In the United States social networks are considered to be public spaces and any information shared there is covered under the so-called ‘third-party doctrine’, which means that users have no reasonable expectation of privacy regarding the data their service providers collect about them. Any data you post online in any format (regardless of privacy settings), or any data collected by the third parties with whom you may have an agreed-upon business relationship, is not considered private, yet many people willingly stream data and images to their ‘network’ in the mistaken belief that they are the only one who will see or have access to it.
In 2010, Eric Schmidt of Google said that the world produced as much information in two days as we did from the dawn of civilization until 2003. In 2014 it was estimated that each day the world creates 2.5 quintillion bytes of data, so much that 90 percent of the data in the world at that time was created in the previous two years. As of 2016, we produced as much information in 10 minutes as did the first 10,000 generations of human beings. There is no way humanly possible to monitor and protect all of that data. The more data, the more data breaches.
Facebook admitted in 2011 (when it had ‘just’ 500 million users) that more than 600,000 of its accounts were compromised every single day. Each of those security breaches could have been used for identity theft, criminal impersonation, tax fraud, health insurance scams, or a plethora of other possible criminal offenses. According to Facebook’s 2014 annual report, up to 11 percent of its accounts are fake, meaning more than 140 million accounts at that time. Any data we entrust to social media can be leaked to criminals, terrorists, or others.
It is estimated that at least 40 percent of social media users have been exposed to at least one form of malware, and more than 20 percent have had their social networking or e-mail account compromised or taken over by a third-party without permission. To better understand how simple it is for that to happen, if you happen to check your Facebook account at your local Starbucks while in the process sharing its network with 30 other people, and if one of them happens to be a hacker running a program called Firesheep, the hacker could use the plug-in to log in as you on your own Facebook account. Known as “sidejacking”, this happens all the time.
Cyber stalkers send unwanted e-mails, tweets and text messages, or spread rumors online. They easily obtain detailed information about their victims, such as home address and phone number.
With an estimated two-thirds of college-aged students engaging in ‘sexting’ (sharing sexually explicit SMS photographs via their phones), the scope for a problem continues to grow rapidly. In January 2017, Facebook had to assess nearly 54,000 potential cases of revenge pornography and “sextortion” for the month, disabling more than 14,000 accounts related to this type of sexual abuse, with 33 of the cases reviewed involving children.
Criminals no longer wait to see if your newspaper delivery has built up on your front doorstep before they target you for a burglary. Today, either they, or the data brokers they may use, scrape information from your social media for ‘lead generation’. Another way they target their future victims is via locational data in files posted online-the silently implanted metadata in photographs, videos and status updates shared by mobile devices, which reveal the date, time and GPS coordinates where photos and videos were taken, as well as the serial number of the phone or camera. The metadata is easily accessible by anyone who knows how to download a simple browser plug-in to access them. With any one of hundreds of free tools, your photos and videos can be made to appear on a Google Map that allows anyone to zoom in on the precise location where the picture was taken.
Social media platforms should build awareness regarding security precautions and information disclosure, so that users are encouraged to take more care and become more conscious about revealing their personal information in their profiles. Ideally, the platforms would embark on broadly-based educational campaigns and governments would do the same. Ultimately, however, it is incumbent upon social media users to do their part to take some basic precautions to protect themselves, and take the question of security more seriously. They are the first and last firewall, for it is they who decide what sites to go to and which links to click on.
*Daniel Wagner is author of the new book “Virtual Terror” and Managing Director of Risk Cooperative.