Andy Smith, in charge of security for the largest public services network in Europe, told the 2012 Parliament and Internet Conference yesterday that users should only provide their true personal details to trusted websites – such as government sites where they must and large commercial websites where they should. His concern is that criminals collate different scraps of information from different sources to compile an extensive dossier on targets, which they can then use for targeted phishing attacks and identity theft (see Jester’s warbag for confirmation on how easy this can be). Since surveys show that large numbers of users do not trust Facebook with their privacy, he is by implication suggesting that users give false details to Facebook.
Helen Goodman, opposition MP for Bishop Auckland, was “genuinely shocked that a public official could say such a thing.” Her view seems to be that anonymity leads to crime. “It is exactly what we don't want. We want more security online,” (which is, of course, precisely what Smith is suggesting will come from anonymity). Goodman’s concern is about the sort of anonymous cyber-bullying that led to the suicide of Amanda Todd, but she goes further and suggests that anonymity actually promotes such bullying.
According to the BBC, Lord Erroll, chairman of the Digital Policy Alliance, backed Smith’s comments. “He said he had always given his date of birth as ‘1 April 1900’.”
Ed Vaizey, the Culture Minister, was more circumspect. He “wouldn't encourage people to put false identities on the internet,” but would rather “work with Facebook to ensure people feel secure using those sites and that there is not a threat of identity theft.” Facebook is less circumspect. Simon Milner, Facebook's head of policy in the UK and Ireland, “told the audience of industry experts and MPs he had a ‘vigorous chat’ with the Cabinet Office official afterwards to persuade him to revise his view.”
The issue is one that has been discussed by Sophos many times in the past. Graham Cluley feels no moral obligation to tell the truth even if a website’s terms of use demand it. He refers to a case where “a British man... was jailed after stealing £35,000 (approximately US$ 55,000) from his neighbours' bank accounts with help from personal information they had posted on Facebook.” Even though Facebook demands the use of true personal details, he adds, “Facebook and other sites like it have no way of verifying that you did tell the truth. They won't like me much for saying it, but why risk sharing too much personal information?”
Cluley’s advice is to lie about your date of birth, make up your mother’s maiden name and your pet’s name and the first street you lived on... On balance, he concludes, “I think we all need to be more careful about the information we share on the web - and realise that sometimes a little fibbing and reticence might go a long way to a safer online experience.”