Pages

26 March 2018

‘FACEBOOK IS WHY WE NEED A — DIGITAL PROTECTION AGENCY — IT’S NOT JUST THE CAMBRIDGE ANALYTICA DEBACLE, ETHICS DON’T SCALE,’ ONE TECHNOLOGIST ARGUES


‘FaceBook Is Why We Need A — Digital Protection Agency — It’s Not Just The Cambridge Analytica Debacle, Ethics Don’t Scale,’ One Technologist Argues Paul Ford posted a feature article, March 21, 2018, with the title above to Bloomberg.com. Mr. Ford is a writer, computer programmer, and co-founder of Postlight, a digital product studio based in New York that specializes in mobile, and web development. Mr. Ford begins, “Over and over the last 20 years, we’ve watched low-cost, or free Internet communications platforms spring from the good intentions, or social curiosity of tech folks. We’ve watched as these platforms expanded in power and significance, selling their influence to advertisers. Twitter, FaceBook, LinkedIn, Google they grew so fast. One day, they are a lovable new way to see kid pix, next thing you know — they’re re-configuring democracy, governance, and business,” he wrote.


“FaceBook’s recent debacle is illustrative,” Mr. Ford asserts. “It turns out the company let a researcher spider through its social network to gather information on 50 million people. Then, the U.K. data analysis firm, Cambridge Analytica used that data to target likely Trump voters. FaceBook responded that, no, this was not a “breach.”

“Okay, sure, let’s not call it a breach,” Mr. Ford wrote. “It’s how things were designed to work. That’s the problem,” Mr. Ford contends.

“For years, we’ve been talking and thinking about social networks as interesting tools to model and understand human dynamics,” Mr. Ford wrote. “But, it’s no longer academic — FaceBook has reached a scale where its not a model of society as much as an engine of culture. A researcher gained legitimate access to the platform, and then just….kept going, and Cambridge Analytica ended up with those 50 million profiles. The “hack” was a true judo move to use the very nature of the platform against itself — like you gave MacGyver a phone book; and, he somehow made it into a bomb.”

“What’s been unfolding for a while now,” Mr. Ford observes, “is a rolling catastrophe so obvious, we forget it’s happening. Private data is spilling out of banks, credit-rating providers, email providers, and social networks — and, ending up everywhere. So, this is an era of breaches and violations, and stolen identities,” he contends. “Big companies can react nimbly, when they fear regulation is actually on the horizon — for example, Google, FaceBook, and Twitter have agreed to share data with researchers who are tracking disinformation, the result of a European Commission on fake news. But, for the most part, we’re dealing with global entities that own the means whereby politicians garner votes, have vast access to capital to fund lobbying efforts, and are constitutionally certain of their own moral cause. That their own platforms are used for awful ends, is just a side effect on the way to global transparency, and shame on us for not seeing that.”

“So, are we doomed to let them take our data, or that of our loved ones, and then to watch as that same data is used against us or shared by hackers?,” Mr. Ford asks. The answer he wrote is….“Yes frankly. We’re doomed. Equifax Inc. sure won’t save us. Do we trust Congress to bring change? Do we trust Congress to plug in a phone charger?, he asks. “I’ll be overjoyed to find out I am wrong,” he adds. In the meantime, turn on two-factor authentication everywhere (ideally using a hardware dongle like a YubiKey) invest in a password manager, and hold on tight.”

“The word “leak” is right,” Mr. Ford wrote. “Our sense of control over our own destinies is being challenged by these leaks. Giant Internet platforms are poisoning the commons. They’ve automated it. Take a non-FaceBook case: YouTube,” Mr. Ford explained. “it has users who love conspiracy videos; and, YouTube takes that love as a sign that more and more people would love those videos too. Love all around! In February, an ex-employee tweeted: “The algorithm I worked on at Google recommended [Info Wars personality and lunatic conspiracy-theory purveyor] Alex Jones’ videos more than 15,000,000,000 times, to some of the most vulnerable people in the nation.”

“The head of Youube, Susan Wojcicki, recently told a crowd at SXSW [South By Southwest Conference Festival] that YouTube would start posting Wikipedia’s explanatory text next to conspiracy videos (like those calling a teen who survived the Parkland, Fla. shooting, a “crisis-actor”). Google, apparently didn’t tell Wikipedia about this plan,” Mr. Ford wrote.

“The activist, and Internet entrepreneur, Maciej Ceglowski once described big data as “a bunch of radioactive, toxic sludge that we don’t know how to handle,” Mr. Ford noted. Maybe we should think about Google and FaceBook as the new polluters. They’re imperative is to grow! They create jobs! They pay taxes, sort of ! In the meantime, they’re dumping trillions of units of toxic brain poison into our public-thinking reservoir. Then, they mop it up with Wikipedia, or send out a message that reads, “We take your privacy seriously.”

Which brings Mr. Ford to propose “the creation of a digital Environmental Protection Agency. Call it….the Digital Protection Agency. Its job would be to clean up toxic data spills, educate the public, and calibrate and levy fines.” 

Then, Mr. Ford goes on to explain some of the specifics of his proposal; and, some of the responsibilities this entity would have; and, I refer you to Mr. Ford’s article in Bloomberg for additional details.

I do not know what the answer is to this problem; but, every fiber in my being would resist the creation of a government agency to oversee and ‘clean-up’ our digital mess. Yes, it is messy, and at times can be terribly inconvenient. But, we need to ensure we do not make the problem worse by having a agency of the Federal Government, or Congress oversee its digital fallout. Private entities, and private enterprise will be a much better arbiter of serious digital spills and digital theft. Necessity is the mother of invention. And, I suspect, that we will soon see companies in the Internet space begin to advertise their expertise and abilities to mitigate the damage from unintended data spills and/or, digital theft.

But, there is little doubt, that social media, and our Internet giants have a problem. Cyber security guru Bruce Schneier, wrote on his blog, schneieronsecurity.com, February 14, 2018, that, “in most cases, its impossible for consumers to make informed decisions about whether their data is protected. We have no idea what sorts of security measures Google uses to protect our highly intimate web search data or, our personal emails. We have no idea what sorts of security measures FaceBook uses to protect our posts, and our conversations. 

“Think about all the companies [Internet-based and otherwise] collecting personal data about you [us], the websites we visit, our smartphone and its apps, our Internet-connected car [and home] — and, how little we know about their security practices ” Mr. Schneier wrote. How well, or not, do they protect our data? Do they ‘sell’ our personal data to others? How well, or not, do these second and third tier Internet/web provider companies adhere to the same security standards as the big players’? What incentives are in place to encourage best cyber hygiene practices? And, what disincentives or punitive measures are available and enforced — when these same companies fail to adhere to these standards? “Even worse,” Mr. Schneier wrote, “credit bureaus and data brokers like Equifax, collect our personal data — without our knowledge or consent.”

“Government policy is the missing ingredient,” Mr. Schneier wrote. “We need standards [for personal data protection]; and, a method for enforcement. We need liabilities, and the ability to sue companies that poorly secure [and administer/oversee] our data. The biggest reason companies do not protect our personal [online] data is….it’s cheaper not to,” Mr. Schneier observes. Government policy is how we change that,” he concludes.

Maybe. But, I hope there is a lot more thoughtful debate before we create another bureaucratic/government entity to address a problem that may be best handled by the private sector. It would seem cyber security insurance is one avenue of approach. Having to pay out hefty sums of cash for violating the terms of cyber insurance may be one avenue of approach.

Even with the best cyber hygiene practices, and the creation of a ‘digital protection agency,’ there are no silver, cyber bullets out there. The Internet and Worldwide Web were built on a foundation for ease of use. Security was an afterthought, or now high enough a priority at the Internet’s creation. Indeed, had the kind of security been implemented at the front-end that would have been required so we wouldn’t find ourselves in this situation — it is highly likely we would not have seen the kind of prosperity and quality of life enhancements that the Internet has brought us. These kind of measures on the front end may have doomed this magnificent creation — to the dustbin of digital oblivion. So, we have a grand Internet that is built on a bad foundation. Regardless of implementing the highest digital standards of protection — the darker digital angles of our nature will always…find a way in. Whether that is through a trusted insider, or, some other elegant collection technique, one can never assume that your data is totally secure. There is no such thing. That doesn’t mean we should not use the FaceBook debacle to advance the thinking about the best courses of action to pursue that would address perhaps 80-85 percent of the problem. We can’t let the perfect…..be the enemy of the good enough. RCP, fortunascorner.com

No comments:

Post a Comment