As a columnist writing about digital governance and data security, I sometimes wonder if my readers actually care about what happens to their online personal information. Amidst all of the recent headlines about cybercrime, data breaches and data exposure, it is hard to come to grips with what is actually at stake. These events seem far off and abstract, and the chance of it happening is so slim that it could never happen to you, right?
To some degree, this view is pretty accurate. According to Facebook’s second quarter earnings report that came out in July 2018, there were about 2.23 billion monthly average users of the social network. During the recent data security breach Facebook reported to its users this September, the company reset the access tokens for over 50 million affected accounts, as well as 40 million additional accounts as a precautionary measure. The 4 percent of users who did receive a security message should consider themselves unlucky, but on the whole they did not have much to worry about. As of now, Facebook reports that no private messaging was accessed, and no credit card information was stolen. Instead, hackers exploited a vulnerability in the social network developer’s application programming interfaces, which allows software developers to tap into Facebook’s data. The hackers stole information linked to a user’s profile page such as name, hometown and gender.
Although Facebook’s reputation suffered as a result of the incident, Facebook users like you and I walked away from the incident unscathed and ultimately indifferent. There wasn’t a renewal of the #deleteFacebook movement that drew so much attention after the Cambridge Analytica scandal, and the coverage on national news networks was overshadowed by updates on the Kavanaugh confirmation. That being said, there is a chance something like this could happen again, and affected users should consider themselves lucky — but not too lucky — it was not much worse.
Do you have personal information online hackers could use to steal your identity? The answer is probably overwhelmingly “yes,” and the fact is this actually happens all the time. The Identity Theft Resource Center reported there were 1,579 data breaches in 2017. In addition, about 14.2 million credit card numbers were exposed in 2017, an increase of 44.7 percent from the year prior, as well as around 158 million Social Security numbers exposed, an increase of over eight times the figure in 2016.
The numerous data breaches are alarming not only because of the sheer number of people affected, but also due to the high growth rate in the prevalence of such devastating events. Credit card fraud, which usually involves a single credit account, is serious, but identity theft can be much more damaging. When a hacker steals your identity, they can destroy your financial security by opening multiple lines of credit, ruining your credit score and making it nearly impossible to get a loan or apply for a new card. If you are still not convinced data breaches represent a real problem for society, then I have some unfortunate news that may hit close to home. In 2017, the state of Michigan was ranked number one for highest per capita rate of reported identity theft, with 151 complaints per 100,000 residents. If you seek a pleasant peninsula that protects your personal information, look elsewhere (perhaps Florida, which comes in second at 149 complaints per 100,000).
Do you care about democracy and the upcoming midterm elections? If so, data security is even more relevant to you. Last spring the country was inundated with news surrounding the political consulting firm Cambridge Analytica and its misuse of Facebook users’ personal information to influence the 2016 presidential election. The researchers at Cambridge Analytica used information gathered from a personality quiz to scrape private data from profiles of people who took the quiz as well as their friends. This data was then used to market sometimes racist, xenophobic and anti-immigrant messages directly to users based on their constructed psychological profile. Facebook permitted this, and has since shut the service down, but the fact that it was going on at all is cause for concern. The lack of understanding, oversight and control users have over their personal information is nothing but daunting.
Despite the massive imbalance between big tech companies and us, there are a few ways users can assert a bit more control over their digital presence. The first way is to write to your senator, congressman or elected official to do something about it. As of today, there is no single, overarching data protection legislation in the United States. Instead, data protection is regulated using a tangled web of state and federal laws, with the FTC primarily overseeing “unfair or deceptive practices” related to personal information. In response to recent data abuses by Silicon Valley, Senator Mark Warner, D-Va., is fighting vehemently for more stringent regulation for “information fiduciaries” who hold large amounts of user data.
There are also behavioral changes you can make to better secure your accounts. Create a strong, unique password for every new account you make, and change it now and then — wouldn’t it be disastrous if one hacked account led to all your accounts being hacked? Take the time to read security alerts. Research a good password manager that can help you stay organized and protect your information. In short, take whatever small steps you can to ensure what you put online is a little bit safer.
But all of that is up to you. The best case scenario is that you will never experience a hack and enjoy your time on the internet with no problems at all. The worst case scenario is that by 2040 quantum computers will break the internet as we know it and render all of our information totally unprotected. In the meantime, though, let us all make an effort to be more attentive towards our precious personal information so we can enjoy whatever time on the internet we have left.
Alexander Satola can be reached at apsatola@umich.edu.