This is not the kind of Facebook privacy story you're familiar with, but it may be a sign of things to come. After a busy week in Facebook news--making war with Google over privacy violations, making up with Google over opposing privacy legislation--a strange story is bubbling up in Australia. The Sydney Morning Herald reported today that police hauled in one of their own journalists after he published a story about privacy vulnerabilities on Facebook. Ben Grubb, the paper's 20 year-old deputy technology editor, didn't even see it coming.
Yesterday, Grubb reported on a demonstration given at a tech conference in which a security expert demonstrated how one could break into any Facebook account and steal photos regardless of friend status. The story, published in yesterday's Sydney Morning Herald, included one of the stolen photos. Police took Grubb into custody later that day, acting on a complaint from the Facebook user whose account was compromised, and released him a few hours later without charges. They did, however, confiscate Grubb's iPad in order to conduct an investigation into the incident that could carry federal charges. According to a statement from the Queensland police, "The investigation is looking at a hacking incident and the subsequent use of the property that was then acquired as a result of that hacking."
So it seems if you steal somebody else's Facebook photos in Australia, you might go to jail. (Police there compared Grubb's use of the photos to accepting stolen TVs from the thief.) In the United States, there's an ongoing battle to improve security on Facebook in order to keep hackers out of Facebook accounts. The latest complaint involves a flaw that had exposed user accounts for years, and Facebook took heat for not better protecting its users. Which raises the question: who's responsible for keeping Facebook secure? Is it really stealing if Facebook's coders forgot to close a door? Or is theft simply theft, with the police responsible for keeping order? According to Harvard Business School professor Ben Edelman:
Facebook's complex ecosystem--with thousands of independent apps and complex data flows to and from apps--is a problem of its own creation. No one asked Facebook to create this system, which sharply reduces my sympathy for Facebook when things go wrong.
The follow-up question must inevitably deal what theft means in a digital world. That ball's on Al Franken's court. In the meantime, Grubb's brush with police warns journalists everywhere that they stand to slip on the blurry line between aggressive research and data theft.