The Impact of Facebook on Society

Due to expansive internet use since the turn of the millennium, numerous social networking platforms have been created. Not only are these sites used to facilitate interaction and communication between individuals from varying geographical and cultural backgrounds, but also vital personal information is collected (Groth, 2018). One such entity is Facebook. Founded by Zuckerberg is 2004, the social media and networking service company has experienced massive growth. Currently, it is considered to have the largest number of subscribers and as such, has a wide reach for both investors and other public users. When logging into the platform, individuals are required to provide personal information such as name, age, location, and preferences (Bodoni 2018). These details are then utilized to connect people with other social media users based on the similarities. The common features utilized in this case include location, learning institutions, and activities that people partake in.

Consequently, the company can access information on its users and utilize these ideas in the development of new products. In fact, Facebook provides "firehose" access services whereby bulk access to social media data is sold to third-party entities. This is one of the most effective ways through which the company is able to raise its revenue. Additionally, the corporation allows advertisements on its pages at a fee. It is advantageous because it has a wide reach and the information can be tailored to meet the needs of the intended audience in the long run (Groth, 2018). Business organizations can, therefore, benefit from the use of Facebook platform compared to other channels of communication due to lower costs and a significantly wider reach in a short duration. The platform is also popular because it provides a site for people to interact, share ideas, and obtain information relating to critical issues in the community.

Background Information

Despite the massive benefits that can be attributed to the use of Facebook as a social media and networking site, it has come under strict scrutiny in the last few months. As a platform that continues private information on millions of individuals, the site is likely to experience cyber-attacks as well as misuse of information by third parties. The latter has been the case with the revelations that a data mining company used their privileged position to misuse information from Facebook (Sanders 2018). The data privacy crisis has brought sharp focus into the security settings and the role of regulators in ensuring that access to information by third parties is limited.

In the case of Facebook, the data privacy scandal can be attributed to the actions of Cambridge Analytica, a United Kingdom-based entity that specializes in analysis of political data and providing their services to political parties during the electioneering period (Bodoni 2018). The firm is reported to have illicitly procured data of more than 60 million Facebook users in violation of the data security and privacy laws. In the process, the information was utilized to influence election results despite the fact that the individuals whose information were not informed, the data was mined and subsequently applied to different political settings. Facebook and the third party companies did not seek the knowledge and consent of the users, thus exposing them to potential data breaches.

On their parts, both Facebook and Cambridge Analytica claimed that innocence and blamed the researcher that was tasked with the responsibility of originally hacking the data. They claimed that the researcher had utilized personality quiz in 2013 to access information on friends of people that used the Facebook application. The process was easily executed due to Facebook’s lax privacy protocols at the time. The subsequent expose that the company had created a platform for third parties to manipulate their customer’s information had far-reaching implications as regulatory authorities scrambled to gain an in-depth understanding into the occurrences and those culpable for the entire debacle (Groth 2018). Moreover, they sought to establish the policies that had been violated by Facebook and Cambridge Analytica.

These data privacy scandal at Facebook has highlighted the integral role of regulations in the sector. Following the allegations that more than 50 million users of the Facebook platform had their data collected without their knowledge, privacy watchdogs are seeking to expand their area of policymaking beyond law enforcement into the political fray. Data protection agencies from both sides of the Atlantic are grappling with the changes in privacy issues (Sanders 2018). Their efforts are also being curtailed due to the lack of resources, clout, and the willpower to control technology giants such as Facebook and Google. Additionally, the analysis has also encompassed the local and international regulations and the implementation of the privacy policies to ensure the security of information, especially personal details from being collected and subsequently used by the data mining companies to influence opinions without the express permission of the users (Bodoni, 2018). With the investigations still in progress, Facebook has introduced new data privacy guidelines to protect its users from additional data loss.

The significance of the Problem

Data privacy issue continues to be a major concern for regulators due to the adverse implications that arise from such occurrences. Additionally, the rise in cases of cyber-attacks and the subsequent loss of information has crippled the operations of some of the leading business organizations in addition to leading to massive revenue losses in the long run (Groth 2018). As such, it has become increasingly important to assess the privacy policies and how stakeholders can come together to eliminate one of the leading challenges that they currently have to contend with in the modern-day technology arena.

The topic of data privacy is also important since it incorporates regulators into the discussion and highlights the benefits and shortcomings of increased access to information (Sanders 2018). Through extensive investigation, new systems of operations can be established to guide the sector and develop effective solutions to tackle current data privacy issues. For instance, Britain’s Information Commissioner’s Office (ICO), the country’s watchdog incorporated the Facebook data scandal into its investigations. Their decision has been based on the need to establish the potential misuse of individual information in political campaigns (Bodoni 2018). The regulators acknowledge the shift in big data, cloud computing and analytics, old-fashioned data collection, hence the need to upgrade systems to match these changes in the long run (Groth 2018). Therefore the extensive analysis will be critical in understanding the events surrounding data loss and information misuse by Cambridge Analytica and the procedures that should have been taken into consideration by Facebook to protect its information from potential manipulation.

Research Questions

Importantly, the paper will seek to provide solutions for the following answers to help realize its objectives.

Did Facebook violate data privacy rights of its users?

What should data protection techniques Facebook implement to avoid further data security issues?

Did the company experience financial loss due to the data scandal?

Is data mining legal?

What is the role of government in ensuring data security?

Literature Review

This section of the paper will focus on the analysis of information on the topic. As such, secondary sources of information will be utilized and their details compared with the works of other authors on similar subjects.

Information Privacy

Information privacy, also known as data privacy refers to the linkages between the process of collecting and disseminating information. Moreover, the information also incorporates the transfer of technology and legal issues surrounding the topic (Smith et al. 2012). Public expectation of privacy has also been integrated into the concept since individuals are usually the worst affected under such circumstances, hence the need to ensure that vital information is protected from potential exposure to unauthorized parties (Patil & Seshadri 2014). Privacy concerns arise in instances whereby personally identifiable information is obtained, stored, and ultimately destroyed in its digital form.

One of the major root causes of privacy issues is the improper disclosure control. Management, through the security and information departments, is tasked with the responsibility of ensuring that access to these details is limited to individuals with authority. The fields of data security, computer security as well as information security have facilitated the design and development of software and hardware to address the information security concerns (Chen & Zhao 2012). Moreover, legislation relating to Privacy and Data Protection are constantly being updated due to the changes in the data security spectrum and the emergence of new trends. Data privacy issues can arise in numerous instances including healthcare records, financial institutions and transactions, academic research, and criminal justice investigations and proceedings among other cases (Patil & Seshadri 2014).

Causes of Data Breaches

The Information Commissioner’s Office (ICO) is tasked with the responsibility of providing periodic statistics regarding the main causes of reported security incidences. Despite the fact that data breaches arising from cyber-attacks get all the attention, some of these cases are attributed to negligence and the lack of basic processes and policies to guarantee the security of such details and protect them from potential hackers (Smith et al. 2012). For instance, according to a report provided by the ICO, human error and process failure were the leading causes of data breaches. Moreover, 91 incidents were attributed to the loss of paperwork with an additional 90 cases attributed to statistics sent to the wrong recipient. Insecure web pages including hacking were only responsible for 21 incidents and the theft of encrypted devices contributing 28 happenings (Patil & Seshadri 2014). The analysis was based on data collected between January and April 2018.

Malicious or Criminal Attacks

According to the Ponemon study, root causes of data breaches are categorized into three components. Malicious and criminal attacks are considered the leading factor out of the three. Accounting for close to 50% of the reported cases, an organization is almost twice as likely to experience security breaches from criminal attacks as by acts attributed to human error. The motives for attackers vary from one instance to another (Patil & Seshadri 2014). According to the 2017 Verizon Data Breach Investigations Report, the most common motive for cyber-attacks in the financial sector is the need to make money. In this case, the attackers hope that they can sell the stolen data or extort cash from victims by holding the systems hostage (Smith et al. 2012). On the other hand, the motive of espionage is not interested in money, rather these individuals seek to obtain secrets. For instance, stolen government and military intelligence data can be critical in geopolitical strategy. Moreover, companies can utilize acquired trade secrets for competitive advantage purposes. The final motive for malicious data breaches is known as fun, ideology, and grudge (FIG). The attackers use the stolen data for political and personal scores.

Human Error

Human error is also considered to be of the leading causes of data breaches by contributing to 28% of the cases. Moreover, it is also one of the most frustrating issues since it can be prevented. Human error can contribute to data in various ways. First, through failure to implement mitigation measures to potential known vulnerabilities (Chen & Zhao 2012). Secondly, employees can leave their laptops and other devices unsecured, thus being easily accessed by potential thieves and hackers. Third, employees can also mistakenly email sensitive information to the wrong recipients (Smith et al., 2012). Finally, databases containing vital information can be reconfigured unintentionally and be accessed by unauthorized parties. Due to the severity of information breaches, individuals tasked with the responsibility of protecting such details should consider the implementation of remedies.

System Glitches

25% of all data breaches are attributed to system glitches. The 2017 Verizon Data Breach Investigations Report indicates that sudden breaks in the continuity of systems can contribute to data loss. Such malfunctions can arise due to multiple reasons, and as such, system administrations should be prepared for the problems (Chen & Zhao 2012). For instance, an updated software may accidentally expose secret records to the public as was the case in Michigan in 2016 when the state government system released the records of more than 1.9 million for four consecutive months (Patil & Seshadri 2014). Other forms of system glitches include application failures, inadvertent data dumps, and logic errors during the transfer of data.

Examples of Data Breaches

Since the turn of the millennium, there has been a substantial increase in the number of data breaches (Chen & Zhao 2012). During this period, numerous corporations have been the subjected of system hackings and the subsequent release of customer details to the public domain. The severity of such occurrences has been different even though all the affected entities have been forced to upgrade their systems and protect them from future access by unauthorized entities (Smith et al. 2012). This section of the paper will highlight five leading multinational corporations that have been victims of this vice and how they were affected in the long run.

Yahoo has more than 3 billion accounts across the globe. In 2013, the company experienced a hack that affected all its customers. Considered by some to be the biggest data breach in the era of the internet, the company was not able to determine the source of the breach until 2017. Another international company that has been on the receiving end of such actions is eBay. Between February and Mach 2014, the company appealed to its customer base to change their passwords (Lord 2018). The step was facilitated by a breach of its systems that compromised passcodes and other personal information of its customers. The hackers had gained access to the corporation’s system through stolen credentials from eBay employees. However, the clients’ payment information such as PayPal and Apple Pay was protected since they were encrypted. As such, the request to change the passwords as a security measure by the company.

Equifax reported a security breach in 2017 when its data was stolen and in the process, more than 143 million Americans were exposed to massive risk. In the process, more than several hundred identities were stolen. In its report, the company reported that hackers had been able to access its system by exploiting a vulnerability in open-source software Apache Struts “CVE-2017-5638”. On its part, the JP Morgan Chase cyberattack compromised more than 80 million household and business accounts (Lord 2018). In the process, information such as names, email addresses, and phone numbers were obtained by the hackers. More than 67% of the American household was affected by this occurrence. It was later established that some of the credentials used by the attackers were obtained tricking the users after which client information could easily be accessed. The breach entailed the exploitation of the Heartbleed bug. Finally, Target was also the victim of a cyber-attack in an instance whereby malicious software was installed in POS systems by the hackers to access credit and debit card information of the customers. The breach affected POS systems in Target stores in self-checkout lanes (Lord, 2018). In the end, the identities of more than 70 million customers as well as credit and debit information of more than 40 million individuals were accessed by the attackers. A similar malware was later on utilized in the Home Depot breach.

Implications of Data Breaches

Data breaches have significant consequences for the affected business organizations. As such, management should consider data security as one of the main factors of consideration during the decision-making process. The severity of the ramifications differ from one entity to another and is influenced by the value of the lost data as well as the sensitive nature of the information that the hackers have accessed (Smith et al. 2012). The primary implication of data loss is revenue loss. According to studies, 29% of businesses that face data breaches end up suffering revenue losses. Additionally, 38% of the companies that experienced lost income also ended up suffering losses of 20% or more. The diminished earnings can be attributed to non-functionality of the business websites, thus forcing the customers to explore other options and IT system downtime that contributes to work disruptions (Chen & Zhao, 2012).

Data breaches are also likely to cause damage to brand reputations. For instance, leaked emails may expose the internal operations of the corporation, thus influencing the purchase decisions of the consumers. Moreover, consumers can also be victims of data losses and as such cut ties with the business to protect personal information from hackers (Witten et al. 2016). Trust issues arise between a firm and its clientele and contribute to diminished customer loyalty. Similarly, such entities can also experience intellectual property loss as designs, strategies, and blueprints may be targeted by the attackers. Specifically, businesses in the manufacturing and construction industries are more affected by this threat (Smith et al. 2012). The loss of such rights may affect the competitiveness of a business since rivals will take advantage of the leaked information. Additional hidden costs may also arise due to online attacks. For example, legal fees may be required if suits are brought up against the firm in addition to fines by regulatory agencies.

Data Mining

Background Information

Data mining in the process of identifying patterns in significant data sets by using techniques such as machine learning and database systems analysis (Chen & Zhao 2012). Under this framework, intelligent methodologies are utilized to facilitate the extraction of data patterns. Such information is thereafter applied in other cases to gain an in-depth understanding of a specific topic. The data mining process involves the semi-automatic or automatic evaluation of the substantial amount of information and categorizing the data through cluster analysis, sequential pattern mining, and anomaly detection (Witten et al. 2016). Additional database techniques such as spatial indices are also integrated into the decision-making process. Unlike in the past in whereby Bayes’ theorem and regression analysis were the major data extraction patterns, the increasing power of computer technology has revolutionized the sector as evidenced by increased collection, storage, and manipulation of data.

Data Mining Process

According to the knowledge discovery in database (KDD) process, there are five main stages. These include selection, pre-processing, and transformation. Other phases are data mining and evaluation (Chen & Zhao 2012). However, additional frameworks have also provided extra information on the framework. For instance, the Cross-Industry Standard Process for Data Mining, a model describing the common techniques utilized by data mining experts identifies six main stages. The first relates to gaining an in-depth understanding of the business. Secondly, one needs to understand the data and prepare it accordingly (Witten et al. 2016). The final three phases include modeling, evaluation, and deployment. Based on polls conducted since between 2002 and 2014, the Cross-Industry Standard Process for Data Mining is the most utilized analytical technique for data miners. The process can be simplified into three-man sections:

Pre-Processing

At this stage, a target data set is assembled before the algorithms are used. The collected information must be large enough to contain patterns that can be uncovered through data mining (Chen & Zhao 2012). Similarly, it must also be concise to be interpreted within a given duration. One of the leading sources of data is known as a data warehouse. The main objective of this phase is to expedite the analysis of multivariate sets of data prior to data mining.

Data Mining

The data mining phase involves six common classes of responsibilities. The anomaly detection phase forms the basis of identification of unusual details such as data errors that require additional evaluation. On the other hand, dependency modeling compares relationships between variables. Clustering refers to the process of discovering structures with similarities before they are classified in the next stage (Witten et al. 2016). Regression and summarization are the two final steps and they entail the determination of function to model the data with minimal errors and promote representation of data sets respectively.

Result Validation

Due to the fact that data mining process can be manipulated to produce results that are assumed to be significant yet that is not the case, validation of results is a necessary process. The intentionally misused outcomes cannot be reproduced by a new sample. Such conditions arise due to the failure to investigate several hypotheses (Witten et al. 2016). As such, the last step in the knowledge discovery process entails the verification of the patterns produced and ensuring that the patterns from the data mining can be replicated in wide data sets.

Applications of Data Mining

Privacy and Ethics Concerns

Several data mining companies have been established in the recent past. This outcome can be attributed to the extensive use of the internet, thus setting the basis for accessing information. As such, this concept is utilized in privacy concerns and ethics. Data mining has raised concerns about privacy, ethics, and legality especially the mining of government and commercial sets for purposes of national security and law enforcement objectives (Witten et al. 2016, 150). Examples of such cases include the Total Information Awareness Program and in ADVISE. Consequently, data aggregation is implemented to uncover information that is likely to compromise privacy. The process involves combining statistics from various sources and thereafter facilitating an analysis. As such, individuals need to be informed of various factors before their data is collected. Such elements include the purpose of data collection and mining projects, the intended use of such details, the status of security with regards to access to data, and the techniques to update the collected data.

Copyright Legislation

Additionally, the concept has also been adopted in copyright law. In Europe for instance, the inflexibilities in the copyright and database laws has made actions such as web mining illegal. The government of the United Kingdom used the recommendations of the Hargreaves review to amend its copyright laws. The changes created an opportunity for content mining as well as limitations and exceptions in the industry (Chen & Zhao 2012, p. 35). In contrast, the United States has a more flexible system of copyright laws. As such, it has fair use means to facilitate content mining in America. Since the process is considered to be informative and does not involve supplanting on the original works, it qualifies as legal under the fair use concept (Witten et al. 2016, p. 80). An example of the U.S. framework relates to the case of Google Book Search Settlement Agreement in which it was ruled that the company’s project of digitizing in-copyright had not infringed on any copyright laws, and as such, it was a legal practice. The ruling was based on the transformative use displayed by the digitization project in the form of text and data mining.

Analysis

Data privacy issues can be attributed to the increased use of online platforms to facilitate the transfer of information. Individuals and organizations that are not authorized gain access to such details and then proceed to misuse them for personal gain. In some cases, people in positions misuse their access to critical information going against the established data security requirements (Bygrave 2014, p. 230). The motives for hackings and misuse of data varies from one situation to another. For example, Cambridge Analytica collected information on Facebook users and analyzed the data to utilize it in influencing the decision-making ability of voters. The data was manipulated to identify the preferences of the potential voters based on their preferences and information that they had shared among their friends. Through data mining process, the company was able to establish the content that needed to be fed to people to promote the candidacy of a particular candidate while discrediting another.

Based on the information obtained from initial investigations relating to the actions of Cambridge Analytica and the unauthorized access and use of Facebook users’ information, it is evident to regulatory authorities that policy guidelines should be established to avoid similar incidences. Moreover, past security breaches have contributed to massive losses for the affected business organizations. Since the hackers primarily target big corporations, the severity of loss is usually higher and as such, has the capacity to disrupt economic balances (Kuner 2013, p. 34). Moreover, the outcomes highlighted the integral role played by regulatory authorities in monitoring the actions of the data mining firms and the adoption of ethical considerations in the decision-making process to ensure compliance with legislation. For Facebook, the data privacy scandal was a timely reminder on the need to improve its policy guidelines and protect its users from risks associated with unauthorized access to company information.

Facebook Performance

Common Stock

Before

After

208.77

215.72

208.85

174.89

210.58

179.87

215.15

175.3

The analysis indicates the performance of common stock of Facebook before and after the revelation of the data scandal. In this case, it is evident had experienced steady growth in the days prior to the revelation that some of the information had been accessed by Cambridge Analytica and subsequently used to influence election outcome. Based on the analysis, the average performance before the expose was 210.8375 whereas after the revelation, the value fell to 186.445. At the same time, as shown below standard deviation and variance for the period before the expose were 2.993809 and 8.962892 respectively. On the other hand, standard deviation and variance after the expose included 19.64676 and 385.9951. Finally, the t-test outcomes indicated a score of 0.052618, and as such, a not significant relationship within 95% confidence level.

Figure 1: Bar graph on the stock changes before and after the exposure

Figure 2: T-test on the data breach

Figure 3: bootstrap test for the data breach

Findings

Following the emergence of reports indicating that information of more than 60 million Facebook users had been accessed and used by Cambridge Analytica, the company became the center of attention across several countries. For instance, in the United States, the Silicon Valley giant has been forced to revisit a consent decree that it signed with the US Federal Trade Commission (FTC). The commission thus began investigations to determine whether the company violated the terms of the agreement by allowing a Cambridge University researcher, Aleksandr Kogan to gain access to the corporation’s data of more than 50 million users and subsequently provide the information to a Cambridge Analytica, a political consultant. In 2011, the FTC had claimed that Facebook had engaged in deceptive practices by making public information that the users considered to be private.

In Europe, the company was accused of having violated the General Data Protection Regulation (GDPR). The legislation established stringent regulations on entities that had access to consumer data. In this case, Facebook was deemed to have gone against the privacy laws in Europe by not giving consumers a choice. Additionally, the Spanish data protection authority (AEPD) also imposed a fine of $1.4 billion of Facebook due to the firm’s actions that are considered to be violations of multiple privacy laws based on how it utilizes people’s personal data for advertising purposes. In fact, following the revelations of the Cambridge Analytica incident, the Facebook value dropped significantly. The company was reported to have lost more than $70 billion in 10 days with several advertisers pulling out. The losses affected the firm’s market capitalization by more than $43 billion, an equivalent of $15 per share (Liao 2018).

The actions of Cambridge Analytica to use personal data of more than 50 million Facebook users shifted the focus to the concept of data mining. Privacy violation and the lack of consent was one of the major issues that regulators sought to establish. The data mining firm had gained unauthorized access to personal data and used them to influence elections in various countries across the world against the ethical standards (Liao 2018). Despite the United States copyright laws highlighting the legality of data mining, specific standards have been set upon which such entities can operate. First, individuals should be informed and their consent obtained before their personal data can be used. Moreover, the main objective of the data collection and analysis process should be highlighted. Finally, the company collecting the data should protect the privacy of people by not exposing critical information to unauthorized persons. These outcomes also highlighted the vital role played by regulatory authorities across the globe in ensuring data security. For instance, the United Kingdom’s Information Commissioner’s Office (ICO), the US Federal Trade Commission (FTC), and the Spanish data protection authority (AEPD) are some of the enforcement agencies that have played critical roles in ensuring adherence to data security laws.

Conclusions

Business organizations with a significant access to the client’s personal information are tasked with the responsibility of establishing frameworks to protect such details from unauthorized access. Cambridge Analytica’s access to more than 50 million Facebook users’ information is an indication of the magnitude of data breaches and unethical data mining practices that should be addressed. For business organizations, losses arising from such practices can have significant implications for the operations of the business. Facebook, therefore, violated privacy data laws by allowing a third-party to access its user information and thereafter promote unethical data mining process. The information obtained from the process was used to manipulate elections through the issuance of false information and targeting of voters to influence their perceptions of candidates during the electioneering period. In the end, Facebook suffered massive financial implications as evidenced by the $70 losses in value within the first 10 days and the subsequent reductions in market capitalization and share prices.

However, the company reacted to the data privacy issues by initiating additional guidelines to ensure that user information was not accessible to third parties without consent. Consequently, the established standards have been developed in accordance with the regulatory requirements. At the same time, data mining continues to experience growth due to the high demand for information. However, their operations should be guided by ethics and respect for personal privacy. The regulatory agencies, therefore, monitor the actions of these firms and provide timely guidelines and punishments to sanitize the sector and guarantee data security.

Recommendations

Data privacy issues can be resolved through the integration of various problem-solving techniques. The process requires the participation of all the stakehold