Who Is Responsible on Privacy Leakage

Introduction
With the rapid development of the Internet, people basically can’t live without the Internet. They can shop on the mobile phone, and couriers will deliver the goods accurately and quickly to the address; when they don’t want to cook, it is easy to order takeaway online, and there are more choices for them – even can eat foreign dishes without leaving home; they can get all information around the world on mobile devices instead of watching on newspapers or television, etc. More and more software and platforms are rising, but more and more privacy issues are widely and intensively mentioned. I, as well as my families and friends, have been harassed by phone scams. Fraudsters usually claim that they are law enforcement officers or our acquaintances to achieve the purpose of fraud (usually to cheat money), and that is not uncommon. Most people will attribute this situation to information leakage when using some digital platforms due to poor management, or malicious selling of their mobile phone number. But for example, the scariest part of my experience was, the fraudster not only being able to say my name, but also my ID number and home address. It can be seen that many people complaining about similar incidents that have happened to them on the Internet every single day. Some people haven’t noticed that it has led to a more serious privacy issue. Is such a kind of information leakage only the responsibility of the “platforms”?

xr:d:DAEfANVFCeo:1632,j:8209329500734645223,t:23061307

The definition of the “privacy paradox”
In 2001, Barry Brown made an interview with online shoppers, and he found that consumers were worried about their privacy being compromised, while they were also willing to give their personal information to online retailers in exchange for the discounts and gifts as members. “Surveys show that privacy is a primary concern for citizens in the digital age. On the other hand, individuals reveal personal information for relatively small rewards, often just for drawing the attention of peers in an online social network. This inconsistency of privacy attitudes and privacy behaviour is often referred to as the ‘privacy paradox’” (Kokolakis, 2017). That sounds a little difficult to understand, but it is actually very easy to explain. It can be expressed in another way – while people think that their privacy is very precious and inviolable, they are also willing to exposed their privacy to others to get something back, which is usually insignificant compared to their private information.

Who is responsible on privacy leakage – case study

– Platforms

In 2022, a data breach at Optus, an Australian telecommunications company, affected up to 10 million current and former customers. Information was illegally obtained, including names, dates of birth, addresses, phone numbers, etc. Although their announcement said that it was due to hackers’ attack, some people believed that it was caused by human reasons that their system was not perfect.

– Individual reasons

1. Active leakage

As Brown’s research concludes, there are situations in which people voluntarily hand over their personal information to digital platforms. A classic example is that there is a shopping app called Pinduoduo in China, after downloading this application, you need to authorize a lot of your personal information to use it. However, there are still many people using this software, which is because the goods on this software are very cheap, and in order to let more people use this software, its company has also developed some simple games to gain in return, like and you can buy this product at a very low price after inviting a certain number of people to click the link shared by you – sometimes even free. Besides, some games can also get cash rewards, not only save in the account to shop on it, you can also withdraw the cash to your bank cards. It sounds great right? However, when the platform attracts a large number of users through such activities, it collects personal information including users’ ID numbers, IP addresses, and phone numbers.

2. Passive leakage

In hackers’ society, there is a term called “opening the box” in Chinese, maybe that means “open the box to find who you are”. I first saw in social news bulletins that about Bilabial, a video platform in China. Some influencers (most are those who present themselves as virtual images) on the platform have had their private information revealed by hackers, thus affecting their lives. The reason of these behaviours, sometimes out of jealousy and curiosity, but sometimes just because the hackers think “this is a fun thing to do”. In English, it is usually called “doxing” or “doxxing”. It refers to post personal information about an individual or organization on the Internet without their consent. Such practices are often illegal, and they obtain private information for the purpose of humiliating and intimidating their targets.

The reasons for personal information leakage

People have little awareness of the importance of personal information
When facing platforms such as Pinduoduo that provide users with certain benefits and coupons, many people will not hesitate to give out their private information, sometimes even including ID number, home address and other information closely related to their security. Moreover, when they use some digital platforms, such as mobile apps, they will ignore the relevant terms. Some users will directly click “Accept all cookies” to use the app normally. There are also some people who can’t find a good way to protect their rights and interests when they encounter telecom fraud.

Inadequate platform supervision
In law, terms of service are contractual documents that setup a simple consumer transaction: in exchange for access to the platform, users agree to be bound by the terms and conditions set out. The legal relationship of providers to users is one of firm to consumer, not sovereign to citizen. In legal terms, it makes little sense to talk of “rights” in these consumer transactions (Suzor, 2019, p.10-11). As reflected in the Optus issue, whether it was “hacked” in the official statement or “leaked by man” as most people believe, it is essentially a failure of the platform to monitor the users’ database, which should be their priority to protect and encrypt, and they did not strengthen the supervision of this part of information. It was only valued after customer information was sold online.

The supervision of the government and the relevant department is not perfect enough
I once called the police immediately after receiving a scam call while traveling (the other person who called me can tell my name, ID number and hotel address), but I was disappointed by the negative attitude of the local police. They asked me on the phone if I had been cheated and if there was any money loss at first. After getting a negative answer, they told me that this kind of thing is very common. They could not trace the virtual dial address of the fraud party, then asked me to be vigilant after that and do not believe in fraud, and this reporting experience was over.

At the same time, we can also see in the news that many criminals who have been cheated to go abroad to engage in fraud and illegally steal other people’s information have been arrested. Therefore, we can take a wild guess that it is because there are too many things about information leakage and fraud, and the relevant departments will only focus on dealing with the crime that has lost money, but not pay much attention to the small range of citizen information leakage issues.

Measures to change

Individual
From an individual perspective, users should make a good choice in the use of the platform, and should also strengthen their awareness of privacy protection. Before “accept all cookies”, we should ask ourselves at least three questions first: whether I must use this software or platform, whether it collect too much privacy information of me, and whether allowing it to collect my private information in exchange for the right to use the software or platform is a worthwhile thing to do.

When we using the platform, there is some software that allows users to show their profile to only some people. On TikTok, for example, we can choose to hide our online status from our friends and show it only to “close friends”; we can also choose to hide our following list and fan list, and you can even choose to hide the list of liked videos; we can also choose “mask” filters to hide our faces while recording a video, turning us into cute animals or Disney-style animated characters – so that only TikTok’s managers who on the backstage will know what the user really looks like behind the filter. Such measures can hide the information that users do not want to show to all other users to a limited extent, rather than exposing themselves “naked” on the network platform. In addition, we should try our best to avoid using our real names to create online accounts.

Platforms
An article pointed out that the privacy and security requirements of online social networks (OSNs) are as follows: user’s identity anonymity, user’s personal space privacy and user’s communication privacy (Zhang et al., 2020). I think these three requirements can actually be referenced and used by most platforms.

With the exception of canvas and the like, only teachers and students are using, need to require mandatory real-name logins. Most platforms should encourage users to use anonymity or only real first or last names, that not only help some users who do not want their network accounts to be found by their familiar, but also allow users to protect their private information. On some social platforms where making friends and sharing life are the main content, users really do not need to create an account with their real names.

On Weibo, a Chinese app that closely resembles to Instagram, when users want to post something on it, they can choose to post “visible to all users of Weibo”, “visible only to fans”, “visible only to friends who follow each other”, “visible only to themselves”, and they can even specify which friends will be posted to. They can also choose to show their homepage only to the followers. These Settings give users great convenience.

Accept to giving users the rights of their own choice, platforms should first increase the intensity of protection of users’ private information and strengthen supervision. At the same time, platforms should also reconsider whether they are asking for too much rights, in other words, whether they are collecting unnecessary personal information of users, such as authorized call information rights, which many platforms require.

Government and relevant department
They should improve laws and policies on information disclosure. Because the Internet has become a daily necessity for people, and the collection of people’s information by big data, everyone lives in a network world with “no privacy”. People and platforms cannot fully take into account all problems. The law must clarify the penalties for information leakage and information crimes – not only for offenders such as hackers, but also to clarify the scope of information collected by platforms. Create a better network environment for users.

In conclusion, whether users, platforms and the government are responsible for information leakage.

References:
Kokolakis, S. (2017). Privacy attitudes and privacy behaviour: A review of current research on the privacy paradox phenomenon. Computers & Security. 64(Jan). 122-134. https://www.sciencedirect.com/science/article/pii/S0167404815001017

https://en.wikipedia.org/wiki/2022_Optus_data_breach

https://en.wikipedia.org/wiki/Doxing

Suzor, N.P. (2018). Who Makes the Rules? Lawless: The Secret Rules That Govern Our Digital Lives (pp. 10-24). Cambridge University Press. https://www.cambridge.org/core/books/lawless/8504E4EC8A74E539D701A04D3EE8D8DE

Zhang, C., Sun, J. Y., Zhu, X. Y., Fang, Y. G. (2010). Privacy and security for online social networks: challenges and opportunities. IEEE Network. 24(4). 13-18. https://ieeexplore.ieee.org/abstract/document/5510913

Be the first to comment

Leave a Reply