Monique Morrow

Chief Technology Strategist

Monique Nov blog.png

In today’s digital world people’s personal lives have become increasingly intertwined with technology. However, what happens when technology fails to uphold its end of the bargain? More specifically, in the context of recent data breaches on tech giants, such as Yahoo and Facebook, what happens when technology giants fail to protect their customers’ data and privacy? Despite these large breaches in privacy and collection of private information many people don’t seem to be that outraged. Have we become immune to such scandals, or are we just unsure about how to protect ourselves against them? What responsibilities do technologists and business leaders have and how can they be held accountable to communities and to the industry over all? Do ethics even have a place in technology anymore? This blog will explore these questions using Yahoo and Facebook’s recent examples of broken trust and their impact.

Yahoo suffered two data breaches in recent years, the first in 2013 and the next in 2014. However, the extent of these breaches was just discovered over the past year as Yahoo was acquired by Verizon Communications. In the 2013 attack “digital thieves made off with names, birth dates, phone numbers and passwords of users that were encrypted with security that was easy to crack.” While the 2013 and 2014 attacks were not related it is believed that the 2013 attackers were Russian and “possibly linked to the Russian government,” while two of the four men charged in the 2014 breach were Russian. Now as part of its settlement, Yahoo owes $50 million in damages and has assumed the connotation of “one of the biggest, and costliest, consumer data breaches in history.” While it seems that other tech companies would have taken a page from Yahoo’s book and really stepped up their security and protection of consumer information, Facebook just this year experienced perhaps the biggest privacy breach in history.

In September 2018, Facebook was attacked, and in this attack the personal information of almost 50 million users was exposed.  This is not the first time that Facebook has been entangled in the exposition of personal information as it was revealed in the last year that a “British analytics firm got access to the private information of up to 87 million users.” Meanwhile, the attack in September 2018 involved attackers “exploit[ing] two bugs in the site’s ‘View As’ feature” as well as a bug in the “video-uploading program for birthday celebrations.” In addition, this attack “garnered the names, phone numbers, and email of 15 million Facebook users,” and “fourteen million more had their username, date of birth, gender, and devices they used Facebook on, and language settings compromised at the very least.” Having people’s personal information collected and exploited in this manner can lead to a downward spiral of events, from malicious advertising to other spam attacks. Essentially, once the hackers envelop the information, they can do whatever they please with it. Following this scandal, Forbes advocated that “for now users need to ensure their own security is tight. Breaches are happening every day and it’s important to use strong passwords and two-factor authentication at a bare minimum.” To sum it up, The New York Times dubbed this breach as a reminder “that it is exceptionally difficult to entirely secure a system that has more than 2.2 billion users all over the world and that connects with thousands of third-party services.”

But what has happened since these attacks? For one, European lawmakers “tightened privacy oversight on digital businesses and massively beefed up penalties for data misuse.” In the United States, California passed the California Consumer Privacy Act, which is set to be enacted in 2020. In addition, the fact that these attacks have happened on arguably the most famous social media network in the world, has caught the attention of researchers. Researchers at the University of Oxford conducted a study on the apps on the US and UK Google Play Stores. The study found that “88% of apps could ultimately hand over data to Alphabet, Google’s parent company. This put Google top of the list of potential beneficiaries of third-party app data.” In addition it found that third party apps can share any information relating to “age, gender, and location.” Essentially, data collection allows individual profiles about people to form which can then lead to conclusions about “shopping habits, socioeconomic status, or political opinions.” This research shows that people are starting to notice the trend of personal data being exploited on technology platforms. Even if such research does not catch the eye of these technology companies, it may filter some skepticism into the minds of users as they use this technology. Experts argue that the “best security practice of all” for tech companies is very simple: “not holding data in the first place.” Perhaps Frederike Kaltheuner, data exploitation program lead at Privacy International, summed it up the best when he said that data collection tactics are “about profit maximization at the expense of peoples’ fundamental rights.”

While there has been some response to these recent attacks, only time will tell if society has become immune to them or will take action against them. The bottom line is whenever a company has access to someone’s private information they have a responsibility to protect that information to the best of their ability. However, because of the world we live in today perhaps we have become too lenient on such companies when they do slip up with our information. While “doing the right thing” should be apparent, perhaps it is not. The question then becomes: how do we recognize and respond to cognitive bias?