Your Facebook data is in greater danger than you probably know
Daniel Wagner says that the Cambridge Analytica drama should be an opportunity to inform people of how easily criminals, terrorists and others can access their personal data, as well as how frequently hacking and security breaches happen
All the attention on Facebook and Cambridge Analytica regarding breach of trust and exploitation of personal data is richly deserved. This raises fundamental questions about internet privacy and the obligations of all service providers collecting, consuming and using individuals’ data.
It is critically important to have meaningful discussions about the right thing to do vis-à-vis online data collection and dissemination. It is equally important that everyone become better informed about what the issues really are, and what is actually possible to achieve in data management.
Social media is a primary contributor to one of the most pressing concerns of our time – virtual terrorism – because so little is known about where our shared information may end up or what unknown actors may do with it. In the United States, social networks are considered public spaces; information shared there is covered under the “third-party doctrine”, meaning users cannot reasonably expect privacy regarding the data their service providers collect about them. Any data you post online – regardless of privacy settings – or any data collected by third parties with whom you have an agreed-upon business relationship, is not private, yet many willingly stream data and images to their “network”.
In 2010, Eric Schmidt of Google noted that the world produced as much information in two days as we did from the dawn of civilisation until 2003. As of 2016, we produced as much information in 10 minutes as did the first 10,000 generations of human beings. There is no way to monitor and protect all this data.
Facebook admitted in 2011 (when it had “just” 750 million users) that more than 600,000 of its accounts were compromised daily. Each breach could be used for identity theft, criminal impersonation, tax fraud, health insurance scams or other crimes. In November last year, Facebook estimated that as many as 60 million accounts, or 2 to 3 per cent of the company’s 2.07 billion monthly users, were fakes.
The Cambridge Analytica scandal is emblematic of a much broader problem: any data we entrust to social media can leak to criminals, terrorists or others. We must assume that if some of the data we have wilfully granted to social media platforms has not already been leaked or hacked, it is a matter of time until it is. It is estimated that at least 40 per cent of social media users have been exposed to at least one form of malware, and more than 20 per cent have had their social network or email accounts compromised or taken over by a third party.
If you happen to check your Facebook account at your local Starbucks while in the process of sharing its network with 30 other people, and if one of them happens to be a hacker running a programme called Firesheep, the hacker could use the plug-in to log in as you on your account and assume your identity. Known as “sidejacking”, this happens all the time.
Cyber stalkers send unwanted emails, tweets and text messages, or spread rumours online. They easily obtain detailed information about victims, such as home addresses and phone numbers. Just for the month of January 2017, Facebook had to assess nearly 54,000 potential cases of revenge pornography and “sextortion”, disabling more than 14,000 accounts and with 33 cases reviewed involving children.
Criminals no longer wait to see if your newspaper delivery has built up on your front doorstep before they target you for burglary. Today, either they or data brokers scrape information from your social media for “lead generation”.
Another way they target their future victims is via locational data in files posted online – the silently implanted metadata in photographs, videos and status updates shared by mobile devices, revealing the date, time and GPS coordinates where photos and videos were taken, as well as the serial number of the phone or camera. The metadata is easily accessible by anyone who knows how to download a simple browser plug-in to access them. With any one of hundreds of free tools, your photos and videos can be made to appear on a Google Map, allowing anyone to zoom in on the precise location where the picture was taken.
Social media platforms should build awareness regarding security precautions and information disclosure to encourage users to take more care about revealing their personal information in their profiles. Ideally, the platforms would embark on broad-based educational campaigns and governments would do the same.
Ultimately, however, it is incumbent upon social media users to take some basic precautions to protect themselves and take personal cybersecurity more seriously. We are the first and last firewall, for it is us who decide what sites to go to and what links to click on.
Facebook and other social media platforms must do their part to make cyberspace a safer environment for users, but we must all change our way of thinking and do our part, for virtual terrorism is everyone’s problem. We should know what is ill-advised to do online and acknowledge that virtually anything we write or post in cyberspace may become public at some point in the future.
The Cambridge Analytica scandal has made the average person aware of the problem. What happens from here is up to us.
Daniel Wagner is CEO of Country Risk Solutions and author of Virtual Terror