Tag Archives: security

Ethical question for nonprofits: should you delete your Facebook account?

Green cartoon hand palm up facing the viewer, to denote caution

By using Facebook, you are exposing yourself to data mining at a level never before seen, with companies buying up all the information you freely share on Facebook through your posts and likes, as well as what you have put into your profile (your birthday, family connections, etc.) and using it to target you for products, services and, of course, misinformation. Through your continued use of Facebook, you may also be seen as endorsing Facebook’s business practices which are under investigation by Congress.

On the other hand, Facebook is, by far, the most widely-used social media platform and makes it oh-so-easy to share information with current and potential clients, constituents, volunteers, other supporter and the general public. A nonprofit or government agency that stops using Facebook may be cutting itself off from people who need its information, as well as from current and potential supporters.

So, should your nonprofit, as a matter of safety and ethics, delete its Facebook page and any Facebook group it manages and stop using the platform altogether?

For now, I’m going to say no, don’t, because so many, many current and potential clients, constituents and supporters of nonprofits are best reached by Facebook. I’m not sure deleting, say, a family homeless shelter’s Facebook page does anything to hurt the company’s bottom line or to make an ethical statement, but it certainly does cut off a critical avenue for that nonprofit to communicate with homeless families and people who want to support such. Even if Facebook is not your nonprofit’s primary way of communicating, your organization should have a page that notes your organization’s name, address, web site address and phone number, as well as your organization’s logo, so that someone looking for your organization on Facebook can at least find it.

That said, any nonprofit – or individual, for that matter – that stays on Facebook needs to make some commitments in order to stay ethical:

  • Encourage employees and volunteers to remove their birthdays from Facebook – not just to make their birthdays private, but to put in a false birthday. Tell them also not to use the “connections” feature on their profiles to show who their children, parents or siblings are. When Facebook sells data – which is entirely legal for them to do and they do regularly – they sell whatever you have freely inputted into Facebook yourself, including your birthday and the names of family members. This information can also be obtained via frequent data breaches on Facebook. Your birthday, plus your mother’s maiden name or your children’s names, are perfect for identity theft.
  • Do not force anyone to have to create a Facebook account to access information about your program or to interact with your organization. Your organization still needs a comprehensive, frequently-updated web site with all of the information anyone would want about your programs, so that people who do not wish to use Facebook or any other social media can still access complete information about you online. Your organization should not force volunteers to join a Facebook group. There are many people who do not want to use Facebook, because of the frequent security breaches, because of how it sells user information or because they just simply don’t want to, and you shouldn’t force them to do so. If you do have a Facebook group for volunteers, I strongly encourage you to look into an alternative and delete that group from Facebook. These days, I’m recommending groups.io – the free version is quite robust and it is NOT tied to anyone’s social media use.
  • No matter your organization’s mission, whether you are an arts organization, school, environmental organization, youth group, senior center, whatever, you should regularly remind your staff, volunteers and clients, both via your Facebook pages and groups as well as in your other communications (meetings, email newsletter, etc.) about online scams and misinformation, particularly those perpetrated via Facebook and particularly those promoted via Facebook messenger. As part of your education efforts, remind them to NEVER engage with any government agency or bank through Facebook, that if a family member or good friend sends them a Facebook message about needing money or a way to get money they need to call that family member or friend and make sure they really are sending that message, to NEVER pay for anything with gift cards, to ignore any message, even from a family member or friend, directing you to a page to claim a prize. Share with them AARP’s excellent Baby Boomers’ Guide to Facebook and encourage employees and volunteers to review this video about detecting and reporting scams.
  • You should have a training for employees and volunteers about misinformation and fake news sites: how to recognize such and how not to perpetuate that information online. A discussion over lunch is a good way to communicate about this. Good resources to use:

Fake News: How to Spot It, a resource from the Enoch Pratt Free Library at Maryland’s State Library Resource Center

How to spot fake news: Identifying propaganda, satire, and false information, a range of infographics and resources curated by Simon Fraser University

Fake News, Propaganda, and Misinformation: Learning to Critically Evaluate Media Sources, a range of resources from Cornell University.

Finally, do not rely entirely on Facebook as your nonprofit, school or community program’s way of communicating. As noted earlier, your organization still needs a comprehensive, frequently-updated web site. Your organization should still have an email newsletter people can subscribe to. Your organization should be using other social media platforms. Your organization may still want to have a mailed paper newsletter, or open houses, or public meetings, or any of the many other ways organizations communicate offline. You invest entirely in one social media platform as your way of communicating at your own peril!

If you have benefited from this blog or other parts of my web site and would like to support the time that went into researching information, developing material, preparing articles, updating pages, etc. (I receive no funding for this work), here is how you can help

Insecurity in the Humanitarian Cyberspace: A Call for Innovation

ALNAP (Active Learning Network for Accountability and Performance in Humanitarian Action) has a fantastic blog posting, Insecurity in the Humanitarian Cyberspace: A Call for Innovation, by Kristin Bergtora Sandvik. An excerpt:

“Over the last two decades, innovations have fueled the creation of a humanitarian cyberspace. It is now time for the task of addressing the challenges posed by the humanitarian cyberspace to be prioritised on the humanitarian innovation agenda… The traditional notion that the ´virtual` world is a different social space than the ´real world` is by now obsolete, also in the humanitarian context… While the traditional threats to the humanitarian space persist, the humanitarian cyberspace broadens the scope of humanitarian action – which means that, instead of shrinking, the humanitarian space is actually poised to enter an expanding frontier. As illustrated by the increasing reliance on mobile cash transfers in food aid, the humanitarian cyberspace also offers new options for the constitution and distribution of relief. The notion that access to information and humanitarian data constitutes a form of relief in its own right illustrates how technology is reshaping the very definition of aid. The emergence of ‘digital humanitarians’ exemplifies a shift in the understanding of who is an aid provider and the possibilities for providing aid from a distance. At the same time, the humanitarian cyberspace has engendered a new set of threats, which impinge on the humanitarian space and which needs to be taken more seriously in the context of humanitarian innovation.”

Another excerpt:

“The use of social media by fieldworkers may undermine principles of neutrality and impartiality and endanger recipients of humanitarian aid as well as aid workers. The dilemma is well-known: In the humanitarian field, the free speech of aid workers must be balanced against the vulnerability of aid recipients and the particular dynamics of the emergency context. However, social media exacerbates the risk, also for humanitarians themselves…While the medical and social work professions (among others) are developing more robust, binding and enforceable industry standards with respect to social media, the humanitarian sector is lagging behind. Facebook, Twitter and Instagram are largely perceived as ‘private’ platforms, even when used actively during and for work. Additionally, the tension between security concerns and fundraising priorities seems to exacerbate the difficulty of developing strong and innovative approaches to responsible social media use.”

This entire blog is a MUST read for anyone working in international development, as well as any nonprofit, government or other mission-based organization. It is based on a roundtable at the 4th bi-annual IHSA World Conference on Humanitarian Studies and Sandvik’s recent article in the Third World Quarterly ‘The humanitarian cyberspace: shrinking space or an expanding frontier?’

The Active Learning Network for Accountability and Performance in Humanitarian Action (ALNAP) was established in 1997, as a mechanism to provide a forum on learning, accountability and performance issues for the humanitarian sector.

Safety of volunteers contributes to a shelter closing

Thursday, I listened to an absolutely amazing interview on OPB’s Think Out Loud (it’s a local radio show on Portland, Oregon’s local NPR affiliate) regarding why a Portland church will not be opening a warming shelter for the homeless this year. One of the biggest reasons they will not be opening this year: concerns about the safety of volunteers.

This heart-breaking interview shows why having a good heart and some willing volunteers is just NOT ENOUGH for certain critical community issues – and may even put volunteers in danger and enable the problems to continue. This interview also shows why the homeless need so much more than a warm place to sleep and a smile. It’s a painful reality check – and there are no winners.

Also see:

volunteer managers: you are NOT psychic!

Freaking out over Facebook privacy?

Facebook announced this month that it is removing the privacy feature that lets Facebook users hide from the social network’s search bar. That means that, if you use your real name on Facebook, anyone can find you. It doesn’t mean anyone can “friend” you, or see what you have posted to Facebook, if you have your privacy set to “friends only.”

A lot of people are freaking out over this. I’m not. Facebook doesn’t belong to me; it belongs to a for-profit company. The goal of that company is to make money. Facebook makes money two ways: by selling advertising and by selling information about you – information that you have voluntarily, freely, willingly, inputted into the system. I’ve known that from day one. I’ve known that about every online system I’ve used. Maybe it comes from being trained as a journalist – when I write something online, I think of it as publishing.

Short of deleting your Facebook account altogether, what can you do to protect your information on Facebook from being accessed by people and companies you do NOT want to see it?

  • Use your privacy settings to make your Facebook posts viewable only by friends, or at most, friends of friends. And remember that you can always do a “custom” setting, where a post is viewed only by specific people you choose – or NOT viewable by certain people of your choosing.
  • Every time you post, make sure, next to the “post” button, the option says just “friends.” If it doesn’t, change it!
  • Alter your name so that it isn’t exactly your name. Add an extra “s” somewhere. Or three “a”s where just one should appear. Or a Q as your middle initial. That can help confuse companies that are sold your information by Facebook regarding who you really are.
  • Create an email address to use only with Facebook. Yahoo or Gmail are but two options you could use. Change this under your “about” page (under contact info). Never, ever use this email for anything but Facebook. That’s another thing that will confuse computer programs trying to match your data with other information online.
  • Take your birthday off of Facebook. I know – it’s so much fun getting all those birthday wishes from your friends! But your birthday is precious information that should never be inputted into a social media database – it can be used for identity theft. You can still post “It’s my birthday!” in a status update if you want those birthday wishes!
  • Do not use Facebook to sign into ANYTHING other than Facebook! When you create an account on some web site, and it asks if you want to sign in with Facebook, DO NOT DO IT.
  • Don’t acknowledge all of your family connections through Facebook’s “relationship” feature. For instance, many credit card and bank accounts ask you for your mother’s maiden name, and if you have linked to your maternal grandmother on Facebook via the “relationship” feature, I can figure out what that is. You can still talk about and to your grandmother on Facebook – just take it out of the Facebook “about” database (a database that Facebook SELLS).
  • You could create two Facebook accounts – one that is the public, professional you, where you post things you wouldn’t mind anyone seeing and knowing, where you “friend” co-workers and classmates, etc., and one that is the wacky, snarky, political, outrageous you, where you “friend” only your close friends and family. That’s a violation of Facebook’s user policy, and if they catch it, they will make you delete one of these accounts. To avoid detection: make the names at least slightly different, do NOT use the “relationship” feature exactly the same way on both, don’t input the same hometown and employment information, and don’t friend the same people on these accounts.

If you are one of the people that has freaked out over Facebook’s announcement, it’s time for you to sit down and really think about how you use online social media. Who is the “online” you? You have control of that – so what’s going to be your strategy for the online you?

Also see: Why You SHOULD Separate Your Personal Life & Professional Life Online

Peace Corps Volunteer Protection Act of 2011 (for Kate Puzey)

The USA Senate unanimously passed the Kate Puzey Peace Corps Volunteer Protection Act of 2011. The legislation, which is named for a Georgia Peace Corps volunteer who was murdered in 2009 while serving in Africa, would provide better security and protection measures for Peace Corps volunteers. The legislation is named in honor of Kate Puzey, a 24-year-old Peace Corps volunteer from Cumming, Ga., who was murdered in 2009 in the West African village of Badjoude, Benin, soon after she had reported a colleague for allegedly molesting some of the young girls they taught.

The legislation provides whistleblower protection for Peace Corps volunteers, a safeguard that is currently in place for federal employees but not for Peace Corps volunteers. This type of protection would have given Kate more protection when she reported her allegations.

In addition, it requires the Peace Corps to develop sexual assault risk-reduction and response training and protocol in consultation with experts that complies with best practices in the sexual assault field. The training also is to be tailored to the specific countries in which volunteers serve.

For background, see Peace Corps must better address assaults and murders of members.

Also see this story from ABC news about the passage of this very important legislation.

Peace Corps must better address assaults and murders of members

With the passing of Sargent Shriver, and the anniversary of the John F. Kennedy presidency, a lot of organizations and media have been celebrating the Peace Corps. And that’s terrific, because I think the Peace Corps is an incredible agency, one that’s done amazing work and that I hope will be around for many, many more years.

But now is a time when the Peace Corps also needs to take a hard look at itself with regard to how it deals with the safety of its members in the field, particularly its female members, and particularly with regard to sexual assault, including rape.

Bad things happen to aid workers, even in the Peace Corps. I saw some disturbing things when I worked abroad, and dealt with some very disturbing things first hand. Aid workers — especially women — are in very vulnerable situations when they are abroad, no matter their ages, no matter how they dress, etc. — and sadly, there are many people who will take advantage of that vulnerability.

I’m a fan of the Peace Corps, though I’ve never served in such. I’ve met up with many Peace Corps members in the course of my work and travels abroad, and they have been consistently wonderful people. I love trading stories with them. I love reading their blogs. I love the projects they undertake. I’m a believer.

But that doesn’t mean that I’m not extremely bothered by mistakes by the Peace Corps with regard to the sexual assault and murder of some of their members, particularly over the last 10 years. And these gross mistakes need to be talked about in the open, in a very public way.

In the last decade, there have been 1000 sexual sexual assaults and rapes of PeaceCorps volunteers, and the vast majority of the victims have been women. This month, the USA television network 20/20 has put together a piece about women Peace Corps members who were sexually-assaulted while serving abroad, and how these women’s needs both before and after these crimes were not addressed by the Peace Corps. You can view the interviews with some of these former Peace Corps members here.

20/20 also did a profile of a slain Peace Corps volunteer, Kate Puzey, who was murdered after the Peace Corps leaked her name to a suspect she had accused of sexually abusing children. You can view part of the story here.

There is more at the 20/20 web site, but the specific videos related to the Peace Corps are hard to find there, so expect to look around quite a bit.

My heart breaks for these women who were ready to give up two years of their life working abroad, living in conditions that most Americans could not tolerate, far from their friends, families and homes, all to make a small corner of the world a bit better and to help people understand that, at our best, Americans can be good, caring, supportive people. And my heart breaks because I’m watching an important institution stumble — even fail — in a very public way.

When you have messed up as an institution, it’s not time to circle the wagons and chant “no comment” over and over again. It’s not time to roll out meaningless statistics like “98% of our members say they felt safe while serving” or to say that “the investigations are ongoing.” It’s time to do everything possible to sit down face-to-face with *every* aggrieved person and say, “Please tell me what happened,” followed by, “What did our organization do/not do for you.” You don’t have to admit guilt at that time, but you DO have to listen, to take notes, and to show that you care. And it’s time to say, in a very public way, “We are talking to every person, face-to-face, who has said this happened to them, and we are going to help connect them with the information and resources they need. Because we deeply care about what has happened.” The perception of transparency, honesty and accountability are absolutely vital for any institution to be trusted and supported by the public. And even if litigation is pending, it IS possible to address those perceptions both for those who have been harmed and for the public who are watching events unfold.

AND IT’S NOT THAT HARD.

Institutions are made up of people, and people make mistakes, so not only is no institution going to be perfect, there are sometimes going to be some really awful things done by humans representing those institutions. But this isn’t random misteps at the Peace Corps; the 20/20 story shows that there is a systematic problem:

  • the organization does not know how to consistently address accusations of sexual assault or criminal activity that are observed by its members,
  • its staff members do not know how to consistently address fears of sexual assault addressed by their members,
  • its staff members do not know how to consistently address the needs of Peace Corps members who are the victims of sexual assault, and
  • staff do not know how to appropriately address this kind of negative, truthful media report.

Make it right, Peace Corps. You can correct this. Starting now. There are plenty of things you can do that won’t jeopardize any legal proceedings currently under way or in the works. Think about what the right thing is to do — every staff person knows what that is — and then do it. And I will blog about how wonderful it is that you have turned things around.

Peace Corps Online, an independent news source regarding the PCs, has covered ABC’s investigation of the murder of Benin PCV Kate Puzey. Its own original coverage of the crime, comments on Peace Corps actions, the email Puzey sent her country director about sexual incidents with Puzey’s students and with another PCV, the back story on how RPCVs helped the Puzey family, and Peace Corps’ official statement. There is also this PCOL Editorial: One major shortcoming that the Puzey murder highlights is that Peace Corps does not have a good procedure in place for death notifications.