Reports leaked to Motherboard show that Facebook is unable to account for personal user data under its ownership. This includes what the data is being used for and where it is located.
This information arrives from a report written last year by privacy engineers on Facebook’s Ad and Business Product team intended to be read by the company’s leaders. The report details how Facebook needs to address a growing number of data usage regulations. This incudes new privacy laws in India, South Africa and elsewhere.
The authors of the report provide details of a social platform that is entirely lost concerning the personal data of its 1.9 billion users.
Facebook Clueless on Personal User Data
The engineers gave warning to the social giant that it would be difficult to keep promises to countries on how it treats the data of its citizens.
We do not have an adequate level of control and explainability over how our systems use data, and thus we can’t confidently make controlled policy changes or external commitments such as ‘we will not use X data for Y purpose.’ And yet, this is exactly what regulators expect us to do, increasing our risk of mistakes and misrepresentation.
What makes accounting for user data such a problem for Facebook is that tracking the data is not a part of Facebook’s “open-form” systems. Facebook preferring instead to use an “open borders” approach that blends first-party user data, third-party user data and sensitive data. The authors of the report use the metaphor of pouring a bottle of ink into a lake, only to then try and get the ink back into the bottle.
There are a lot of words that come to mind when presented with this story. Incompetence being the first. However, incompetence suggests inexperience, which 18 year-old Facebook certainly should not lack. One of the largest companies in the world should have no problem addressing this issue from the start.
The author of the report uses the metaphor of ink in a lake. However, physical ink and digital ink are two different things. While labeling the individual atoms that make up ink is nigh impossible, labelling the bits that make up digital ink is theoretically simple. The report provides solutions, but why not implement them from the start?
It is isn’t incompetence, it’s apathy.
Making a Mark for Facebook
Facebook’s primary motivation is making money. They are no different from any other business in that regard. What makes Facebook different from other companies is that they are almost exclusively in the market of user data. Fortunately for the company, yet unfortunately for users, the word ‘data’ is capable of carrying a massive definition.
When one hear’s the term ‘user data,’ it is relatively easy to forget just how much this encompasses. The name of your first child. How you felt during the COVID-19 pandemic. What you had for breakfast in June. What music, television, and other media you enjoy or despise. How you feel about Jeff Goldblum. All of this, in effect, is your digital self. Facebook consumes all of this data for the sole purpose of marketing.
The company not only has the obligation to properly store and protect user data, it should be one its central tenants. This report, as well as countless other complaints toward Facebook, provide evidence that the company simply does not assume responsibility for the safety of its user’s person data.
While Facebook has shown to be clueless concerning the proper categorizing, labelling and handling of its user data, one has to wonder what is not being leaked by other tech companies.
Unintended Consequences
Concerning other tech giants, Apple also has issues it desperately needs to address. Last month, reports indicated that Apple was deceived into releasing personal user data to hackers posing as law enforcement. Several other companies also took the bait, including Discord, Google, Snap and Twitter.
Unfortunately, this theft of user data has real, unimaginable consequences.
Reports are indicating that the data stolen from these companies gave hackers a chance to sexually extort minors. While the amount of data taken was incredibly small, it was still enough for hackers to carry out attacks against victims. Information obtained by the hackers saw use in befriending women and minors. The hackers then encouraged individuals to provide sexually explicit photos.
Perpetrators then used said photos to blackmail individuals. Victims faced pressure to comply with a variety of demands. One example involved convincing a victim into carving an attacker’s name into their arm.
While the story is diabolical, it is not meant to serve as an emotional appeal. The experience of the victims is horrible without question, and the perpetrators deserve punishment to the full extent of the law if not worse. With that said, it is unfortunate that this story of abuse arrives during the penning of this article. As it serves as a cautionary tale of what happens when tech companies are not protective of user data.
Final Thoughts on User Data
What then, is the solution? Calling for government regulation, at the moment, feels reactionary. At the same time, those that remember when Mark Zuckerberg addressed Congress may recall just how woefully ignorant Washington is of tech in general. For now, the answer lies in simplicity: tech companies need to develop actual ethics when it comes to protecting user data. Companies such as Facebook need to realize that what they possess is something that is beyond financial value.
Tech giants hold the digital Geist of billions of individuals. It’s about time they start acting like it.
Nick:
Thank you for a well-written, thought-provoking editorial.
Regarding ‘Big Tech’ we need to conceptually and practically carve out companies whose core business model is the sale of and profit from user data, which is predominantly though not exclusively social media, as distinct from companies that sell products and services as the core of their business model.
FB has been the poster-child of every abuse arising from so-called surveillance capitalism. Thus far, their expressions of remorse and promises of remedial action through self-policing have been tantamount to vapour-ware that they attempt to sell through pre-commitments from lawmakers and the public alike. Expecting, or even hoping, that they will mend their ways and behave like responsible, good citizens of the global industrial community is fantasy. One might just as well expect a hyena to go vegan, or a fox to swear off chickens. Their practices remain predatory and unrepentant.
Until such time as they are made to bleed for their transgressions against not only their user base, but all of the contacts of those users whose data they non-consensually hoover up as collateral gains (and damage) through enforceable regulatory oversight, they will continue to offend and abuse.
As for user data protections, in a sane, rational and fair-minded world, legislators would be applying at least as much pressure on surveillance capitalists to safeguard user data, and restore ultimate control to those users through enforceable informed and conditional consent, as they appear to be on Big Tech for alleged anticompetitive behaviour and social messaging platform integration.
However, that would be a world without hunger, homelessness and conflict, and we see where we are on those metrics.