简体中文
New York Times and a dozen main Western media outlets, a data firm Cambridge Analytica collected data of 50 million Facebook users, and might have used the leaked information to help Donald Trump win the US presidency. This is by far Facebook’s biggest data scandal ever, since its foundation in 2004.
From the angle of Critical Information Infrastructure Protection (CIIP), underlying this data scandal incident, a major security risk concerning the Facebook platform deserves our attention.
A Facebook Inc. advertisement is displayed on the back page of the Sunday Mirror newspaper in an arranged photograph in London, UK, on March 26, 2018. Facebook took out ads in US and UK Sunday newspapers apologizing for not doing more to prevent customer data leaks. /VCG Photo
In unifying all the similar definitions of Critical Information Infrastructures (CII) in different countries – namely: the US, Germany, UK, China – CII could be defined as this: they are so vital that the incapacity or destruction of such systems would have a debilitating impact on national security and societal functions. On the Facebook platform, the active daily data stands at more than two billion. Considering such a massive amount of data, once the platform is attacked, invaded, interfered, or even damaged, there would be severe consequences for the society and the nation. Of the seven million citizens in Hong Kong, five million are using Facebook. Therefore it is justified enough to regard Facebook as Critical Information Infrastructure.
In the common discussions about CII, most of the times, the focus is on its own security. But in recent Western media reports of Russia tossing various targeted political ads on social network platforms and resulting in certain influences upon the United States Presidential Election of 2016, there is nothing that could be accurately characterized as the Facebook platform (as CII) being attacked, invaded, interfered and even damaged – this sort of scenes concerning the security of CII. And this is exactly why in their response to the data scandal incident, the social network executives said that "it was not a data breach".
Elon Musk, the founder of Space X, deleted Tesla & SpaceX Facebook pages. /AFP Photo
However, Facebook has been maliciously employed, and this resulted in severe debilitating effects upon a broader environment. Facebook has received constant criticisms regarding its involvement in US Presidential Election. Many in the US think Russia is exploiting Facebook. According to media reports, through a third party, Russia has been purchasing political ads on the platform, and providing the ads to specific, targeted groups of people, to help Donald Trump win elections. We should note that: in the US, buying and releasing political ads is entirely legal. And Facebook’s primary means of revenue comes from ads to targeted groups of people, after collecting and analyzing users’ personal information. Therefore, executives at Facebook complained that their business model and contents of the political ads on the platform are both legal, the real problem is who purchased the ads. It means Facebook cannot establish censorship regarding the purchasers of the political ads.
For this data scandal case, in effect, when we look at the data held by Facebook – its security, confidentiality and integrity – these three properties are well-guaranteed by the platform. The real question is who exploited the data. Due to the common fact that the data resources of Critical Information Infrastructures will not remain dormant and sealed forever, similar issues will take place in the future, that is for sure.
In another word, the platform itself has no security risks, but it has been exploited,
causing a safety hazard – we have not been paying enough attention to this perspective, yet. As we gradually come to realize the looming reality that big data on Facebook and other dominant social network platforms worldwide is being exploited and even weaponized by external forces, starting to regard these platforms as Critical Information Infrastructures, and contemplating upon relevant governing measures, legislative and administrative combined – these might be the ultimate way out, of the data scandal, the data leakage, data breach, or whatever terminologies are given to this sort of incident concerning data security of the worldwide dominant social network platforms in this information era.
(CGTN)
