A YEAR OF DATA SCANDALS
WHY APPLE IS SETTING A SHINING EXAMPLE ON USER PRIVACY
“The truth is, we could make a ton of money if we monetized our customer – if our customer was our product. We’ve elected not to do that.” These words, quoted by Recode, were uttered by Apple CEO Tim Cook in March as he explained the privacy-first focus of his company’s business model. It’s a stance from which many other tech titans evidently could have learnt this year, with the likes of Facebook and Google having become engulfed in a quick succession of data-leaking scandals.
VEERING FROM ONE DATA CRISIS TO ANOTHER
Cook was actually speaking in an interview on the television network MSNBC in the wake of the Cambridge Analytica scandal, which shed light on perilous holes in Facebook’s security infrastructure. That scandal came to light earlier the same month, when a press investigation revealed that the now-defunct Cambridge Analytica, a UK-based consultancy associated with Donald Trump’s presidential campaign, had misused tens of thousands of Facebook users’ data.
There’s much more to say on that story, but it’s worth first pointing out that examples of extensive misuse of data by a broad range of companies have been unearthed in scarily high numbers in 2018. As recently as October, Google belatedly admitted to a worrying hole in its data security, while even companies not so firmly rooted in the tech industry – such as hotel group Marriott and sandwich chain Panera Bread – have suffered breaches of their customers’ details.
Unsurprisingly, as successive crises have stacked up, there have been increasing calls for more stringent regulation of how companies handle their users’ data. A glimmer of hope has been provided by this year’s enactment of the General Data Protection Regulation (GDPR), a piece of legislation which helps to protect the data of European Union citizens. However, will action be taken on implementing an equivalent law for US citizens – and how can we better protect our own data?
“Examples of extensive misuse of data by a broad range of companies have been unearthed in scarily high number in 2018”
AN OVERVIEW OF FACEBOOK’S NIGHTMARE YEAR
Facebook’s reputation had already been tainted by claims that the social networking site had been used to disseminate Russian propaganda in the run-up to the 2016 US presidential election. However, worse was to come when – through a joint investigation – The New York Times and UK press outlets The Guardian and The Observer discovered Cambridge Analytica’s dubious usage of Facebook data. The trail allegedly started outside Cambridge Analytica itself...
It was alleged that, with a quiz app, Cambridge professor Aleksander Kogan legitimately accessed details from 270,000 Facebook accounts, but – in violation of Facebook’s rules – shared that data with Cambridge Analytica.
What was especially concerning was that Facebook later reported data from 87 million people had been improperly shared with the consultancy. Facebook has since tinkered with its data collection practices, but the scandals have kept coming.
In September, Facebook reported another breach, this one having exposed the data of 50 million people. Attackers were able to take over Facebook accounts by exploiting a vulnerability in the social networking site’s ‘view as’ feature, whereby people can view how others see their profiles. In December, Facebook further revealed that, due to a bug, 6.8 million photos on the site were exposed to outside developers. Even photos simply uploaded, rather than posted, could be seen.
DATA SCANDALS HAVE BEEN UNFOLDING IN VARIOUS PLACES
Although the Cambridge Analytica scandal has easily been the most serious data scandal of this year, you don’t necessarily need to have used Facebook to have cause for concern about the safety of your personal data. In 2018, researchers found that the fitness app Polar enabled them to track locations of military and security services users. The researchers sourced personal details – such as names, heart rates and areas of residency – of over 6,460 personnel before publicizing the leak.
In June came the discovery that Floridabased data broker Exactis had left almost 340 million individual records of US data – on both citizens and businesses – exposed on a publicly accessible server. “It seems like this is a database with pretty much every US citizen in it,” Vinny Troia, the security researcher who made the discovery, told WIRED. That was no small concern given that the data included such highly personal characteristics as phone numbers and home addresses.
While the exposure of 230 million American citizens’ data might initially seem like a disaster, it pales in significance compared to a separate breach affecting the Indian government’s biometric system Aadhaar. Personal information – including fingerprints and home addresses – of virtually all of India’s 1.1 billion citizens are on this system. However, in March, a security researcher explained to ZDNet how the system was dangerously insufficient in its security.
Image: Sean Gallup
Image: Ariel Zambelich
Image: Noah Seelam