4 minutes
Private Data isn’t that Private
You might think that your private data is safe, but the truth is that it’s not as secure as you might think. In fact, some of the biggest names in tech, including Google and Facebook, have been caught misusing data. And it’s not just big tech – government agencies and private intelligence firms are also accessing your data.
Google engineer spying on an underage girl
In one of the earliest examples of data misuse, a Google engineer used his access to spy on an underage girl. He was fired, but this incident highlights how easy it is for someone with access to your data to abuse it.
Google has to fire dozens of employees
Vice reporting that Google fired dozens of employees for data misuse. Google confirmed that most violations were for mishandling confidential information by sharing it with outside sources.
Meta (formerly Facebook) employees were fired for data misuse
Meta has fired multiple employees for inappriately accessing data. The article mentions that most often the abuse is for stalking exes.
An unnamed employee said that Meta’s security team has a lot of access and secrecy to investigate cases. Abuse in the security team would be harder to detect.
An anecdote from that article
… in 2015, a Finnish music producer and DJ visited Facebook’s L.A. campus and watched as an engineer accessed his Facebook account without a password. In March, a Facebook employee told The Guardian “When you first get to Facebook you are shocked at the level of transparency. You are trusted with a lot of stuff you don’t need access to.”
In one reference, the article suggests that the mechanism to prevent abuse is similar to the age verification check on adult websites. A pop up appears asking the employee if they are using it for official work purposes with a yes and no button.
Meta Loopholes allow access to user passwords
In another disturbing revelation, it was discovered that Facebook stored up to 600 million user account passwords without encryption, viewable as plain text to tens of thousands of company employees. This would be a loophole that would allow Meta employees to access any of those accounts. And in many scenarios, a loophole is used to circumvent proper access controls.
Government agencies accessing private data
Snowden’s revelations revealed the NSA was harvesting user data. The NSA hacked into the databases kept at Google, Facebook, and Apple to access private information.
The FBI is allowed to search through NSA data without justification.
Whatsapp will respond to a request for data called a pen-register without a warrant.
There are loopholes in how the government shares data through Palantir. You can imagine loopholes like these appearing in a number of places.
CIA collects their own data on Americans. Similar to Meta, they also use a pop up to protect our rights.
The recommendations also said that when C.I.A. officials use an American’s identifier as a query term when searching the unspecified data, a box pops up to remind them that the search must have a foreign intelligence purpose. But the officials are not required to record what that purpose was
Private Intelligence Firms
Private intelligence firms will gather data by buying it in bulk or scraping it. They will then sell access to this data to the governemnt. There are less rules around accessing data hosted by private intelligence groups as opposed to data hosted by government groups like the NSA.
Private intelligence groups have no regulations. Most rules for the government’s law enforcement agencies do not apply to them. The restrictions for the government around investigations and sharing information do not apply. The Third Party Doctrine for private data makes it legal for anyone who owns the data to use it how they please.
No easy way to report harassment
Despite all of this, there’s no easy way to report harassment or data misuse. Meta and Google are notorious for ignoring consumer complaints, and government watchdogs don’t offer a way to report this abuse directly. The best option is to submit a cyberstalking complaint to the government’s cybercrime unit, but even then, there’s no guarantee of a response.
The bottom line is that your private data isn’t as private as you might think. It’s important to be aware of these risks and take steps to protect your data whenever possible.
“Working For The Butchers” to start reading evidence from my story