The Nature of Technology and the Threats it Poses to Privacy in the Digital Age
Introduction
The development of internet technology and related communication channels presents a major advancement of the modern society. Technology makes it easy for people to share information about themselves and others, there are growing concerns on the right to privacy. Privacy is a fundamental human right, and can be considered as the ability of a person or a group to protect their private life, private environment, and information about themselves (Romansky & Noninska 2020). Also, the right to privacy means that individuals have the right to be left alone, right to secrecy, ability to protect oneself from unwanted scrutiny by other, control over one’s intimate relationships, control over personal information, and protect of one’s individuality, personality, and dignity (Flew, 2022). Exercising this right means that individuals ought to have the ability to choose the parts about themselves, which can be accessed by others, and to control the manner, extent, and timing of such disclosure (Van Dijck et al., 2018). Indeed, the right to privacy is deeply enshrined in various laws and regulations, including the United Nations International Covenant on Civil and Political Rights (Flew, 2022), and for the digital age, updated European regulation has introduced the “right to be forgotten/to be erased” when it comes to digital platforms (Romansky & Noninska, 2020). Despite the increasing recognition of the need and right to privacy, the digital age poses unique challenges that threaten the ability of people to exercise the right.
More than ever, individuals and entities are exchanging data and information over digital tools. Indeed, this has led to the emergence of the concept of Personal Data Protection (PDP), which help guide the relations between the persons and the society as represented by companies as well as public and private organisation, and other subjects. In recognition of the increasing breadth of privacy, governments across the world have passed and adopted laws, predominantly, Privacy Acts, which provide code of rules for governments and entities in the collection, storage, usage, and dissemination of information about individuals or entities. Despite the widespread adoption of PDP regulations, the digital presents unique challenges that threaten the right to privacy (Flew, 2019). For instance, unauthorized access to information, authorized access, information security, gaps in enforcing PDPs, social computing, cloud computing, Internet of Things, and Big Data, all present unique threats and challenges to privacy in the digital age. This blog will present important case studies that reveal the above threats to privacy in digital age.
Case Studies of Privacy Rights Violations
Case Study 1: Facebook-Cambridge Analytica Scandal
One of the most prominent cases that reveals threat to privacy in the digital age is the Facebook- Cambridge Analytica Scandal. In 2018, Cambridge Analytica, a UK political consulting firm obtained data from Facebook that had been collected for academic research for academic research. The company accessed data of approximately 87 million Facebook users. The genesis of the problem started in 2013, when researchers at the University of Cambridge’s Psychometrics Centre collected data of volunteers through a personality test on Facebook to evaluate their “OCEAN” profile and correlated it with their Facebook activity, that is, shares and likes. The research showed that, a person’s OCEAN profile could be, to a high degree, correlated with their Facebook activities (Isaak & Hanna, 2018). The findings of this initial study led to further research, this time, initiated Global Science Research (GSR) in collaboration with Cambridge Analytica, with the aim of identifying the parameters necessary to develop users OCEAN profiles. In this study, the data was collected via personality quizzes posted on a survey platform known as Qualtrics and Amazon Mechanical Turk Platform. The quiz requires users to grant access to Facebook profile (See Figure 1), which the allowed GSR to collect user data through Facebook Open API (Isaak & Hanna, 2018). In this case, Cambridge Analytica gain access to the large amounts of users data. Through the data, the company was able to develop over 5,000 data points of more than 230 million Americans and other people across the world. Such data points allowed Cambridge Analytica to micro-target individual consumers with messages that could have an impact or influence on their behavior. When the scandal was revealed in 2018 by the Guardian and the New York Times, Facebook and Cambridge Analytica were found guilty, and later punished with Facebook paying a fine of $5 billion. The case of Facebook-Cambridge Analytica Scandal presents important insights into the threats to privacy that exist in the digital age.
Figure 1: How Third Parties Gain Access to One’s Facebook Profile (Kranz, 2018)
The major threat to privacy based on Facebook-Cambridge Analytica case is the authorized and unauthorized data access and usage. One of the major challenges towards ensuring privacy of user data on the internet is the access of data that users often give to various platforms(Yates & Whitford, 2020). Indeed, the business model of the digital businesses such as Facebook is driven by their acquisition and utilization of user data for monetary gain, including selling to third-parties. When signing up to use the digital platforms, the companies require uses to sign up to various terms of service that set the relationship for the engagement (Flew, 2022, Week 3-1 Notes). In such terms and conditions, users give digital platforms the right to use the data for commercial purposes, including their name, biographical data, and others. In many other cases, users agree to conditions without a clear understanding what kind of data is retained by the digital platforms and for what purposes it is used (Shahata, 2018). In what is referred to the privacy paradox, users behave as if they do not care about their privacy (Flew, 2022, Week 3-1 Notes). Hence, the kind of permissions, which users sign up for at their own accord, presents a major way through which digital platforms access authorized data, to use it whichever way they want. The above situation can be used to explain why Facebook, as digital platform that monetizes users’ data, allowed Cambridge Analytica to access private data. Importantly, clients undertook the various quizzes on a voluntary bases, and gave the platforms the permission to access their profile on the social media site.
Case Study 2: NSO Group and Government Sponsored Spyware
NSO Group is an Israel cyber security group which is famous for creating the Pegasus Spyware. The program, which can be remoted launched to targeted devices, and which does not require the input or permission of users to be installed on computer or a phone (Leander, 2021). Instead, it can be launched remoted and be used to collect personal data from targeted devices. The NSO Group, which is increasingly being referred to as the “hacker company for hire” attracts a huge clientele, especially government (Oxford Analytica, 2021). The Pegasus Spyware has been used by governments in Israel, UAE, and others, with the aim of targeting political rivals, journalists, and activists. Such trends, where spyware and hacking has become a weapon for the access of private data and information presents a major threat to privacy in digital age.
Figure 2: Protestors Against NSO outside the Company’s Headquarters in Tel Aviv. (Human Rights Watch, 2022)
The major threat that emerges from this case is that, as technology advances, cases of unauthorized access to private data has become common and widespread. Just like social media companies and other platforms seek to monetize user data, illegal and unauthorized entities are keen on accessing and using such data for their own ends, including spying on targets, accessing financial data that they can use to steal money from users, and even for marketing purposes. Based on this, across the world, individuals and even organizations are setting structures and development programs to hack and access user data from digital platforms. There have been numerous data hacking or breaching incidences, including Yahoo.com, whereby client data of approximately 3 billion users in 2013 was compromised (Trautman & Ormerod, 2016). Other incidences including hacking of twitter in 2018 that affect 330 million users, Marriot Hotels in 2018 affecting 500 million users, and many other incidences (Daswani & Elbayadi, 2021). Also, users do not realize the importance of privacy of their data, and as such, are quick to provide their personal data on a wide range of platforms, both secure and insecure, and thus increasing the likely of their private data and information being accessed by unauthorized persons. With multiple points of data entry, users increased get exposed to the challenges of Internet of Things (IoT), and thus increasing the avenues through which private data can be access. According to Mathew (2020), IoT means that consumers often have numerous devices and platforms through which they access the internet, and with each instance, they provide their private data. Consequently, the risk increases drastically, and this explains why there is growing and available private data on the internet.
Privacy Threats that You Might Encounter and How to Prevent Them
The digital era presents major threats that users often encounter when using the internet. One of the threats that users face is exploitation by third party platforms. When using some applications and third-party platforms on the internet such as quizzes or even when registering one platform, users are often asked to give permission for the apps to access their social media profiles. When users accept to give the applications permission on their profiles, for example, Facebook or Email profiles, the third-party platforms can collect important user details, which can be misused to the detriment of one’s privacy. Other threats arise from hacking that could arise from use of weak passwords or using similar passwords for different platforms, which means that when once platform is compromised, a user may lose so much data not only on the affected platforms but also in others that share the same password. Consequently, it is important for users to be very careful on the applications that they give permission to their profiles, and importantly, use secure passwords as well as different passwords for different online accounts that they own.
Suggestions for Third-Party Supervision Platforms
Third-party platforms present a major threat to privacy of internet users. Several measures can be put in place to help reduce the risk of such platforms becoming an avenue for the loss of the privacy rights of users. The first important measure is for digital platforms to restrict the kind of information that is shared or sold to them. For instance, it is advisable to only allow access to non-identifiable information of users. Here, internet platforms should not share personal information such as name, email, phone number, and home address, among others, which can be linked to a specific information. The second important suggestion is to ensure that third-party platforms to also be covered by privacy laws. Currently, privacy laws target companies that collect and store information, yet third-parties had been left to easily access that information without serious repercussions. Hence, having regulations to control the third-party platforms can help increase privacy rights protection of internet users.
Conclusion
The modern digital environment is characterized by increasing collection and storage of personal data over the internet. However, even with such usage of the internet, the right to privacy remains tantamount, yet it continues to be highly threatened. With digital technologies, the threats to privacy have become more complicated due to the nature of the digital technologies, their vulnerabilities, and other threats. Indeed, the case of Facebook-Cambridge Analytica and the NSO Group, present just a tip of the growing crisis in ensuring that users can enjoy their right to privacy when online. Some of the threats as discussed include authorized and unauthorized access, the nature of digital business as they collect and monetize user data, as well as, advancing technologies for hacking among others. Users also have a role to play in the increasing concerns for violation of right of privacy on the internet. In this case, users often accept or give permissions to numerous apps and platforms, and thus increasing the likelihood of their data getting exposed to malicious entities. Regulating third-party platforms as well as ensuring that only limited non-identifiable data is shared to such platforms can greatly protect privacy rights of users.
References
Daswani, N., & Elbayadi, M. (2021). Big Breaches: Cybersecurity Lessons for Everyone. Apress.
Flew, T. (2019). The platformized Internet: Issues for media law and policy. Available at SSRN 3395901.
Flew, T. (2021). Regulating Platforms. Cambridge.
Flew, T. (2022). Week 3-1 Notes: ARIN6902 Internet Cultures and Governance Week 3: Issues of Concern, Privacy, Security and Digital Rights. The University of Adelaide.
Human Rights Watch. (2022). Human Rights Watch Among Pegasus Spyware Targets. Retrieved 6 April 2022, from https://www.hrw.org/news/2022/01/26/human-rights-watch-among-pegasus-spyware-targets
Isaak, J., & Hanna, M. J. (2018). User Data Privacy: Facebook, Cambridge Analytica, and Privacy Protection. Computer, 51(8), 56–59. doi:10.1109/mc.2018.3191268
Kranz, J. (2018). The Facebook/Cambridge Analytica Data Scandal, Visually Explained. Retrieved 6 April 2022, from https://overthinkgroup.com/facebook-cambridge-analytica/
Leander, A. (2021). Parsing Pegasus: An Infrastructural Approach to the Relationship between Technology and Swiss Security Politics. Swiss Political Science Review, 27(1), 205-213.
Mathew, L. A. (2020). Current Threats to Human Rights: Challenges in upholding justice. In Delivering Justice (pp. 184-205). Routledge India.
Oxford Analytica. (2021). US move against Israeli firm will not slow spyware use. Emerald Expert Briefings, (oxan-db).
Romansky, R. P., & Noninska, I. S. (2020). Challenges of the digital age for privacy and personal data protection. Mathematical Biosciences and Engineering, 17(5), 5288-5303.
Shahata, N. (2018, October). The Challenges, the Threats and Policy Implications to a Compromised Privacy and Security. In 2018 International Conference on Networking and Network Applications (NaNA) (pp. 314-317). IEEE.
Trautman, L. J., & Ormerod, P. C. (2016). Corporate directors’ and officers’ cybersecurity standard of care: The Yahoo data breach. Am. UL Rev., 66, 1231-
Van Dijck, J., Poell, T. & de Waal, M. (2018). The Platform Society. Oxford: Oxford University Press.
Yates, J., & Whitford, A. B. (2020). Regulation in an Era of Surveillance and Other Threats to Privacy. Available at SSRN 3705509.