Just this week, it was discovered that Facebook was storing millions of users’ unencrypted personal passwords on company servers, readable by thousands of employees. Unfortunately, this has not been Facebook’s only blunder regarding user privacy. Most notably, in March of last year, it was found that user data for about 50 million Facebook users had been obtained by Cambridge Analytica. Additionally, later that year in May, a bug turned users’ private posts to “public” without warning, and in June, a bug “unblocked” users previously blocked on over 800,000 accounts.
As a result of these mishaps, the Federal Trade Commission (FTC) began to investigate Facebook for potential privacy violations, which could lead to a fine worth billions of dollars. Some people are skeptical of Facebook and argue that Facebook does not have to invest in cybersecurity because, as a society, “we no longer care if our personal data is breached.” In fact, when news broke out regarding the unencrypted passwords, the news coverage lasted a few hours; by the following day, “it was all but over.” This is troublesome because Facebook is one of the five largest companies in the world (by valuation), and it dominates the social media app sphere as the owner of Facebook Messenger, Instagram, and WhatsApp.
Nevertheless, Facebook is taking steps toward protecting user privacy as they plan to integrate all three apps and encrypt all communications that can already be found on WhatsApp. Also, governments around the world have begun to form legislation in an attempt to protect users from privacy abuses. However, others are weary that legislation will not have its intended impact. Albert Gidari, Consulting Director of Privacy at Stanford’s Center for Internet and Society, believes that privacy laws are similar to environmental laws:
“True, we have cleaner air and cleaner water as a result of environmental law, but we also have made it lawful and built businesses around acceptable levels of pollution. Companies still lawfully dump arsenic in the water and belch volatile organic compound in the air. And we still get environmental catastrophes. So don’t expect today’s “Clean privacy Law” to eliminate data breaches or profiling or abuses.”
Ultimately, whether it is legislation, fines, or companies choosing to take action themselves, mistakes will still happen, and there will always be individuals trying to gain access to user data. So, for the time being, users beware.