Sunday, November 16, 2014

LinkedIn's Terms of Service and Privacy Policy

LinkedIn's new Terms of Service and Privacy Policy went into effect on October 23, 2014. The major change in their user policy appears to be in naming who owns the content that you post on your LinkedIn page. LinkedIn states that you, the user, own your content, but they can use any or all of your information, pictures, etc., as long as you are part of their network, which is completely contradictory. When you delete your profile, they claim that the content is deleted also, and they are no longer allowed to use it. Unlike Facebook, who keeps your information to infinity and beyond, LinkedIn claims to delete everything. Being the skeptic that I am, I do wonder if this is completely true, or if there are tiny little internet loopholes to protect them. I'm sure there are. My thoughts are that once something is posted on the internet, it's pretty much there forever, even if it's hidden from sight. I believe that your content will always exist somewhere.

One could argue that it's perfectly legal to use your information as long as you are member. After all, you clicked on "agree" when you were presented with user agreement that must of us do not read. There's a long list of how they gather their information from everything you post, every page you look at, every picture you add, every place you visit, where you've worked, where you went to school, every job you apply for... and the list goes on. That information has to be kept somewhere permanently.

In an article on CNN.com, they called LinkedIn's Terms of Service the worst terms of service ever! Basically, the article states LinkedIn can do whatever they want to with your "stuff" as they put it. They claim that if you have a great idea or a groundbreaking invention and share it on the site, LinkedIn can change it, share it or profit from it, and own it! LinkedIn claims it reserves those powers, but it doesn't intend to use them. Then why say it?

In summary, I feel that there is no such thing as "privacy" on the internet. I know they do their best to tell us that they are protecting us, but the truth is... Once you're on the internet and you post your personal information somewhere, it can be found, somehow, some way, someday. I don't necessarily find LinkedIn's Terms of Services shocking or unusual. One has to use discretion on what information, ideas, or inventions they think of, and share as little information as possible. Common sense should prevail when it comes to the internet.

Security Breach

In 2012, LinkedIn had a security breach where a hacker obtained 6.5 million passwords of LinkedIn members. A $5 million class-action lawsuit followed, where the parties involved alleged that LinkedIn failed to use critical measures to secure user passwords, resulting in the exposure of passwords to hackers. The plaintiffs also sought damages on the claim that they paid for a premium membership, but did not receive premium level security.

The U.S. District Judge concluded that the breach did not result in any actual identity theft, although the passwords were posted online. And, as far as LinkedIn failing to provide industry-standard security as part of premium memberships, the judge said “The User Agreement and Privacy Policy are the same for the premium membership as they are for the nonpaying basic membership,” and  “Any alleged promise LinkedIn made to paying premium account holders regarding security protocols was also made to non-paying members.”

Data breaches are currently on the rise. The question is... Has LinkedIn upgraded their security so it won't happen again? This remains to be seen. In their new Terms of Service and Privacy Policies, they do not address the subject of security, mention the incident, or express their plan to fix what went wrong. Hopefully, they are working behind the scenes to make sure that a breach doesn't happen again. In the meantime, it is up to protect ourselves in any way possible. Change your password frequently, and do not reveal information anywhere on the internet that you don't want anyone to know.

https://www.linkedin.com/legal/preview/user-agreement


http://blog.linkedin.com/2014/09/26/updating-linkedins-terms-of-service-2/

http://money.cnn.com/gallery/technology/2014/05/13/worst-terms-of-service/

http://www.forbes.com/sites/andygreenberg/2012/06/06/if-linkedin-hasnt-fixed-its-massive-security-breach-a-new-password-may-not-be-enough/

http://www.darkreading.com/risk-management/linkedin-security-breach-triggers-$5-million-lawsuit/d/d-id/1104943?

http://blogs.wsj.com/digits/2012/06/06/two-security-firms-say-they-verified-linkedin-breach/

http://www.infosecurity-magazine.com/news/linkedins-5m-class-action-data-breach-lawsuit/