Despite CEO Assurances, Facebook Data Mining Will Continue

About an hour into Facebook CEO Mark Zuckerberg’s two-day Congressional testimony last week regarding the Cambridge Analytical privacy scandal, Senator Lindsey Graham (R-SC) engaged in the following tête-à-tête with the tech titan:

Graham: “Why should we let you self-regulate?”

Zuckerberg: “I think the real question is what is the right regulation?”

Graham is a seasoned enough lawmaker to recognize an evasive answer when he hears one, but he let Zuckerberg off easy when the CEO assured Graham he would provide him with his own recommendations for regulations following the hearings.

Expecting Zuckerberg to help craft data-privacy laws makes about as much sense as asking Lindsey Graham to design a graph traversal algorithm, but this was how things play out when analog-era lawmakers question digital-era wunderkinds.

In the end Zuckerberg made a lot of promises about his company being a better digital custodian and how it will more strictly scrutinize third-party apps, but Facebook’s track record — like the track records of other Big Data merchants monetizing identity data — is dubious. Two days of questioning serves as a reminder that identity is simply too important to trust it to corporations or lawmakers.

Facebook Data Model: Harvesting Identity for Profit

As we pointed a few week ago, Facebook’s profits stem from the many ingenious ways it has developed to leverage seemingly-private data. The widely-publicized Cambridge Analytica scandal put Zuckerberg and these practices in the spotlight, but the company has been defending its data-sharing policies almost since its inception.

Why this particular episode captured so much attention is because of the outcome. Facebook allowed Cambridge Analytica’s app to scrape data from 87 million users — including, it turned out, Zuckerberg himself. This data was used to fuel a series of political ads that culminated in — or so Cambridge Analytica later bragged — the election of Donald Trump.

Facebook is not alone in its identity-for-profit business model. Many tech giants including Google, Uber, Twitter, Microsoft, Paypal (as well as many lesser-known companies) also profit by harvesting identity data. But, despite last week’s epic hearings, U.S. lawmakers have shown little interest in forcing tech companies to better protect consumers.

Are GDPR Regulations the Answer?

European lawmakers, on the other hand, did react to public discontent over data sharing two years ago.

In 2016, the EU crafted the General Data Protection Regulation, or GDPR, which takes effect next month.

GDPR is actually a smorgasbord of regulations intended to protect consumers from any Big Data companies doing business in the EU and harvesting identity data for profit. Among its features, GDPR forces companies to seek out consumer consent prior to sharing identity data with third parties. It also demands companies “mask” personally identifiable information (PII) so that it cannot be traced back to any one individual. Most significantly, GDPR enables consumers the right to delete PII as they see fit.

Facebook, Amazon and other U.S. companies doing business in Europe will have to abide by GDPR. One optimistic outcome of Zuckerberg’s recent testimony was his commitment to extend GDPR-like protections to U.S. Facebook users.

However there is little reason to believe Facebook or its business model will change. (He made similar promises in 2010.)

Self-Sovereign Identity is the Solution

At one point during the Congressional hearings, Sen. Orrin Hatch (R-UT) chastised his fellow lawmakers, reminding them Facebook users voluntarily surrender their identity information in exchange for free access to the social media platform.

He is right.

Facebook, Google and others generate revenue by collecting, analyzing and selling data. When eager social media users click “Agree” to the Terms of Service, they surrender control of their personal identity data.

Consumers make similar compromises everyday — both online and in the real world. They create and maintain an array of passwords to negotiate multiple websites. They also agree to carry fobs, keychain cards and government-issued ID cards to gain access to buildings and confirm who they are. Each transaction and interaction forces people to share or surrender their identities even for a moment.

But it’s different in the digital world: When we hand someone a government-issued ID, it rarely leaves our site. In a digital environment, we never know for sure how PII credentials are being used.

The solution to data scraping and identity theft doesn’t lie in Facebook or other data merchants enhancing their business model and it doesn’t lie in hoping politicians will sufficiently tighten regulations.

The solution lies in consumers taking control of their own identities and managing self-sovereign identities.

Blockchain technology can facilitate this. By leveraging an open, permissionless, and highly-secure, identity platform that resides on blockchain technology, it enables consumers to protect and manage their own identity. More importantly, it will serve as a singular, lifetime identity, one free of corporate or government interference. Plus it will replace the 130+ identities, passwords and logins the typical consumer is expected to manage.

Want to know how it works, visit lifeID.io to download our whitepaper.

Follow us on twitter: @lifeID_io