Data is driving the work of most businesses and organizations. It is unlikely that this will change. The benefits of data science far outweigh the pitfalls along the way to building a better world using it.
Data breach is a serious issue – one that we need to throw light on to eliminate. It has been prevalent ever since data became useful but has been hiding under covers. In 2013, hackers stole sensitive information like credit card numbers of millions of Target customers. The incident was one of 614 data breach cases that year. Since then, the number of data breach cases has increased exponentially. In 2017, there were 1,579 breaches of data that were reported.
Data breaches aren’t always reported. In most of the cases, the people and companies “responsible” for the breaches don’t even seem to be aware of their wrongdoings.
The Recent Facebook-Cambridge Analytica Fiasco
Facebook and a data analytics firm – Cambridge Analytica – have been in the news recently for alleged interference in the 2016 US Presidential elections. The companies have been accused of misusing data from 87 Mn of their users to create psychographic profiles of individuals and target voters with personalized ad campaigns that helped Trump win the elections.
Christopher Wylie, who founded Cambridge Analytica and later turned whistleblower, revealed that the data analytics firm had harvested information from millions of users to build exploitative models that targeted their “inner demons”.
The uncovering of this data breach has sparked discussions around the world on the importance of data protection and how to achieve it. The response from Facebook is forward-looking.
The company has issued full-page apologies in British newspapers and their billionaire co-founder Mark Zuckerberg has said that his company was sorry for the apparent “breach of trust”. In a post from his personal account, Zuckerberg also outlined the steps his company has taken and will take to prevent further breaches.
According to Zuckerberg, Facebook made changes to their platform in 2014 so that abusive apps wouldn’t have undue access to user data. They made it mandatory for developers to gain permission before requesting sensitive data from users. In 2015, they also banned the app developed by Kogan, the man who helped Cambridge Analytica acquire information from Facebook users, and got certifications from both parties attesting that they had deleted all ill-gotten data.
Kogan said that everyone involved in the data breach thought they were acting “appropriately” and that what they were doing was perfectly “normal”.
How are we to prevent people from committing crimes when they seem to have no grasp over the implications of their actions? The question is at the heart of the data breach problem. It is one that needs to be answered with a conscientious effort by three sets of professionals – data creators, data protectors, data users – who are part of the data lifecycle right from collecting to storing and using. These professionals must actively and constantly seek to use data for optimization of products and services rather than use it for manipulation. It is a fine line to draw between the two – one that requires constant introspection and inspection.
Keeping data processes transparent to third-party organizations and the governments will help in the process. And, we need global consensus on norms and standards for regulation of processes that use data. Data breaches can only be avoided with the integrity of international laws, and of the people, who work with data. We must embrace the challenge of preventing data breaches and work with the greater trust to ensure that the privacy of individuals is not compromised.
In case of Facebook, Zuckerberg has promised to conduct full audits of all suspicious apps including those that had free access before changes were made to the platform in 2014. He has promised to ban all developers, who refuse to cooperate with the audits and tell on them so that users are aware of the breaches.
Moreover, he has promised to restrict developers’ access to data further by limiting it to name, profile photo and email address. Any developer who wishes to access more information will have to sign a contract so that data is better protected. Lastly, he has promised to build a tool that will show users which apps have access to their information with an option to revoke access so that users have greater control over their data.
Zuckerberg’s response seems honest and transparent. Despite the mistakes his company has made, he seems to have taken the time to introspect and analyze what went wrong to prepare himself for inspection.