On 27 May 2008, the European Network and Information Security Agency
(ENISA) called for new legislation that would regulate social
networking sites.

ENISA, which was created in 2004 to oversee online security measures in
the 27 EU countries, issued a preliminary report of its General Report
in which it pointed out that social networking sites such as Facebook
and MySpace need more regulation to protect their users against
security risks. "Social networking sites are very useful social tools
but we must make recommendations for how to better protect people from
the risks these sites create," said Andreas Pirotti, executive director
of ENISA and author of the report. He suggested the EU legislation
should be expanded in order to "cover the taking of photos of people
and posting them on the internet".

In Pirotti's opinion, network security is under a permanent threat from
spammers or criminals. "Internet security is extremely important,
considering how much business takes place online now. We don't want
infrastructures to be disrupted, we don't want a digital 9/11 to
happen," he said. He also considers crucial to "raise awareness about
how social networking sites work. Few people realize that they can be
offered up as friends to people they don't know. Also, many people
don't realize that it's almost impossible to erase material once it has
appeared on the internet".

Some of the threats related to social networking identified by ENISA
are related to face recognition, digital dossiers, reputation damage,
phishing attacks, ID theft and others. The report of the organisation
includes 19 recommendations to social networks on ways to improve their
security practices.

Among other things, ENISA calls for a regulatory review of social
networking frameworks, an increased transparency of data handling
practices, more education for users on security, and the discouragement
or even banning of social networking in schools.

A study conducted by enterprise IT management company CA and the
National Cyber Security Alliance in 2006 found out that the majority of
users of social networking sites were not very aware of the security
issues involved. 83 percent of them admitted having downloaded unknown
files from unknown users and 74 percent said that they were easily
providing the personal data online. Also, a Symantec report issued in
2007 showed that social networking sites offer easy pickings for
phishers. The security practices of the respective sites make it easier
to invade and to spread attacks to more people.

Top EU security agency calls for policing of social network (27.05.2008)

EU may regulate social networking sites over security issues (27.08.2008)

ENISA General Report 2007 – adopted, non designed version

Source: EDRi-gram: "Social networking sites might be regulated in EU" Number 6.11 Jun 6, 2008