Solving the Online Security Problem with Emerging Technologies: Part 1

"Mr. Zuckerberg, you and the companies before us... you have blood on your hands."

Senator Lindsey Graham said in the crowded room full of lawmakers, members of the press, and business executives.

This was the 31st of January, 2024. CEOs of social media companies Discord, Meta, Snap, TikTok, and X (formerly Twitter) were asked to testify in front of the US Senate Judiciary Committee on Child Safety.

The lawmakers were concerned about the safety of children on social media platforms. The high-pressure hearing saw many dramatic moments. In one specific moment, Mark Zuckerberg was asked by Senator Josh Hawley to apologize to the parents of victims who were allegedly harmed due to the use of Facebook. Zuckerberg then stood up, turned around, and apologized to the parents who were sitting behind him.

The process started in December 2022, when X’s owner Elon Musk was asked to provide documents on efforts being made to eradicate online sexual exploitation on the platform.?

The committee introduced various bills -? The STOP CSAM Act, The EARN IT Act, The SHIELD Act, The Project Safe Childhood Act, and The REPORT Act.?

The goal is not only to ensure the safety of children on these platforms but also to remove the legal protection that social media platforms enjoy under Section 230 of the Communications Decency Act of 1996 so that social media companies can be sued.

In this series of articles, we will look into how various new-age technologies, including web3, can increase user online security.

But, before we do that, let us set the stage.?

Why talk about User Online Security?

The internet has always been the center of excitement. Every evolution of the internet, let that be platform companies or cloud, met with enormous excitement and promises.

Yeah, in many cases the internet benefited us enormously by increasing efficiency manifold, but at the same time, it introduced various new challenges.?

In the early years, regulators were generally enthusiastic about the potential of the Internet for fostering innovation, economic growth, and global connectivity. The focus was on enabling a free and open internet, and regulations were minimal.

The dot-com boom saw a surge in internet-related businesses. Regulatory optimism continued, but the burst of the dot-com bubble led to increased scrutiny. Regulators began to pay more attention to issues of fraud, market manipulation, and investor protection.

As social media platforms gained prominence, concerns about user privacy and the collection of personal data started to emerge. Regulators began to grapple with how to address these issues, and some data protection regulations were introduced.

As major tech companies like Google, Facebook, Amazon, and others grew in influence, regulators became more attentive to potential anti-competitive behavior, market dominance, and issues related to consumer protection.?

Currently, the internet is the center of various kinds of problems - from huge data breaches to the spread of misinformation, to the use of the internet to create market monopolies, and now user security concerns.

For the users, the internet is becoming a hostile place with multi-faceted repercussions.

Let us look into what data says about the child safety concerns raised by the US Senate Judiciary Committee.?

Based on Meta documents leaked and reported by The Guardian, around 100,000 children on Facebook and Instagram encounter online sexual harassment each day, involving exposure to explicit images and illicit advances.

John Shehan, the head of the exploited children division at the National Center for Missing and Exploited Children, notes a concerning rise in reports of child sexual abuse material on online platforms - from 32 million in 2022 to a record-breaking over 36 million in 2023.

But the issue is much broader than the safety of children... it is about the safety of everyone. No one is immune to the emerging safety challenges, with privacy challenges being a subset of these issues.

Types of User Online Security Challenges

Online security challenges for the users are not a monolithic issue - there is not one type of challenge.?

The variety and complexity of these challenges result in regulators always playing catch-up with new threats emerging in this highly dynamic ecosystem.

We are mentioning some of the security challenges here, but the list is ever-increasing.

Challenge of unhealthy data collection:

There is a reason I am using the word “unhealthy” instead of the word “illegal” - not everything that is not yet illegal can be acceptable.

The data that we voluntarily provide to be shown on the online platforms are generally just the tip of the iceberg.

Many online platforms often collect user activity, track our location, collect device information, and even collect biometric information such as facial recognition data.?

And this kind of information collection is not limited to the application level, these apps may collect data when you are not even using the app - say what other apps you are using or what are you searching on the internet. ?

Where should we draw the line??

Remember that all this data collection can be completely legal, based on jurisdiction..because? Because we gave consent.?

But, how many of the users totally understand the repercussions of those consents?

Identity Related Challenges:

Many online platforms collect Personally Identifiable Information or PII.

PII refers to any information that can be used to identify, locate, or contact an individual. PIIs include full name, social security number, date of birth, Fingerprints, facial recognition data, government-issued identity data, financial and health-related data, etc.

PII is often used in various contexts, such as online transactions, government records, healthcare, and financial systems.?

This is why the protection of PII is crucial to safeguard individuals' privacy and prevent unauthorized access or misuse of personal data.

In recent years, regulators around the world have introduced regulations and legal frameworks to address the protection of Personally Identifiable Information (PII) and safeguard individuals' privacy.?

These regulations, such as the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA), outline specific requirements for organizations that collect, process, and store PII, imposing obligations to ensure responsible and secure handling of personal data.?

Challenges due to user profiling:

Unhealthy data collection in itself is a problem but the bigger problem is user profiling.?

While data collection by these platforms makes us vulnerable to privacy challenges, profiling makes us vulnerable to behavior manipulation.

User profiling by tech platforms involves the collection and analysis of user data to create detailed profiles that reflect individuals' preferences, behaviors, and interests.?

The primary intention behind user profiling for the platforms is targeted advertising (eg. on social media) and creating impulses (often through FOMO) for the users to spend more and more (eg. on e-commerce platforms).?

But, there are various unintended effects of user profiling as well.?

I keep giving the example of the Cambridge Analytica scandal because it was such an eye-opener.

In 2013, a researcher named Aleksandr Kogan created a personality quiz app called "thisisyourdigitallife." The app, which was available on Facebook, not only collected data from the users who participated in the quiz but also harvested information about their Facebook friends without their explicit consent. Through the quiz app, Cambridge Analytica gained access to the personal data of millions of Facebook users.

Cambridge Analytica then used the harvested data to create detailed psychological profiles of users and applied these profiles for targeted political advertising and influence campaigns, particularly during the 2016 United States presidential election and the Brexit referendum in the UK.

The thing is that the Cambridge Analytica scandal shows how vulnerable users can be to user profiling and how much power social media companies really hold.?

The political parties do not need to hire a third-party entity like Cambridge Analytica, they can simply influence the social media companies (through regulatory threats or offering political advertisement) to use their user-profiling system to manipulate the masses. The ruling party can simply pressurize the social media companies to suppress the dissenting voices paving the way to authoritarian regimes.?

And this kind of manipulation is not limited to politics. Profiling may lead to bias, hatemongering, and fraud.?

Biased algorithms may disproportionately target or exclude certain groups based on factors like race, gender, or socioeconomic status.?

Also, profiling can be exploited to target specific groups with malicious intent, fostering hate and discrimination.

Profiling also helps frauds target specific groups based on profession, location, behavior, etc.

Challenge of unhealthy exposure:

As mentioned before, around 100,000 children on Facebook and Instagram encounter online sexual harassment each day, involving exposure to explicit images.

Children may become targets for online predators who use explicit material to groom and exploit them. Predators may attempt to establish trust with children, often through engaging in conversations or sharing inappropriate content, leading to potentially dangerous situations.

Further, these platforms may expose children and even adults to online harassment through hate speech, social comparison, and body image issues.?

Online platforms are designed to be engaging and sometimes addictive. Features like infinite scrolling, push notifications, and personalized content recommendations aim to keep users hooked. Excessive use and the constant need for validation through likes and comments can lead to unhealthy screen time habits and a negative impact on mental health.

Algorithms on social media platforms often prioritize content that aligns with users' existing beliefs and preferences. This can create filter bubbles and echo chambers, limiting exposure to diverse opinions contributing to polarization, reinforcing existing biases, and hindering critical thinking.

Financial Security and Privacy?Challenges:

Online platforms often, for various reasons, collect financial information from users.?

Now, it should be made clear that an online platform does not necessarily need to collect financial data to ascertain a user’s financial status.

These platforms can use behavioral tracking, geographic data, device information, social connections, content consumption patterns, etc. to draw conclusions about users' financial situations.

Anyways, the collected or inferred financial data can expose the users to various kinds of vulnerabilities.?

Data breaches and unauthorized access are the most widespread problem. One of my acquaintances keeps getting phone calls from different numbers regarding one insurance policy she closed years ago. The callers often claim that she has some money left to be claimed and then try to gather sensitive financial information from her.? Obviously, this is the result of the data breach from the insurance company servers.?

Phishing attacks are another issue. Phishing is a technique where attackers use deceptive emails, messages, or websites to trick individuals into providing sensitive information, such as login credentials or financial details. For phishing attacks to happen, the fraudsters do not really need to have your financial data - just some PII, and they can start the attacks.

Information shared on online platforms, especially those containing personal details and financial data, can be used for identity theft. Stolen identities may be misused to open fraudulent financial accounts, make unauthorized purchases, or engage in other criminal activities.

Okay, we have discussed why we need to think about online security.?

But, how can we solve these problems and enhance online security?

In the next few articles, we will discuss some possible solutions to these problems using emerging technologies.

Find out more about Sam:

Website

LinkedIn

Twitter

Amazon

Udemy