The "Tech Corner" will be a weekly blog about technology with a focus on cyber security as it relates to businesses in Prince Albert and the surrounding area. As business owners we are constantly bombarded with information about technology. This blog will help you sift through the news, ideas, and current goings on in the tech world and what it could mean to your organisation. At the end of the blog I will send you off with a small task for the week ahead. Who doesn't love homework? Ok, I was a teachers pet...
About me. I spent the better part of a decade writing software for various companies around the world. My most recent sojourn was in Germany. Before I got my start in developing software I was testing some of the largest IT system infrastructures in the world. This included security testing (penetration testing, audits...) these systems. My main interest is security, and my guilty hobby is fiddling with micro-controllers (which may pop up time-to-time in this blog)!
Now this weeks "post": I am little perplexed by the shock of the Cambridge Analytics security breach that involves Facebook. But no less upset of the loophole that was abused by a 3rd party than other users. That being said we trade our data for "free services" on regular basis; Twitter, Linkedin and others. Well as any good parent will tell you, nothing in life is free, this includes Facebook. This does not condone what happened. So what happened?
Well Facebook has an API (Application Programming Interface). What does that mean exactly? That means 3rd parties can tie into Facebook to utilise aspects of the application, like login; you will see "Sign in with Facebook" buttons on websites and apps on your mobile devices. But there is another aspect of this interface: Data.It is not that Facebook sells the developer the data, the company provides access to data which then can be used, in say, targeted advertising, or other such uses. When a 3rd party uses these data they must use the data in a reasonable manner and meet some criteria set out by Facebook.
Much of this is in developer docs and policy/privacy statements. In this case the developer/company in question took a loop hole in the Graph APIand commercialised it. According to Facebook, this was against their terms. They tried to shut down the practise, but then never followed up. And now, Mr. Zuckerberg is testifying in Washington. OK there is the issue of Russian influence, but the above was a large part of the current situation.
Let's back up for a sec. In the above case the developer made an app, grabbed peoples' responses and sold that data with profiles to others. As an example, let's say I write a quiz to find out if you like pickup trucks vs. small cars. Well, I now know you like one or the other, and because I know who you are on the platform (and most real people use real personal information), I can create a profile about you (from the API) and find out what makes a truck vs. car lover. Imagine how many dealerships and car manufactures would love to find out that information. It is a marketers dream. This is essentially what happened. It was a sneaky move, I
would even say brilliant, if people were aware of the fact, and that is where the problem is.
People often are ignorant to the implications of disclosing their personal information online. Users see an innocent quiz, others see a way to collect valuable data. Who will lie about loving one cat picture over the other? If people don't know people are watching, we tend to be more honest and don't succumb to the biases which often plague polls. That is why these innocuous little puzzles/quizzes are so effective. We don't expect to be duped by cute kittens, for example. So what does this all mean? Really? It means people will be more prudent, at least for a while until we forget and repeat. Many small businesses and others rely on the marketing potential of social media platforms.
The general public are already weary about advertisers. As consumers of data we must be honest, and clear - be forthcoming and transparent in how you use your users data. This goes for whether you utilize Facebook, or any other software applications. If you ask for data tell users/customers why you need that info. And if you do use your customers/users data don't abuse their trust in you. And make sure the data is secure and protected. It takes years to build trust, it only takes one lapse to ruin that trust.
Thanks for hanging in, the post was a longer than it will be normally. I will make sure to keep
posts between 250 - 500 words, unless there is an event/news that warrants a longer post. So now for your little task: Go read the policy statement on your Facebook company page. Find out what it says. Check what your security/privacy settings are for your Facebook page. While you are at it, check your personal
page! Bonus points if you have a privacy statement on your own website or application, make sure they are written clearly and cover in detail how your users' data may be used.
Until next week!