A lesson from the Facebook-Cambridge Analytica affair

Can you protect data against such uncontrolled leaks? We think so

It’s been out in across the media. The data of over 50 million Facebook accounts have been misused in direct violation of agreed terms between the Social Media giant and an ‘integrated’ third-party application.

A relook at what happened

Recode.net gives us the details. According to a report filed by Kurt Wagner: “When people use Facebook Login, though, they grant the app’s developer a range of information from their Facebook profile — things like their name, location, email or friends list. This is what happened in 2015, when a Cambridge University professor named Dr. Aleksandr Kogan created an app called ‘thisisyourdigitallife‘ that utilized Facebook’s login feature. Some 270,000 people used Facebook Login to create accounts and thus opted in to share personal profile data with Kogan.”

The crux of the issue is that the app the professor designed started ‘sharing’ Facebook account holders’ data with Cambridge Analytica, a political data analytics firm of Strategic Communication Laboratories (SCL). The social media platform strongly avows that this ‘data sharing’ was “against the company’s terms of service”. This means that developers are not allowed to “transfer any data that they would have received (including anonymous, aggregate, or derived data) to any ad network, data broker or other advertising or monetization-related service”. [1]

Could this have been averted?

We strongly believe that it could. Here’s why.

A report on firstpost.com says that in 2015 Facebook, “…learned that a psychology professor at the University of Cambridge named Dr. Aleksandr Kogan lied to us and violated our Platform Policies by passing data from an app that was using Facebook Login to SCL/Cambridge Analytica, a firm that does political, government and military work around the globe. He also passed that data to Christopher Wylie of Eunoia Technologies, Inc.” [2] So why didn’t they stop data from being shared beyond its defined permissible usage?

Imagine this happens to your organization

Well, it needn’t if you use strong data protection solutions that are beyond mere Data Loss Prevention (DLP). If you are an SAP user, there is good news. HALOCORE, from SECUDE, is a unique technology that protects intellectual property and other sensitive information extracted from SAP systems through classification, strong encryption, and fine-grained access policies. Thus, it empowers the user to define who should have access to sensitive documents downloaded from SAP and what action they can perform with them.

For more information about HALOCORE, visit the product page.

Even better! Are you visiting SAP Sapphire Now at Orlando, Florida from 5-7 June? We will be there too at our booth (#290) and would love to meet you. Visit our Events page for details and to fix an appointment.

Related reading

[1] Why reinvent the wheel? Leverage existing investments in data security with a difference

[2] What’s the penalty for losing a 100-million strong customer database?

[3] Do you have Microsoft Azure Information Protection? What stops you from using it?

Reference

[1] Here’s how Facebook allowed Cambridge Analytica to get data for 50 million users

[2] Facebook, Cambridge Analytica and the alleged ‘data breach’: Here’s all you need to know