Scammers Could Use Private Data Harvested by Tech Giants for Phishing - Pundit

Apple CEO Tim Cook has spoken against personal data collection and praised the introduction of the European Union’s personal data legislation, or GDPR, which aims to give consumers control over what data they want shared via the internet.
Sputnik

Speaking at the 40th International Conference of Data Protection and Privacy Commissioners in Brussels, Tim Cook condemned the practice of personal data collection for better advertisement targeting.

He said: “Every day, billions of dollars change hands and countless decisions are made on the basis of our likes and dislikes, our friends and families, our relationships and conversations, our wishes and fears, our hopes and dreams.” Cook added that these scraps of data, each one harmless on its own, are carefully assembled, synthesized, traded and sold by what he called a “data industrial complex.”

All Private Data Collected by Tech Giants is Also Being Seen by Govt - Pundit
Sputnik has discussed Tim Cook’s statements with Kenneth Shak, a senior cybersecurity consultant at LGMS, a professional info security service firm from South Asia.

Sputnik: What is your thought about Tim Cook’s statements?

Kenneth Shak: Well, first of all, I would like to say that these are all my own and biased personal opinions. Now, in view of Tim Cook’s statements, I strongly agree with him.

I believe that there should be restrictions on how much, what can, and how can personal data be harvested or collected. Again, the key word here is “personal.” Every single person has the right to know where their data is going, how is it actually being used, when is it going to be used and how is it being gathered, and what is going be exposed. I am all for data security and privacy.

Google Says Private Data of Up to 500,000 Users Exposed Due to Security Bug
Sputnik: What is your take on the danger that we incur when these bits of personal information are harvested and then processed and sold?

Kenneth Shak: I believe this correlates to what Tim Cook said, that data was being weaponized against us. These little bits of data, which we share on the internet or anywhere, may seem harmless.

For example, our names, our telephone numbers, maybe for two-factor authentication, our addresses, may look harmless by [themselves], because this data is usually easily accessible. But if all these data are collected, even if it’s separate, through data harvesting it can be assembled and synthesized to an extent that it will be very useful to a lot of people. So, in some ways, it is actually data science.

Now, how these data are actually being used is very broad according to the objectives. What Tim Cook has said in context to it being weaponized is what we thought was harmless initially, has become a sort of weapon that could potentially harm or affect us. I’ll give an example: a phishing attempt to gather banking accounts or sensitive data can be carried out more effectively because the trap actors can actually use all this legitimate data to appear as someone that is legitimate, for example, bankers.

Hypocritical Privacy Regulation: Tech Giants Aim to Keep Earning on Ads - Pundit
So, this can actually help further convince the victims to provide even more sensitive information to the trap actor. Another way is to sell all this data to companies or individuals, on the dark web for money, for example; it can even be used for blackmailing. So, all this in turn will have some sort of negative impact on us. That’s the term for weaponizing.

Sputnik: Why do you think he was saying this at this point in time? Do you think he is talking about just Facebook and Google, or is he talking about other companies as well? Why at this point in time did he come out with this statement?

Kenneth Shak: In my point of view, I don’t think Tim Cook is referring just to Google or Facebook. It may seem like it because, well, you know recently Facebook had the huge data breach back in September. He may not be necessarily just be talking about both of them. I do believe it’s a general message to all companies out there.

I don’t think he chose this particular time to point this out. What I have noticed is that he actually placed even more importance and attention on data privacy and security since the FBI’s request to Apple to unlock the San Bernardino shooter’s iPhone. Apple’s refusal to unlock the iPhone shows both the good and the bad side of data privacy.

The good is that it actually further cemented their stand on privacy and the users can rest assured that they actually delivered on their promises. The bad, law enforcements cannot really get information to carry out their duties and a lot of malicious users will actually use this as an advantage.

Facebook Slammed for Allegedly Duping Users Into Allowing Access to Private Data
Sputnik: He also alluded to the fact that he thinks the GDPR, which was introduced by the European Union, is wonderful and he praised the EU for doing this, the Conference of Data Protection and Privacy Commissioners in Brussels. This is quite controversial, some people are saying that “yes it’s great; it gives consumers the power back over their data.” Others are saying “yes, but now you can’t even share photographs or images,” and a lot of things that people are used to doing online that seem relatively harmless. What are your thoughts? Is this the way to go or do you think that this is too stringent of a legislation?

Kenneth Shak: From what I can see is it’s the right step moving forward.

It depends on how you look at it. Maybe the people or companies that are complaining about the GDPR, maybe complaining about it affecting their business operations, perhaps; but from my point of view, the GDPR is a good step ahead.

It’s actually not really restricting the data, but it’s basically offering people that their data will be more transparent in the sense of where their consent must be taken. If there is a breach, they must report it within 72 hours.

About 29Mln Facebook Users' Data Hacked - Social Media Giant
Also, if you remember Instagram and Facebook, there was a time when you could not actually download your own data. So, because of GDPR, you can actually download your own data from your own account.

So, that is very good. Also users should have the rights to opt in or opt out at any time they want and also to be forgotten. I mean, companies don’t own this data, the people do. So, I am all for GDPR, just that it should be refined even more.

Sputnik: How close do you think that the US or even China are to putting into effect similar legislation?

Kenneth Shak: Looking at the current climate, I cannot really feedback on whether it will be passed any time soon.

But I really do hope that something that can benefit the users’ data privacy is passed soon. It’s really the time for data privacy and security to be taken very seriously.

Views and opinions expressed in this article are those of Kenneth Shak and do not necessarily reflect those of Sputnik.

Discuss