Facebook Succeeded In Killing Cybersecurity Like It Did Privacy
One of Facebook’s most notable successes over the past decade and a half is the way in which it has so completely upended how we see privacy, teaching an entire planet that privacy is an outdated concept of no relevance to our modern age. Today a quarter of the earth’s population hands their most intimate details over in realtime to a private company to commercialize. Most importantly, those two billion users no longer care when that company shares their data with myriad companies all over the world to misuse or when it loses their data through breach after breach after breach after breach. It seems that like privacy, Facebook has taught the world to no longer care about cybersecurity.
As Facebook acknowledged its latest security breach this week, this time affecting up to a quarter of its users and stretching back for half of the company’s existence, the company reminded us that all of its promises to do better after past breaches were merely empty words. Despite employing a literal private army to protect its own privacy and safety, the company appears to care little about the privacy or safety of its two billion users.
However, what makes the Facebook story so intriguing is the fact that despite a never-ending string of breach after breach after breach after breach, we don’t leave.
In fact, not only are users not leaving Facebook, but the platform is actually growing and reporting record profits after a year of almost weekly stories involving its ability to secure the private data of its users.
It is hard to imagine today in 2019 that there was once a time, long ago, that users actually cared about whether companies were keeping their information safe. Incredibly, there was a time when a company that kept suffering non-stop massive security breaches would likely go under as users left in droves and inundated the company with lawsuits.
Today each wave of press coverage documenting Facebook’s latest breach is met with a burst of indignant statements from politicians and the public, but after a few days things predictably go right back to normal, without a single change or consequence.
Facebook has learned over the years that it does not need to actually invest in cybersecurity because we as a society no longer care if our personal data is breached, whether by hackers or by Facebook itself building tools to help others harvest and misuse our information.
For all society’s empty words about security and safety being important, if we keep using the platforms that suffer breach after breach, those companies learn that we don’t actually care about our security anymore.
More to the point, as a society we have taught Facebook that it doesn’t need to bother investing in cybersecurity at all anymore because as a public we simply don’t care about our security. After all, if we did, we would stop entrusting more and more of our lives to Facebook.
Despite hundreds upon hundreds of millions of users having their passwords exposed to Facebook employees millions upon millions of times in the company’s latest breach, no-one is going to stop using Facebook.
There will be no mass exodus of users.
There will be no new laws or regulations.
There will be no meaningful fines or financial penalties.
There will be no consequences of any kind for the company.
In fact, looking at global online news coverage in the 65 languages monitored by the GDELT Project (times in UTC), the story lasted only a few hours. By the following day it was all but over.
It seems we have become so accustomed to Facebook security breaches that announcements of new breaches no longer shock us enough to last more than a few hours in the busy news cycle.
It seems even our search interest didn’t last long, with Google Trends suggesting worldwide English-language searches for the story similarly faded fast.
Facebook has trained our society to no longer care about the security or safety of our data.
This has tremendous ramifications looking to the future of our online security. As the single most influential social network worldwide, Facebook exercises immense influence over technology standards and the movement of industry.
As Facebook teaches society across the world to no longer care about cybersecurity, the world’s companies will recognize that their costly investments in securing their user data may no longer be necessary.
After all, why spend vast sums of money protecting your networks and databases when there is no penalty for the theft of user data and users don’t actually care anymore and are happy to continue using your products no matter how many times you expose their most intimate information or even passwords to the world?
Only financial data carries risk, so as long as credit card information is kept secure, the rest of a company’s data archives no longer seem to need protection if users don’t care if their data is stolen.
The alternative is that we do still care, but that Facebook has grown so powerful and all-encompassing that we simply have no alternative but to keep using it no matter what it does to our data.
Either way, it seems cybersecurity is less and less important to the public as Facebook continues to reprogram society to accept a security-less future.
Putting this all together, perhaps it is time as a society to collectively step back and ask why we have accepted breach after breach after breach after breach from Facebook without taking any action? If we still care about security, it is time to step forward and do something about it. If not, perhaps it is time to simply publicly acknowledge that cybersecurity is no longer of any importance and blindly leap into our new security-less digital future.