News / Victoria

Researchers reveal how social media sites ignore privacy laws

In the wake of revelations showing that the U.S. government was tapping into the servers of top Internet companies to monitor their users, a team of researchers at the University of Victoria are drawing attention to similar issues on Canadian soil.

The Canadian Access to Social Media Information project reveals that it's extremely difficult, if not impossible, for average Canadians to find out how social media companies use their information, or whether sites like Facebook and Tumblr are handing that information over to the government or law enforcement agencies.

"What it shows is that the public doesn't know how their data is accessed, by whom and under what conditions," said Christopher Parsons, one of the authors of the project.

Along with a colleague, Parsons evaluated the privacy policies of 20 popular social media platforms, including Facebook, Twitter, YouTube, LinkedIn, Plenty of Fish and World of Warcraft. When it came to complying with Canadian access and privacy laws, they found most sites "lacking at best, and entirely negligent at worst."

All of their findings can be viewed at The study was funded in part by the federal privacy commissioner's office.

"Privacy policies are dense and hard to understand. Looking through each line of every one for every website you use is a task that's largely unreasonable to expect of consumers," Parsons said. "So we wanted to take public money and make something that was actually useful for the public."

Parsons hopes the findings will help Canadians make more informed decisions about which social networks they use.

"You can choose whether you want to keep using one network or switch to another," he said.

The study is timely given the revelation that the U.S. National Security Agency is apparently accessing the servers of the world’s top Internet companies and extracting information about users. The program, known as PRISM, was brought to the public's attention after classified documents were leaked to the Guardian newspaper in England.

Even in Canada, much of one's online traffic is routed through U.S. servers, particularly if you're using American services like Google and Facebook. As well, the NSA's mandate involves surveilling foreign nationals, including Canadians.

"If you're a Canadian talking to other Canadians online, you're potentially a target of PRISM, with none of the privacy protections reserved for American citizens," Parsons said.

In order to stem the tide of potentially invasive surveillance and the confusion that surrounds digital privacy, Parsons is calling on the privacy commissioner to come up with clear, explicit guidelines about how and when companies must disclose information to users.

"We need a kind of best practice guide against which companies can try and conform," he said.

He'd also like to see communication providers like Rogers, Bell and Telus answer a series of "point blank public questions" about how data is collected and stored.

"How long are voice mail messages kept? How long are call records kept? How long are text messages stored? How is the information about which cell tower you connected to recorded? In Canada, we don't know any of that," he said.

With that information, Parsons says it might be possible to have a public debate about the limits of security and privacy.

"Without that transparency, it's impossible to have a discussion about the appropriateness of these tools," he said. "Without transparency, you can't even get people in Congress, or here in Parliament to know what they're voting on."

More on