Having launched an education campaign, an improved reporting procedure and a 24/7 police hotline on Monday, Facebook told the Guardian that it has introduced a number of algorithms that track the behaviour of its users and flag up suspicious activity, including members with a significant number of declined friend requests and those with a high proportion of contacts of one gender.
Another filter, common on web publishing sites, scans photo uploads for skin tones and blocks problem images – the "no nipples" filter that caused pictures of breastfeeding mothers to be inadvertently flagged and removed by the site last year.
Facebook is the world's largest social network, with 400 million users a month, and employs 1,200 staff including a significant development team: its mainstream success can largely be attributed to its technical prowess. It believes that "under the radar" security systems developed with these engineering skills are more effective than public deterrents.
Facebook's international law enforcement is lead by Max Kelly, a former FBI agent who worked on cyber-crime and counter-terrorism before moving to Facebook five years ago.
Kelly explained that the site analyses users' actions and compares that behaviour to a average set of actions. "The site makes an assessment about that behaviour and if it is too far from normal mode, will degrade the user's experience. So if they are sending too many messages, the site might present a warning or show some captchas [the distorted text which a human can read but a computer can't]."
Persistently aggressive behaviour, or pursuing particular types of contacts such as young women, would be handled by a review team, with some users eventually blocked. Serious offences such as child porn would be removed and the user banned immediately, said Kelly, who described the site's own user base as "the secret weapon" in monitoring and reporting much of the inappropriate behaviour.
In the US, where Facebook's relationship with law enforcement is more established, the site responds to investigations by providing information about, for example, a suspect's location. It has called for a UK equivalent to its partnership with government in the US, which gives it access to data on sex offenders to help identify them on the site. In cases involving children, information and material will be passed to the US National Center for Missing and Exploited Children. Though the centre has links to its UK equivalent, the Child Exploitation and Online Protection Centre, or Ceop, Kelly admitted the procedure needs to be improved.
"If they tell us the user is in the UK, that data goes to Ceop. We have had several meetings with [Ceop chief executive Jim] Gamble but that relationship is not working well," he said, adding that the UK needed a dual reporting system.
Kelly added that the site had to balance its duty to respect its users while meeting its legal obligations, but emphasised that it "only shares data with very good reason".
"If the warrant relates to the location or certain data about a witness or suspect, the team won't dump all the data on that user," he said. "It's not our data to share. The corporate philosophy about data is that the user is in control, and they choose how to share and distribute it. If we are presented with a legal situation where we have to disclose data to law enforcement, the philosophy is to provide the minimum amount of data required."
Media coverage of the site's safety procedures have largely focused on the rift with Ceop over Facebook's refusal to introduce a "panic button" – a logo linking to Ceop – as a deterrent. Ceop's head of safeguarding and child protection, Dr Zoe Hilton, characterised talks as "robust" but said the agency's primary concern was that Facebook did not appear to be passing on reports of grooming and inappropriate contact.
"There is absolutely no legal barrier that would stop a US company passing reports of day-to-day grooming of children to the UK," she said. "They have internet experts managing and assessing risks to children – we have social workers and police. We want a better dialogue on all aspects of their safety, and underage users should be one of those things."
From Ceop's perspective, use of a branded button on popular websites is an important part of a wider campaign to unify safety reporting procedures. Following an education campaign in UK schools, it claims that 5.2m children now recognise the Ceop name and logo. With MySpace and Bebo on the decline, the cooperation of Facebook is essential. Recent research by Ofcom found that a quarter of children aged eight to 12 had profiles on social networking sites, even though most require users to be 13 or over. Though Hilton welcomed Facebook's technical methods of monitoring suspicious user behaviour, she said they were not new and not a substitute for clear reporting.
Ceop had received 253 reports of grooming on Facebook in the first quarter of this year, she said, and 75% of those had come through the Ceop site. "That means those people had to leave Facebook, find our site and then click through 'report a concern', and that's too many stages."
She denied that Ceop was struggling to deal with the volume of reports, and invited Facebook's team to Ceop to see how they manage their caseload. In the long term, she emphasised, Facebook and Ceop needed to have a "strong and warm relationship" and that ideally, a member of Facebook's safety team would be embedded with Ceop to inform its work across education, new technologies and investigations.
Privacy campaigner Christina Zaba said Facebook needed to do more to stop persistent stalkers and bullies who could use multiple identities, and cautioned against the automated profiling of users. Flagging users with too many friends of one sex could penalise gay people or those organising groups such as the Girl Guides, she argued, while users with many declined friend requests could be PRs, campaigners or journalists trying to reach a new audience.
"There are many human variables that are too complex to be monitored in this way," Zaba said. "I'd be happier if the lines of reporting were clearer, and if concerned users could speak to a real person."
Facebook's rival MySpace does not carry the Ceop logo, while Bebo, whose members are generally younger than Facebook's, includes a small Ceop logo on every profile. The branded links have significantly increased the number of reports being sent to Ceop since they were introduced.
source : http://www.guardian.co.uk/technology/2010/apr/16/facebook-software-sexual-predators