Data Security of ESI
Social media privacy trust is easily and all too often not evaluated by users. Social media usage in its carefree, beach-like social setting, is all about people enjoying keeping up with friends and sharing life events and experiences with friends. However, it has become blatantly clear that by using the platform to share with friends, the platform adheres to a self-proclaimed right to collect information on your lifestyle, habits, activities, associations, the activities of your associations, and much more. Could this activity be in violation, oh, let say, of the Electronic Communications Privacy Act and the Stored Wire Electronic Communications Act (18 U.S.C. § 2510) aka (ECPA); or the Cyber Intelligence Sharing and Protection Act (CISPA); or the Computer Fraud and Abuse Act (CFAA); or the Trans Pacific-Partnership Agreement (TPP). The interplay of how social media user may have dictated its security settings or not have set, plays an important role in determining any violations. Each of these have their own operable concerns over the privacy of personal information of each social media user. Each of these also has the overhwelming concern for security of all for law enforcement and event preventions purposes, for the sake of public safety.
CISPA allows the collecting and share information that is deemed to be threatening, but outside of that, the dragnet of data collection may be a lot wider. CFAA prohibits the sharing and collection of private protected information. The collection must be done with a security reason and for the protection of rights. Whatever that means. What it means for all is that while one may think you have nothing to worry about because “I have nothing to hide,”as some say, privacy is deemed to have been violated regardless and that of your associations in some way. It is noteworthy that through the ECPA digital communications from Facebook, Twitter, Google+, and from public cloud providers can be obtained by issuing a subpoena.
The purpose driven effort of collecting data under the rubric of “cybersecurity” has no restricted goal when the very definition of a cyber threat is not distinguishable. One could ask, where is the trust? Are people being profiled in cyberspace? Are companies profiling users? These are delicate questions and these questions should be apolitical. These questions should be drawn to cause awareness of the state of all users’ privacy. To what extent can society be eventually controlled by social media giants controlling what users get to see and learn? These questions surpass the initial privacy concerns occurring from the Facebook insident. But the big picture does include those social concerns.
When social media platforms make money off your data of private personal information that it collects and shares, there should be concern. If the user is not concerned, this is not the time to be gullible. The problem with Facebook’s breach is that is occurred consistent with its policies. All access acquired by University of Cambridge professor, Aleksandr Krogan, which reached 50 million Facebook users and acquired a survey information from over 250,000 users, was consistent with Facebook’s protocol. The platform provided the professor with the users’ information who completed the survey. Gullible social media users be aware!
Callers seeking legal representation wanting to sue Facebook are massing up, wanting to be part of this perceived grand class action law suit. Think again. The nuance that is missed by many news watchers is that the sharing happened outside of the control of Facebook. The social media platform cannot be held responsible to monitor advertiser and developer use of the acquired personal data. A simple affirmance that data was not shared or that the data was destroyed is as far as it goes. Now, does that make social media users feel at peace? For those who think that they have nothing to hide and do not worry, but now are seeking legal counsel to try to be part of a class-action lawsuit, I say once again, think carefully. Facebook was reassured by third-parties that the data was destroyed, only to find out later that not all data was destroyed.
What users need to be aware of is that since 2014, Facebook has implemented user empowerment means to enhance user privacy. Essentially, the user, now, has more control as to what it chooses to be shared. If the user does not take the time to read the privacy protocol provided by Facebook, the adage applies, the gullible social media user be aware. Nevertheless, what is missing in the calculus of all this mess is that personal data is valuable in the hands of others that use it to leverage either for continued sales, advertising access, or data profiling for policy orientation and demographic assessments. The trust of social media users is indeed waning, reactionary, gullible or not. Most certainly, the users are now watchful and more aware that their privacy is waning.