Facebook struggles to secure its data

Facebook faces another data breach, highlighted by the work of another cyber security firm who are increasingly protecting public privacy and security interests. 

Background

Facebook, a social media and social networking site, was launched by Mark Zuckerberg in 2004 along with some of his Harvard roommates. The site was an instant success, growing exponentially across the world. As of December 2018, Facebook has over 2.32 billion active monthly subscribers, with 1.15 billion active daily mobile users of the service. 

In May 2017, it emerged that Facebook was a key influencer in the outcome of the 2016 US Presidential election and the Brexit vote, according to those who ran the campaigns. Analysts believe that digital campaigns employing the social network were decisive in both wins. In past years, social media, in general, has come under scrutiny for its advertising campaigns, the presence of terrorist propaganda, the use of bots, and the proliferation of ‘fake-news’ ahead of elections.  

Since the start of 2018, Facebook has committed to making significant changes to its platform. In a post on his page on the social network, creator and CEO Mark Zuckerberg said the website was making too many errors enforcing policies and preventing misuse of its tools. Mr Zuckerberg has famously set himself challenges every year since 2009. In 2019, the Facebook creator said his “personal challenge” is to fix important issues with the platform to prevent misuse of the website. Mr. Zuckerberg has pinned the future of Facebook on a shift from its historic mission to make the world more “open and connected”, saying that “privacy-focused” communications were becoming more important than open platforms.

Analysis

Cybersecurity firm UpGuard said that it had discovered data sets harvested from Facebook users by third-party applications hosted on Amazon’s Web Services. UpGuard also said that it had not determined how long the data hosted on Amazon’s cloud computing service was publicly available for, which includes users account names, email addresses and comments. One of the third-party apps, owned by Mexican media company Cultura Collectiva included more than 540 million records, while the other from an app called At The Pool continued 22,000 records. 

The recent data exposures renew public debate on problems associated with mass data collection. Data collected by any agency is stored in perpetuity, without deletion, and eventually, may no longer be central to the agencies goals, resulting in the data being placed in a “derelict storage location.” It is also pertinent that while the data could not be gleaned without Facebook, the social media behemoth no longer exercises control over the data. The responsibility given to Facebook by users in this regard is immense, although it legally may not be held to account for this infraction, because of the abuse of data by third-party applications. However, Facebook must adapt in order to regain consumer trust by tightening regulations for data storage or by altering its business model.

The exposure is reminiscent of Facebook’s Cambridge Analytica scandal, where the political consulting firm was able to access the personal information of 87 million users from a single app developer in order to help the company better target its client’s market. The data gleaned was used to help their clients in securing electoral mandates. The recent exposure is a testament to the lack of progress made by technology firms in addressing their consumers’ privacy and security concerns. 

Amazon, for its part, sells its cloud services to a plethora of legal agencies, including individuals and companies. The company holds that its customers fully own the data they upload to the services. UpGuard said in a statement that they had notified Amazon of the publicly available data sets in January 2019, although they failed to take down the sets until the story reached the news cycle. This fact highlights the apparent disability that plagues the tech community; they are fast to innovate new technologies that increase their profit margins, while they slow to adapt and act in regards consumer privacy and security requirements.

Assessment

Our assessment is that the full extent of damage caused by technology companies’ data gleaning practices is yet to be completely understood. We believe that nefarious agencies may use the data for illicit purposes, including for those which may carry significant political and social weight. We also believe that continued work by cyber security firms such as UpGuard will increasingly serve the public vanguard by exposing such data breaches. 

India Watch 

India has yet to be hit by a significant Facebook related scandal, although the possibilities remain immense. In light of elections, it would not be beyond reason that data breaches on social media platforms help political agencies target their audience in a more concerted manner.