Ever since the Facebook data scandal hit headlines early this week, there has been a huge clamour demanding Facebook’s neck be put on the block. However, the company in its initial reaction dismissed that the incident didn’t qualify to be a data breach.
It’s defense, as tweeted by its Vice President, Andrew Bosworth:
"People chose to share their data with third party apps and if those third party apps did not follow the data agreements with us/users it is a violation. no systems were infiltrated, no passwords or information were stolen or hacked."
In another tweet (which was later deleted) Facebook Chief Security Officer, Alex Stamos said:
“The recent Cambridge Analytica stories by the NY Times and The Guardian are important and powerful, but it is incorrect to call this a 'breach' under any reasonable definition of the term."
"We can condemn this behavior while being accurate in our description of it."
(You can check the screenshots of the tweets here.)
One of India’s leading CISOs, Durga Prasad Dube, Senior Vice President at Reliance is in agreement. Dube, who heads the Cyber Security and Information Risk Management for India’s business group, in a chat with me ascertained that his personal views on the scenario is that it doesn’t qualify as a data breach. “This is a systemic problem which can happen with any social media and is known to every body. This is broadly an international data governance issue,” he said.
Earlier, he had also taken to Twitter to express his view on the incident:
“Surprising people call this as “Facebook leak”. Where is the leak? This was pretty much known.
Offering another perspective, an expert at JP Morgan Chase & Co, pointed out that it depends on what is classified as personal data. If it’s about user attributes, which is available elsewhere too, its difficult to classify it as a breach, as its difficult to conclude if those personal data was part of this breach.
Shivangi Nadkarni, an Indian privacy expert and Co-Founder and CEO at Arrka Consulting gives a different perspective as she points out that it is a leak, but not in the way that we typically perceive data leaks to be - in the sense, no 'attacker' has got hold of the data nor can it be classified as conventional 'cybercrime'.
The whole Facebook data scandal has exposed the fundamental problem plaguing the social media in general. Isn’t it a reality today that most of us have downloaded apps on our devices with unlimited access to our data. We often indiscriminately grant permissions to applications that we install without giving a second thought to the possible repercussions in the future.
“Isn’t this the same issue we all have with all entities we give our data to? How is Google/ LI/ Twitter any different? - For that purpose, how is any other organization - like say a Bank or a telco - any different? How is the Aadhaar ecosystem any different? What controls are put to prevent an external party from further sharing data that is legitimately shared with the party - beyond contractual and/or audits? Or putting laws in place?” explained Nadkarni.
“While Facebook or any of the above entities are not absolved of their accountability, this is an issue that is actually far beyond just a Facebook – specific one. This is just the tip of the iceberg. Now imagine this happening in India,” she added.
My Take: In conclusion, while this may not technically be a data breach but Facebook can’t escape its responsibility being the platform that brought the third party and the users together. And, Mark Zuckerberg’s apology and admission of mistake may be too little too late.
Subscribe to our newsletter for all the latest updates and special offers.
Click Here To view archive additions