1 Introduction

The management and protection of student identity information is a high priority for academic institutions. Federal legislation, such as the Family Educational Rights and Privacy Act (FERPA), provides guidelines for academic institutions with regards to the disclosure of identity information. In compliance with legislation such as FERPA, and mindful of the prevalence of identity theft, academic institutions have taken the necessary, difficult steps to protect student identity information. As institutions work to protect student identity information, is it possible that students are actively undermining these protections through participation in social network communities?

In recent years, social network communities (SNC) such as Facebook.com and Myspace.com have drawn significant press from the business and academic communities. boyd [sic], describes SNCs as technologies that enable the public articulation of social networks. Indeed, the inherent sociality of these communities have led to strong adoption trends, particularly among the college demographic.

SNCs allow more than the public articulation of social networks; in each service, a user creates a richly detailed personal profi le. The data in an individual’s profi le ranges from the relatively innocuous (favorite book or movie) to the potentially invasive (such as sexual orientation, political views, and photos). From a research and administrative standpoint, it seemed wise to evaluate the breadth of SNC penetration, and the scope of identity information shared in SNC profi les on a typical college campus.

Mindful of recent trends in identity theft, and particularly identity theft on the web, a pilot study was commissioned to extract quantitative metrics on student SNC participation and identity information disclosure. The data contained in SNCs, while differing in levels of accessibility, is generally trivial for an outsider to access. As we have seen in the work of Hogg et al. and Liu et al., the notion of outsiders harvesting data in SNCs for ancillary purposes is established. Just as SNC data can be harvested for recommender and reputation systems, third parties may mine an SNC for an individual’s identity information. Indeed, SNCs are dramatically changing how identity information is shared online; through this primary analysis, we develop a measure of just how SNCs are redefi ning the identity sharing behavior of a campus population

2 Study Perspective

The primary goal of the pilot study was to develop quantitative metrics on SNC participation on a college campus. The secondary goal of the pilot study was to investigate and comparatively analyze population attitudes about participation in SNCs, and online identity sharing in general. Understanding that outsiders (in this case, entities not linked to a social group) in SNCs generally have the lowest level of access to data, and that third party identity information harvesters will at most be outsiders, the analysis is conducted from the standpoint of the outsider. Additionally, this standpoint sets a reasonable baseline for future investigative research from different, more-connected standpoints.

3 Methodology

The pilot study was guided by a number of goals, included among them a viability test for conducting research in SNCs. Research goals were guided by the following questions:

• Which SNCs do students participate in?
• What identity information is disclosed in the SNCs?
• How does it compare to identity information previously disclosed by the university?
• How much identity information are students disclosing in SNCs?
• What are student opinions about identity information disclosure in SNCs?

3.1 Procedure

A random selection of students were asked to complete a survey about their use of SNCs and their feelings about disclosure of identity information. The fi rst part of the survey was entirely quantitative; students indicated those SNCs in which they participated. A list of common SNCs, as well as an option to share other SNCs, were made available. In the second part of the survey, students were asked to respond to a number of statements about identity information disclosure, indicating their level of agreement with the statement. The statements dealt primarily with how students feel about their SNC profi les being accessed and about sharing identity information in general.

SNCs that occurred more than once in student responses were profi led. Profi ling involved the construction of an identity information matrix for each service; respondents who indicated participation were then discovered in the service, and their level of identity disclosure recorded in the disclosure matrix. Student SNC participation data, identity information disclosure matrices, and the opinion data were then analyzed.

3.2 Participants

Of our randomly selected participants (N=200), 19 percent (N=38) completed the survey. Of the respondents, 20 were undergraduates, and 18 were graduate/professional (G/P). We are able to accept the respondents for generalization about the undergraduate and G/P sub-populations (x2(1) = .6306, p < .1).

4 Findings

4.1 Social Network Community Breadth

Seventy-one percent of all respondents indicated participation in an SNC, with participation skewing heavily towards undergraduates (90 percent reporting participation) as > > > > > compared to G/P students (44 percent reporting participation). The most popular SNC was Facebook,10 with 90 percent of undergraduates reporting use. Friendster and Myspace were the other common (used by more than two respondents) SNCs reported by respondents.

4.2 Social Network Community Identity Data Analysis

The three common SNCs, Facebook, Friendster, and Myspace, were profiled for identity information disclosure, and a common element comparison is presented in Table 1. To retain perspective, publicly accessible campus directory information was included in the comparison.

Table 1
Common requested identity disclosure elements in three Social Network Communities, compared with identity information disclosed in a FERPA-compliant student directory service (UNC). Terms have been recoded to handle semantic difference between services. All disclosure elements are optional, except those marked by an asterisk

Facebook and Myspace requested the disclosure of identity information beyond common elements, as described in Table 2. The non-common elements are presented here to display the notable level of identity information disclosure these communities request. It is important to note that terms have been pooled to handle space considerations, and only when the pooling clearly didn’t change the intended meaning of the term.

Table 2
Additional, non-common identity elements requested by Facebook and Myspace. Terms have been pooled in cases marked by an asterisk

4.3 Identity Information Disclosure in Facebook

The SNC with the highest level of campus participation was Facebook. A relatively new SNC, Facebook is heavily utilized by undergraduates (90 percent report use), and lightly utilized by G/P students (22 percent report use). As a result, Facebook was selected as the SNC that would be analyzed for student identity information disclosure.

The analysis process is described as follows: for each student that indicated use of Facebook, the student’s profi le is “discovered” in the service. Students are located in the service only with information publicly disclosed in the student directory, thereby ensuring that the investigator remains an outsider.11 Student responses to information requested by Facebook are marked in the disclosure matrix as a positive response. Students that indicate use of Facebook but aren’t found in the service receive a negative response in each fi eld in the disclosure matrix. No attempts are made to verify the veracity of information disclosed.12

The results are presented in Figure 1, providing insight into the metrics of identity disclosure in an SNC. It is important to note that to gain access to Facebook, an individual must possess an email address that ends with the institution’s domain name. This measure exists largely for quality control, rather than as an information security measure. Terms were pooled when appropriate in the analysis presented in Figure 1.

Figure 1
This graph explores selected primary identity information disclosed in Face-book, indexed by percentage of campus users that disclose the particular element. Elements marked with an asterisk have been pooled.

4.4 Student Opinions on Identity Information Disclosure

Students were asked to react to a number of statements regarding identity information disclosure in SNCs. The responses are presented in Table 3.

Table 3
Average level of student agreement to selected statements about identity information disclosure. The scale ranges from 1, with 1 refl ecting a level of strong disagreement with the statement, to 5, with 5 reflecting a level of strong agreement with the statement

5 Limitations and Future Directions

There are a number of limitations of the pilot study, including a) sample size, b) characteristics of survey respondents, c) lexical differences between SNCs, and d) the effective, but ad-hoc nature of being an outside analyst of SNCs. Concerns a) and b) can be easily addressed in the revised methodology of the full study. The sample size can be increased, and surveying methods may move away from the on-line survey, which may account for a disproportionately tech-savvy sample. Concern c) can also be addressed in the revised methodology required for a full study. A more thorough lexical normalization/recoding will take place to ensure parity between meanings of identity elements in SNCs. While the status of an outsider investigator (concern d) will remain service-dependent, it may be worthwhile to complete documentation of the bounds of outsider investigator behavior, so that future studies can use and improve the methodology.

6 Discussion and Conclusions

A number of key fi ndings have been presented as a result of the pilot study. First, a quantitative analysis of SNCs on a typical college campus revealed a number of interesting trends. As might be expected, undergraduates use SNCs more commonly than G/P students. Additionally, the percentage of undergraduates utilizing the particular SNC Facebook is signifi cant.

In Tables 1 and 2, we explore the level of identity information disclosure requested by common SNCs. From an outsider’s perspective, some of the information would be potentially interesting, as it would require a personal connection to ascertain it otherwise; relationship status, location information, and political views are just a few of the many identity information elements that are disclosed in SNCs.

In Figure 1, we are presented with results of identity information discovery among survey respondents for Facebook. A large number of students share particularly personal information online. Comparing the trends we observed in Figure 1, with the opinions students present in Table 3, it strongly suggests a disconnect between the value of traditional identity information (Name, SSN) and the new types of identity information being disclosed (photo, political views, sexual orientation) in SNCs. This disconnect identifies the need for a new discussion of identity information protection on campus, one that is effectively holistic and SNC-aware.

Footnotes

1. Federal Trade Commission, National and State Trends in Fraud & Identity Theft, January-December 2004. Federal Trade Commission, Washington DC (2004); G. Newman, “Identity Theft: Problem-Oriented Guides for Police,” Guide Number 25. U.S. Department of Justice, Washington DC (2004); Goldman, E.: “The Growing Thread of Identity Theft.” Educase Review, June/July (2004) 66-67
2. d. boyd [sic], “Friendster and Publicly Articulated Social Networking” (paper presented at the Conference on Human Factors and Computing Systems, ACM, Vienna, Austria, 2004).
3. As of July 2006, the Myspace network reports over 89 million users. This information is gathered from the profi le of Tom Anderson (http://myspace.com/tom), creator of Myspace.
4. Federal Trade Commission, National and State Trends in Fraud & Identity Theft (Washington DC, Federal Trade Commission, January-December 2004); G. Newman, “Identity Theft: Problem-Oriented Guides for Police” Guide 25 (Washington DC, U.S. Department of Justice, 2004); E. Goldman, “The Growing Thread of Identity Theft” Educase Review, June/July (2004): 66-67.
5. H. Berghel, “Identity Theft: Social Security Numbers, and the Web,” Communications of the ACM 43 no. 2 (February, 2000): 17-21.
6. I. O’Murchu, J. Breslin, and S. Decker, Online Social and Business Networking Communities. DERI Technical Report 2004-08-11. Galway Ireland (August 2004).
7. T. Hogg, and L. Adamic, Enhancing Reputation Mechanisms via Online Social Networks (EC 2004, New York, 2004); H. Liu and P. Maes, “InterestMap: Harvesting Social Network Profiles for Recommendations” IUI 2005, Workshop: Beyond Personalization, San Diego California (2005).
8. For example, in Liu and Maes, social network data is captured and used to seed a social recommendation system.
9. D. Watts, P.S. Dodds, and M.E.J. Newman, “Identity and Search in Social Networks” Science 296 (2002): 1302-1305.
10. http://facebook.com
11. The outsider perspective assumes that the student directory information has been acquired through a directed web crawler. A web crawler is an automatic web browser that crawls and downloads information from a website.
12. The challenge of verifying the veracity of information disclosed is beyond the scope of this study. Additionally, the veracity of identity information disclosed publicly may be irrelevant to outsiders, especially those who wish to use the information for disingenuous motives.

References

1 Boyd, d. “Friendster and Publicly Articulated Social Networking.” Paper presented at the Conference on Human Factors and Computing Systems, ACM, Vienna, Austria, 2004.

2 Federal Trade Commission. National and State Trends in Fraud & Identity Theft. Washington DC, Federal Trade Commission (January-December 2004).

3 Newman, G. “Identity Theft: Problem-Oriented Guides for Police.” Guide 25. Washington DC, U.S. Department of Justice (2004).

4 Goldman, E. “The Growing Thread of Identity Theft.” Educase Review, June/July (2004): 66-67.

5 Berghel, H. “Identity Theft: Social Security Numbers, and the Web.” Communications of the ACM 43 no. 2 (February, 2000): 17-21.

6 O’Murchu, I., Breslin, J., and Decker, S. Online Social and Business Networking Communities. DERI Technical Report 2004-08-11. Galway Ireland (August 2004).

7 Hogg, T., and Adamic, L. Enhancing Reputation Mechanisms via Online Social Networks. EC 2004, New York (2004).

8 Liu, H. and Maes, P. “InterestMap: Harvesting Social Network Profiles for Recommendations.” IUI 2005, Workshop: Beyond Personalization, San Diego California (2005).

9 Watts, D., Dodds, P.S., and Newman, M.E.J. “Identity and Search in Social Networks.” Science 296 (2002): 1302-1305.