by James Scott, Sr. Fellow ICIT, CCIOS, CSWS
The detailed activity and personal data of over 50 million Facebook users were accessed and exploited without the consent of users by Cambridge Analytica in yet another text-book incident facilitated by an under-regulated, irresponsible, dragnet surveillance corporation, Facebook, whose sole-function has become the exploitation and monetization of the personal information of users that it tricks into providing access and permission to sensitive activity and personal data through one-sided agreements, deceptive socio-economic incentives, and the faux-viral illusion of essential participation. A meaningful and transparent notice was not provided to users before data was collected, sold, and abused. Victims received no offer of an informed choice before an obfuscated third-party weaponized their data in a pervasive multi-faceted influence operation. Facebook did not ensure the security or privacy of its users because nefarious data brokers, such as Facebook, consider users as a means of product manufacture, consumer data as a valuable commodity owned by Facebook, not the user, and any third-party willing to pay for access to the data as a valuable client.
In the words of Facebook founder and CEO Mark Zuckerberg, “We have a basic responsibility to protect people’s data, and if we can’t do that, then we don’t deserve to have the opportunity to serve people.” Negligent data brokers must be held accountable for the misuse of consumer data. Purveyors of fake news and other misinformation must be prevented from propagating false narratives and faux-viral campaigns. Facebook is both. Zuckerberg admits, “Our responsibility now is to make sure that this doesn’t happen again,” and ICIT agrees; however, words and actions are not equivalent. It is the responsibility of the public and responsible organizations to ensure that massive breaches of the user data collected by dragnet surveillance capitalists do not continue to occur with dismal regularity. Despite media interviews and statements to the public, these threat actors only care about their profit margin. Facebook and other under-regulated data brokers cannot be permitted to “weather the storm” until another story seizes the media cycle because they directly influence the media and in some regions, they outright control the news. These organizations must be held accountable for the risk that they imposed on Americans who entrusted them with sensitive data and who are both their content generators and vital product. Facebook needs to recognize that the 50 million datasets compromised directly and irrefutably correlate to 50 million lives now put at risk.
It would be hypocritical and irresponsible for the Institute for Critical Infrastructure Technology (ICIT), the Center for Cyber-Influence Operation Studies (CCIOS), or the Center for Space Warfare Studies (CSWS) to draw attention to or support the Facebook platform. ICIT hopes that other responsible Information Security organizations will likewise eliminate their presence on the platform as a demonstration to the public and corporate dragnet surveillance capitalists everywhere that operations that not only facilitate but also outright depend on, the exploitation of user data, will no longer be tolerated as a viable business strategy.