Face-off in Oxford

This July saw a new twist to Oxford University’s tradition of ‘trashing’, which involves students celebrating the end of exams by attacking each other with aerosol string, flour or high-power water-pistols.

The university proctors, academic staff responsible for disciplining students, have previously issued fines for aspects of trashing, such as creating mess in the street with food or alcohol. But this summer, they turned to social networking web-site Facebook for evidence.

“The problem was that they were actively trawling Facebook to find individuals who, in their opinion, had acted inappropriately,” says Martin McCluskey, the elected president of Oxford University’s student union, which had agreed with the proctors that students would be fined for some kinds of trashing. “It was more the underhand tactics we objected to.”

The university says its proctors acted in response to complaints of antisocial behaviour from the public and university staff, and used “only publicly available material from Facebook” in identifying and disciplining students.

McCluskey thinks the university used Facebook in a way that went beyond the site’s terms and conditions, but believes the web-site also needs to modify the way it deals with such events. “Facebook was very reluctant to get involved in anything to do with this,” he says, regardless of what he sees as a breach of its terms.

But he says that students also need to change the way they behave online. To that end, the student union issued precise instructions on how to turn on strong privacy settings on Facebook: those joining the Oxford University ‘network’ on the site may not realise that this provides enhanced access to their profile to anyone within this network, including academic staff as well as students, unless settings are changed to avoid this.

McCluskey plans to continue this education through the student union’s web-site and emails to students. “We’re dealing with an unregulated marketplace here,” he says of such sites, adding that even students who use the maximum privacy settings are not safe, as their friends can still post labelled pictures of them without privacy.

Fresh-facebooked

Student life has long involved doing things that participants are keen for everyone to forget later. Apart from misbehaviour, universities should provide a chance for students to consider and change their ideas and views, and to decide what they want to do with their lives. The question is, do social networking sites hinder that?

Research by Oxford University’s Oxford Internet Institute confirms that social networking is dominated by the young. 42% of British students have created a profile on the likes of YouTube, MySpace or Facebook in the last year, compared with 15% of those in work and 2% of pensioners (see reference 1).

Facebook, one of the newest, is gathering particular attention due to its explosive growth. It was created in February 2004 for students of Harvard University in Massachusetts, adding other universities from the US during that year, then others overseas in 2005. In July, internet research firm Comscore said Facebook’s British visitor numbers grew by 25% between May and June alone, to six million, (reference 2) and the company says it has 4.5m active accounts in the UK.

Ellen Helsper, survey research officer at the Oxford Internet Institute, says there is very little research into the specific impact of social networking, but there is evidence that school pupils and students are aware of privacy, partly as a result of warnings about grooming by paedophiles. “They know not to use their addresses or mobile numbers,” she says, although the institute’s research with teenagers has shown they often provide enough alternative information to people online – such as their school, their appearance, where they spend time away from home – to put them in danger.

Because Facebook has privacy protection available, users may feel their information is protected. But Helsper adds: “The software at the moment doesn’t really correspond to people’s everyday use of ‘privacy settings’, if we can call them that,” in other words, the conventions of privacy used in the real world.

Academics have to consider how to use social networking and similar interactive web technologies, she says, to ensure a free exchange of ideas among students. To that end, the institute is considering use of blogs visible only to those within Oxford University for academic work in progress.

A good social life

But universities can do little about private use of social networking. Helsper thinks that young people’s use of social networking appears to change during their teens: of video-sharing site YouTube, she says: “It’s not really used to create networks, tight-knit groups of friends, but in promotion of self-image,” and this is often of more interest to teenagers at school.

MySpace is a hybrid, both for promotion and for networking, while Facebook is primarily about networking, hence the privacy settings opening privileged access to information only to those who are trusted.

The trouble is that the older self-promotion profiles can undermine the newer networking ones. Infosecurity asked penetration tester SecureTest to attempt to gather information on Mike Simpson, a recently-graduated local student, starting from his name only (although far more information would be available on a CV). The richest sources of data by far were the profiles he had set up on social networking sites: his account of this is below.

In his case, an older MySpace profile provided keys to Facebook. The latter site used to be available only to those with email accounts at academic institutions, but is now available to all, and in September Facebook announced it would grant search engines access to basic profiles (although users can opt-out).

MySpace features fewer privacy settings and is marketed at school pupils as much as students, so people may arrive at university with such a profile already in place, only to forget about it in moving to the student-focused Facebook.

However, student union president Martin McCluskey says that, unlike last year, a large number of this year’s Oxford University freshers already have Facebook profiles.
A survey of 501 potential university students aged 16 to 18, carried out by research firm Ipsos Mori in June for UK universities’ Joint Information Systems Committee, found that 65% regularly use social networking sites – far more than the 27% who regularly use wikis, blogs or other online networks. Only 5% had never used social networking sites (reference 3).

Let’s get to work

Research by UK vendor Sophos suggests that many users of Facebook are casual about agreeing to requests from other users to link, and many even provide personal information when asked (see ‘Contacting a slippery character’). Carole Theriault, senior security consultant at the firm, says users may have a false sense of trust in the service. “They think that Facebook will have their best interests at heart, but it needs to spread and grow as a business,” she says, which means encouraging users to connect (reference 4).

Theriault adds that joining networks within Facebook presents a particular risk, as these provide everyone else within that network with a certain amount of access to a user’s personal data. Some of the networks, such as ‘London’, have more than one million members.

Joining the London network is exactly the sort of thing a recent Oxford graduate might do, if moving to the capital. Theriault says some employers are using Facebook as a business tool, such as for arranging meetings: she knows of a London law-firm doing this. Also, since establishing a profile herself, Theriault has been approached by recruitment firms through the system.

Those in the media seem to be particularly keen: in mid-July, Facebook said that 14 000 BBC employees were users, of the broadcaster’s 23 000 total staff (reference 5). Theriault says journalists often use the system to arrange interviews with Sophos, and Ellen Helsper says many young journalists would be at a loss without it: “It’s kind-of being in the loop.”

Some firms have banned its use completely, although concerns about productivity may be the main justification, rather than employees’ privacy. Theriault says a middle way may be desirable: “I would exercise caution, have guidelines in place on what you post,” she says. “When you are on Facebook, and you let it all hang out, you are putting your reputation at risk.” Policy may be affected depending on the industry, the size of the company and the value of internal information.

Facing the future

How might users be affected in the long run? Academics have been early adopters of each internet technology from email onwards. Ellen Helsper says that academics are already being affected by increasing records of what they said in the past, and this could affect other groups of opinion-formers such as politicians: “It is really difficult to change your mind. If you’ve said something in a public setting, it will probably register somewhere,” she says.

Student union president Martin McCluskey is more sanguine. “I think it may be one of those things where we look back on in 20 years, and see it with more hindsight,” he says, pointing out that trawls through newspaper archives are hardly high technology.
However, few students, even from Oxford University, receive regular press coverage before graduation. Only time will tell if the Facebook generation is networked like none before – or whether it collectively wishes it had never put up those trashing pictures.

References

1) W Dutton and E Helsper, The Internet in Britain: 2007, Oxford Internet Institute: www.oii.ox.ac.uk/microsites/oxis
2) www.comscore.com/press/release.asp?press=1553
3) www.jisc.ac.uk/media/documents/publications/studentexpectations.pdf
4) Sophos’ advice on Facebook, privacy and productivity:
www.sophos.com/facebook
5) http://business.guardian.co.uk/story/0,,2131375,00.html