During the past 24 hours, there has been a flurry of discussion about Facebook banning Robert Scoble. Robert was running an automated script to scrape his ‘friends’ contact information (5,000 of them) out of Facebook. The script was being tested on behalf of Plaxo, an online address book that can automatically update contact details.
I think Facebook was correct in having a process that detected suspect behaviour and automatically disabled it. If only the HMRC could have implemented something similar, 25 million people in the UK wouldn’t be wondering if they are going to be the victims of identity fraud…
But the debate that is really kicking off is who owns the data that was being scraped – the service that stores it, the individual who posted it, or the ‘friend’ who has been given access to view it. This will be an ongoing argument for 2008 and Facebook will not have a monopoly on headlines. The Financial Times ran an article just before Christmas – The devil in the details – that explored the effects and cost of privacy breaches as more and more personal data is stored online. One particularly interesting scenario highlighted how government agencies are using data as currency:
¨While you can obtain [Transport for London’s Oyster Card] over the counter without providing personal details, you can get a refund on a lost card only if you have given your name and address. So to get full economic value from an essential service, you must hand over your data. Is this informed consent, or de facto coercion?¨
It’s an interesting development. In the past, you would have just needed to produce a valid receipt to get a refund.
- Scoble: freedom fighter or data thief? (Rough Type, Jan 08)
- I’ve been kicked off Facebook; What I was using to hit Facebook; Facebook lets me back in (Robert Scoble, Jan 08)
- Devil in the details: Why personal data are ever more open to loss and abuse (FT, Dec 07)
- UK families put on fraud alert (BBC News, Nov 07)