MIT experts discuss online security and protecting data in a “public-private” Internet age


Last week CSAIL hosted the fourth “Hot Topics in Computing” speaker series, a monthly forum where experts hold discussions with community members on various hot-button tech topics.

MIT professor Daniel Weitzner and MIT research scientist Ilaria Liccardi spoke on the recent Facebook and (political consulting firm) Cambridge Analytica data mining scandal, and the larger implications related to how companies misuse data, the binary nature of social media, and potential privacy policies.

Weitzner began the discussion by delving into Cambridge Analytica’s misuse of roughly 87 million users’ data, which was harvested from a Facebook third-party quiz application called "thisisyourdigitalife." Many believe that the data was used for commercial and political advertising purposes, potentially influencing the 2016 election. 

“Facebook has classified [the Cambridge Analytica situation] as a data breach or as a theft, but it really wasn’t,” says Weitzner. “It’s how Facebook developed its platform.”

Weitzner went on to explain that while many people like these services, they don’t have an actual handle on how their data is being used, and with the recent Facebook issue, it was largely an out-of-context use of data.

Later on, Liccardi spoke about how many web users express concerns about privacy, yet don’t behave accordingly - a concept known as the “privacy paradox.” To better understand this phenomenon, Liccardi examined users’ behavior related to web applications and user permissions, and how willing they were to share data for certain apps and not others. Many users made decisions related to public perception of an app’s safety, but still continued to use social networking apps even after knowledge of potential misuse.

“The binary nature of social media makes it difficult for people to completely abstain when, in reality, there are certain interactions that can only happen online,” says Liccardi. “This is, largely, one reason why people’s privacy preferences are disparate.”

Finally, the discussion led to analyzing different approaches for improving privacy that could potentially limit how personal data is used in a time where many people are living “public-private” lives online.

The researchers talked about the pros and cons of topics like the European Union’s General Data Protection Regulation and even personal data ownership, with the caveat that none will happen without strong research contribution to the policy debate.

For example, Weitzner explained that the EU’s GDPR would actually be a poor fit for the US. He said that Europe has written one privacy law that covers all kinds of uses, like health, transportation, and financial data.

“In the US we tend to have different kinds of laws for different areas," he said. Facebook falls in the gaps and we have to figure out how to fill those gaps. We can definitely do a better job of tracking how data flows around, and be sure that it is not used out of context. We can do this in a way that still provides for plenty of great new services from companies."