With GDPR implementation looming in Europe, Facebook picked an awkward time to have a major data incident. Nevertheless, previously planned changes to their platform are moving forward. European users are now starting to see these privacy policy updates for numerous services. Let’s just focus on Facebook for now, however. New consent flows and terms of service, with options pertaining to data collection, enabling facial recognition, etc.
The problems arise from the format and display of these new controls. To all appearances, Facebook makes the options to ‘Accept’ and click through extremely prominent. Far more so than the alternatives, to manage or opt out of specific settings. At every turn, the user is visually, psychologically encouraged to move along smoothly, with minimal friction. As Techcrunch highlights, any such resistance is met with more complicated controls. Basically, Facebook wants to make things annoying for you if you don’t want to agree to all their data collection and sharing terms, or outright delete your account.
Perhaps the most explicit example is the Terms of Service screen. There is a clear, vibrant ‘Accept’ button, but no ‘Reject’ in sight. Merely a ‘see your options’ link, which leads to more obfuscation.
It is disappointing, though not surprising, that even following such a massive scandal involving user data as Facebook has, the platform would remain so visibly hungry for all the data it can consume.
Especially when cybercriminals have taken, according to a new Bromium report, to emulating platform services themselves to facilitate their efforts. This has led to $1.5 trillion in criminal revenue, comprised of online markets, IP theft and ransomware, to name a few. These funds are then spent, laundered, and reinvested for further criminal activity. It’s a booming underground economy.
Nowadays, however, the lines between the digital and the real are intensively blurring, using online platforms as tools. The study found that the funds reinvested towards future crime often go to expanding the operation and adapting to other areas of crime. In some cases, this meant drug production, and even human trafficking. One Dutch money laundering group, for example, was discovered to possess the ingredients for ecstasy.
Whenever an illicit enterprise grows large enough, as global cybercrime has, it begins to take the shape of the legitimate, and indeed to interact dynamically. Data is the ultimate commodity, and it has produced what Bromium CEO Gregory Webb terms the “platform criminality model.” Again, cybercriminals are using their online platforms as tools to “connect individuals with a service or product,” as described by Dr. Michael McGuire, senior lecturer in Criminology at the University of Surrey. In a way, they are turning their cybercrime operations into ‘platform capitalism’, a darker mirror of connecting services like Facebook.
Clearly, cyber criminals show no signs of slowing down. As their practices grow, it is imperative for supposedly legitimate platforms to exercise greater care of their user data. Not gobble it up then leave it vulnerable. Otherwise, well, we’ve seen to what numerous illicit purposes it can be leveraged.
It would also be nice if the Consumer Financial Protection Bureau didn’t have an acting director who publicly boasts about running a pay-to-play scheme, but hey.