[Observer Network Comprehensive Report]
"I knew something would happen to you sooner or later."
Recently, Facebook has been involved in the biggest personal information disclosure storm in history. The news of the former staff of Cambridge Data Analysis Company put Facebook in a lot of trouble. After a period of silence, Facebook founder Zuckerberg finally came out to apologize.
There are indications that Facebook knew about data leakage before. Although it violated its own platform policy, Facebook did not take measures to protect the data and let the situation expand. In fact, as early as eight years ago, Apple founder Steve Jobs warned Zuckerberg to be careful and pay attention to protecting users’ privacy. It’s only a matter of time before Facebook gets to where it is today.
Facebook knew in advance but didn’t protect it.
According to the British "Financial Times" reported on March 30, Facebook had obtained a document and was told that an application software (APP) collected user data on a large scale, which might be sold to a third party, and there was a risk of leakage.
It is worth noting that it is this application that collects user data and leaks it to Cambridge Analytica, a data analysis company. The document is also the terms and conditions document of the second edition of the application software.
Observer. com previously reported that this application is called "this is your digital life" and was launched by Aleksandr Kogan, a professor of psychology at Cambridge University in the UK, in 2014.
The Financial Times reported that Facebook said that the first version of the policy of the application after its review claimed to be a "research program" and said that "users will know that these data will be carefully protected and will never be used for commercial purposes".
After that, the software was updated and the second edition of the terms and conditions document was submitted, which revealed that the application software would sell and transmit data.
However, because social networks automatically accept updates from applications, no employee of Facebook will see this version of the terms and conditions.
The British "Financial Times" said that it saw a copy of the document that Cogan submitted to Facebook.
In this document, Cogan’s Global Scientific Research Company lists the terms and conditions, which require users to allow them to collect information, including users’ likes, status updates and friends’ information on Facebook. According to the terms, the company will have the right to "edit, copy, disseminate, publish, transmit, join or merge into other databases, sell, authorize … and archive your published content and data".
Christopher Wylie, another whistleblower who used to work for Cambridge Analytica, pointed out that these terms and conditions are in conflict with Facebook’s own platform policy. He told the Financial Times that Facebook "didn’t actually take any measures to protect data".
Both sources questioned why Facebook allowed applications that clearly violated its rules to be released on its platform if it really cared about protecting privacy.
"At that time, many applications were collecting a large amount of data, including data collected from users’ friend networks. But Facebook didn’t take the initiative to ask or investigate where the data went, "Wylie said." For Facebook, this is a question about its existence: Do they want to be a data collection company or a user community? "
Cogan responded with "surprise" to being accused of violating Facebook policy.
Facebook said that when Cogan collected data in 2014, its policy prohibited application developers from selling, authorizing or buying any data obtained from Facebook or its services. The relevant terms and conditions also prohibit the application software from transmitting data to "any advertising network, data agency or other advertising or commercial related services".
At present, Zuckerberg, the founder and CEO of Facebook, has admitted that his company "made a mistake".
In order to regain users’ trust, on 28th, Facebook announced a set of new and more intuitive privacy control measures, including methods of downloading and deleting personal data and other shortcuts to control private information.
At the same time, Facebook has tightened the rules for application developers, and a series of changes will be made in the next few weeks. One of them is that advertisers are no longer allowed to use information from third-party data intermediaries for targeted advertising on the platform.
Jobs warned before his death, but Xiaozha didn’t listen.
The data scandal is not the first time for Facebook. Previously, it was involved in the 2016 US presidential election and the Brexit referendum.
Aside from political factors, from the technical level alone, this data leak presents different characteristics from the past.
According to Zhongxin. com, in 2007, a Facebook product tracked user information excessively, for which Zuckerberg apologized.
In 2010, Zuckerberg once again admitted that Facebook had privacy problems and adjusted its settings.
In 2014, Facebook’s privacy issues reappeared and attracted attention in recent days.
In fact, as early as 2010, Steve Jobs, then CEO of Apple, tried to warn Zuckerberg about privacy.
At that time, Jobs attended the AllThingsD conference held by The Wall Street Journal to discuss the importance of privacy. At that time, Zuckerberg was sitting in the audience waiting for an interview.
Jobs pointed out that Apple will not let developers decide whether to warn users, but will use a pop-up window to warn users and let them know that an application is tracking them.
"Many people in Silicon Valley think that our views on privacy issues are really outdated," Jobs said in an interview. "Maybe so, but we are really worried about such issues."
According to the report, there are deeper reasons why Facebook didn’t do this like Apple.
In 2004, Zuckerberg founded Facebook at Harvard University. The rise of this social networking site has released two basic human needs: one is to express oneself, and the other is to establish connections with others.
In order to attract more users, in 2007, Facebook took the lead in opening the platform, opening the website users and relationship data to third-party software developers, so that third parties can develop applications running on Facebook websites.
This measure mobilized the enthusiasm of enterprises and software developers to participate in the construction of Facebook, enriched the applications on Facebook, attracted more users, and finally pushed Facebook into a virtuous circle of rapid growth.
Therefore, 2007 was a key turning point for Facebook, but it also laid a curse for the subsequent privacy issues.
Take this latest time as an example. When 50 million users used the application software, their information was obtained and used by Cambridge Analytica, a political data company, without knowing it. In this regard, software developer Cogan responded that he obtained these personal information with the consent of Facebook, and he was allowed to use it for commercial purposes.
Snowden, a former employee of the National Security Agency, said on social media: "In the past, companies that collected and sold personal privacy in order to make money were called’ monitoring companies’. Later, they changed their faces and repackaged them into’ social media’. "
In fact, as early as 2011, Facebook signed a consent order with the US Federal Trade Commission, which requires Facebook to clearly tell users how their data is being shared by third parties.
If found to violate this consent order, Facebook may face a fine of up to $40,000 per day for each illegal operation. At present, the US government has begun to investigate Facebook, and once it is found, it can be fined up to 2 trillion US dollars.
"It’s time for the industry to reflect"
Facebook is not the only company that cooperates with third parties to share user data.
Pei Zhiyong, president of 360 Enterprise Security Research Institute, said in an interview with the media: "Now many organizations, especially Internet companies, have collected a lot of user data. In order to maximize their commercial value, they will share the data with third parties more or less."
Pei Zhiyong pointed out that in this process, if the method is wrong or there is no awareness of security protection, user information will be leaked.
"We have all encountered what we searched online, and when we use another app that has nothing to do with the previous search engine, what we just searched will also be pushed with relevant advertisements. This is actually the sharing of data between different enterprises. The industry is called’ advertising alliance’ and many large Internet companies will have it. " Pei Zhiyong said, "Facebook is actually similar."
On 26th, Robin Li, chairman of Baidu, said at the China Development Forum that users in China are more open in personal privacy, and they are willing to trade privacy for convenience and efficiency to a certain extent, which triggered a heated debate. CCTV sent a reply, saying that even if the habit of domestic users, as Li Yanhong said, can give up privacy for efficiency, it is not that they are "willing" but "have to"!
In August last year, the Ministry of Industry and Information Technology announced the list of application software that detected and found problems, which showed that many softwares involved collecting and using users’ personal information and maliciously manipulating users’ mobile phones without users’ consent. Like many flashlight APPs, they request permission to make calls, read address books and location information, which has nothing to do with the services provided by the app. Driven by commercial interests, many people’s privacy has been stolen.
Zhongxin. com reported that there is one exception among global technology giants. Tim Cook, CEO of Apple, mentioned in an interview with the media that if Apple regards consumers as its own products and uses consumers to generate income, then Apple can make a lot of money, but Apple did not choose to do so.
Cook’s principle undoubtedly inherited Jobs. At that time, Jobs said, "Our views on privacy are always obviously different from those in other parts of Silicon Valley".
At present, Chuck Grassley, Chairman of the Judiciary Committee of the US Senate, has invited Zuckerberg to attend a hearing in the US Congress to discuss Facebook’s past and future policies on protecting and monitoring consumer data.
In addition, Sundar Pichai, CEO of Google, and Jack Dorsey, CEO of Twitter, were invited to attend the privacy hearing scheduled for April 10th.
According to a poll released by Reuters/Ipsos, only 41% of Americans believe that Facebook abides by American privacy laws, 66% of respondents believe in Amazon, and 62% believe in Google and 60% believe in Microsoft.
Cook pointed out that it is time for the industry to reflect and think about what to do next.
How not to use privacy for convenience?
In the Facebook incident, the leakage of user data is only the first step, and I am afraid that such a great impact still comes from the use of data by Cambridge Analytica.
Christopher Wylie, former head of data analysis at Cambridge Analytica, revealed that the company obtained the personal information of 50 million Facebook users through Cogan, including their activities such as posting on Facebook.
With the help of these first-hand information, the company has mastered the personal privacy of 50 million users, such as age, gender, race, address, telephone number, email address, personal preferences, family status, habits, scope of activities, tendencies, circle of friends and so on.
In other words, with the help of big data, "Cambridge Analysis" is equivalent to drawing an image for each user, and putting targeted advertisements according to each person’s characteristics, thus manipulating democratic elections.
Pei Zhiyong pointed out that Internet companies can make more accurate positioning through data mining of users, which is also the threshold to open the gap in service quality between enterprises. Data is equivalent to a high-value asset.
I have to say that people do get more convenience through big data, but must this be at the expense of personal privacy?
Li Haoke, an insider in Silicon Valley, pointed out in an interview with China News Service that there is a balance between privacy and convenience, but the technology of "differential privacy" is needed.
Li Haoke explained: "Companies that pay attention to users’ privacy will use this method to deal with big data, that is, inject noise into users’ personal data and activities, shield users’ identities, and then summarize massive anonymous data by analyzing a group of people. In the end, you can still see the statistical characteristics as a whole, but everyone’s information is not so obvious."
According to Zhongxin. com, Apple is the only large-scale technology company that has adopted this technology. Apple has invested a lot of money in building data mining tools that respect user privacy.
In the era of big data, when people pay more and more attention to personal privacy, they may be more inclined to choose products that focus on protecting users’ privacy. Rather than willing to exchange certain personal data for more convenient services.
As Cook said, privacy is a basic human right, and personal data should not be violated.