Why Privacy By Design Matters
As the chorus surrounding Facebook’s questionable data policies continues to reach a fever-pitch, users who boarded the #deletefacebook train have woken up to an uncomfortable truth: the social network holds far more information about them than they expected, including complete logs of incoming and outgoing calls and SMS messages. Also included in phone call metadata, collected only from Android devices, are the names, phone numbers, and the duration of each call made or received.
The #deletefacebook movement gained groundswell following revelations that Facebook had shared the personal information of 50 million users to a Cambridge psychologist Aleksandr Kogan for purposes of academic research without their explicit consent, who then passed it on to a British data analytics firm called Cambridge Analytica (in a “get rich quick” scheme) that used this harvested data to sway voter opinion during the 2016 U.S. presidential elections.
Since then, Facebook has had its stock price plummet by over 10 percent, its mass data collection practice called “the largest data-mining operation in existence,” forcing CEO Mark Zuckerberg to embark on an apology tour, while admitting there was a “breach of trust” between “Facebook and the people who share their data with us and expect us to protect it.”
Alarming as this might seem, it should ideally come as no shock to users, as you can surmise from Facebook’s nonchalant response to this data gathering practice (via Ars Technica): “The most important part of apps and services that help you make connections is to make it easy to find the people you want to connect with. So, the first time you sign in on your phone to a messaging or social app, it’s a widely used practice to begin by uploading your phone contacts.”
“Contact uploading is optional. People are expressly asked if they want to give permission to upload their contacts from their phone — it’s explained right there in the apps when you get started. People can delete previously uploaded information at any time and can find all the information available to them in their account and activity log from our Download Your Information tool.”
When anonymous feedback social network Sarahah was found to be surreptitiously uploading users’ contacts to its servers last year, the app’s developer rushed to defend the move, stating the upload was meant to be part of a now-defunct “find your friends” feature. As I wrote in my blog back then, “sharing your contacts on social networks is almost an ubiquitous practice today. I get it, it’s super convenient to find your friends this way, but with phone numbers quickly becoming the only user name that matters, it is that much more necessary to be prudent and think twice before sharing them. Because you are not only sharing yours, but your friends and families’ as well (irrespective of whether they wanted it or not) which are then harvested by social media platforms to create shadow profiles. Takeaway — Better be safe than sorry later!”
So, yes, what Facebook did was deliberately misleading and wrong: using uploaded contacts to recommend new friends, but also quietly sucking up your call history and other metadata for god-knows-what. But then it’s hardly a surprise for a company that has a long history of playing fast and loose with user privacy, and for a CEO who branded users who trusted him and his social network with their email addresses, pictures and other personal information as “dumb f**ks”. What instead we deserve is a platform that takes privacy seriously and encodes it into their design in a manner that instills transparency and trust.
A version of this story was first published here: https://therarefied.blogspot.com/2018/03/why-privacy-by-design-matters.html
