The rise of the Internet has created a real need to define a code of digital ethics and privacy. I haven't been able to stop thinking about it since I attended the second annual International Digital Ethics Symposium last week. The event opened my eyes to how bloggers and digital journalists routinely violate established codes of journalistic ethics - as well as the need to update those rules for the digital era while still protecting the people we write about, particularly minors. 

And it's not just journalists. For me, the “aha!” moments were the talks about the potential for research to violate rights of privacy and create ethical conflicts.

"Stealing" Tweets And Facebook Posts

The academics and researchers focused on the implications of using data from unknowing YouTube, Facebook, Tumblr and Twitter research subjects. As a tech journalist covering digital culture, I’ve often used such social media messages for articles without the author’s permission. I’ve rarely bothered to reach out to the authors to let them know they’ve been quoted, either. On more than one of my articles, I’ve received complaints from people who were quoted without their permission, including pseudonym-using redditors. I’ve even been blocked by a journalist I admire for (presumably) using her tweets to make her look bad.

In my defense, I am not alone in using other people’s social media messages without their permission. Everyone does this now; even mainstream outlets like Fox News and CNN regularly pull tweets for reaction round-up posts - and no one bats an eye. Sometimes these social media messages are collected to celebrate a man’s prediction prowess, other times to shame racists.  

And researchers can be just as guilty. Did you post a tweet between July 2010 and October 2011? If you answered "Yes," you are part of a data set used by researchers, of which there are now at least 244. 

During the height of the Violentacrez controversy, The Awl ran a tongue-in-cheek piece about how everyone forgets that anything they post on the Internet is public and fair game for journalists (and researchers). Even communication between friends. Annette Markham, a guest professor from Umea University in Sweden, touched on something similar when she called this lack of privacy a “presumption” on Twitter: that because subjects make their information and messages public, they don't have any rights to privacy.

This notion is false. Users have a right to know what is happening with their communication, and they don't have to participate in surveys, research, or even in media articles if they don't want to. Sometimes communication between friends really is just communication between friends. Collecting their data could even be a copyright violation.

What About The Kids?

Valerie Fazel from Arizona State University upped the ante by noting the ethical implications of using the text of minors - the text in this case being YouTube videos - for research purposes. (For those without a moral compass, text from minors is handled with a different code of ethics than text from adults.)

Journalists have to understand that even in today's blogging culture where people are paid to be professionally snarky, children should still be afforded the same protections they get in the traditional media: Talk to the parents and try to get permission for quotes, especially if you are painting the child in a negative light.

The line gets crossed more often than you think: Buzzfeed did this recently with election night round-ups of tweets using racial epithets or talking about assassinating the president (a more striking example here). This violation of ethics appears to be accidental: The writers just screencapped the tweets, then pasted them into a document and hit “publish.” Standard protocol. No one bothered to check the ages of the message authors, because who has time for that?

On closer inspection of the Twitter users included, though, I determined at least a third were clearly minors. They not only looked young, but also tweeted about the pains of high-school love. The backlash forced some of these users to close their Twitter accounts, with only a few complaining on Twitter. (Others made things worse by reveling in being Internet famous for being racist.) Four requested Buzzfeed remove their tweets, which it did.

It is unlikely that these minors' parents will complain. They probably don’t read Buzzfeed and their teens probably didn’t tell them about the incident. But those parents have every right to be furiuos with Buzzfeed (and their own kids, of course).  

What's The Next Step For Journalistic Ethics?

Given the prevalence of these practices, is it even possible for digital journalists to maintain acceptable ethical standards? Even as I've been pontificating about other outlets' ethical standards, I could also be seen as out of line for just linking to tweets written by minors without asking for their permission.

Whether or not you approve of the way modern journalists casually appropriate social media posts, it's clearly past time to re-assess what is and isn't ethical in the digital era. Collecting tweets may violate copyright and quoting the communication of children may violate common sense, but those potential consequences have yet to stop journalists.  Everyone is making the rules up as they go along, without thinking long term. 

Before we can try to hold people accountable, we need to have a common understanding of what is and isn't OK. Poynter held its first symposium on the topic in October - and that's only the begining of a long and arduous process. Which is good. This is our collective digital future we are talking about, after all. 

Lead image courtesy of Shutterstock.

Sure, cybercrime headlines go to multinational conglomerates that are breached by determined, sophisticated criminals. But small firms get hit more often, a fact that no doubt surprises their owners and customers.

Mom-and-pops often take fewer precautions, and when their customers also let down their guard, they all become easy prey. It might be more time-consuming to string together access to a lot of small businesses, but the prize – fat consumer financial accounts – is just as valuable as any stolen from big firms.

Security Polices Are Lacking

A recent survey of more than 1,000 businesses with less than 250 employees shows that nine in 10 have no formal policies guiding employees on how to avoid malicious sites that download malware. Commissioned by the National Cyber Security Alliance and Symantec, the poll also found that more than seven in 10 respondents have no guidelines for using Facebook, Twitter and other social media where cybercriminals will hijack accounts to distribute malicious links.

Privacy polices were also lacking. The survey found that 60% of the businesses had no guidelines for employees to follow regarding customer or employee information.

The Security Risks Are Obvious

Oddly, small-business owners understand the importance of Internet security.

Fully 73% said using the Internet safely was critical to their business, and 46% acknowledged it was very critical. In fact, nearly nine in 10 had one or more employees using the Internet for daily operations, with seven in 10 saying they were either somewhat or very dependent on the Internet for running their company.

Nevertheless, nearly 60% of the businesses had no contingency for handling a loss of customer or employee data, credit or debit numbers or intellectual property. Yet, nearly seven in 10 manage their own sites in-house, meaning if there's trouble, the small business is liable.

Size Doesn't Matter

So why the disconnect? Michael Kaiser, executive director of security alliance, said small businesses believe hackers are more interested in breaking into large companies that would seem to have much more valuable information.

"They may think their size protects them," Kaiser said.

What many small businesses don't realize is that hackers value information no matter the size of the company. They want names and passwords of employees' email accounts in order to identify customers and send them malware or links to malicious sites.

Small businesses “may not understand how the cybercriminal system works," he said. "A list of 200 customers may be incredibly valuable."

Of course, not all small businesses operate the same way. Those working with defense and financial firms are used to tighter security requirements, for example. More small businesses will have to upgrade to similar levels.

The Easy Pickings

Software powering electronic cash registers is a popular target. Last December, four Romanians were indicted in U.S. federal court for allegedly stealing credit-, debit- and gift-card numbers from the point-of-sale systems at 150 Subway restaurants and more than 50 other franchise and small retailers. The suspects were accused of charging millions of dollars to the accounts of 80,000 customers.

Chester Wisniewski, senior security adviser for anti-virus software vendor Sophos, said small businesses tend to fall behind in software updates that patch security flaws.

"A small business is a target that doesn't necessarily have any better security than my mom and dad," Wisniewski said.

Weak security by small businesses accounts for 90% of the payment data breaches reported to Visa. A study by Verizon found that nearly three-quarters of data breaches in 2011 involved businesses with fewer than 100 employees.

Share As Little Data As Possible

Put all the facts together and a person would be wise to share as little personal information as possible with a small business.

All business owners should consider the case of hotelier Wyndham Worldwide. It was sued this year by the Federal Trade Commission for failing to have adequate security to prevent the theft of payment card information of hundreds of thousands of customers.

There’s nothing to say a small firm can’t be victimized and then sued.

"I wouldn't store my credit card with anyone," Wisniewski said.