Cambridge Analytica is 'only the beginning,' says data expert
Dr. Yves-Alexandre de Montjoye has warned of the risk of privacy attacks that happen through friends.
In a recent paper and accompanying blog post, data security expert Dr. de Montjoye, from Imperial College London's Data Science Institute and
Department of Computing, said attacks on privacy through friends are becoming a major risk in today's society.
He said: "In our modern networked societies, privacy is a shared responsibility, because the people we interact with affect our privacy. What's worrying is that an online friend can, often without knowing it, share your data and that of other friends just by downloading seemingly innocent apps."
The issue has been covered widely in the media after a whistleblower's revelations that Cambridge Analytica obtained private data on 30 to 50 million Americans.
They then used this information to assist Donald Trump's 2017 presidential campaign through a large scale, targeted, Facebook ad campaign.
Facebook has now claimed that profiles of 80 million Americans and more than one million people in the UK have been shared with the company.
The revelations cast doubt on current approaches to privacy, and highlight the ethical and legal issues with third-party companies harvesting data on users' friends and contacts.
Humans interact along complex social networks. In their paper, Dr. de Montjoye's team studied what happens when some nodes in the network are compromised, like when people within a network install a malicious app.
Using a network modelling study, they found that such "node-based intrusions" were surprisingly effective on Facebook, but also on other networks such as phone communication networks.
Their findings emphasise the network effects of modern privacy: getting a few people to install an app allows you to collect data about a large number of people.
Dr. de Montjoye explained that: "You could be very careful with your privacy, but if your friends are not, then you are vulnerable. Network effects make us very vulnerable to node-based intrusions on even a small fraction of the network.
"The Cambridge Analytica story is one of the first large scale examples of such group privacy attacks, and it is unlikely to be the last."
Cambridge Analytica is only the beginning and you might have your friends to blame for it: cpg.doc.ic.ac.uk/blog/cambridg … -only-the-beginning/