CYBER-CRIMINALS were once shrouded in mystery. Faceless nonentities lurking in the murky environs of the darkest corners of the cyber-underworld.
But it seems that harvesting is quickly becoming the new buzzword on the cyber-security block and cyber-criminals are cutting a more corporate appearance.
In the wake of the latest wave of data privacy breaches that have swept the globe is the revelation that they were carried out by well-known organisations that we have trusted with our most private and sensitive information.
But more alarming has been the unwitting participation of millions of social media users in a worldwide data-gathering experiment at the hands of companies that would make Orwell’s dystopian state of Oceania look vaguely tolerable.
How ironic then that the premise behind Cambridge Analytica’s audacious breach of millions of personal Facebook profiles was how it classified voters and targeted them by using the OCEAN technique – Openness, Conscientiousness, Extroversion, Agreeableness, and Neuroticism.
One of the long-held arguments from the anti-social media movement is ‘what do you expect if you publicly post your personal updates on a platform the whole world can see?’
Of course, we have always known Big Brother was watching in some format or another, be it CCTV outside the local supermarket or the tracking and mapping of our daily debit card usage. It seems in the modern world, where nearly a half of the global population owns a personal smartphone – a device that can rather disconcertingly and almost inexplicably predict our very whereabouts with the flicker of a traffic update – none of us are truly immune to having our personal information scrutinised and scavenged by data-hungry corporate beasts.
Even if we aren’t fully active on social media ourselves, it seems that if our immediate connections are then it could make us fair game for having our information tapped into, downloaded and used without our permission.
In the case of Cambridge Analytica, it appears that the masses of data it gathered was neither permissible nor ethical and was used to socially engineer and ultimately influence millions. Meanwhile, Facebook failed to protect its users by allowing the company to collect the data.
So what can be done to preserve our privacy amid the unending stream of information that we have managed, either willingly or involuntarily, to post on the internet?
The introduction of the European General Data Protection Regulation (GDPR) this month will bring into force tougher and more stringent rules on the handling and storage of personal data. Initially Facebook indicated that the majority of its users will not be protected by GDPR, but Mark Zuckerberg quickly followed this up with an announcement that he intended for Facebook to make the same controls available everywhere, not just in Europe. But will adjusting our settings be enough and will the company be globally implementing GDPR’s more pertinent rules for consent, data control and the right to know how our data is being used? Facebook says ‘yes’ and although rules outside Europe could cause conflict, it intends for GDPR to apply to everyone.
Meanwhile The Information Commissioner’s Office – the British Government’s privacy watchdog – has opened an inquiry into Cambridge Analytica and its use of data following allegations about its ties with the Leave.EU campaign and whether it, and similar companies, are a risk to voters’ rights.
Utilising personal data and associated algorithms to specifically target an individual is not a new concept and is perhaps one of the main reasons why Facebook has enjoyed such unrivalled success – it made $26.9bn dollars from direct advertising in 2016. However, the unethical harvesting of millions of accounts to launch a series of politically charged snipers into the datasphere that hunted down specific people to manipulate them is not only morally dubious but potentially dangerous. And while the companies themselves should be held accountable, what if they themselves became the subject of a cyber-attack? Imagine how invaluable such data could be in the wrong hands and the endless opportunities for moulding and controlling global events.
Perhaps the most sinister and worrying thing about unauthorised data harvesting is the potential it has for manipulating outcomes through a method that could be considered as systematic brainwashing. It’s this that could negatively affect the whole of humankind and cause catastrophic world-changing events. With this in mind, we should all be thinking more carefully than ever before about how we store our data and how we share information with each other.
Daren Oliver is managing director of Fitzrovia IT, a London-based consultancy. www.fitzroviait.com