Cybercriminals were once shrouded in mystery. Faceless non-entities lurking in the murky environs of the darkest corners of the cyber underworld carrying out carefully planned phishing attacks and unleashing herds of Trojan horses into PCs.
Whilst phishing and hacking remains a lucrative pastime for many of the world wide web’s underlords, it seems that harvesting is quickly becoming the new buzz word on the cybersecurity block and cybercriminals are cutting a more corporate appearance.
In the wake of the latest tidal wave of data privacy breaches that have swept the globe is the revelation that they were carried out by well-known organisations that we have trusted and obligingly populated with our most private and sensitive information, preferences, and beliefs.
But more alarming has been the unwitting participation of millions of social media users in a worldwide data gathering experiment at the hands of companies that would make Orwell’s dystopian state of Oceania look vaguely tolerable.
How ironic then that the premise behind Cambridge Analytica’s audacious breach of millions of personal Facebook profiles was how it classified voters and targeted them by using the OCEAN technique – Openness, Conscientiousness, Extroversion, Agreeableness, and Neuroticism.
One of the long held arguments from the anti-social media movement – or maybe just those who would rather not bandy about their life stories online – is ‘what do you expect if you publicly post your personal updates on a platform the whole world can see?’
Of course, we have always known Big Brother was watching in some format or another, be it CCTV outside the local supermarket or the tracking and mapping of our daily debit card usage.
It seems in the modern world, where nearly a half of the global population owns a personal smartphone – a device that can rather disconcertingly and almost inexplicably predict our very whereabouts with the flicker of a traffic update to our proposed destination – none of us are truly immune to having our personal information scrutinised and scavenged by data hungry, corporate beasts.
Even if we aren’t fully active on social media ourselves, it seems that if our immediate connections are then it could make us fair game for having our information tapped into, downloaded, and used without our permission.
In the case of Cambridge Analytica it appears that the masses of data it gathered was neither permissible nor ethical and was used to socially engineer and, ultimately, influence millions.
Meanwhile, Facebook failed to protect its users by allowing the company to collect the data. So what can be done to preserve our privacy amid the unending stream of information that we have managed, either willingly or involuntarily, to post on the internet?
The introduction of the European General Data Protection Regulation (GDPR) in May will bring into force tougher and more stringent rules on the handling and storage of personal data.
Initially, Facebook indicated that the majority of its users will not be protected by GDPR, but Mark Zuckerberg quickly followed this up with an announcement that he intended for Facebook to make the same controls available everywhere, not just in Europe.
But will adjusting our settings be enough and will the company be globally implementing GDPR’s more pertinent rules for consent, data control and the right to know how our data is being used? Facebook says ‘yes’ and although rules outside Europe could cause conflict, it intends for GDPR to apply to everyone.
Meanwhile, the Information Commissioner’s Office – the British government’s privacy watchdog – has opened an inquiry into Cambridge Analytica and its use of data following allegations about its ties with the Leave.EU campaign and whether it, and similar companies, are a risk to voters’ rights.
Utilising personal data and associated algorithms to specifically target an individual is not a new concept and is perhaps one of the main reasons why Facebook has enjoyed such unrivalled success – it made $26.9billion dollars from direct advertising in 2016.
However, the unethical harvesting of millions of accounts to launch a series of politically charged snipers into the datasphere that hunted down specific personas to manipulate them is not only morally dubious, but potentially dangerous.
And whilst the companies themselves should be held accountable, what if they themselves became the subject of a cyberattack? Imagine how invaluable such data could be in the wrong hands and the endless opportunities for moulding and controlling global events.
Perhaps the most sinister and worrying thing about unauthorised data harvesting is the potential it has for manipulating outcomes through a method that could be considered as systematic brainwashing.
It’s this that could negatively affect the whole of humankind and cause catastrophic world-changing events. With this in mind, we should all be thinking more carefully than ever before about how we store our data and how we share information with each other.
Daren Oliver is the managing director of Fitzrovia IT.
Cover image by Pete Souza.