#DeleteFacebook isn’t going to fix the problems of data security — here’s why

Understanding having control over your own data

Phoon Mei Hui
NUS Overseas Colleges Shanghai
5 min readMar 23, 2018

--

Written by: Phoon Mei Hui (NUS School of Economics Y4)

When our data is being stored with a centralised authority, it increases the chances of it being compromised and misused. When a multitude of data is being stored in a centralised server and controlled by a centralised authority, how our data is being transferred and processed are essentially black boxes which cannot be traced. The transparency and security of centralised data storage remain questionable.

As individuals, we have known this for a long time. We’ve known that user data has been compromised, exploited and threatened long before the Cambridge Analytica news broke. Have you ever wondered ‘how did conversations with friends on Whatsapp can quickly translate into advertisements banners you see while scrolling Facebook? You were talking about getting that Sony earbuds in a casual conversation and the next thing you know, a Facebook ad prompting you to buy the exact same earbuds appears.’. As consumers, we are unaware of how data is being shared between two seemingly independent but yet related social media platforms — it is illegal for Whatsapp to share data with its parent company Facebook. We’ve known that Facebook siphoned our private data, transferring value from individuals to institutions.

Can Facebook somehow fix itself this time? Afterall, their business model was based out of systematic exploitation of information, turning our personal data into ad slots. Calls to #DeleteFacebook have barely impacted user growth and most importantly, this effort is futile in rallying Facebook to return the ownership and control of personal data to individuals.

Users need to have ownership of their personal information within a decentralised system. When it comes to ‘decentralisation’, people will think that blockchain is the best bet — given that it is transparent, untamperable and has a distributed database secured by nodes all over the world. However, this is not the case for this ‘data crisis’.

Why blockchain can’t solve it either

There are of course elements that blockchain (or ‘DLT’) can solve if we look at its merits of bringing transparency and correctness to systems. For instance, blockchain allows us to trace whom Facebook is sharing our data with and for what purposes. However, it still sucks at providing data privacy — third party entities like Cambridge Analytica would still have accessed our data, our likes, and our network. With that, they could still profile us with all the information about us that is publicly available. They would have, similarly, find ways to engage in a psychological warfare, spread divisive messages and help conduct a misinformation campaign.

In other words, blockchains alone cannot give people the control over their own data.

Blockchain is amazing in providing the transparency we need for validation transactions, audits, and many other use cases where trust is an issue. But for data privacy, it is not the same case. Thus, the answer for data privacy is not blockchain — it is a distributed account system that includes a blockchain, where rights to personal data belongs to users themselves rather than a centralised service provider.

What is the true meaning of having control over your own personal data?

One million dollars for 50 million Facebook profiles — is our data really so cheap? As individuals, we are pissed because after all we spent so much time on social media (think of the amount of time you spend a day looking at memes), generating so much valuable data on their platforms so these commercial giants could mine all these data, profile us and sell everything about us to institutions — without our consent and not even remunerating us the financial reward we deserve?

There is a fundamental flaw in current business models for commercial giants (like Facebook and Google), because it is based on the exploitative nature of selling valuable privacy data without giving any financial rewards to the users. Moreover, selling without consent adds another layer to the issue — this is an act of stealing.

Having ownership of our data means that, when a third party entity wants to have access to my data, I have to give consent that my data can be used for whatever purpose that is being made transparent to me, as an owner. I need to also get back the value of my own data. When all these are fulfilled, an individual can truly control his own data. Blockchain can help with this: if a merchant wants to target you for advertising, you give consent that your data can be used by smart contracts that are developed for targeting. Whatever your data has been used for can all be traced on the distributed ledger.

Defining identity ‘I’

Most data about ourselves are generated and stored on the internet — through endless web surfing and scrolling through social media and therefore, this brings out the case of digital ownership. Put it simply, how do I identify myself on the internet? And how do I proof that I am the rightful owner of all the data I generated on the web?

In current centralized account system, end users need to register to get a distributed identity from a centralized service provider. This identity then authorizes the user to log in to the system to access the account. This highlights several issues:

  • Identity is fully controlled by centralised service provider and users can be denied access to accounts which belongs to them (eg. Facebook can ban users from access their accounts anytime and result in personal data loss)
  • All factual data and user persona generated by the user’s act can be obtained and exploited at no cost
  • When password is leaked or centralised service provider is hacked, our ‘identities’ are being compromised
  • Identities are not interoperable (my Facebook account cannot be used to access my information on Google)

In summary, identity ‘i” needed to authorise access in current centralized network is fully controlled by third parties and this again highlights the issues with data privacy in the current centralised account system.

Returning the value of identity to users

Therefore identities built on the central service providers are isolated, redundant, non-operable and insecure. We can see that identity, in a complete system, plays two roles:

  • get account system authorisation
  • access and operate the account system

The complete answer to the endless data breach is not blockchain, but rather a transparent and decentralised account management system to ensure that our digital identities (which can be understood as ‘private keys’ to our information online) cannot be tampered or compromised.

The solution is not to punish Facebook by boycotting it. It is to come up with better ideas to dis incentivise intermediaries who are holding on to our data from exploiting and misusing them.

To world peace and God bless.

Edit: SHEN Creative team

--

--