Your data is in deep danger
Auser in a low-level hacking forum has published the personal data of hundreds of millions of Facebook users for free online. More than 533 million Facebook users, including at least 32 million in the U.S., have been put at risk. Their phone numbers, Facebook IDs, full names, locations, birthdates, bios and in some cases email addresses are now in the wild, for anyone to access and potentially abuse.
Facebook claims that the vulnerability that allowed such a leak was patched in 2019. That’s not a big consolation to people whose sensitive information cannot be recalled, and not very reassuring to everyone else, as new vulnerabilities are constantly being exploited before they get patched.
With the data that has been leaked, malicious actors could try to hack phones, engage in texting and spoofing scams, reroute numbers (such that a phone number routes to the hacker’s phone) and steal identities.
But it’s not only individuals who are in danger. This is also a national security concern. In 2019, a New York Times investigation showed how it can take minutes to identify and track people using their location data. A database from a data broker allowed two reporters to track military officials with security clearances, powerful lawyers and their guests, and even the president of the United States (through the phone of a Secret Service agent).
The fact of the matter is that we are much better at collecting personal data than we are at keeping it safe. But personal data is dangerous, and if we are incapable of keeping it safe, then we shouldn’t be collecting it in the first place.
Facebook and other companies that depend on personal data for their income are never going to sufficiently self-regulate in this regard. From its point of view, Facebook has little to lose by exploiting your personal data. When things go wrong, the worst it can expect is a fine that can be accepted as part of the cost of business.
It’s individuals who get hurt with the misuse of personal data. And democracies, like the Cambridge Analytica scandal illustrated. According to one report, the political firm used personal data to target 3.5 million African-Americans with messages designed to dissuade them from voting. China, with its thirst for dominance in artificial intelligence and its authoritarian views, is out to get your data.
Even if you’re a nobody, even if you think you have nothing to hide, malicious actors can use your data to further their own agenda.
If we want to keep ourselves and our society safe, we need to get better at handling personal data. What we are doing at the moment — connecting all our systems to one another, collecting as much personal data as possible, storing it indefinitely and selling it to the highest bidder — is reckless and stupid.
No one should make haphazard comparisons to the worst genocide in history, but we do need to know enough about history to guard against future abuses. The Nazis made use of the data silos of their time — registries — to find and kill Jews. Back then, the Netherlands wanted to collect enough data on citizens to be able to track them “from cradle to grave.” In contrast, France had made a conscious decision not to collect certain kinds of personal data (e.g. regarding religious affiliation) for privacy reasons.
It was not a coincidence that the Nazis were able to kill around 73% of the Jewish population in the Netherlands, versus 25% in France.
The point is: when data falls into the hands of bad actors, which it inevitably does, it’s too late.
The default setting of all websites and apps should be no data collection. Users should have to opt-in to have their personal data collected. We need to implement fiduciary duties, such that anyone who wants to collect or manage your personal data is held to duties of care towards you. Your data should only be used to benefit you, and never to hurt you. Old personal data should be deleted periodically. Ultimately, as long as we allow personal data to be sold, we will be incentivizing companies to collect more of it than they need, and we will be facilitating its misuse.
In 1943, a Dutch resistance cell tried to destroy the Amsterdam registry in an effort to protect Jews from the Nazis. They only managed to burn about 15% of them. The Dutch collected much more personal data than was needed, and they didn’t have an easy way to delete that data in case of an emergency. We are making both of those mistakes at a grand scale. We need to end the data economy, before it’s too late.