April 08, 2010

Associate Professor of Management Eric Santanen.

Please note: You are viewing an archived Bucknell University news story. It is possible that information found on this page has become outdated or inaccurate, and links and images contained within are not guaranteed to function correctly.

[X] Close this message.

LEWISBURG, Pa. — Welcome again to "Ask the Experts," a regular web feature that highlights the expertise of various Bucknellians in a range of topics related to current news events and other timely subjects. || Ask the Experts archive

This week, we asked Associate Professor of Management Eric Santanen, whose research and teaching focus on computer privacy and the impacts of technology on individuals, organizations and society, to talk about social media and related security issues.

Q:  Facebook, Twitter and other social media have become part of the personal and professional daily lives of most people. Why do you think social networking is so popular? What are some of the benefits and drawbacks?

A: Social networking is largely an extension of how people have come to depend upon e-mail for communications. We live in a time of ever-increasing immediacy, and there is an "I want results," "I want it now" kind of philosophy that seems to be creeping into our lives more and more. We get used to this asynchronous mode of interaction where the other person doesn't need to be available at that moment in time in order to engage in dialogue and conversation. I can leave a message; you can return it at your convenience. You can answer e-mail while watching TV or while you are with family or friends. We become dependent on this level of interaction with cell phones, text messaging, instant messaging, Twitter or Facebook, and we begin building a larger and larger set of interaction methods. Eventually, these asynchronous communications becomes synchronous communication — we feel the need to be connected at all times.

Social networking is a way to connect with acquaintances and friends who have slipped away. All of a sudden, there's the name of a long lost friend, and we have the opportunity to rebuild an old relationship. Social networking provides a way for us to share details about ourselves, our personal lives, our interests, our activities, and it helps to build that immediacy of interaction. When you visit somebody's Facebook page, you get to see lists of activities and lists of things they've been involved with. We are maintaining that circle of friends that we don't have time to speak with on the telephone all the time. The benefits, of course, include maintaining relationships with family and friends.

The potential drawbacks associated with social networking can be dangerous, ranging from inconvenience to identity theft to stalking to what could be called a permanent loss of privacy. Mark Zuckerberg, the founder of Facebook, gave a speech in January where he made the declaration that personal privacy is dead. I find that to be a tremendously dangerous statement and even more dangerous reality.

Q: As technology advances, everyday tasks are becoming more convenient and quick. What should consumers know, however, before adopting these new technologies?

A: I am a big fan of technology. I love gadgets and toys and gizmos. But we have to realize that with each new technology we use, be it Facebook, a cell phone, e-mail, we've lost some privacy in the name of convenience or fun. Cell phones have GPS built into them, so every time you are on your phone or even when you are not on your phone, you are locatable. The GPS technology was built in for the purpose of responding to 911 calls. GPS is unnecessary with the land line in your house due to the ease of performing a reverse lookup to find your address. Another example is EZPass. The convenience is not waiting in line to pay tolls. You don't worry about carrying change. The main drawback is that it provides an inventory of where you have driven, and we're finding EZPass data and cell phone data being used in criminal investigations and court cases.

During the Super Bowl Half-Time Show several years ago, everybody was upset over a "wardrobe malfunction." TIVO said that moment was their most replayed event ever. The interesting question is: How did TIVO know that? The bottom line is that many of these technologies, such as TIVO or your satellite dish, are two-way communication vehicles. Your satellite provider knows what television programs you have watched. They know which ones you have recorded. They know if you have watched a recorded program or not. They know if you have watched the entire program or only part of it. Every time you press a button, it's a data point, and that data gets captured somewhere.

Q: Some social media, such as Facebook, is billed as semi-private, because it is password-protected and has privacy settings that limit the number of people who can view what's posted. How much of what users post is actually private?

A: Last year, Facebook  indicated its intention to claim domain over anything  posted on its site, including the ability to sell, trade or share content such as images, text, poetry, writings, whatever happens to be there. This caused an uproar in the online community. At the opposite end of the spectrum are reactions such as, "What did you expect?" People posted material in a publically viewable area and then got upset that they don't retain as much control of this material as they thought they would. There may also are copyright and intellectual property issues here, but information that you post on Facebook and MySpace can never really be deleted. You can close your account, but you can never remove your account. They retain the data and they always will.

Essentially, their databases contain records such as your name, your birth date, various interests that you have, affiliations you may have checked off when you first opened your account, your friends list and people that can post to your wall. These are all data elements, and each element has a corresponding privacy level that indicates which data is not to be shared and which data is to be shared. All it takes is a change in policy for these organizations to say, "We're now going to share this data." The result will be a public outcry, and so they will ratchet it back a little bit and say, "Well, these records will remain private, but these records will now be shared." And the cycle repeats itself. Each time, a little more data becomes public, resulting in a creeping scope of data that eventually gets shared.

Many users may think they are in control of their Facebook data, but it's really Facebook's privacy policy that dictates the terms. And if they do something that angers users to the extent that they leave, Facebook retains the user's data.

Q: Passwords are required for everything from bank accounts to e-mail accounts and alarm codes, but many people do not put much thought into the security of their password. What are some ways to make a password secure?

A: We have a clear necessity for passwords as we move more of our lives online. Passwords originally controlled access to things such as your e-mail account or your webpage, relatively innocuous sorts of things so people chose relatively simple passwords. But as e-commerce has grown over the past decade, and we do banking online, we access our credit cards online, and we pay our bills online, everything has become password-controlled. Since we are now protecting financial assets, a stronger password is required. A strong password, one that is difficult to break or guess, is a minimum of eight characters. It contains uppercase characters and lowercase characters. It contains digits or symbols; and it's not a dictionary word. 

Facebook and other social media sites can potentially damage privacy and password control as a result of what people choose to share with others. A typical password is someone's name, an important date, a dictionary word, and when somebody knows enough about your private life, passwords become easily guessable. Shame on you if your password is your anniversary date or your child's name or your dog's name, because those are all guessable. The best advice I have for creating a strong password is to pick a favorite song lyric or expression. For this lyric, take each word and reduce it to its first letter. Any time there is the word "to," "two," or "too," replace it with the digit two.  For the words "for," or "four," replace it with the digit four. Now you have a string of letters and numbers that doesn't spell a dictionary word. Then, randomly or systematically, mix the case so you have some upper case letters and some lower case letters. The result is a strong password that also is memorable to you because it has personal relevance.

Q: Internet users may log on to their e-mail accounts, buy products with credit cards and conduct business via wireless devices at cafes, libraries or just about anywhere there's an open network. What are some things users should know before using an open network?

A: Anything that is transmitted over an open network is likely not to be encrypted. Encryption is the process of taking plain text that you can read and applying a mathematical algorithm, which makes it essentially non-readable. Data travels across wired or wireless networks in little units called packets. The packets include the data itself and also indicate where the data should travel. There are countless varieties of "packet sniffing" software that is free to download. The purpose of this software is to extract data from packets that travel across networks. Credit card numbers, social security numbers, passwords and web addresses are very regular patterns that can be detected and extracted by packet sniffers if the data is not encrypted.

The key point that people need to understand, before typing a password, before typing a credit card number or any other sensitive data into a web page, is whether that communication will be encrypted.  The most obvious sign that your data will be encrypted is to look in the tool bar in the bottom right corner of the browser window. You will see a little yellow padlock. If your data is being encrypted before it is transmitted, the padlock will be closed and probably glowing brightly. If the data will not be encrypted before being transmitted, the padlock is displayed as an open lock. So, if a web site is not secured, anything you type will be transmitted as plain text that can be observed by anyone using packet sniffing software.

New editions of "Ask the Experts" will appear on the Bucknell website on most Thursdays during the fall and spring semesters and on occasion throughout the summer. If you have ideas for future questions or are a faculty or staff member who would like to participate, please contact Sam Alcorn.

To learn more about faculty and staff experts who can speak on a variety of news topics, visit Bucknell's searchable Experts Guide.

Contact: Division of Communications