Just as Native Americans sold the island of Manhattan to colonial governor Peter Minuit for $24 worth glass beads – at least, that’s what the legend says – people are now selling out their private data for “glass beads” to Facebook and Google. For data drilling companies, profit comes first, privacy last. They sacrifice everything for growth and engagement for their platforms in order to collect as much data as possible to profiteer from advertising.
Is there anything we can do about this? Or are we just going to succumb so that there is no room left for privacy in the online world?
It has been a tough year for Facebook users’ privacy. The first shock came when the Cambridge Analytica scandal in March revealed that a third-party app harvested users’ and their friends’ data without consent and then sold it to the voter-profiling company. Who knows how many other apps Facebook lets abuse users’ personal data? Facebook simply turned the other cheek for faster growth.
After this disturbing incident, the social media giant promised to do better. Still, last week we learned that Facebook used users’ phone numbers given for two-factor authentication (a security measure aimed at keeping accounts safe) to target them with ads. And then came the announcement about hackers exploiting a security vulnerability affecting up to 50 million user accounts.
This is an unprecedented vulnerability in Facebook’s history; attackers could take over entire accounts, worse still, they could access third party applications that provide the Facebook account login feature. The incident demonstrates well the inherent dangers of concentrating so much data in the hands of one company. With more than 2 billion monthly active users, Facebook possesses an incredible amount of personal information, but it is clearly unable to sufficiently protect it.
This is deeply alarming and makes me wonder: how did we even get here?
In the early days of the Internet, putting any personal information online seemed like a pretty strange idea. Over time, people have increasingly become more comfortable with sharing information openly, and posting personal details on social platforms has quickly become the norm.
When the Snowden revelations revealed that the NSA could request data from tech companies sparking a worldwide debate about privacy vs. national security, many people dismissed concerns and reacted with the “I have nothing to hide” argument. However, privacy is not about protecting something we want to hide but about practicing our fundamental right.
The problem is that people are tricked into believing that the service internet giants offer is for free and don’t realise that they pay a high price for it with their data.
Going back to Peter Minuit who bought the island of Manhattan from the Lenape Indians, this might have been considered to look like a fair deal, but later on it became apparent that Minuit hit the jackpot.
People are now selling out their private life for “glass beads” and are becoming commodity on the shelves of Google and Facebook. Data-drilling companies are making money out of getting access to all details of their users’ personal and professional life, like the things they read or search for. What users get in exchange is a free service and user experience. This is the value people put on their data as they don’t realize what’s happening in the background. And companies take advantage of users’ limited awareness.
Let’s take an example. When you put out a tweet, you know it is public and can expect that it is being analysed by Twitter or someone else. But would you expect that your private messages are analysed by Facebook? Or that your phone number used for two-factor authentication is used to target you with ads?
So what’s the way forward? Is there no place left for privacy in our digital world? Can the trust between internet users and tech companies be restored?
There is a scenario where there is no need for trust. In case of end-to-end encryption, there is no way for the service provider or any other third party to look into the content of users’ communications or files. Only the user has access to the content and those that the user decides to share it with. The service provider does not have the possibility to mine and take advantage of its users’ data as it only has access to it in an unintelligible way. This makes end-to-end encrypted services less attractive for criminals as well.
Mainstream services, because of the high density of data they store, are a good target for hackers, who can then sell the data on the dark web where the price for an Instagram account can be as low as $0.006, and a Facebook login is just $2.60. The cost of a driver license is $20, a general login or social security number is $1. These details can be used to blackmail, to commit fraud, identity theft or to take a more complex, targeted attack. But one cannot sell encrypted data as it has no value. Needless to say, end-to-end encryption does not make it impossible to hack you – someone can still place a malware on your computer to monitor your activity -, but it makes it much-much more expensive.
That is why I believe that end-to-end encryption should be the default way for digital services to handle user data online. All users should have automatic access to this technology so that they can benefit from their fundamental right to privacy and minimize the possibility of falling victim to data misuse and exposure. It would also force data-driven companies to rethink their business model and bring the emergence of a service-led economy in which users share their data with companies because they respect their rights and handle their data with care, and not because they are tricked into doing so.
Interested in hearing industry leaders discuss subjects like this and sharing their experiences and use-cases? Attend the Cyber Security & Cloud Expo World Series with upcoming events in Silicon Valley, London and Amsterdam to learn more. The show is co-located with the IoT Tech Expo, AI & Big Data Expo and Blockchain Expo so you can explore the entire ecosystem in one place.