Social Networks and Social Change
A few years ago we began to hear how social networking internet sites were being used to advertise spontaneous gatherings and social events. More recently, from the streets of London to the towns of North Africa and the Middle East, social networks have played a prominent role in the democratic and revolutionary process. For example, a reported 24,000 students signed up to a nationwide Facebook page for the November demonstrations against education cuts in the UK, and the use of Facebook and Twitter helped the rapid spread of action during the Egyptian revolution that led to the eventual downfall of President Hosni Mubarak1. These examples have shown that social networks can be a technical catalyst for social change. They move content, control and dissemination of information away from government agencies and broadcasters into the hands of the populace at large.
In the defence and security sector we refer to these as ‘game changers’ – ubiquitous technology utilised in a completely new or unforeseen way. Examples include the organisation of demonstrations (e.g. using live Google map based updates as well as anti-kettling applications such as Sukey) and the use of cheap RF technologies (e.g. mobile phones) for remote IED detonation. Recent history has shown that for most internet-related technologies the genie is out of the bottle. Rather than focus on the political aspects, this article will review some recent European work on mobile social networks and look at what can be learnt from the analysis of such networks, both in terms of improved business processes and understanding of social dynamics.
Once data is
posted to a
it takes on a
life of its own
For the first part, we draw on a recent report by the European Network and Information Security Agency (ENISA), an EU Agency which gives advice and acts as a switchboard for information and good practices in network and information security2. According to their own website, Facebook has 200 million active users who access the site through their mobile devices; and they are typically twice as active as non-mobile users3.
The major concerns related to mobile social networks identified by ENISA include: identity theft (by a ‘man-in-the-middle’ attack, intercepting information on its way to its intended destination or stolen mobile devices); the distribution of various types of malware; data leakage, misuse and reputational risk (once data is posted to a social network it takes on a life of its own, is difficult to entirely eradicate and, moreover, if users federate information from different networks, data from social and business networks can become inextricably linked); and, finally, personal security resulting from position tracking, which, while having some benign applications, is a particular threat to the security and privacy of mobile users.
It is estimated that 2% of the world’s population has been victim to identity theft: the latest figures for the UK suggest that over 1.8 million people have been affected at a cost of £2.7 billion4. Whilst some of these threats are present in traditional social networks, mobile access adds a new dimension, particularly because the mobile device effectively becomes a valuable and vulnerable database. ENISA recognise that there are technical safeguards against some of these vulnerabilities but, quite rightly, they argue that raising awareness and empowering individuals through legislation is an important first line of defence. An example of the behavioural safeguards that are recommended can be found at the UK’s Get Safe Online website5.
legislation is an
line of defence
From a legal perspective, the main protection comes on a European level from Data Protection legislation (Directive 95/46/EC) (see fact-box on next page). In the UK however, the responsibility for overseeing data protection (enshrined in the Data Protection Act 1998) falls to the Information Commissioner’s Office6. It is clear that the legislation does apply to social networking site providers, even when the providers are not based in the EU.
The situation of users of social networking sites is less clear: private profiles could be argued to be exempt under the so-called ‘household exemption’ where users process data ‘in the course of a purely personal or household activity’. However, users who choose to make their account accessible to the public do fall under both the Act and the EC Directive. Even in the case of private profiles, the situation is not entirely clear-cut, as exemplified by the celebrated case of Mrs. Bodil Lindqvist who set up a networking site for 18 colleagues in the Swedish parish of Alseda, and was found to be in breach of the EC Directive (given in a 2003 ruling: ECJ Case C-101/01) because she included personal information on the site.
From a more benign perspective, understanding the structure of a social network in a firm or region gives insight into the innovation process. The Innovation and Entrepreneurship group in the Imperial College Business School has done groundbreaking research in this area. By studying the interactions, such as co-authorship or co-investigation in projects, it is possible to gain significant insight into the innovation process. Members of the Business School have used these techniques to advise large companies on how to improve their processes and their competitive position. Recent studies have focussed on the role of geographic proximity in promoting competitiveness and innovation in technology clusters.
At the Institute for Security Science and Technology7 we are interested in the analysis of social network structures to enhance aspects of social behaviour and also to better understand the dynamics of such organisations. There are a number of groups in the Faculties of Natural Sciences and in Engineering contributing to this work, adopting a variety of different techniques. Bayesian statistics provides the basis for predicting missing (i.e. hidden) links or nodes in a network. Bayesian techniques also provide the basis for spotting anomalous interactions within the network – this involves an analysis of traffic between connections in the network and observation of how that changes over time. On the other hand, techniques from optimisation and linear programming provide the basis for identifying critical nodes in a network – these are the nodes which might need to be more heavily protected, if physical entities or, for people, who might be identified as key leaders in a social group. Notions from the theory of Markov processes have recently contributed insights into assessing the quality of clusters in a network – this provides a basis for identifying sub-communities in a network and understanding how such groups evolve over time, perhaps as a response to external stimuli. Identifying the members of a social network and collecting information about the interactions for such a network relies on extracting data from distributed sources – this is the domain of Data Mining. The Department of Computing at Imperial College has a very strong multi-disciplinary activity in this area.
The Institute has identified Social Network Analysis (SNA) as one of its priority areas. We intend to build a coalition of people working on different aspects of this problem. We have already seen that new work in measuring the quality of clusters can be used as an optimisation criterion in fast community detection algorithms. We also expect other major algorithmic advances from combining other techniques such as those described above. If you would like to contribute to this activity or follow the work please visit the Institute website and join our on-line forum, the Agora8.
Prof. Chris Hankin is Director of the Institute for Security Science and Technology and a head of the Theory Section in the Department of Computing at Imperial College London. Andrew Burton is the Programme Manager in the Institute for Security Science and Technology at Imperial College London.
 European Network and Information Security Agency. (2011). http://www.enisa.europa.eu/
 Facebook Statistics. (March 2011). http://www.facebook.com/press/info.php?statistics