Privacy and Data in the News:

1) Facebook: In 2018, Facebook’s CEO and founder, Mark Zukerberg,  had to testify before a US House Commerce Committee to offer information about a UK based company, Cambridge Analytica, that had obtained Facebook data on over 80 million users. Cambridge Analytica used a 3rd party application to syphon user data as well as data of friends who used the application. While everything was legal according to the terms and conditions (which users rarely read), the usage of the collected data has been called into question. Facebook’s terms and conditions with it’s 3rd part application developers notes that data collected cannot be sold for target advertising and, in this case, it looks as though the data was sold to Cambridge Analytica from the app developer. Read about the data collection technique for targeted marketing:

• Over 80 Million Facebook users’ data compromised by survey app. (.pdf version)
• What data did Cambridge Analytica have access to? (.pdf version)
• What changes has Facebook enacted since (.pdf version)
• Shadow profiles still a problem at Facebook (.pdf version)

This is not Facebook’s first tango with questionable data practices. In 2011, the social media website was sued and had to pay $20 million in damages for using users’ profile pictures in advertising “Sponsored Stories”. Facebook was creating advertising stories and comments based on “likes” that people clicked on. For example, if a user liked the Pepsi Facebook page, then a featured story containing the user’s name could be created and sent to his/her friends telling them to buy Pepsi. Facebook has since updated their “Terms of Service” to include automatic consent for the business to use user content as they wish. Read more about the lawsuit here.

2) Edmodo: In May 2017, the educational service Edmodo was hacked and student and teacher data were reportedly sold on the dark web. This was the second data/privacy breech in the past year for the online classroom software. Earlier, Edmodo was found to be using targeted advertising software on its site. It was collecting student/teacher data and sending it off to a third party that was targeting ads to Edmodo users. Edmodo protested that the code used on its site was intended to attract teachers who were not using the platform but may express interest on other sites. However, the ad tracking seems to work in reverse, targeting Edmodo users.

• Edmodo hack and data breech (.pdf version)
• Targeted Advertising at Edmodo (.pdf version)
• Edmodo – purchased by NetDragon – April 2018 (.pdf version)

3) Microsoft: In early 2018, Microsoft appeared before the supreme court to argue that rulings about privacy need to be addressed by congress and not the department of Justice. This stems from a case where emails were subpoenaed from Microsoft for a user and Microsoft only handed over emails from the account that were stored on a US server. Other emails in the user account were stored on a server in Ireland, and Microsoft argues that the US Department of Justice cannot access those documents as they are physically located in another country.

• Microsoft argues data privacy case is one for congress to decide (.pdf version)

4) Google: In late 2015, many media outlets wrote about Google and its violation of the Student Privacy Pledge. In the pledge, Google agrees not to track student data; however, in early 2016, Google admitted to collecting student data through its Google Apps for Education (GAFE) services. Google did state that the data collection was not for marketing purposes; rather it was for the improvement of Google services. Read more about the media’s claim here and Google’s response here.

5) CelebGate: In 2014, it was discovered that over 600 people’s iCloud accounts had been hacked and personal photos (of many famous people in Hollywood) were released on to an image posting forum. The hackers used the “recover password” feature and answered security questions in order to gain access to many famous peoples’ accounts. This is another lesson in personal privacy – try not to use the same security questions for multiple websites and whenever possible create your own security password recovery questions. For many famous people, the name of the street they grew up on and their first pet are probably public knowledge. So make those security questions specific everyone – “The name you and your best friend gave to the knickknack you bought on vacation when you were 11.”

6) Internet Privacy Scandals: read about the 15 worst internet privacy scandals here.

How much is your personal data worth?

Click the picture to go to the website where you can watch a video about Canadians’ willingness to sell their personal data.