By Alma Anonas-Carpio
First of three parts
In an age where victim-blaming is no longer acceptable, it takes more than a casually-tossed “caveat emptor (buyer beware in Latin)” to deal with the problems presented by things like—oh, the Cambridge Analytica data breach.
Any data breach where private user information finds its way into the hands of people who use it in way the user is neither privy to or approving of is always a serious matter.
There is no such thing as a perfect digital system. There are no systems without exploitable flaws when you are talking of the realm of arcana known as information technology.
The IT industry thrives on disruption, innovation, changeable norms. This industry, and the products and tools it puts in ordinary people’s hands, is extremely flexible and what Facebook was when it was created in a dorm room by Mark Zuckerberg and his friends is not what Facebook is now—a publicly-listed company serving two billion users globally.
Sure, Zuckerberg has said that “there will always be a version of Facebook that is free.” But you can’t give something out for free unless you can underwrite the costs of doing so.
In Facebook’s case, that’s the cost of salaries for its employees, operating its datacenters and paying the utilities like any other business. In order to be able to give out freebies that cost money to create and share, one has to have income to support and sustain the activity of giving these freebies out.
One of the income streams for Facebook is advertising. Web-based think-tank Business Insider broke down Facebook’s advertising income “generated per monthly active user across the globe in 2017 (excluding revenue generated from Instagram and WhatsApp)” this way: United States and Canada – $82.44 [per user]; Europe – $26.94 [per user]; Asia-Pacific – $8.86 [per user]; Rest of World – $6.15 [per user]; Worldwide – $19.84 [per user].
Does the data breach allegedly leveraged by Cambridge Analytica affect Filipinos? In a sense, it may.
Newly-resigned Cambridge Analytica CEO Alexander Nix allegedly offered his company’s services to the campaign of former Davao City Mayor, now President, Rodrigo Duterte. That much is documented by the National Press Club of the Philippines and journalists who covered a press forum hosted by the NPC on this three years ago.
Former NPC president, now Presidential Communications and Operations Office (PCOO) undersecretary Joel Sy Egco has said that the NPC did host Nix and Cambridge Analytica. Egco, however, also told journalists that Nix’s company had nothing to do with Duterte’s presidential campaign.
Meanwhile, the National Privacy Commission (NPC) met with Facebook officials over reports of a massive data breach involving British consultancy firm Cambridge Analytica.
NPC commissioner Raymund Liboro has said that “Facebook told the NPC that 558 Filipino users installed Aleksandr Kogan’s personality quiz app, through which personal data may have been improperly shared with Cambridge Analytica.”
Based on this data, Liboro said, “1,175,312 more Filipinos may have been subsequently affected via sharing, making the Philippines the second most affected country in terms of total number of data subjects.”
Data released by Facebook showed the Philippines ranked second in terms of the number of users affected by the data breach, next to the United States with the data of 70 million users compromised.
Reports also surfaced that Cambridge Analytica’s parent company SCL (Strategic Communications Laboratories) was involved in the Philippine presidential elections in 2016, although it was unclear if the illegally harvested data was used.
Liboro said the NPC will continue to look into the matter to ensure that no further harm is done to data subjects, adding that Facebook will be asked to shed more light on the matter and explain further its privacy policies and practices, saying the public will be involved in the discussions.
Affected users in other countries number 1.2 million in the Philippines and more than one million each in Indonesia and Britain, 790,000 in Mexico, 622,000 in Canada, 562,000 in India, 443,000 in Brazil, 427,000 in Vietnam, and 311,000 in Australia.
He said he would also like to know if the data of more Filipino FB users were compromised.
The NPC has warned the public to be circumspect in using the platform and exercise online personal vigilance. “Users should minimize the personal information they share online and maximize the use of existing privacy protection features and tools,” Liboro said. “We encourage the public to exercise a new level of care about their privacy and to take part in forming the future of Facebook in the country.”
WHY BREACHES MATTER
In the Philippines, the Facebook data breach comes just over two years after a massive data breach in which hackers hijacked the data of some 55 million registered voters from the data servers of the Commission on Elections (Comelec)—including data on voters’ gun licenses and permits to carry firearms, home addresses and identity data.
We aren’t strangers to such violations of our privacy or thefts of the body of information that makes up our identities. This does not mean it is okay. What it means is that the people and organizations holding these data should be held to account for the breach of trust: We entrust these data to them for specific purposes—purposes that persons hijacking, scraping or data-mining the information are unlikely to cleave to or respect.
The PC Magazine Encyclopedia defines data scraping this way: “Extracting data from output sent to the screen or printer rather than from the original files or databases.
Scraping is a way to obtain data from any source without having access to the original file, but only at the time it is being printed or displayed. Scraping differs from capturing the screen. A screen capture creates an image of the screen, whereas scraping extracts the actual text.”
Scraping is also defined by the magazine as “[e]xtracting email addresses or other data from websites or search engine results. The data may be sold to spammers or criminals, or it may be reorganized and presented on a website along with ads to derive income.”
Data mining is defined by the publication this way: “Exploring and analyzing detailed business transactions. It implies ‘digging through tons of data’ to uncover patterns and relationships contained within the business activity and history.
Data mining can be done manually by slicing and dicing the data until a pattern becomes obvious. Or, it can be done with programs that analyze the data automatically.
Data mining has become an important part of customer relationship management (CRM). In order to better understand customer behavior and preferences, businesses use data mining to wade through the huge amounts of information gathered via the Web.”
Such data have been sold on the Dark Web, the criminal underbelly of the internet where one can, if so inclined, buy bombs or trafficked humans. Identity data can be used to commit crimes and cover the tracks of the actual criminals with the identity of an unsuspecting patsy.
Information on users, their locations, their movements as tracked by the location services applications embedded in internet-connected mobile devices, their preferences and other data they may voluntarily put on social media can be scraped or mined for use by companies that specialize in analyzing these data to construct user or voter profiles that predict how they are likely to spend their money, or how they are likely to vote.
Yes, the digital world has its thieves, stalkers, and its conscienceless and exploitative shady characters, just like the physical world does.