Good Job, Facebook: The Intersection Of Privacy, Identity & Security
Birth names and legal names aren’t always the names people are best known by, concedes Facebook in the wake of a real-name policy usage flap.
When Google+ was first released to the public there was a great deal of brouhaha about its so-called “real-names” policy by which users could only be identified by their legal names. Recently, this issue raised its ugly head once again when Facebook suspended a number of accounts.
According to the explanation (and apology) posted by VP of Product Chris Cox:
An individual on Facebook decided to report several hundred of these accounts as fake. These reports were among the several hundred thousand fake name reports we process every single week, 99 percent of which are bad actors doing bad things: impersonation, bullying, trolling, domestic violence, scams, hate speech, and more — so we didn't notice the pattern.
That “pattern” was that all of the accounts reported by this individual were of drag queens, drag kings, and transgender individuals who used pseudonyms to protect their privacy in the real world. What was even more surprising to Facebook, evidently, was that its particular name usage policy had somehow become conflated with the heavily discredited (and now abandoned) Google+ real-names policy.
A policy that requires that people use only their legal names, the names they were born with, would have caused a great deal of problems to the heroes of my youth should there have been a Google+ around at the time. Saturday mornings in the long-ago were spent watching Marion Morrison, Leonard Slye, William Boyd, and Orvon Autry clean up the Old West. Never heard of them? Perhaps if I’d said John Wayne, Roy Rogers, Hopalong Cassidy, and Gene Autry you might have understood.
The point is that birth names and legal names aren’t always the names that people are best known by. Jorge Mario Bergoglio may not immediately trigger an image in your mind (unless you’re an Argentine), but if I referred to him as Pope Francis you might immediately know to whom I’m referring.
This is the point that was finally hammered home to Google, most notably by my friend Kaliya Hamlin. Now, I didn’t know who “Kaliya Hamlin” was the first time I met her (at the initial Internet Identity Workshop in Oakland, Calif., back in 2005), but I did know who “Identity Woman” was. Turns out they’re one and the same.
Pseudonyms have a long history, especially among writers (where they may be known as “pen names” or “noms de plume”). The English author we call George Elliott (The Mill on the Floss, Silas Marner, Middlemarch) was actually a woman named Mary Ann Evans. She used the pen name because, at that time, it was nearly impossible for a woman to be published. The mystery author Ellery Queen was actually a collaboration between two men, Frederic Dannay and Manfred Lee. Even stranger, both of those names are pseudonyms: Dannay was actually Daniel Nathan and Lee was legally Manford Lepofsky!
It’s not often I say good things about Facebook in terms of identity, privacy or security, but Chris Cox, in the note referenced above, put the policy very succinctly:
Our policy has never been to require everyone on Facebook to use their legal name. The spirit of our policy is that everyone on Facebook uses the authentic name they use in real life. For Sister Roma, that's Sister Roma. For Lil Miss Hot Mess, that's Lil Miss Hot Mess. Part of what's been so difficult about this conversation is that we support both of these individuals, and so many others affected by this, completely and utterly in how they use Facebook.
It’s not about birth names, rather it’s all about attribution, authority, and “identification” in a broader sense. It’s about knowing that the person who says “x” is the same one who says “y” and is -- at least in the eyes of those people who care about it -- the “real” Roy Rogers/Pope Francis/Identity Woman.
Good job, Facebook.
About the Author
You May Also Like
DevSecOps/AWS
Oct 17, 2024Social Engineering: New Tricks, New Threats, New Defenses
Oct 23, 202410 Emerging Vulnerabilities Every Enterprise Should Know
Oct 30, 2024Simplify Data Security with Automation
Oct 31, 2024Unleashing AI to Assess Cyber Security Risk
Nov 12, 2024