With each passing year, we get more and more entrenched in technology. From the virtual classrooms that are rapidly permeating the ranks of school children to the virtual boardrooms that are making physical presence at work irrelevant, technology and its various applications to the real world are humanity’s greatest enablers. The proliferation of cheap internet in India has allowed the masses to reap benefits of the technology juggernaut as well. Agricultural markets and commodity prices are more accessible, basic healthcare and medicine are more readily available, and new paradigms of financial inclusion are being realised through technology.
The adoption of technology brings with it not only freedom and empowerment, but also a few serious setbacks. If 2018 has taught us anything about trusting Big Tech, it is that we can’t. The year has truly been an eye opener when it comes to matters of data security and data breaches. While not all incidents were conscious acts of malice, a lot of them can be attributed to negligence on the part of the custodians of our data. Let’s look at some of the major data breaches that caught the world’s attention in 2018:
Facebook data scandal
Perhaps the biggest event to flame the concerns of data privacy, the Facebook-Cambridge Analytica saga took centre stage in the tech and data security world in 2018. It began with a seemingly harmless Facebook app called “This Is Your Digital Life” which collected data of 300,000 users and their Facebook friends in a series of surveys and quizzes. The total number of people whose data Facebook finally collected ballooned to 50 million, or 87 million by some estimates. The data collected was sold to the political consulting firm Cambridge Analytica, which used the granular details on the users to influence voter perception ahead of the 2016 US Presidential elections. When this entire operation was uncovered in March 2018, there was a huge public uproar against these practices. As a result, Facebook CEO Mark Zuckerberg had to testify before the US Senate, and Facebook usage and trust have declined significantly since then.
Google+ data scandal
In another incident of a social media giant inadvertently exposing data of thousands of users, the private details of 500,000 Google+ were made public. This exposure was again a result of poor security policies for their third party application developers. Even though Google claims that no data was misused by any of the developers, it is concerning that Google chose to withhold the information of the breach. The outcome of this episode was that the already struggling Google+ platform received the final nail in its coffin, and was shut down unceremoniously.
Aadhaar data scandal
Closer home, the Aadhaar card serves as a conduit to avail many essential services offered by the Indian government. Linking the Aadhaar number to all financial instruments and documents had been made mandatory. However, trust in the Aadhaar initiative and the security measures put in place to safeguard sensitive information were greatly undermined in light of some data breaches that occurred in 2018. In fact, some reports have even suggested that Aadhaar data was on sale for a paltry sum of Rs 500.
Spectre and Meltdown
In January 2018, a research team within Google uncovered a CPU vulnerability that could potentially affect almost every computing device in the world. The three variants of this vulnerability were called Spectre and Meltdown. Though this vulnerability has not been exploited publicly yet, it poses a serious threat to any computer running on Intel, AMD or ARM processors, and built in the last 20 years. Data that was previously thought to be secure is in fact at the risk of getting leaked to unintended recipients. The technology industry has been aggressively applying patches to their servers to prevent these threats, but no one is sure right now if they are enough.
General Data Protection Regulation (GDPR)
2018 was not only about wake-up calls about Big Tech, but also prompted regulatory authorities to take action. One of the biggest steps in securing users’ privacy has been General Data Protection Regulation (GDPR). This is a new set of rules that companies that operate within Europe or that deal with European users must adhere to. In their own words, “The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years.” With this law, users can demand that companies reveal or delete data about them at any given point in time. As of now, this law only covers EU citizens. It is only a matter of time before other governing bodies around the world start demanding such levels of compliance from tech companies as well.
Google Chrome becomes more secure
Google Chrome is the most widely used browser in the world, and would thus make sense that it takes steps to ensure it is secure. As of July 2018, Google Chrome now indicates to its users when a website is not secure. An insecure website is one that does not have a certificate to validate its authenticity. A number of attacks called phishing attacks and man-in-the-middle attacks have stolen credit card numbers and user credentials on insecure websites. The new update now means that the user can make an educated decision before entering sensitive data into their browsers.
There is no doubt that for technology to propel us in to the next stage of progress, we have to factor in the social aspects too. A huge part of the social consideration is to engender trust with respect to data privacy among the users. As more revelations about the complicity of Big Tech in jeopardising user data and undermining democratic processes come through, 2019 will be a crucial year in determining the future course of data and user privacy.
Aditya Mani is a writing analyst at Qrius.