Facebook has been under scrutiny due to its handling of users' data. What does this mean for the future of data security?
Zuckerberg was questioned over two days by both the House and Senate over third-party access to their data following the Cambridge Analytica scandal. However, the debate was wide-ranging and brings to focus a growing political movement against mass data collection by private companies.
Part of the slipperiness of the issue is that Facebook synthesises data, as well as collects it. There are different kinds of data here. There’s what you post; what Facebook observes about your behaviour; what data Facebook collects from external parties; and importantly, what Facebook can infer using machine learning algorithms, which is built on your data but arguably does not constitute it.
Some of this data is embedded in byzantine systems of code which would be difficult to make available to consumers in line with forthcoming GDPR legislation.
But Zuckerberg said Facebook intends to change its policy to meet legal requirements worldwide. Their current tack is to make the data that you post available in a HTML file for download; much of the data on your behaviour is omitted. (Zuckerberg’s notes from the testimony imply he does not consider Facebook ready for GDPR, yet).
As The Economist reports, Mr Paul Dehaye is one example of a Facebook user who has requested his data collected through the advertising tracking tool Pixel.1 Facebook has acknowledged the existence of his data but will not produce it, citing inordinate levels of effort - those byzantine systems of code. The case is presently under review by the Irish Data Protection Commissioner.
As well as discomfort around data collection practices, there is broader anxiety around Facebook’s power as an organisation. Statements from Mr Zuckerberg insisting that Facebook does not intend to subvert democracy are testament to this. Facebook is “an exotic pet, getting too big for its owners to control.”
Facebook and US Democracy
The social network inadvertently interfered with the democratic integrity of the US 2016 presidential election by not monitoring its security processes well enough. Russian hackers were able to create fake Facebook profiles and Cambridge Analytica used data garnered from Facebook to create psychological profiles of individuals; both of which were done to influence and manipulate US voting behaviour by creating targeted ads.
While these activities are in themselves monumental, Zuckerberg’s testimony also points to the wider implications regarding how regulators should manage this new digital frontier.
Jonathan Albright, of the Tow Center for Digital Journalism, drew a parallel between Facebook and a state, emphasising the need to treat the network in the way one would treat a public sphere as opposed to a company.
Facebook is a meeting ground for people of various backgrounds to communicate with one another. Members share news and discuss current events, in both friendly and argumentative ways.
According to Albright, while Facebook functions as if it was a public sphere, ‘they don’t carry any of the responsibilities with these civic functions, which is why we’re seeing these problems.’
Their lack of responsibility is clearly catching up with them now, with lawmakers on both side of the Atlantic calling for action. In fact, calls for regulation for big tech may be the only subject Republicans and Democrats agree on at the moment in the US, with both hardline Republican, Steve Bannon, and Social Democrat, Elizabeth Warren, arguing for a tighter approach.
While the consensus may be strong, the approach appears to be weak. If the Congressional hearing early this week has proved anything, it’s that lawmakers are out of their depth in the new technological era. Senators asked how Facebook made money if not through paid services, to which Zuckerberg somewhat smugly replied, ‘Senator, we run ads.’
There’s a clear knowledge gap between those who would regulate and those who would be regulated.
And it’s obvious something needs to be done to prevent the 2016 presidential election tampering from occurring again. But was Zuckerberg’s testimony really the action to make that happen?
Having Zuckerberg publicly grilled by Congress made a very powerful statement, but it is yet to be seen whether there are any tangible outcomes that this will lead to.
Regarding big tech, it’s likely many companies are counting their lucky stars that they’re not in the hot seat, with Zuckerberg taking the majority of the blame for actions that most data handlers are guilty of.
The EU is taking steps to curb the ability for companies to use consumer data without their consent through the introduction of GDPR; the US could follow suit by also introducing legislation that puts the user in control of their data. Our Masterclass next will discuss how GDPR relates to digital identity and why this is important in today’s digital economy. More information is available here.
Another option for companies to prove that they are accountable and trustworthy to their consumers would be to integrate a strategic security approach to ensure data is well stored and protected. Our VMware Executive Exchange event will discuss security strategy around the new digital frontier; registration is now open.