, 4 Harv. L. Rev. 193 (1890). 70 Lawrence v. Texas, 539 U.S. 558, 562 (2003). 71 Id. at 564-5, (citing Griswold v. Connecticut, 381 U.S. 479(1965). 72 Id. at 578. 73 Katz, 389 U.S.at 359. 74 S. & Marper v. The United Kingdom, [GC] nos. 30562/04 and 30566/04 §66 ECHR-2008, available at http://cmiskp.echr.coe.int/tkp197/view.asp?item=1&portal=hbkm&action=html&source=tkp&highlight=30562/04 &sessionid=57924444&skin=hudoc-en.
establish and develop relationships with other human beings and the outside world; and elements relating to a person’s right to their image. 75 Interestingly, the ECHR has also determined that “the mere storing of data relating to the private life of an individual amounts to an interference within the meaning of Article 8.” 76 Privacy exists as a legal patchwork arising from constitutions, court precedents, legislative enactments, and multilateral agreements such as the European Convention on Human rights which protects the right to privacy in Article 8 77 of all nationals within its signatory jurisdiction and the American Convention on Human Rights which does the same in Article 11 78. The vast majority of western countries have also recognized the right to privacy though the International Covenant on Civil and Political Rights, which the United States helped author, which expressly protects the right to Privacy in Article 17. 79 Taken together these instruments of national law, multi-lateral agreements, and the UN convention demonstrate
Id. at §66. Id. at 04 §66, ECHR-2008 (citing Leander v. Sweden, 26 March 1987, § 48, Series A no. 116). 77 Convention for the Protection of Human Rights and Fundamental Freedoms art. 8, Apr. 11, 1960, 213 U.N.T.S. 221. 1. Everyone has the right to respect for his private and family life, his home and his correspondence. 2. There shall be no interference by a public authority with the exercise of this right except such as is in accordance with the law and is necessary in a democratic society in the interests of national security, public safety or the economic well-being of the country, for the prevention of disorder or crime, for the protection of health or morals, or for the protection of the rights and freedoms of others.
American Convention on Human Rights art. 11, Nov. 22, 1969, 1144 U.N.T.S. 143. 1. Everyone has the right to have his honor respected and his dignity recognized. 2. No one may be the object of arbitrary or abusive interference with his private life, his family, his home, or his correspondence, or of unlawful attacks on his honor or reputation.
3. Everyone has the right to the protection of the law against such interference or attacks. International Covenant on Civil and Political Rights, 999 U.N.T.S. 171
that while the outer bounds of the right to privacy may be subject to some debate, the importance of privacy as a protected right in modern civilization is without question. The right to Privacy is an individual right which protects persons, not places or things. 80 While the right to privacy was historically limited to persons, their papers, and perhaps their reputations, as technology has changed, the right to privacy has expanded to incorporate those changes. Consider for example a Supreme Court case from the United States which arose in 1967. At issue was whether or not the right to privacy extended to a public phone booth that the petitioner was using to conduct illegal business transactions. 81 The government argued that the right to privacy could not cover the phone booth because the booth was constructed of glass and the surveillance techniques employed involved no physical penetration of the booth. 82 The Supreme Court disagreed. The court held that the right to privacy is intended to cover people, not simply places or “areas”.83 The court noted that this outcome was required by “…the vital role that the public telephone has come to play in private communication.” 84 Any intrusion into the phone booth for the purposes of monitoring conversations would require prior court authorization in accordance with due process guarantees. 85 This case, it is important to note, was interpreting the Fourth Amendment to the United States Constitution which, while it protects privacy interests, has only been held to protect certain privacy
Katz, 389 U.S. at 350. Id. at 348. 82 Id. at 352. 83 Id. at 353. 84 Id. at 352. 85 Id. at 358-9. (citing Beck v. Ohio, 379 U.S. 89, 96-97).
interests, not all privacy interests which could be protected. 86 However, it does demonstrate two things: the first being that the right to privacy is an individual right which protects persons not just places, and the second that not all privacy interests are surrendered when an individual uses a third-party apparatus to engage in protected activities. These two premises show that social networking sites merit the protection of the right to privacy. The content that individuals communicate via social networking sites is the same content designed to be protected by the right to privacy. Essentially what persons and papers were to enlightenment era thinkers, and what phone booths were at the end of the 20th Century, so facebook posts and tweets have become to modern patriots. Social networking sites purport to grant users the ability to control what information is shared with the world though privacy control features on the sites themselves. As more and more users have added more and more content to the sites, users have demanded increased control over the information that is shared via the sites.87 While it may be true that privacy settings are not as extensive as all users would like them to be, this does not excuse users from the responsibility of effectively using the tools they have to secure information. The user in large part is the final gatekeeper of what information is disclosed to the public. When users elect not to secure their information and it is made public, the user bears some responsibility for that disclosure. Users in the digital world are best able to indicate that they have a reasonable expectation of privacy for information and content by securing that information and
Id. at 350. See Krikpatrick, supra note 4 at 208-9.
content: indeed there is little other way to communicate such an expectation prior to content being disclosed and the damage being done. If a user elects not secure information, they have given the government the same access as any other individual on the site. With the government in the same position as everyone else, it can hardly be argued that the government is infringing upon the right to privacy; it is completely acceptable for the government to collect, maintain, and mine such data. Such a program was recently undertaken by the Library of Congress when they began archiving all tweets which were not set to private. 88 This program, which was greeted which much enthusiasm by the academic community, in no way offends the right to privacy of individuals whose minor reflections on the day will be memorialized for all time. Though the government though the Library of Congress now has access to a great deal of personal and probably private information, the users in electing not to securing the information when given the choice abandoned any expectation of privacy they had. There are those who argue that the right to privacy does not attach to information which is voluntarily disclosed in a forum like the internet because in disclosing the information the individual has abandoned all expectations of privacy. 89 Essentially these individuals claim that privacy is automatically foreclosed when information is posted online, including on social networking sites.
Cecilia Kang, Library of Congress plan for Twitter: a big, permanent retweet, The Wash. Post, April 16, 2010, available at http://www.washingtonpost.com/wp-dyn/content/article/2010/04/15/AR2010041505752.html. 89 Miller, supra note 10 at 551 (citing United States v. Gines-Perez, 214 F. Supp. 2d 205, 224-26 (D.P.R. 2002).
This argument misses the point on several fronts. First, as Katz demonstrates, not all expectation of privacy is lost simply because an individual is using a public instrument of communication. Second, in the social networking world in which advanced privacy protections exist information does not become less private because it has been shared with another user; content loaded to social networking sites is not disclosed in the same way as it would be were two individual to talk face to face on a crowded street. As has been shown, many communications made via social networking sites are intended to be private. To extrapolate that all sites on the internet are third party public forums would be the same as saying that no expectation of privacy can exist once an outgoing letter has been handed over to Fed-Ex. We would balk at the idea that the government could open out Fed-Ex packages on demand and read through our most personal correspondence; the only difference between the Fed-Ex example and the social networking example is that we hand the Fed-Ex employee paper while we transfer electric signals to facebook. Either way, the right to privacy should not be defeated simply because a third party is involved. Another counter argument made by those who seek disclosure of protected content on social networking sites is that while the content may be protected, the relationship has changed from user vis-à-vis site to site vis-à-vis government; if the sites elect to disclose information to the government in the interests of national security, that is their choice to make. This argument again misses an essential feature of the right to privacy which is that the right to privacy is a personal right. If third party sites are allowed to disclose protected information,
then they have waived the right to privacy on behalf of their users without their users knowingthis defeats the right to privacy in its entirety. In the final analysis, though the government clearly has an interest in the information content of social networking sites, the information is private in nature when the user has elected to make it so, and as such the content is protected from government intrusion, either by the government or through third parties acting as their agents, by the right to privacy. Government access to the information must be conducted in conformity with the due process guarantees inherent in the right to privacy. Arguments which assail this point elevate form over function and create arbitrary categories of protected and unprotected information. The digital desktop is no less private than a physical desktop, and a facebook photo album no less meaningful than its counterpart on a coffee table. In a world in which our lives are migrating from the physical world into the digital realm, despite the associated risks, the right to privacy must follow. Part V: Government Responses I. Responses in the United States Discussion and debate concerning social networking sites in the United States has largely focused on information sharing between private vendors, that is between social networking utilities and other private corporate entities. While discussions of privacy and the right to privacy have been an important public discourse, the debate has tended to leave out
national security and government implications with respect to social networking sites. This situation however has begun to change. Recently the Cybersecurity Bill was introduced into the 111th Congress. 90 The bill has moved quickly though the legislative process and is now awaiting a final vote in the full Senate. 91 The bill in its findings recognizes the threats posed by cyber attacks against the United States, and recognizes the threats posed by the compromising of private information networks. 92 It gives the President of the United States authority to declare a “cyber emergency” and shut down critical networks on the internet whether public or private.93 While the bill is drafted to protect larger cyber national security issues, it implicates social networking sites, because these sites could conceivable by included within those which the President has the authority to shut down. By temporarily suspending service to websites including social media networking, the government will be able to terminate or suspend communications made through these sites, and protect national cyber infrastructure— both concerns which were highlighted earlier in this paper with respect to national security threats posed by social networking sites. Because the bill does not grant the government access to information on the sites it shuts down, it respects the right to privacy of the individual users of the sites, even if it is executed without judicial oversight or any other due process considerations.
S. 773, 111 Cong. (2010). Algela Moscaritolo, Rockefeller-Snowe bill clears Senate Committee, SC Magazine (Mar. 25, 2010), available at http://www.scmagazineus.com/rockefeller-snowe-bill-clears-senate-committee/article/166557/. 92 S. 773 at §2. 93 S. 773, at §201.
S. 773 also takes meaningful steps towards increasing overall cybersecurity which will protect users of social networking sites. In addition to establishing a panel of experts to advise the president on cybersecurity matters, 94 the bill would also create incentives for government funded research into determining the origin of any message sent on the internet and methods of authentication. 95 The bill is also important in that it repeatedly recognizes that improvements to the national cybersecurity infrastructure must be compatible with, and not made at the expense of, civil liberties and privacy. 96 While the proposed Cybersecurity Bill should be applauded as a step in the right direction, it is not yet law, and also does not do enough to combat the unique threats to national security posed by social networking sites. II. Responses in the European Union Similar to the situation in the United States, social networks have played an increasingly important role in the lives of citizens of the European Union. As social networks have become increasingly important, the governments of the European Union have begun to take an interest in the privacy implications of cyber data, especially on social networking platforms. 97 The debate in the European Union has been similar to that in the US in and of that EU legislators have tended to focus on individual privacy concerns in conjunction with third parties more than they have focused on privacy from government intrusion and national security concerns.
S. 773, at §401. S. 773, at §302. 96 S. 773, at §210. 97 See ENISA Position Paper No. 1, Security Issues and Recommendations for Online Social Networks, Ed. Giles Hogben (Oct. 2007) available at http://www.enisa.europa.eu/act/res/other-areas/social-networks/security-issuesand-recommendations-for-online-social-networks.
However, there have been several developments in the EU which have taken a different path than in the US. First, the European Union has taken a much more proactive approach to ensuring the privacy of data on social networking sites. In fact, the EU recently established that social networking providers themselves are responsible for ensuring the privacy of the information of their users.98 This places the burden for protecting information content on those who design the user interfaces themselves. These providers are in the best position to ensure that private data is not compromised even though they are not the final gatekeepers. Additionally, the EU has taken the approach of engaging social networking sites on a collaborative volunteer basis in a coordinated effort to tackle privacy concerns rather than acting solely from a legislative perspective. 99 While this effort has again focused on protecting the right to individual privacy from other users especially in the case of protecting minors, 100 it is nonetheless important because it identifies a third way to engage social networking sites beyond legislation and market principles. Also, the European Union has established an independent agency to monitor and coordinate internet security issues. This agency is the European Network and Information Security Agency (ENISA). ENISA works to develop a culture of internet security which benefits citizens, consumers, businesses, and public sector organizations in the European Union. 101
Article 29 Data Protection Working Party, supra note 21 at 3. Safer Social Networking Principles for the EU, pg. 1 (Feb. 10, 2009) available at http://ec.europa.eu/information_society/activities/social_networking/index_en.htm. 100 Id. 101 About ENISA, http://www.enisa.europa.eu/about-enisa (last visited Aug 6, 2010).
ENISA works with the European Commission, EU Member States, and the business community to respond and especially prevent network and information security problems. 102 ENISA is a “body of expertise” set up to carry out specific technical and scientific tasks within the field of information security. 103 ENISA also assists the European Commission in technical and preparatory work for updating and developing EU wide legislation in the field of network and information security. 104 The European Network and Information Security Agency is an important instrument in preserving both the privacy and national security interests of stakeholders in social networking sites. By creating a dynamic institution which works with the public and private sector and is simultaneously charged with defending both privacy concerns and public sector security issues. The technical expertise of ENISA also works to the advantage of the European Commission in developing legislation. Another important component in the EU fight to protect and secure social networking sites is that EU privacy directives have extraterritorial application.105 Even if a social networking provider is headquartered outside of the European Economic Area, their sites must comply with the privacy and security requirements of social networking EU directives. This is important since data and information on social networking sites are routinely accessed and communicated across national lines. When taken together, EU engagement with social networking site providers, their willingness to require privacy and user friendly default settings, their foresight in establishing
Id. Id. 104 Id. 105 Article 29 Data Protection Working Party, supra note 21 at 5.
ENISA, and the extraterritoriality component of EU privacy directives work together to protect user privacy and defend public sector security interests. Part VI: Potential Improvements to Social Networking Sites As has been demonstrated, there are serious national security threats posed by social networking sites. However almost all new technologies can be co-opted to negative ends and pose a threat to national security. That having been said, these technologies, including social networking sites, can create increased efficiency in our daily lives and help us realize protected rights. As such we must be mindful therefore when we are seeking solutions which will improve national security that we protect our rights with respect to these new technologies. There will be times when a decrease in our rights, such as the right to privacy, will lead to an increase in our national security. However, that is not always the case, and even when it is there may be times when the protected rights are more important than the incremental increase in national security. The best solution whenever possible will be to seek those adjustments to technologies, including social networking sites, which will best protect our national interest without sacrificing our protected rights, including the most cherished right to privacy. I. User Authentication One way to decrease the threat posed by social networking sites is to remove their anonymity. This can be achieved in any number of ways.
A common method of verification employs a nominal financial fee to authenticate identity. This is the method employed by the United States Postal Service to authenticate online orders for mail forwarding. 106 In this method the financial data collected though the processing of the nominal fee is cross-referenced with the forwarding information to validate the identity of the individual ordering the service. The same type of fee verification system could be used by social networking sites to ensure the identity of their profile holders. Another method of user authentication could be achieved through the use of some sensitive identification information which could be paired to user profiles. An example would be use of a social security number, driver’s license number, or some other equivalent. Pairing profiles with this sensitive information would allow providers of social networking sites to authenticate their user profiles. None of these authentication measures are fool proof; both of them are capable of failure as a result of identity theft which occurs frequently online.107 Additionally, the social networking site service providers themselves may be hostile to the concept of user authentication; the sites derive their value from the number of users, and any additional hurdles to creation or maintenance of user profiles will decrease their attractiveness thereby hindering the value of the service they provide. 108 There is also the concern that user
See Official Change of Address Form—US Postal Service (USPS), https://moversguide.usps.com/icoa/flow.do?_flowExecutionKey=_c6BED6D8D-1D83-107E-82375CC828FFFE19_k96CC9254-B53D-70C9-89DC-5EC7F9833541, (stating “A valid credit card and a valid email address are required to complete the Online Change of Address process. For your security, the credit card billing address MUST match the address you are moving from or the address you are moving to (for business moves it must match the address you are moving from).”(emphasis added)). 107 See Hogben, supra note 97 at 12-4. 108 Acquisti, supra note 3 at 2.
authentication could be abused by governments hostile to dissent in order to identify and suppress opposition- indeed the anonymity with which these sites operate is one of the key reasons they are employed by opposition members in such states. That having been said, all of the authentication measures would allow governments increased ability to track and identify threats to national security without infringing upon the users right to privacy for information and content contained on social networking sites. Governments following traditional due process requirements would now be able to effectively serve warrants for information to social network providers when they have met the requirements for such warrants. In this way national security is increased without any corresponding decrease in the privacy interests of users. Especially in developed western democracies, this form of protection should be adopted. II. Default Privacy Settings One way to protect the right to privacy of users of social networking sites without threatening national security would be to require social network providers to set the default settings on their sites to not share data, that is require the default setting to be private. This is what some governments have done or advocated for, especially where at risk populations such as children are concerned. 109 Users frequently leave intact whatever default settings are
Safer Social Networking Principles for the EU, supra note 99 at 7.
suggested by the provider. 110 Requiring default settings to be set to private will protect privileged information and create incentives for users to learn privacy settings. One study of facebook users showed that almost 77% of users did not read the sites privacy disclosures and reading the disclosures did not make users more knowledgeable about the sites activities. 111 With this information in mind it becomes easy to understand why default settings which protect privacy should be preferred. There have been those who have argued that the massive adoption social networking sites indicates that privacy is dead.112 However social networking site users themselves have vehemently refuted this claim. Facebook recently dabbled with user privacy in early 2010 they made the choice to alter privacy settings to share information with third parties. The idea was to use facebook information on third party sites to allow for instant “personalization” of the third party site. 113 As a part of the changes, information which previously could have been kept private by the user was made public. 114 This decision was met with outrage by many, including four United States Senators who wrote a letter to Facebook CEO Mark Zuckerberg asking him to reverse the policy. Instead of unrestricted sharing “[t]he default policy should be one of privacy, and users should have to choose to share their information, not the other way
Acquisti, supra note 3 at 77.
Id. at 18. See Helen A.S. Popkin, Privacy is Dead on Facebook. Get Over It., msnbc.com (Jan. 13, 2010) (discussing Mark Zuckerburg’s statements about the social norm of privacy evolving over time), http://www.msnbc.msn.com/id/34825225/. 113 Letter from Charles Schumer, Unites States Senator, to Mark Zuckerburg, CEO of Facebook (April 27, 2010) (available at http://schumer.senate.gov/record.cfm?id=324226&) 114 Id.
Id. Id. 117 Id.
Part of the threat social networking sites pose to national security rests in the ability of terrorist organizations and other groups which pose a threat to national security to use social media sites as recruitment tools and media outlets. One way to combat this threat if for traditional actors to get in the social networking game. The government national security apparatus and national news media can use social networking sites to their advantage. Instead of misinformation being distributed, the media can use the speed of twitter or facebook to connect to millions of users instantly with verifiable information consumers can rely on. The United States Military can beat the terrorists at their own game and use social networking sites to identify and recruit individuals who are at risk of being enlisted by radical organizations. All the opportunities which social networking sites present to terrorists and others who would threaten the security of the nation are also present for those who would defend it. There is some evidence that this reality is beginning to be understood by the United States national security apparatus and traditional media players. Facebook and Twitter profiles are now common for many news outlets such as CNN and NPR. Additionally, the US State Department recently began a Twitter feed in an effort to promote accessibility and increased communication about the activities of the State Department throughout the world.118 These pioneers of engaging social networking sites should be applauded, and others should follow in their path.
StateDep (StateDep) on Twitter, http://twitter.com/statedept (last visited Aug. 6, 2010).
Entering the new social networking environment may be difficult for some traditional actors, and especially where the government is concerned we must ensure that human rights and civil liberties are respected. However given the massive popularity that these sites possess, not engaging them ignores a potentially vital national security asset. IV. Uses of Facial Recognition Software According to one recent assessment users post over 3 billion photos per month— or almost 1,000 pictures a second— on one social networking site: facebook. 119 With an astonishing number like that, it is difficult to see what one could do which would improve privacy and national security. The answer to both employs facial recognition software. Facial recognition software is a computer program which uses set search parameters extrapolated from a sample image to identify the same facial parameters in other images.120 The idea is to allow computer programs to scan pictures and identify who is in them. As it currently stands, users of facebook and other social networking sites do not have control over pictures of themselves on the sites. In fact many users may not know that others have uploaded their picture to the site. While facebook does require users to assert that they have the right to use the picture, this does not extend to requiring consent from the subject of the picture. As a result, many individuals may unwittingly have photos of themselves in compromising circumstances posted online for all to see. 121 Facebook does notify users that
Global data storage to reach one zettabyte, BBC World Service, (first broadcast July 26, 2010), http://www.bbc.co.uk/worldservice/news/2010/07/100726_data_wt_sl.shtml. 120 Miller, supra note 10 at 560-1. 121 Id. at 561.
they have been “tagged” in a photo, but there is no requirement that those uploading the photos actually tag individuals present. One could also go though each picture on facebook and make sure they are not a subject. However, with over 1,000 photos a second being uploaded it would be a tremendous understatement to say that a few are bound to slip through the cracks. There is however a solution to this affront to privacy—facial recognition software. Governments could require that social networking site providers who allow users to upload photos also employ facial recognition software to identify the individual subjects of each photo. Governments could further require that when a user has been identified as a subject that the site notify the user and give the user the ability to either tag the photo or request its removal. Users who did not wish to allow social networking sites to create a facial recognition profile could be given an opt-out ability to ensure the anonymity of their facial parameters. If facial recognition software is employed in this way it can empower users of social networking sites and give them the tools necessary to manage online privacy at 1,000 photos per second. There is an added national security benefit to instituting an embedded facial recognition program in social networking sites. That benefit derives from the fact that law enforcement agencies and national security officers could, with proper authorization which respects human rights and civil liberties, issue a warrant for pictures on social networking sites of persons of interest. With the vast amount of photos uploaded each and every day it is quite possible that suspects will be identified in some pictures even if they do not have profile pictures themselves. The specter of such an Orwellian conglomeration of raw information and ease of identification ability makes hesitancy to embrace such a program, or outright rejection of such an idea, more
than understandable. However the reality remains that facial recognition software properly incorporated into social networking sites has the potential to simultaneously be a tremendous asset to national security and an important tool to maintaining individual privacy. Part VII: Conclusion Social networking sites such as facebook and twitter have become too important in modern society to allow unrestricted access by the government. Individual users employ these sites for many functions including written intrapersonal communication, visual content sharing, and planning personal and family life. As such, the content on social networking sites must be protected by the Right to Privacy as it has been expressed in the International Covenant on Civil and Political Rights and the 4th Amendment to the United States Constitution. However, the information content and structure of social networking sites pose a very real threat to national security. As such the information cannot be entirely above government access. A balance must be struck between the right to privacy and national security interests. That balance rests where it has always rested; in due process by governments seeking to obtain information. However there are several steps which could and should be taken to amend the operation of social networking sites to protect both the right to privacy and national security. First, social networking sites should require authentication of user profiles. There are several ways to do this each with their own strengths and weaknesses. However such authentication would help governments identify threats to national security and engage in the appropriate processes to abate the threat. Second, social networking sites should take
responsibility for the privacy interests of their users and set the default setting to private; doing so helps protect users who might otherwise not understand that they are waiving their right to privacy and denies organizations hostile to national security access to such information. Third, traditional media players and members of the national security apparatus should embrace social networking sites as a key recruitment and communications tool. Not doing so allows others who may be hostile to our national interests an advantage. Fourth, social networking sites should be required to adopt facial recognition software which can be used by national security officials to identify the location of known suspects and by users to ensure the integrity of their privacy online. Social networking sites have revolutionized the way we communicate with one another and have become an integral part of our social identities. Unrestricted government access to social networking sites would be a serious affront to the right to privacy. Nonetheless social networking sites in their current form pose a serious and largely unrealized threat to national security. Governments can and should regulate these sites in such a way as to maximize the right to privacy and minimize the threat to national security. What government cannot do is to continue to virtually ignore the problem.