Inevitable privacy threats in the digital age
Introduction
With the rapid development of technology in the digital age, while the Internet brings convenience to people, it also leads to privacy leakage. Personal data is collected, misused, disseminated, sold, etc. Nothing is entirely private when it comes to digital data (photos, conversations, health information or finances). (San Francisco Chronicle, 2017) Besides hackers, service providers also steal users’ privacy without permission. The Pew Research Center has been investigating attitudes to Internet privacy since the 1990s. The survey indicated that 54% of respondents were concerned that computers and technology were being used to invade their privacy (Pew Research Center, 1999). Twenty years later, the centre found that 91% of adults agree or strongly agree that consumers have lost control over how companies collect and use personal information. Only 9% of respondents are confident that social media companies will protect their data (Raney, 2018). These data show that citizens’ awareness of privacy violations has increased significantly. However, digitization makes information always discoverable, so a person’s right to privacy and data protection is not only up to oneself but can also be fundamentally undermined by the actions of others. (Brouwer, 2020)
This blog will mainly analyze the main reasons for privacy violations through several privacy risk cases of Facebook. First, the openness of the web allows hackers to discover technical vulnerabilities. Secondly, the rise of new media dramatically reduces the private space of individuals and allows a large number of service providers to exploit user privacy for commercial benefits. Citizens rely on social media but do not understand policies such as user agreements, allowing service providers to steal our data without detection. Additionally, I will discuss what citizens and industries can do to reduce the risk of privacy violations.
Facebook cases
Privacy Leaks Caused by New Media
In the digital age, personal privacy is not only managed by oneself but also easily leaked due to the actions of others. Mobile streaming video technology via social media has given anyone the ability to become a broadcaster. (David Cassilo, 2019) Live streaming is a relatively common example, and any broadcast may have privacy violations. On January 15, 2017, Pittsburgh Steelers wide receiver Antonio Brown performed a Facebook Live from the locker room after the game. He focused too much on his audience size, not only filming his teammates exposed but also recording Steelers coach Mike Tomlin’s 45-second speech to the team, which even contained swear words. (Melissa Jacobs, 2017) However, Tomlin Doesn’t seem to know it’s being recorded. The content of this live broadcast seriously violates the privacy of teams and individuals.
Screenshot of the live broadcast, retrieved from https://www.youtube.com/watch?v=0t6bZMxpS9A
With the continuous development of new media, more and more people like to share their life on social platforms. Live-streaming and short-video bloggers have become very lucrative and popular industries. When these self-media workers are shooting short videos or broadcasting live on the road, they are inadvertently violating the privacy of those who enter the footage. Antonio’s actions turned into a scandal because of his high following. This type of case is also prevalent in our daily lives and cannot be avoided. Once the click-through rate and forwarding volume of the video explodes, you may even see what you are doing in the videos made by others. Even more worrying is that even if a friend shares a group photo online, as long as the information is collected, there is still a risk of privacy leakage. New media brings us not only convenience but also the trouble that our privacy is no longer under our control.
Hacker attack
Technology in the digital age is also constantly improving. The openness of the Internet has connected the whole world. Due to the diversity of Internet members and the dispersion of locations, information transmission needs to be transmitted through routers, allowing hackers to hack websites to intercept user information from a technical level.
There was a massive Facebook data breach last year. The personal details of 533 million users, including phone numbers and emails, have been found available on a website for hackers. (The Guardian,2021) Facebook already had a significant data leak back in 2019, and they didn’t notify users about it. Therefore, Facebook thinks the hackers didn’t necessarily break into their systems but grabbed data on the platform before September 2019. Facebook also responded that they did not expose the phone numbers themselves because attackers needed to supply phone numbers and manipulate the feature to spit out the corresponding name and other data associated with it for the exploit to work. (Newman, 2021)
Retrieved from: https://www.hackread.com/facebook-data-users-106-countries-leaked-online/
This response seems like a reasonable explanation, but it didn’t make a difference for those whose privacy was revealed. It is undeniable that these numbers were indeed disclosed and caused bad influence. Facebook should not make unnecessary explanations to maintain its credibility, and it is evident that there are omissions in management. First, whether or not hackers have broken into their systems shows that they lack effective monitoring of third-party use of user data. As such a large platform, Facebook has the responsibility to protect the privacy of users. Additionally, Facebook lacks information disclosure and emergency handling experience in cybersecurity incidents. In the case of phone number leaks, they used to be easily collectable on a large scale through the company’s Graph Search API tool. The company didn’t view that as a security vulnerability at that time because Graph Search surfaced only phone numbers and other data that users set to be public on their profiles. Regardless of the degree of impact, incidents should be taken seriously by managers who are also obliged to disclose information about these incidents to affected users.
Imbalance of personal privacy and interests
Facebook not only failed to manage users’ personal data properly but also directly violated user privacy for commercial interests.
Facebook’s parent company Meta has agreed to pay $90 million to settle a decade-long class-action lawsuit. The lawsuit, which began in 2012, accuses Facebook of violating users’ privacy rights by tracking users’ online activity even after they log out of the social media site. Four Facebook users filed a class-action lawsuit alleging that the company violated federal wiretapping laws, the Stored Communications Act (SCA) and California’s Invasion of Privacy Act (CIPA). (ABC News, 2022)
In 2010, Facebook launched a new tool called Open Graph, designed to give users’ friends a closer look at their activities and interests on the Internet. A “like” button was created. People can click this button to express their love for the content and share their interests with friends. The “Like” button plugin also allows Facebook to use cookies to collect data about users’ activities on the site – for example, which sites they visit, what they view or buy, and their communications with the site. (CNN Business, 2022)
(Screenshot from IEEE website)
Most of the time we use the Internet, we are often faced with the choice of accepting cookies. However, most users choose to accept cookies without understanding what cookies are. Even if they have some precautions about cookies, they do not have the patience to read the long and challenging privacy policy. A cookie is a small text file created by a website, usually encrypted, and stored on an internet user’s computer by the browser. If cookies are not accepted, the website will not provide all functionality. In addition, cookies can be used for statistical purposes, which store information about the personal preferences of Internet users. If the user ticks this protocol, the site is more functional and tailored for everyone, such as ads and widgets tailored to the user’s preferences and tastes. There are two types of cookies, session cookies and persistent or tracking cookies. A session cookie is a temporary file that disappears when the browser is closed. When the browser is reopened, the user needs to log in again; otherwise, the website cannot recognize the user or his preferences. Persistent cookies are stored in the browser until the browser deletes them manually or automatically when the duration of the text file expires. So users have some concerns about persistent cookies.
In Facebook’s cookie-related lawsuit, researchers found that Facebook continues to collect some identifying cookies about users’ internet activity even after users log out of the platform, contrary to its promise. Facebook can secretly misappropriate personal information without consent by borrowing third-party cookie technology. Third-party cookies are cookies generated by a third-party website and hosted on the website that the user visits. It also means that third-party websites have the ability to collect information about users visiting various websites, and users have reason to worry about whether this information has been shared or sold to other companies.
Even if Facebook defends this cookie technology, it must have benefited from it. Digitization makes this data a valuable asset that can be marketed, creating immeasurable business value. Facebook is certainly not the first company to do this, nor the only company to do so. Different service industries have been caught in such turmoil as privacy leaks. Some employees were bribed, and some were under the guise of “thinking about users and understanding users in order to push appropriate content”. It isn’t easy to balance the protection of personal information with the commercialization of personal data. For citizens, they expect personal data to be effectively controlled. At the same time, they also expect to enjoy free and high-quality products or services provided by digital technology. It is very contradictory that accepting the existence of cookies entails taking certain risks. For the service industry, collecting a large amount of various data of users can greatly reduce the cost of data development, and the industry can develop rapidly. Moreover, users also have management problems in terms of personal information security, such as the practice of clicking consent without looking at the privacy policy. To a certain extent, this encourages operators to collect and use personal information in violation of laws and regulations.
Conclusion
In the digital age, the pace of technological progress and the development of new media cannot slow down. The technical means of hackers are constantly improving, and the effect of new media hinders citizens from maintaining their privacy rights. Driven by commercial interests, some enterprises, institutions and even individuals illegally collect, obtain, and misuse personal information from time to time. In the face of digitalization, users cannot balance the personalized services of the Internet and their privacy management, and service providers cannot balance users’ data privacy and commercial interests. All these reasons pose privacy threats.
The service industry should pay more attention to the management of user privacy, not easily allow third-party platforms to obtain information, and try to ensure the transparency of the privacy system. Users have the right to know for what purpose their data is collected. In addition, some early warning mechanisms can be implemented to notify users promptly when necessary. When indecent live broadcasts or serious privacy incidents occur, the staff responsible for content management should stop their proliferation in time.
Even though the law protects our privacy rights to some extent, privacy violations are difficult to detect. It is necessary for citizens to protect their privacy on social media; setting complex passwords; turning off location functions, and checking content before posting is the most basic. Secondly, citizens must carefully read the platform’s terms of service, log into websites with caution and regularly clean data in their browser. Raising security awareness is the best way to reduce privacy violations.
The violation of privacy leakage cannot be entirely avoided. It is very difficult to pay attention to the protection of personal privacy and sensitive information while taking into account the development of the data industry. Both citizens and the service industry need to make efforts.
Reference list
Barbara Ortutay, ABC NEWS (2022, February 16). Facebook parent Meta settles decade-old data-privacy lawsuit. Retrieved from https://abcnews.go.com/Technology/wireStory/facebook-parent-meta-settles-decade-data-privacy-lawsuit-82906511
Clare Duffy, CNN Business (2022, February 15). Meta agrees to pay $90 million to settle lawsuit over Facebook tracking users’ online activity. Retrieved from https://edition.cnn.com/2022/02/15/tech/facebook-internet-tracking-settlement/index.html
David Cassilo (2019, July 02). Privacy violations and mobile streaming video: examining organizational social media policies and Antonio Brown’s Facebook live stream. Pages 235-251. Retrieved from https://www-tandfonline-com.ezproxy.library.sydney.edu.au/doi/full/10.1080/17430437.2019.1634692
Flew, Terry (2021) Regulating Platforms. Cambridge: Polity, pp. 72-79.
Lily Hay Newman (2021, April 06) What Really Caused Facebook’s 500M-User Data Leak? Retrieved from https://www.wired.com/story/facebook-data-leak-500-million-users-phone-numbers/
Marissa Lang, San Francisco Chronicle (2017). There is No Such Thing as True Privacy in the Digital Age. Retrieved from https://www.govtech.com/security/there-is-no-such-thing-as-true-privacy-in-the-digital-age.html
Melissa Jacobs (2017, January 16) Week Under Review: Antonio Brown shows off self-obsession in foolish Facebook Live. Retrieved from https://www.si.com/nfl/2017/01/16/pittsburgh-steelers-antonio-brown-facebook-live-week-under-review
Pedro Pinto, Romeu Lages & Manuel Au-Yong-Oliveira (2020, June 08). Web Cookies: Is There a Trade-off Between Website Efficiency and User Privacy? Volume 1160. Retrieved from https://link-springer-com.ezproxy.library.sydney.edu.au/chapter/10.1007/978-3-030-45691-7_67
Simeon de Brouwer (2020). Privacy self-management and the issue of privacy externalities: of thwarted expectations, and harmful exploitation. 9(4), DOI: 10.14763/2020.4.1537. Retrieved from https://policyreview.info/articles/analysis/privacy-self-management-and-issue-privacy-externalities-thwarted-expectations-and
Associated Press in New York, The Guardian (2021, April 05) Facebook data leak: details from 533 million users found on website for hackers. Retrieved from https://www.theguardian.com/technology/2021/apr/03/500-million-facebook-users-website-hackers
