US tech firms are going through a moment of reckoning in the wake of Facebook chief executive Mark Zuckerberg’s grilling by US lawmakers on the social network’s privacy and data practices, according to industry experts.
“The Facebook situation will be a wakeup call for companies that are working in the tech industry and dealing with data—which is really all companies these days,” said Fiona J. McEvoy, a tech ethics researcher at You the Data, a platform for discussing the societal impact of technology in San Francisco.
“Facebook provided an example to other companies, of which they should take heed. They have to have some knowledge of how other companies in their chain, be it data suppliers or customers, are using that data. It reminds me of the banking industry with ‘Know Your Customer’s Customer.’”
Against this backdrop, Ms McEvoy says that many companies in Silicon Valley are hiring ethical consultants. “They are already having conversations about how they can not only make sure their current systems better protect user privacy and autonomy, but how artificially intelligence systems they are using can have ethical alignment built in by design,” said Ms McEvoy.
Mr Zuckerberg testified before members of the US Senate and Congress after revelations that the political consulting firm UK-based Cambridge Analytica—a data mining firm used by the Donald Trump campaign in the last election—improperly harvested data of up to 87 million Facebook users.
Mr Zuckerberg said he’s willing to fix the problems in Facebook, even if that requires a substantial investment, and he acknowledged it is “inevitable that there will need to be some regulation.”
However, critics have expressed skepticism.
The ripple effects of Facebook’s situation reach well beyond the company, according to experts.
“Almost every company is doing what Facebook did. They just got caught,” said Eric Cole, chief executive of Secure Anchor Consulting, a cybersecurity consulting firm in Ashburn, Virginia that serves enterprise companies.
Problems like the one at Facebook are far from new, according to Seth Hardy, director of security research at Appthority, a mobile security firm based in San Francisco.
“It’s always been like this unfortunately,” said Mr Hardy. “People are starting to become more aware of what is going on with the ways collected data can be misused.”
What has made the public care more about the issue are headlines related to the last election, said experts.
“Linking it back to potential election influence is something that is hitting a note people really care about,” said Mr Hardy.
Currently, there are many invasive mobile apps in circulation that put individuals’ data at risk, noted Mr Hardy. Of more than 2 million iOS apps scanned by Appthority for a recent report, 24,000 openly asked users for access permission to deeper device functionality for advertising purposes.
“Mobile devices really are general purpose computers,” said Mr Hardy. “They also are really great surveillance devices. They have radios, a camera, a microphone and location tracking. They have very personal information available about you. Now that advertisers are realising they can use this information, they are getting more aggressive about how they use it.” It is also possible for attackers to use stored data, he adds.
In some cases, the developers who design apps that collect user data aren’t fully aware of how it is ultimately being disseminated, according to Mr Hardy.
“We’ve seen instances where developers’ apps are collecting and sending information to third parties and they are not even aware it’s happening,” said Mr Hardy. “They are using third-party advertising libraries that are very invasive.”
Some in the industry believe the developments at Facebook will lead to new regulation. Mr Cole said the EU’s General Data Protection Regulation (GDPR), which takes effect in May, will solve some of the problems the Facebook situation revealed. The GDPR, aimed at bringing stronger data protection and more data privacy for citizens of the EU, also has implications for US firms that have a presence there. Mr Zuckerberg told Congress that Facebook is planning to give its users - including those in the US and Canada - all new rights under GDPR.
“To me the regulation that really solves a lot of this is the GDPR,” said Mr Cole.
But not all tech industry professionals expect to see rapid change. Many business leaders have a false sense of security about the safety of the data they gather from customers and employees, according to Ed Correia, president and chief executive of Sagacent Technologies, a managed IT services firm in San Jose, California.
“Most business owners I talk to are focused on anything other than their data security,” said Mr Correia. “I’m hoping that the good that comes out of this is they are going to take their own security and the data they have in their own companies more seriously. My hope is that people will reflect on this and say, ‘Whoa! How are we protecting our data? How are we safeguarding the information of our clients? I have that responsibility, just like Facebook.’”
However, he adds: “It’s a huge responsibility and most don’t think that way.”