Internet users are demanding change from tech companies, and call on federal lawmakers to pass laws that will actually protect users from dangerous data breaches.
News broke Friday that a massive data breach has exposed the personal information of 50 million Facebook users to unknown actors. A company blog reports that nearly 90 million users were forced to log out out of their accounts as a security precaution and provided little detail on what personal information attackers were able to access. Digital rights group Fight for the Future has long demanded tech companies like Facebook minimize the amount of data they store on users, and is urging federal lawmakers to consider strict penalties and new liabilities for companies who fail to adopt technical safeguards for sensitive user data like those in California’s new privacy bill.
The news comes on the heels of multiple data breach scandals for Facebook, including a new SEC investigation into Facebook’s statements regarding Cambridge Analytica, and revelations that advertisers could target phone numbers used to enable two-factor authentication that makes online accounts more secure. In a press conference held Friday morning, VP of Product Management Guy Rosen stated the company is now working with the FBI and European data protection authorities as required under GDPR.
In response, Fight for the Future’s deputy director Evan Greer [pronouns: she/her] had this to say:
"Let’s make this perfectly clear: Facebook’s data harvesting business model just put fifty million people in danger. Rather than shoring up their security, companies like Facebook have been spending millions lobbying against real privacy and data security protections for Internet users. We need real laws that protect people, not ones that the companies write themselves behind closed doors. Companies need to minimize the amount of data they collect and be held accountable when they put people at risk. That’s the only thing that will prevent them from collecting this much data in the first place. The tech industry is facing a reckoning. It needs to change."
In April, Fight for the Future joined with other civil liberties organizations to launch the SecurityPledge.com campaign, which outlined concrete steps technology companies can take to ensure their products are not used to undermine democracy. Specifically, the pledge calls for companies to:
- Limit the amount of data they collect in the first place, and give users control over how it is shared.
- Offer end-to-end encryption by default to ensure that users’ communications are protected from corporate and government surveillance
- Provide users with full transparency about what data is collected, how it is used, and what measures are in place to prevent it from being abused.
- Support legislation and policy reforms that limit government access to user data except with a warrant and judicial oversight.
You can learn more about the campaign at https://SecurityPledge.com.