Don’t Throw Out The Facebook With The Bath Water

Posted on 21 February 2011 by


"Robin Sage," the bogus persona used by Thomas Ryan to ensnare security pros

Recently, Lauri Stevens (Twitter | Facebook | LinkedIn) wrote a survival guide for cops on Facebook over at PoliceOne in which she opined that she’d just about decided that cops shouldn’t have personal Facebook profiles. That is a huge statement from a person whose passion is helping law enforcement agencies better leverage social media in strategic ways. Since Lauri recognizes that cops aren’t going to just up and shut down their profiles, her advice is three-fold:

  1. Don’t mix personal with professional
  2. Figure out how to set your privacy settings and pay attention to changes Facebook makes to them
  3. Clean-up your (online) act

Now, I know cops with more than 1500 Facebook friends. They think nothing of any inferences that may be made of these relationships, nor apparently are they concerned with becoming digitally associated with people of whom almost by definition they have little or no knowledge.

And I know cops who have eschewed all social media, who even avoid email in their quest to remain digitally pristine.

There must be, and I will argue there is – a middle road, in which police officers may avail themselves of the benefits of social media – long-forgotten friends, long-lost relatives, invitations to events, and a long list of others – while taking prudent steps to ensure that they don’t get ensnared in drama.

I agree with Lauri’s basic argument, but will preface it with one basic rule:

  • Manage your Facebook friendships the way you manage your friendships.

I am a strong proponent of ensuring that we don’t act as if cybercrime is something special. “Highly sophisticated cybercrime”? Nonsense. It’s crime; the only difference is the kind of window they break and the kind of silver they take. Similarly, since I don’t accept promiscuously invitations from strangers in the real world, I am unlikely to accept them on Facebook.

Really? Well last year I was among more than 300 security folks targeted in an experiment by Thomas Ryan. Ryan send out friend invitations to us all, and many accepted them. When I received the invitation, I did some basic “due diligence” – I looked to see with which of my friends “Robin Sage” was connected. There were about 30 of them, including many people I know and trust. So, while I knew that I didn’t know this Robin Sage woman, I thought, a) many people I trust do, and b) she’s kind of cute, so why not?

Why not indeed.

Thankfully, the experiment was benign, and it served, for me, as a wake up call. I realized that trust by association – that is, A trusts B, and B trusts C therefore A trusts C – is as much a problem in my digital persona as it is in the world of encryption. And I also realized that I would have to seriously reconsider how I used Facebook and other social media.

Immediately I set to my new paradigm: I only accept friend requests from people I have actually met and know, and I have gone through my Facebook account and un-friended people who don’t fall into that category.

I already make sure that my privacy settings are as strong as they can be, but that is pretty weak – and of course I am aware that my Facebook and other social media pages are subject to subpoena at any time.

If I behave on Facebook the way I behave in the world – respectfully, generally well and decently – and try to live by the four rules mentioned here, I believe that I am doing enough to protect myself while enjoying the full benefits that social media has to offer me personally.