The massive corporate hacks just keep coming. Let’s embrace the good news — they’re shining a long-overdue spotlight on the real villains.
Facebook’s September data breach affecting 50 million users was child’s play compared to the 500 million accounts compromised by Marriott in November. Except Facebook has so many other things to apologize for this year — the latest phase in what Zeynep Tufekci refers to drily as Zuckerberg’s “14-year apology tour.”
Last week another screwup exposed photos stored by 7 million Facebook users in so-called “private” folders — Facebook’s answer to the wireless carrier’s “unlimited” data. Their PR lede: “We’re sorry this happened.”
Web destinations like to keep costs down, what business doesn’t. Unfortunately, that means cheaping out on security. American firms keep getting away with this outrageous corner-cutting since there are no serious, government-imposed consequences for lousy security, regardless of how many users have to suffer the inevitable result.
The lousy security could change. What isn’t gonna change any time soon is the ad-supported revenue model. It’s no secret monetizing user data on a vast scale by selling it to advertisers is what runs the Web. Unless you’re Facebook. It doesn’t want its 2.2 billion fans thinking they’re the product for sale to the highest bidder. So it explains away the $40 billion they made last year by simply denying they “sell” user data. Yes, it’s a cheap semantic ruse that has people fooled, many of them in Congress.
Numerous experts are offering advice on how to put a stop to this behavior. Most agree self-regulation, whatever that might look like, isn’t the way to go. Some form of action by the US government, whatever that might look like, is the popular talking point.
Tim Berners-Lee is “disappointed” with the state of the platform he invented (see World Wide Web). He suggests Facebook (and Google) may need to be broken up. Legal scholar Tim Wu — author of the just published book, The Curse of Bigness: Antitrust in the New Gilded Age — says breaking up Facebook wouldn’t be hard, starting with forcing it to divest WhatsApp and Instagram. Public interest lawyer Harold Feld has worked out a detailed proposal for regulating digital platforms that breaks free of outmoded antitrust assumptions.
Good luck to the lawyers. What do end-users want?
When bad things happened to us online, we used to assume the authors of our troubles were vandals or thieves — guys who’d rob your house if they were in the neighborhood. Then one morning we awoke to the troubling realization the enemy had taken up residence in our apps and bookmarks — the friendly firms providing our cherished social media pages and hotel rooms, among countless online goodies. Massive data breaches shifted perceptions.
Or did they? Have hundreds of data breaches heightened public awareness? And if so, can we be confident that heightened awareness will translate into a more prudent approach to life online? Let’s look at some findings in three survey reports from the Pew Research Center to get a sense of what users are thinking…
- Americans and Cybersecurity — Jan 2017
- News Use Across Social Media Platforms — Sept 2018
- Public Attitudes Toward Computer Algorithms — Nov 2018
First of all, it’s widely ackowledged consumers are less than diligent about protecting themselves online. In Pew’s 2017 survey (#1), 69% of online adults said they don’t worry about how secure their passwords are – more than double the share (30%) who said they do worry about password security. Even respondents who had experienced a data breach were no more likely than average to improve their passwords. Yes, some behaviors have changed — deleting cookies, installing VPNs and the like. But security fatigue still rules.
The 2nd Pew survey, released in September, focuses on one set of online activities — news consumption in social media.
Despite all the fake news and disinformation campaigns over the last couple of years, two-thirds of Americans say they at least occasionally get news on social media — virtually unchanged since 2017. The news leader by far is Facebook, where four-in-ten U.S. adults get news. These visitors aren’t going to their social hangouts for quality journalism. On the contrary, a clear majority (57%) say they expect the news they see on social media to be “largely inaccurate.”
Among Facebook newshounds, another majority (53%) say they don’t understand how their news feed works — why certain posts are included and others not. So if neither source nor accuracy counts, what does? That would be Silicon Valley’s gift, the path of least resistance:
“Asked what they like about the news experience on social media, more Americans mention ease of use than content. Convenience is by far the most commonly mentioned benefit (21%).”
What’s compromising our future isn’t just platform-operator malfeasance, lying, dirty tricks and security that should embarrass any self-respecting network engineer. It’s also convenience. Convenience kills.
Have your cake or eat it: choose one
In the 3rd Pew report, on attitudes to algorithms, clear majorities expressed concern about the use of automated decision-making in sensitive areas like compiling credit scores.
When it comes to social media, however, most respondents are fine having their personal data used to serve individually targeted content using algorithms. But they’re very picky about the particulars.
One question (graph above) asked when it was acceptable for social media sites to use personal data. At one end, “recommending events in your area” scored positively, with only 25% saying that would be “not very acceptable” or “not at all acceptable.” Recommending someone a respondent “might want to know” fared much less well: 43% said that would be not very or not at all acceptable. And the share of not acceptable responses rises to almost half (47%) when the activity is using personal data to show ads.
As with social media news, a majority of Americans have a low opinion of social media user content. Three out of four think the content posted on social media fails to provide an accurate picture of public opinion on “important issues.” Yet people continue to spend time on these platforms prowling through the detritus. Since 2016, the use of social media has leveled off but it has not dropped — with the exception of Instagram, which has been growing steadily, to the delight of its owner (that would be Facebook).
The troubling issue isn’t merely whether users are staying or leaving — though that’s plenty important. It’s the illusion some users harbor that they can have it both ways. They may see that their data, along with their privacy, is at risk of being stolen not once but twice — first by the platforms they live on, then by hackers. But they’re so hooked on the Valley’s core value proposition — we’re here to remove all effort from your life — that leaving isn’t an option. So adjustments need to be made to prevent crippling cognitive dissonance.
Yes, many are suspicious of algorithms, apparently without realizing they’re coded not to give users what they want — but to give operators and advertisers more time with visiting eyeballs. Users don’t get to pick and choose their algorithms, especially the algorithms that serve them targeted ads. Unless of course they’re prepared to give up “free.”
Even if the Valley culprits can be regulated, we can’t regulate deeply entrenched user expectations. We’ve given up control of our privacy, our decision-making, and our ability to understand how Silicon Valley pulled this off. We expected a huge return in convenience and we got it. Nobody’s going out to spend a grand on a new iPhone to have less convenience in their lives.
Privacy reformers would like to see end-users take meaningful control of their personal data — one of the aims of the EU’s General Data Protection Regulation or GDPR. Some would also like to see a regulated form of “algorithmic transparency.” These are worthy goals. But they presuppose active user learning and effort, not to say sacrifice. It’s difficult to see these goals being embraced by an online population that — so far — values convenience far ahead of security and ranks giving up control to unseen third parties as a gift.