The scandal plaguing Facebook after the reveal of Cambridge Analytica’s use of private user data[1] has revealed a deep rot at the heart of cyber security ethics.
As seen scattered across almost all news outlets, the access to Facebook user data has shown us how easily that information can be used to shape world politics or political opinion. What is worse is, users tend to not be any wiser about how their privacy was breached. The biggest takeaway from this still unfolding scandal, is that both private users and tech and data companies still have an immature understanding of privacy as a security asset to be protected.
When we install an app on our phone, or create an account on a shopping site, we are asked to provide our private information. This information is supposedly stored on a cloud or a server on the assumption that no one, other than yourself or the service provider can use it. More so, our day to day applications can make it easier for us to interact with shopping and social media sites by storing and remembering anything and everything, from our passwords, addresses and bank account details. We, as an online society, have deliberately traded that privacy over for the convenience of one click logins, purchases and interactions.
The general public understands credit card fraud and data breaches to a certain extent, but does it care enough? Is our security only ever threatened when our money or identity is used fraudulently? Or when our Twitter account is hacked to post abusive tweets that are not our own?
To what extent can we hold any company accountable for our privacy if we give it up so easily? Can or should a greater authority then be responsible to safeguard it?[2]
In countries such as Finland, school curriculums include thorough data safety education. These help young users to understand the extent of the benefits and consequences of being online. On the other end of the spectrum, however, countries such as Sri Lanka have simply outright banned certain social media outlets such as Facebook and Whatsapp[3].
On the other hand, data and tech companies have shown that despite so much advancement in online technology, security is still an immensely fuzzy concept. It appears that security breaches are only grave when the consequence provide a financial or shares loss. The current investigations into alleged Russian interference in the 2016 US presidential elections have only addressed how data can be used against the public, but now how that data has been obtained. Cambridge Analytica obtained the data through the website thisisyourdigitallife.com that legally collected this information from Facebook. This website collated private information using online quizzes.
Imagine, the ‘Which Game of Thrones Character are You?’ quiz, could have used your own answers against you, to manipulate your political opinion!
Facebook already stated that there had been no data breach. Technically, this is true, but the damage to our personal, political and social security has been damaged. To hide behind such technicalities ignores the true value of seeing everything online as a security asset.
When considering cyber security or even cyber espionage issues, we always consider the extremes in the spectrum; of hackers in dark rooms stealing our data for profit. However, there is little espionage involved in discovering the movements of American Military troops in hidden bases, when their movements are tracked by a fitness app that reveals their heat signatures online.
Even the comedian Khumail Nanjiani expressed his dismay at tech companies that he had observed pitching new and exciting software and technology that did not even address the potential security threats they posed[4]. In fact, his interactions with Silicon Valley bigwigs revealed that many of these companies only consider the convenience and possibilities that their products; like wearable tech, or a new shopping app can provide. These companies appear to not consider security and privacy as a priority, expecting other agencies and organisations to take up that particular slack.
We cannot rely on our most used and frequented online platforms to protect us. Facebook’s slow reaction and inability to completely take responsibility of the ‘not a data breach’ is proof of this. Cyber Security analysis and study must evolve to consider these issues. Data breaches are not just the domain of hackers, but of anyone seeking to find an opportunity to use any data against its user. Most of western society has wilfully given up a lot of its own privacy for the convenience of living online. Cyber security must evolve to reclaim that privacy and make us safe in all aspects of online and offline living.
For assistance in securing your private information, please do not hesitate to contact Agilient.
The Agilient Team
[1] https://www.theguardian.com/news/2018/mar/17/cambridge-analytica-facebook-influence-us-election
[2] https://www.livemint.com/Opinion/YkTLRbgzwe0Q68MJjThqZN/Is-Big-Data-a-threat-to-free-democratic-choice.html
[3] https://www.wired.com/story/what-would-regulating-facebook-look-like/
[4] https://qz.com/1118377/silicon-valley-actor-kumail-nanjiani-is-terrified-by-tech-industrys-blase-attitude-toward-privacy-and-other-issues/