A YEAR OF DATA SCAN­DALS

Techlife News - - Summary -

WHY AP­PLE IS SET­TING A SHIN­ING EX­AM­PLE ON USER PRI­VACY

“The truth is, we could make a ton of money if we mon­e­tized our cus­tomer – if our cus­tomer was our prod­uct. We’ve elected not to do that.” These words, quoted by Re­code, were ut­tered by Ap­ple CEO Tim Cook in March as he ex­plained the pri­vacy-first fo­cus of his com­pany’s busi­ness model. It’s a stance from which many other tech ti­tans ev­i­dently could have learnt this year, with the likes of Face­book and Google hav­ing be­come en­gulfed in a quick suc­ces­sion of data-leak­ing scan­dals.

VEER­ING FROM ONE DATA CRI­SIS TO AN­OTHER

Cook was ac­tu­ally speak­ing in an in­ter­view on the tele­vi­sion net­work MSNBC in the wake of the Cam­bridge An­a­lyt­ica scan­dal, which shed light on per­ilous holes in Face­book’s se­cu­rity in­fra­struc­ture. That scan­dal came to light ear­lier the same month, when a press in­ves­ti­ga­tion re­vealed that the now-de­funct Cam­bridge An­a­lyt­ica, a UK-based con­sul­tancy as­so­ci­ated with Don­ald Trump’s pres­i­den­tial cam­paign, had mis­used tens of thou­sands of Face­book users’ data.

There’s much more to say on that story, but it’s worth first point­ing out that ex­am­ples of ex­ten­sive mis­use of data by a broad range of com­pa­nies have been un­earthed in scar­ily high num­bers in 2018. As re­cently as Oc­to­ber, Google be­lat­edly ad­mit­ted to a wor­ry­ing hole in its data se­cu­rity, while even com­pa­nies not so firmly rooted in the tech in­dus­try – such as ho­tel group Mar­riott and sand­wich chain Pan­era Bread – have suf­fered breaches of their cus­tomers’ de­tails.

Un­sur­pris­ingly, as suc­ces­sive crises have stacked up, there have been in­creas­ing calls for more strin­gent reg­u­la­tion of how com­pa­nies han­dle their users’ data. A glim­mer of hope has been pro­vided by this year’s en­act­ment of the Gen­eral Data Pro­tec­tion Reg­u­la­tion (GDPR), a piece of leg­is­la­tion which helps to pro­tect the data of Euro­pean Union cit­i­zens. How­ever, will ac­tion be taken on im­ple­ment­ing an equiv­a­lent law for US cit­i­zens – and how can we bet­ter pro­tect our own data?

“Ex­am­ples of ex­ten­sive mis­use of data by a broad range of com­pa­nies have been un­earthed in scar­ily high num­ber in 2018”

AN OVER­VIEW OF FACE­BOOK’S NIGHT­MARE YEAR

Face­book’s rep­u­ta­tion had al­ready been tainted by claims that the so­cial net­work­ing site had been used to dis­sem­i­nate Rus­sian pro­pa­ganda in the run-up to the 2016 US pres­i­den­tial elec­tion. How­ever, worse was to come when – through a joint in­ves­ti­ga­tion – The New York Times and UK press out­lets The Guardian and The Ob­server dis­cov­ered Cam­bridge An­a­lyt­ica’s du­bi­ous usage of Face­book data. The trail al­legedly started out­side Cam­bridge An­a­lyt­ica it­self...

It was al­leged that, with a quiz app, Cam­bridge pro­fes­sor Alek­sander Ko­gan le­git­i­mately ac­cessed de­tails from 270,000 Face­book ac­counts, but – in vi­o­la­tion of Face­book’s rules – shared that data with Cam­bridge An­a­lyt­ica.

What was es­pe­cially con­cern­ing was that Face­book later re­ported data from 87 mil­lion peo­ple had been im­prop­erly shared with the con­sul­tancy. Face­book has since tin­kered with its data col­lec­tion prac­tices, but the scan­dals have kept com­ing.

In Septem­ber, Face­book re­ported an­other breach, this one hav­ing ex­posed the data of 50 mil­lion peo­ple. At­tack­ers were able to take over Face­book ac­counts by ex­ploit­ing a vul­ner­a­bil­ity in the so­cial net­work­ing site’s ‘view as’ fea­ture, whereby peo­ple can view how oth­ers see their pro­files. In De­cem­ber, Face­book fur­ther re­vealed that, due to a bug, 6.8 mil­lion pho­tos on the site were ex­posed to out­side de­vel­op­ers. Even pho­tos sim­ply up­loaded, rather than posted, could be seen.

DATA SCAN­DALS HAVE BEEN UN­FOLD­ING IN VAR­I­OUS PLACES

Although the Cam­bridge An­a­lyt­ica scan­dal has eas­ily been the most se­ri­ous data scan­dal of this year, you don’t nec­es­sar­ily need to have used Face­book to have cause for con­cern about the safety of your per­sonal data. In 2018, re­searchers found that the fit­ness app Po­lar en­abled them to track lo­ca­tions of mil­i­tary and se­cu­rity ser­vices users. The re­searchers sourced per­sonal de­tails – such as names, heart rates and ar­eas of res­i­dency – of over 6,460 per­son­nel be­fore pub­li­ciz­ing the leak.

In June came the dis­cov­ery that Florid­abased data bro­ker Ex­ac­tis had left al­most 340 mil­lion in­di­vid­ual records of US data – on both cit­i­zens and busi­nesses – ex­posed on a pub­licly ac­ces­si­ble server. “It seems like this is a data­base with pretty much ev­ery US ci­ti­zen in it,” Vinny Troia, the se­cu­rity re­searcher who made the dis­cov­ery, told WIRED. That was no small con­cern given that the data in­cluded such highly per­sonal char­ac­ter­is­tics as phone num­bers and home ad­dresses.

While the ex­po­sure of 230 mil­lion Amer­i­can cit­i­zens’ data might ini­tially seem like a dis­as­ter, it pales in sig­nif­i­cance com­pared to a sep­a­rate breach af­fect­ing the In­dian gov­ern­ment’s bio­met­ric sys­tem Aadhaar. Per­sonal in­for­ma­tion – in­clud­ing fin­ger­prints and home ad­dresses – of vir­tu­ally all of In­dia’s 1.1 bil­lion cit­i­zens are on this sys­tem. How­ever, in March, a se­cu­rity re­searcher ex­plained to ZDNet how the sys­tem was dan­ger­ously in­suf­fi­cient in its se­cu­rity.

Im­age: Sean Gallup

Im­age: Ariel Zam­be­lich

Im­age: Noah See­lam

Newspapers in English

Newspapers from USA

© PressReader. All rights reserved.