Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

HOW can Facebook, or anyone else _successfully_ protect user data from government without breaking the law?


Require a confirmed court order before any amount of cooperation with authorities, including the acknowledgement that data might exist.

Assign a legal team to investigate all such orders, and proactively seek injunctions against those that overstep their authority.

Require that all government employees and contractors disclose their involvement (not publicly, obviously) and subject those individuals to enhanced scrutiny with regards to unwarranted data mining. Pursue aggressive legal action against the state for any individuals found in violation of this policy.

Of course, any of this would require Facebook or anyone else to treat its users as customers rather than products.


They can also publish statistics about law enforcement requests by political region, as Google does in its transparency report.


This would be amazing. What I'd also like to know is if LEOs have FB accounts with additional features, or if they have specialized UI where they can query user data. A whistleblower at Verizon a few years ago talked about a paid self-serve web interface they built for law enforcement to query location data because the volume of requests was too much to process manually.

Does the "secret interpretation" of the Patriot Act we keep hearing about include unfettered access to social networks?


By providing at least token resistance?

People shouldn't be getting roped in by the law because law enforcement has free reign to peruse profiles. As well, infiltrating profiles by 'social hacking' (aka asking to friend someone by having a profile with breasts on it) shouldn't be allowed by law enforcement doing fishing operations.

In other words, communications on Facebook should be considered as private communication. Monetization by anonymous advertising akin to Google's model should be the accepted quid pro quo for usage.


Sometimes pieces of government are unaware of laws they are breaking until a well-funded challenger can use the courts to educate it.


Successfully protecting user data from the government isn't an either/or zero-sum situation, it's a game of inches. They should protect it up to the point at which they are most unable, and not a minute nor filing before.


Avoid collecting potentially sensitive information in the first place, if at all possible.

Collecting and retaining the least possible amount of information about users is good security; it's just bad commercial practice. It also protects your users in case you go out of business and end up sold (or pivoting) into a non-privacy-protecting business model, like what happened with Rapleaf.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: