Worldwide fears regarding privacy breach by the global tech giants have come into limelight yet again after hundreds of millions of phone numbers linked to social media giant, Facebook have been found online along with details on name, gender and nationality of the individuals. The exposed server contained a massive database of more than 419 million records which is about one-sixth of the total Facebook user base, exposing the incompetent and irresponsible handling of the users’ personal data. The exposed database contained records of users from countries across the globe with 133 million records belonging to US based Facebook users, 18 million records of the UK based users and more than 50 million records of users in Vietnam.
Each exposed record contained personal data, that is, the user’s unique Facebook ID and the phone number listed on the account. The Facebook ID is a long, unique and public number that is associated to their account. It can be used to easily discern the username of the Facebook account holder. Since, the exposed server was not protected with a password, anyone could find and access the database which clearly compromised the personal data of a huge number of Facebook users.
It must be noted that until April last year, people could enter a person’s phone number to find that person on Facebook. The feature was discontinued after the Cambridge Analytics episode. Facebook’s chief technology officer, Mike Schroepfer, had himself written at that time, “Given the scale and sophistication of the activity we’ve seen, we believe most people on Facebook could have had their public profile scraped in this way.” Now, almost a year and a half after Facebook shut down that feature, the phone numbers of more than 400 million users, which is big proportion of all the Facebook users, has been found online. This is enough to send warning bells ringing about privacy concerns when it comes to processing and storage of data with the big tech giants.
It’s not only the irreponsible handling of the users’ privacy, but also the casual attitude of Facebook which is infuriating. A Facebook spokesperson said, “This dataset is old and appears to have information obtained before we made changes last year to remove people’s ability to find others using their phone numbers.” He also said, “The dataset has been taken down and we have seen no evidence that Facebook accounts were compromised.” Even if we were to accept the argument that the database might have been old, that does not by itself mean that the exposed details were redundant or fit to be compromised. Moreover, the contention that there is no evidence of the accounts being compromised also reeks of an irresponsible attitude. The very fact that the users’ data is capable of being exposed in the public domain and breach of their privacy is not just a figment of imagination, is unnerving. Moreover, some of the records also had the users’ name, gender and location by country- viz. personal details which do not change irrespective of their being old or new.
Only a couple of months ago, Facebook was slapped with a whopping $5 billion fine for a massive data breach. Last year, the Cambridge Analytica scandal had greatly marred the reputation of Facebook in concerning its users’ data securitty. In 2014, Facebook had introduced a quiz that invited users to find out their personality type. Along with collecting the data of those who undertook the quiz, the app had also collected the data of the friends of the users, which amounted to a total of 87 million people. It was claimed that some of the data had been sold to Cambridge Analytica, who used it for underhand purposes. Thereafter, Facebook had sent a notice to the people, informing them that their data had been breached. These repeated instances of data breach bring Facebook’s ineptitude at handling its massive database of users across the world to the fore.
The repeated instances of mass breaches in users’ personal data with Facebook calls for appropriate measures. There is a need for tighter regulation and accountability on the part of tech giants like Facebook and Twitter. India too must gear up itself for this fast emerging challenge. In such a situation, data localisation, viz. processing and storage of data within the specific border of the country where the data was generated, becomes crucial and the need of the hour. Currently, users’ data with the giant tech companies is either partly or completely stored outside India. With data localisation, this anamoly can be fixed that would help not only in safeguarding users’ privacy but also ensuring that due taxes are paid by these digital giants. In fact, as per an ET report published in December 2018, a senior government official said, “Who can the government tax? Any entity with presence here. Today, Facebook can offer all their services here without having a presence. They have subsidiaries here, but that do limited business.” This suggests that the Indian government is already aware of this issue and now it has been seeking data localisation for safeguarding the privacy of Indian social media users and also ensuring that the tech giants are taxed in an effective manner.