Internet Storm Center Infocon Status

Search ISU Security

RSSSubscribe to the RSS Feed
ISU Information Security

The Social Media Privacy Landscape

Monday, April 23, 2018 10:04

Few people find themselves in a situation wondering “What is Facebook?” But, even fewer wonder “What is Facebook doing to protect my data?” That was likely true, until the recent revelation that Cambridge Analytica, a political firm, was given access to the private information of more than 50 million Facebook users. This event has dominated headlines for the past few weeks and has forced many social media users to ask more than a few questions about the privacy of their data, and what social media companies are doing to protect it.

Politics aside, it’s helpful to understand what happened. As mentioned, Cambridge Analytica gained access to the private information of more than 50 million Facebook users. Much of the controversy of this issue lies with the question: How?  In short, they were given the data by Facebook.  Researchers from Cambridge Analytica asked Facebook users to take a personality survey and download an app. The app then collected private information from the user and their friends, which would ultimately end up back in the hands of Cambridge Analytica. They would go on to perform analysis on the data for political purposes.

This was activity that Facebook permitted at the time. This is why the event is not classified as a “data breach” – Facebook knowingly and willingly gave the information away. Granted, this is activity that is no longer permitted on Facebook, but it illustrates the ever-changing social media privacy landscape. Buried somewhere in the terms of service presented to users is the acknowledgement that Facebook has a responsibility to protect its user’s private information. But, when the ToS are a mile long, how can Facebook be held appropriately responsible for not just a breach of data, but a breach of trust?

These are questions that were asked of Mark Zuckerberg, the CEO of Facebook, when he recently appeared in front of Congress. He was asked many questions, and gave many answers, but the crux of the argument stood firm: Is Facebook responsible for protecting its user’s data, and if so, can they be trusted to do so? Zuckerberg answered yes to both of these questions, which might not come as a surprise, and dedicated his company to doing better moving forward. In any case, it would seem that people have awoken to the idea of being skeptical of promises made by social media.