How Cambridge Analytica got away with it Investigate Facebook

This is why GDPR had no minimum size of business or turnover, or exemptions for small businesses: a 10-person startup in Florida leaked data on 230 million people.

The rhetoric: Compliance will be too expensive for startups.
The reality: A startup that makes data compliance cheap for startups.

The Case for Investigating Facebook

Why I am calling on the Federal Trade Commission to investigate Facebook for violating antitrust laws.

Why I am calling on the Federal Trade Commission to investigate Facebook for violating antitrust laws.

@davidcicilline David N. Cicilline, a member of the House of Representatives, is chairman of the House Subcommittee on Antitrust, Commercial and Administrative Law.

Mr. Cicilline, a member of the House of Representatives from Rhode Island, is chairman of the House Subcommittee on Antitrust, Commercial and Administrative Law.

A year ago, the world learned that Facebook allowed a political consulting company called Cambridge Analytica to exploit the personal information of up to 87 million users, to obtain data that would help the company’s clients “fight a culture war” in America. Since then, a torrent of reports has revealed that the Cambridge Analytica scandal was part of a much broader pattern of misconduct by Facebook.

The commission has the authority to impose substantial fines on Facebook. Given that the corporation had more than $55 billion in revenue in 2018 alone, even a fine in the low billions of dollars will amount to a slap on the wrist, a mere cost of doing business. Moreover, because Facebook is a repeat offender, it is critical that the commission’s response is strong enough to prevent future violations. America’s laws are not suggestions.

When a company has repeatedly shown contempt for its legal commitments, the remedy must change how the company operates. Enforcement agencies can do this through deep reforms of the company’s structure. This includes removing members of the company’s board, or even top executives, along with other changes to the company’s business model to address dysfunction at the top.

Facebook recently announced plans to merge Instagram, WhatsApp and Facebook into one integrated product, furthering its monopoly power.

–//–

 

Here’s What It’s Like to Accidentally Expose the Data of 230M People
https://www.wired.com/story/exactis-data-leak-fallout/

Exactis, the source of a leak of the personal records of nearly everyone in the United States.

The Exactis Data Breach: What Consumers Need to Know

By on Jun 28, 2018

There are data breaches, and then there are data breaches. For example, who could forget the Equifax data breach, which compromised the personal information of over half of the citizens of the United States? And now, a breach of similar magnitude has emerged, as a security researcher has discovered that marketing firm Exactis’ database was sitting on a publicly accessible server. Specifically, there were two versions of the database exposed online, each with around 340 million records—roughly two-thirds on consumers and the rest on businesses.

So how did Exactis have this much data in the first place? The Florida-based marketing firm collects and trades consumer data in order to refine the accuracy of targeted ads. Which is precisely what makes this breach so crucial, as the information exposed is highly personal. The leaked data includes people’s phone numbers, home and email addresses, interests, and the number, age, and gender of their children. As of now, credit card information and Social Security numbers don’t appear to have been leaked.

The behavioral data involved in this leak, alongside the personal information, makes this breach particularly concerning because of how this information can be used by cybercriminals to improve the success of socially engineered attacks. For instance, crooks can use such personal information in phishing attacks over email or social media. Now, cybercriminals can enact highly personalized attacks against consumers, who will already be faced with potentially fraudulent activity against their names.