Data Security – issue of morality, business ethics, or inept governance?

In the murky world of numbers and big data, Pakistan, must not lag behind.

1
384

LAHORE: The global tech landscape is perpetually evolving. Some of the biggest and most influential companies in the world today were once technology-based startups operating out of garages. Companies are increasingly using technology to find solutions for people’s problems at a global scale. This has led to a tremendous surge in the number of startups which aim to solve issues such as lack of connectivity, information dissemination, transportation facilitation, healthcare, and even global warming.

Hand-held devices such as smartphones and tablets have made it easier for everyone to access information, use apps, and connect with people around the world. This jungle of technology, users, and their information has led to the global problem of data privacy and cybersecurity.

DATA PRIVACY AND MORALITY

When we download an app, we are asked (usually) to agree to a set of terms and conditions. These terms and conditions, which can be found on another page by clicking on a link, are commonly full of legal jargon, spread about on a number of pages. In a bid to install the app and use the services, we click on ‘yes’, and essentially agree to all the jargon within those pages.

Quite often, the company which has made an app, asks our permission to access or use our contacts list, access our media which includes pictures taken from the camera, and/or pictures, documents and videos received from contacts. These companies also ask our permission to provide all of the data they have on us, to other third-party companies.

For any individual, it might not matter if data is sparingly used by a tech-company which the individual logs on to on a daily basis. However, when the company starts to create profiles, based on users’ likes, dislikes, interests, hobbies, frequent searches, questions asked, people or celebrities followed etc., it allows for a very unique ‘moral’ issue that needs to be debated.

First, the company has a psychological profile on the individual, and can immediately categorize that individual. Categories can be anything from ‘interested in rock music’ or ‘lives in Europe’, ‘purchased iPhone accessories’, to ‘aged above 25’.

Secondly, the company can provide this data to other organisations which can use this data for their own benefit to generate greater profits or facilitate economic and political groups.

The perfect example of the above scenario is the Facebook and Cambridge Analytica scandal that shook the world last month. A story that rattled governments, rendered people to delete their Facebook accounts, and sent the media into a frenzy, clearly showing the world how a company could use user data to significantly influence world politics.

Ever since there have been calls from US authorities to regulate Facebook and clamp down on the rights of tech companies that require and use data from its users.

BUSINESS MODELS

Most tech companies generate their profits through revenues generated from advertisements.  Take Facebook, for example, a company which generated profits worth almost $4 billion last year. Facebook knows a lot about its users. It can immediately categorise its users to send out targeted advertisements.

Any entity, that wants to advertise its product or service on Facebook, pays Facebook to selectively target the right audience for the product or service, creating an extremely high probability that the user will be interested in buying that product or service.

The question is when a company’s business model is built around gathering key personal information from its users to help advertisers place ads and target the right audience, how can the government regulate a business which generates income for millions around the world? How does the user not get exploited? Which line of morality is too much to cross?

RECENT SECURITY BREACHES

Then there are other companies we give out our information to. Careem, for example, is a company that has its roots in the country and is massively popular; uses credit card information, personal phone numbers and addresses. Careem, on April 23, reported a cyber-security breach targeting its customers and captain’s data.

In the announcement, Careem explained what actually happened and said, “On January 14th of this year, we became aware that online criminals gained access to our computer systems which hold customer and captain account data. Customers and captains who have signed up with us since that date are not affected”.

Disclosing details after three months was poor practice on part of Careem, showing a lack of compliance in reporting this hack promptly. In the absence of data protection laws, users cannot ask companies for disclosures in Pakistan, and customers, unfortunately, remain at their mercy.

Media Matters for Democracy (MMD), and the Digital Rights Foundation (DRF), are some of the entities in Pakistan which are actively advocating for the rights of people online. Apart from the local news papers, MMD was another group that showed concern at the security breach at Careem.

On May 4, Twitter sent out an email recommending its users to change their passwords. “When you set a password for your Twitter account, we use technology that masks it so no one at the company can see it. We recently identified a bug that stored passwords unmasked in an internal log…out of an abundance of caution, we ask that you consider changing your password on all services where you’ve used this password…”

REGULATION IS KEY

Perhaps if the governments around the world had been strict at implementing stringent laws against cyber attacks, or lack of security measures taken by tech companies to protect data, users would feel safer sharing their data on the internet.

Yet, most of us would still give out our information to access the depth of services provided by tech giants such as Google, Facebook etc. Most of us would not be affected by the occasional breach of security. However, none of us would absolutely trust these companies to handle our data privately, or to not give it out to third-party entities.

Governments, regulatory bodies, digital rights, and consumer protection associations worldwide are trying to scrape out balanced policies that can allow tech companies to continue to operate, and guarantee greater or perhaps, ‘complete’ rights and access to users of their own information.

Users, in their respective countries, must push their governments to carve out policies which govern user’s right to their personal data. Governments must impose stringent regulations on companies which fail to protect people’s data from cybercriminals. Companies must employ experts to stop any data breaches or hacks on their systems.

In the murky world of numbers and big data, Pakistan, must not lag behind.