Stolen identities: Manti Te’o, Facebook, and internet privacy

Even though social media sites have privacy settings, serious online identity theft is commonplace across the US.

Manti Te''o
Heisman trophy finalist Manti Te'o was centre stage of a very public episode of online identity theft [AP]

Perhaps you’ve never heard of Diane O’Meara or Jelena Lecic, but it’s likely you’ve seen their faces on television or heard the names of their “alter egos”. Lecic’s face flashed across television screens nearly two years ago when a supposed Syrian blogger, the so-called “Gay Girl in Damascus”, went missing. More recently, O’Meara’s face became known as Lennay Kekua, the allegedly deceased “girlfriend” of American football player Manti Te’o.

What the two women have in common is sinister: Both had their seemingly personal Facebook photos stolen to create high-profile fictional characters. Both women admitted to having thought they had used adequate privacy settings on the social networking site. Both women were violated by men whose apparent, desperate need for attention launched them to media notoriety (arguably exactly what they’d wished for). 

Both Lecic and O’Meara eventually came forward to talk about their experiences, and both lamented, retrospectively, their disappointment in Facebook’s privacy settings, the settings that allowed their photographs to easily be stolen.

When Lecic came forward in June of 2011 on BBC’s Newsnight, she was quoted as saying “I’m very upset because you have privacy settings on Facebook and obviously it doesn’t work because anyone can hijack your picture.” In a recent opinion piece for the Los Angeles Times, O’Meara writes:

I thought I was aware of the dangers and had done everything I could to protect myself. I now understand that the large corporations that control social media will never provide adequate protection by themselves. Users must take extraordinary steps to protect themselves.

O’Meara is absolutely correct, of course, though it’s rare to read such words from someone outside the “field”, so to speak. While in Europe awareness of online privacy issues seems at an all-time high, US internet users still fall behind their counterparts across the pond, though according to Pew, awareness is increasing.

 What is an internet troll?

Near the end of her piece, O’Meara asks the question of readers: “Can you say for certain that pictures you’ve shared through social media have not been stolen to create another identity?” noting that, had her case not involved a high-profile athlete, she may never have known.

This has been the case with countless recent scams; one prominent scam involving dating websites uses photos of US military members stolen from Facebook, prompting the creation of support and advocacy groups and leading the military to set up explainer websites warning of the scam.

Indeed, most users of Facebook (or Google+, or countless other social networking sites) seem unaware of just how much they are sharing. That lack of awareness came to the fore last week upon Facebook’s announcement of their new Social Graph feature. The feature – essentially a deep-search tool that allows users to search combinations of keywords and features – does not allow users access to any additional information than is already there; rather, it simply makes it easier to find existing shared information. 

A quick news search for the tool brings up numerous articles that include the word “scary” in their subject header, indicating just how powerful such a search function can be. But the apparent fear invoked by Social Graph also demonstrates just how oblivious users can be to what they’re sharing.

It would be wrong to place the blame entirely on Facebook. While the company has had its fair share of privacy debacles, as O’Meara argues, it is ultimately the responsibility of the user to understand his or her settings and know what, precisely, is being shared. O’Meara admits to having kept up with the company’s privacy policies and having used their tools, even specifically limiting access to her photos to friends. And yet, it only takes one bad “friend” for the whole effort to fall apart.

“I’ve shut down all my social media accounts. But I realise that’s not a long-term solution,” writes O’Meara. Indeed, for most it’s not. You can quit Facebook, but “you can’t take it with you” (in this case, the old adage refers not to material possessions in life, but the network built up on social media sites over the years). Your network is not portable; it does not follow you when you leave one site for another (or for no other, as the case may be). And choosing to stay outside of the social networking sphere altogether could have negative consequences on your career, not to mention your social life.

So, what is to be done? If staying offline is detrimental to most but sharing could be equally or more damaging, wherein lies the balance?

As O’Meara reminds us, users must educate themselves about the privacy policies and tools available to them on Facebook or any other given site. Using available tools, users can reasonably protect their content from the public view.

Still, the best rule of thumb for individuals concerned about their photographs or other content reaching the public view is to not post them on the internet at all. While this may sound extreme, remember that it only takes one “bad apple” to share your content with those to whom you have not given permission.

Jillian York is director for international freedom of expression at the Electronic Frontier Foundation in San Francisco.

Follow her on Twitter: @jilliancyork