Before you panic too much, Evil is a great implementation showing the lack of privacy controls most people place when posting information, such as phone numbers, into their stream.  Evil simply scans Faceook, blocks half the number for security and shows them at random on a webpage with an avatar of the person as well.

The site owner also does a great job explaining how it works, how anyone could do it, no tricks involved and what parts of the Facebook API he uses to make it all happen.  While phone numbers can easily be changed by anyone in today;s world for security, it is amazing how much information is now tied to it and shows when doing searches in Google sometimes.

So go into the new privacy settings and beware what sharing selection is made when you make a post on Facebook.  If you have doubts, simply send it via a private message instead.

• Mashable – Facebook and Privacy : It’s Time to Move On
• Mashable – Facebook’s Changes in Zuckerberg’s Words
• ReadWriteWeb – Facebook Privacy Briefing
• or just search for even more…

Be just as careful when loading these tools and applications to make sure they are legitimate.  The screencasts will wlk you through what they do, how they access the data and if they provide a service for you.

A teenager in Arkansas, however, has become so annoyed with his mother’s Facebook intrusion that he has reportedly decided to sue her for harassment.

The claim is the mother hacked into the Facebook account, changed his password and made some postings under his account name.  The mother states she has every right to do so and is defending that in court come May.

Here are both sides of argument from us at SocialStalking only, not as attorneys:

Her intention was ok
The mother was trying to act in some responsible manner of seeing what and why her teenager was making particular postings.  The better approach would have been to actually communicate with the teenager and have them log into their Facebook account while she sat there.  This would keep some of the trust and respect factor between them while allowing parenting to occur.

Parents always wish to know what is going on with their kids online and do not have well defined rules, guidelines and restrictions of how they will interact.  Her exact quote allows them to take the below stance when she said

“You’re within your legal rights to monitor your child and to have a conversation with your child on Facebook whether it’s his account, or your account, or whoever’s account.”

Yes, with monitor being the key here.  You could not hack into another adults account legally.  Monitoring does not include taking over.  It means watching, reviewing and even logging/taking notes on content.

Her intention broke numerous rules
The mother made one major mistake that the article from CNET mentions.  She hacked into a computer account with malicious intent.  This, in itself, is a crime she has admitted to. She has accessed a computer (Facebook server) without authorization and with intent to portray herself as someone else.  Now enter identity theft arguments.  The teenager has a strong case if he follows this and removes the emotional and parental battle from the fight.  The local Clark County laws even address this as quoted in the article.

If the teenager was on the parents computer, it is not the one in question.  The Facebook server is the one in question and was hacked by the mother.  She had no technological right to do so and should have relied on parental rights such as knowing the passwords and lines of communication.

Summary

The legal battle needs to be separated far from the parental battle to clearly understand this.  The parent broke laws.  Good intentions do not allow this.  The parent took offense to what the child was posting.  Good parenting and communication resolves that portion.  We hope they both win in court and later parenting.

The school provided the students these laptops with the understanding they

courtesy of Geekologie

were to be used for school activity.  Whether or not an appropriate Acceptable Usage Policy (AUP) was created, is not clear.  It should have defined what was expected in usage, the monitoring ability and a clear line forcing the parents to sign and understand what AUP the school had created.  A mandatory meeting should have been help with the parents and kids outlining the entire process.

We deal with multiple school districts in the local area that all have controlled computers that sit inside the school and are taken home by teachers and students.  These computers all connect back through the school filters, firewalls and proxies to provide the safest environment possible.  Yet, it could not be perfect.  Any computer provided in this format, should reasonably expect some form of controls that will be installed.

The next step was the means of access and recovery the school distrcit utilized.  They school reguarly connected to laptops and took control or watched desktops for helpdesk operations and to assist in recovering in lost or stolen laptops.  However, the officials also activated the built in camera in the laptops, without warning.  This is where we offer our opinion to meet in the middle.

The schools should take one of two paths when issuing equipment like this to students.  One path says buy laptops with no camera installed, removing this possibility.  The other path is more complicated.  The AUP for the district should outline the possibility and also set some established hours that the camera may be activated, and only in recovery mode that is well documented when performed with some audit trail.

As we debated this, one point was raised that beared a bit of explanation in this thought path.  Most of these laptops would be forced to connect to district servers to get security and policy updates once they access the Internet.  If the laptop was stolen or lost, this might not happen till after normal business and school hours.   So if the AUP said they would only activate during normal hours, how would they act if the computer came online only at night and they wished to track it?

I don’t think there is reasonable expectation of privacy on the content you access with a school issued laptop, however there is one with the placement and timing of the camera itself.  Mainly when the AUP does not address or reflect the ability the district has to activate such features that interfere with expected visual privacy.  Internet access is just data flow and can be routed through anywhere and monitored.  But the physical setting anyone is in normally would have expectations of privacy involved.

The district was right in coming clean in what access and steps they take and also in immediately suspending this practice until the investigations and complaints are over.  However, every district and company needs a better defined AUP to address this immediately.

Recently, British Airways took it upon themselves to suspend 15 crew members over some online antics.  Another recent study shows that 8% of US companies have fired employees over social network abuse.  Is this a trend in your company environment?

Does your company have a policy that reflects anything beyond utilizing social networks at work and sharing confidential information?  Probably not.  There is the major issue I feel needs to be addressed.  When you begin your employment, companies make you sign an Acceptable Usage Policy (AUP) that describes, some in great detail, pretty much everything you can do with the computer resources.  However, once off of a company device or network, it is remakrably absent.  As it should be.  But, in rebuttal, if they can suspend, terminate or reprimand you then it needs to be spelled out.

We suggest staying away from any network activity that would bring your character into question or is not approved for usage.  Approved means a poilicy exists.  Just because they do not block a site does not give you reasonable expectation to participate.  Query the IT and Human Resources department to gt copies of policies and join a team to build them.  getting involved and knowledgeable is the key to success in using and enjoying social networks with the enterprise.

They still have their passports and their return flights are good, of course.  They just need some funds to pay the hotel bill.  Amazingly they cannot call their bank to have funds wired, transferred or have a credit card authorization given.  So they reach out to you to transfer them some funds immediately so they can pay the hotel off.

Keep in mind it is late in the day where they are stating the stranding has taken place.  And they are at a public library using the Internet instead of the hotel itself, where they would normally be trying to work out the bill.  Did I forget to mention that every hotel on check in I have visited in Europe gets your credit card up front and authorizes insane amounts.  Seems they don’t have their story right.  After I questioned them, they became silent yet were still online…

James  hi
9:51am Chris  hey
9:52am James  how are you?
9:52am Chris  good
9:52am James  am not too good
am in a huge mess as we speak
9:53am Chris  ?
9:53am James  we are stranded in wales uk as we speak
9:53am Chris  terrible, great place to be stranded
9:54am James  got mugged at gun point
all cash credit card and our cell phones was stolen from us\
9:54am Chris  but you are online, interesting
9:54am James  am in a local library right now
it was a bad experience for us
thank God we still have our lives and passport
we need your help
9:56am Chris  sure glad to
9:58am James
wondering if you can loan us some cash to that
our return flight leaves in few hours but we are having problem sorting out our hotel bills
we will def refund it once we get back
9:59am Chris  oh sure, that is easy
isnt it past hotel check out time? didnt they have your credit card on file already as all those hotel make you do on check in

9:59am James  I had been hacked. Thanks for offering to help me.

I reached out to the person via email to let them know about their account and to reset and protect it immediately as you see in the end message.

The Lesson: Make sure your own account has a complex password.  Never believe that a friend is stranded and you are the only person that could help or that the story even makes sense.  There were more holes than Swiss Cheese in this one.

Secondly, if you are a geek with a few minutes of free time, definitely play along and really reach the person that got hacked.  Who knows, maybe one day it will be the game of catch a thief.

As you can see in the embedded video, I was able to zoom all the way down to actually see the bag someone was carrying and then move to look into apartments.  While some say this is everyday life, no one can naturally scroll and scan across an entire city while zooming in and out of windows.  Your naked eye can only do so much, it is the enhancements in technology taking this to the next level.

What does this say about privacy? It is slowly moving towards transparency, even in a higher floor of an apartment building.   I still believe in having my window shades open almost all the time, as a home is just a shelter.  Yet, we all have reasonable expectations and morals say we would not sit and stare into others windows (some of us at least).  Does the advent of technology force us into protecting our privacy more?  Or does it question why we hold so many things so private?

You should be aware that their attempt is to make more of the information you have uploaded and continue to upload more public.  Meaning such things as pictures, profile information and wall posts available to the public stream.  You do have the ability to restrict this and should take the time to make the effort.

If you have been concerned with how much information is available about yourself online, this should raise that to new heights.  For Facebook to take the stance that they can make sweeping changes to publicize what was personal has many people deleting their accounts.

I could have seen Facebook implementing a feature request where you have to log in and select what items you wish to be public, and I mean area by area.  Not in large category scale.  Some would claim that would be a time consuming process and overhead they did not want to absorb.  I counter with the fact that you have already established security guidelines and expectations that apparently can be changed on a whim based on what advertisers wish and your expected growth.

Facebook is trying to become the phone book of the Internet.  Are you unlisted?

The goal of these scams is pretty harmless in the big picture, but could be used maliciously if desired.  Most of them prompt you via a friend’s infected computer with a chat or email notice asking if this was you in some video or picture.  The link is via an URL shortening system (hides the real URL, see Bit.ly as a great shortening service) and takes you to a website than then infects your computer.  From there is spreads and does the same to your friends.  Thanks to ChrisKing for the picture

So what do you do for prevention?  A couple simple steps would stop the majority of the spreading:

1. Update your virus signatures daily and never let your service/subscription expire.  Putting it off even for a week can open you to an attack.  I see far too many families trusting that the virus software that expired 4 months ago is still ok.  Spend the few dollars to protect your identity and computer
2. Silly I know, but stop clicking these unknown links.  How many of us actually might be in an embarrassing video or picture we don’t know about?  Think about it.  Most of the time you were there right, meaning mentally?

One trick I have not seen yet, but would be the next logical step.  The same chat or email trick with a comment about is this your spouse/wife/husband/child in some video or picture with a comment about them doing something inappropriate.  How many of you would fight that temptation to click the link?

So how do we relate their personal, out of school (offline) time against their school time?  What are the standards for their usage and participation in social networks both in and out of school?

Ashley Payne, a teacher in Burrow County, Georgia has become our level set in recent days.  You can search and find many resources on the story, but in summary from them all:

• She worked for the district for two years
• She had a Facebook page
• She had pictures of beer and/or wine shown
• There was some expletive also shown

It was also stated, in quotes from her, that this was taken in Europe on a trip other staff was also participating in.  She was not seen physically drinking in any of the pictures either.

“I visited the Guinness Brewery, I went to Italy and had wine. I went to the Temple Bar District of Dublin and drank some alcohol there like any normal adult would,” said Payne.

Payne and her friends took pictures at various places across Europe. A few pictures showed her with a glass of beer or wine.

“They’re not even of me drinking the drinks and I don’t look like I’m intoxicated in any way or doing anything provocative or inappropriate,” Payne said. “I visited the Guinness Brewery, I went to Italy and had wine. I went to the Temple Bar District of Dublin and drank some alcohol there like any normal adult would,” said Payne.

 

Payne and her friends took pictures at various places across Europe. A few pictures showed her with a glass of beer or wine.

 

“They’re not even of me drinking the drinks and I don’t look like I’m intoxicated in any way or doing anything provocative or inappropriate,” Payne said.

So where does the line blur between the personal life of an educator and the professional appearance?  Should all teachers be required to never post on social networks?  Should all teachers have stricter privacy settings on who can see their data?  Should school districts have well defined polices on participation in social networking?

Another blog posting  from AJC goes into more detail on the expletive utilized, stating that the teacher mentioned her attending a bingo function that happened to have the “B word” in the title of one of the games, which she found funny and posted.

Without going into her suing the district and why (see article above), apparently the school had a policy which did address the exact reason she was questioned about the content.

Barrow has a policy that states employees can be investigated and disciplined for postings on Web sites that contain provocative photographs, sexually explicit messages, use of alcohol, drugs or anything students are prohibited from doing. And the policy allows for termination for such transgressions

If a teacher is of legal age, does the district have the right to compare an activity of a teacher outside of school against what a student can legally do (alcohol consumption) at any time?  I would say that is not a term of employment as long as the teacher does not indulge before arriving or during employment, which includes school activities.

Teachers have an expectation of privacy except when sharing data across the social networks.  Deciding on whom to share data with and what shows in your public profile was something she clearly did not anticipate.  Also, allowing people to tagyou in photos (see our other posts on Facebook privacy) could expose your information beyond the reach of your immediate trusted circle.

Protecting your online identity is more than making sure no one speaks negatively of you.  It is also about controlling what information is shown or shared and how it could adversely affect you in employment, schooling and even relationships later.