Facebook Privacy Failures and Opportunities

Facebook faces tremendous business risks from the upcoming EU’s GDPR privacy rules set to take effect in May.  This looming backdrop of a serious ‘reality’ check on Facebook comes on the heels of the past weekend revelations that a very controversial political consulting firm had improperly obtained personal data on 50 million Facebook users.  Trust me when I tell you – this is only the tip of the iceberg.

From what I gather, Facebook ‘is’ the Dark Web.  Do some deep digging down the rabbit hole of Facebook groups and their Messenger app and you’ll start to see what I’m talking about.  I’m not talking about Tor, I’m talking about a social gathering full of numerous really bad groups with various illegal activities occurring through social media communications within this platform – that’s another topic for another time.  Even our government is concerned with this tool as a recruiting platform for terrorism.  It’s a pretty serious matter.  However, let’s not forget that in the USA, you do have a right to free speech.  The problem is, you’re on a platform that is NOT-transparent as to who and what they decide will be allowed on or what they may or may not share.  That remains “proprietary.”  See here: https://en.wikipedia.org/wiki/Criticism_of_Facebook  and here: https://en.wikipedia.org/wiki/Terrorism_and_social_media.

More specifically, for this article, let’s just focus on this simple fact:  either Facebook will continue to lose customers and value by the billions, or they will realize that Privacy matters.  Let me solve a few key Facebook problems quickly for them, at no charge, while they meet with highly paid consultants who brainstorm on how to continue to steal your privacy, I mean garnish your demographics, but make you feel good about it.  That won’t work anymore.  Nor will nodding heads from Facebook executives sitting in on Congressional hearings.  GDPR from the European Union (EU) and the potential risks of lawsuits from the EU will keep the REAL pressure on about truly understanding the value of consumer PRIVACY.

Facebook is at a crossroads.  They have an opportunity to become a great trusted brand but it’s a very hard road for them to travel.  The enticements of spying on you are ingrained in their culture.  I will share two simple tips that could be leveraged as the BEGINNING of a TURNAROUND, else expect more value loss, loss of customers and potentially, US Government Regulations and Oversight that no company ever really wants to deal with.  Remember SOX-404 – that alone cost companies billions so they could prove they were not going to be the next Enron.  Facebook now faces a similar challenge – what is the true value of TRUST and PRIVACY?  They’ve lost billions overnight so that’s a good sign for how we value these two key issues.

When we think about strong privacy, as InfoSec professionals, we usually think about best practices in key management, encrypting customer records and complying with government regulations to guard this private information under HIPAA/HITECH or GLBA or the EU GDPR, for example. But have we stopped to think about and even cross correlate how strong privacy should permeate more than just customer records? What about your personal privacy? What about your telephone conversations, your emails, what you had for lunch today, where you travel each day, what web sites you visit, who your close friends are and even what you chose to do in your own home, even your bedroom?

By convenience, the internet has fostered a technological revolution the likes of which we have not seen in centuries. Humanity is that much closer but at the same time, there are dark forces using all of these interconnections to collect massive amounts of data, in real-time, all the time on all of us. From the SmartTV’s with built-in microphones and internet access over wifi, whereby their own privacy policy that you didn’t take time to read, clearly states that someone aka “the manufacturer” is listening in on you, in your own living room or bedroom.

We have to start talking about strong privacy and why it is good through the entire product lifecycle and inherently needed in the sourcing of hardware and software that make the internet work, in our PCs, smartphones, IoT gear – in everything we use.

On top of this we have the ongoing battle between Apple and the FBI in the name of National Security, which I’ve frequently talked and written about.

“National Security and safety for its citizens in any nation state, especially the US, is greater, when products from these countries are hardened, not weakened, containing no back-doors.”

So I will argue with you, now, that the Facebook app and their Messenger app is one giant piece of spyware that needs to be fixed.  In addition, as a social media tool, they go where the money or power is going.  If there is a gun law debate, they will blacklist groups like the NRA or others but allow funded advertisements for movies loaded with gun violence and some of our favorite and most popular video games.  If you live in Facebook, forget the Bill of Rights.  This is why there is a huge backlash right now.

FACEBOOK PROBLEM:  Advertisements are “fake news” and affecting voter outcome during elections.

Facebook advertisements allegedly brainwash you to change your vote.  The Russian government allegedly funded advertisements on Facebook for 100k USD or less and it totally changed your mind and brainwashed you.  Right?  While I strongly disagree with this claim (because I believe you are smarter than many of those you accidentally elected and trusted who want to help you by taking your rights away), it’s real simple.  Add some simple geotagging transparency to advertisement sources, if you really feel this is such a big problem.

MY SOLUTION:  Geotagging and Country Flag Icon

Geolocate the source of an Advertisement before approving it, add the country flag, alt-tag country name and link back to a map of the globe.  “This advertisement is linking to Russia (or USA, or China or hundreds of other countries of source)”.  Now you can’t be ‘brainwashed’ because you have a nation state flag to source the advertisement.

Moving onto the bigger issue, let’s take a quick trip in time.  It’s 1949, George Orwell just published his dystopian novel “1984,” he warned of a future world in which “Big Brother is Watching You”…Back to today – as the Snowden scandal and other CIA, NSA and FBI revelations have revealed government surveillance is omnipresent, covert and practiced on a global scale that Orwell might never have imagined.

It’s 1984, Apple Computer aired its historic TV commercial concluding that with the introduction of the Macintosh “you’ll see why 1984 won’t be like “1984”. Ironically, 34 years later, while Macs and other personal computers gave birth to the knowledge revolution that transformed how information is created and shared worldwide, in many ways…if you don’t understand why 2018 is “1984” you will never be able to understand why governments and hackers continue to have access to private information, nearly whenever they want it.

But Facebook is better at spying…I mean ‘gathering consumer analytics’ for ‘marketing and other various purposes.’  In fact, Apple asked them to stop calling the GPS function so frequently as it was draining the iPhone batteries!  Don’t believe me, just go here: https://tinyurl.com/facebook-battery-drain

FACEBOOK PROBLEM:  Facebook collects and sells tons of data on everyone.

We’ve heard the news.  Facebook knows more about you than the NSA and wants to sell YOU and your DATA as the PRODUCT to governments, consulting firms and advertisers.

MY SOLUTION:  An Independent Transparent PRIVACY COUNCIL for this company.

Facebook hires privacy experts ,forms an PRIVACY COUNCIL or PRIVACY ADVISORY BOARD and tells the truth about all their means and methods to obtain information.  Of course this council would recommend PRIVACY OPT-OUT options to be easily accessed by any consumer.  A wizard, a dashboard, a scanner – ‘here’s where and why we collect data on you (and others, including apps you gave permission to) and here’s how to opt out of EVERYTHING or granularly.

Most likely Facebook will continue to believe that owning all the data on everyone and selling it to the highest bidder is still the right business model, so I anticipate https://mewe.com/ and numerous others that PROMISE PRIVACY such as https://diasporafoundation.org/ or maybe LinkedIn which is mainly used for business purposes will take advantage of this huge VACUUM and fill it with a PRIVACY LINKEDIN that operates like MeWe or Diaspora Foundation?  LinkedIn is huge and promising.  They have the foundation but would their VP of Marketing agree with my views and philosophy that PRIVACY is a RIGHT and FREEDOM of SPEECH is also a RIGHT and that by offering a social media platform that values PRIVACY and FREE SPEECH, there are many other ways to monetize.  In fact, wouldn’t you pay $9.95 per month to NOT be a TOOL or a PRODUCT and stop being spied on while garnishing the benefits of Social Media and the Internet?  I would happily do so.  Would you?  How do you value TRUST and PRIVACY and FREE SPEECH?

by Gary S. Miliefsky, PUBLISHER
Cyber Defense Magazine

Facebook Privacy Failures and OpportunitiesGary is a frequent Keynote Speaker, dynamic panelist, our Publisher, a cyber-security expert and a frequent invited guest on national and international media commenting on mobile privacy, cyber security, cyber crime and cyber terrorism, also covered in both Forbes and Fortune Magazines. He has been extremely active in the INFOSEC arena, he is an active member of Phi Beta Cyber Society, an organization dedicated to helping high school students become cyber security professionals and ethical hackers. He founded and remains the Executive Producer of Cyber Defense Magazine. Miliefsky is a Founding Member of the US Department of Homeland Security, the National Information Security Group and the OVAL advisory board of MITRE responsible for the CVE Program. He also assisted the National Infrastructure Advisory Council (NIAC), which operates within the U.S. Department of Homeland Security, in their development of The National Strategy to Secure Cyberspace as well as the Center for the Study of Counter-Terrorism and Cyber Crime at Norwich University. Previously, Gary has been founder and/or inventor for technologies and corporations sold and licensed to Hexis Cyber, Intel/McAfee, IBM, Computer Associates and BlackBox Corporation. Gary is a member of ISC2.org and is a CISSP®.  Learn more about Gary, here: https://www.cybersecuritymediagroup.com/about-our-founder/

March 23, 2018

cyber defense awardsWe are in our 11th year, and Global InfoSec Awards are incredibly well received – helping build buzz, customer awareness, sales and marketing growth opportunities, investment opportunities and so much more.
Cyber Defense Awards

12th Anniversary Top InfoSec Innovator & Black Unicorn Awards for 2024 are now Open! Finalists Notified Before BlackHat USA 2024...