The headline says it all: “Over a billion people’s data was compromised in 2018.” Among the most egregious offenders were some of the most popular tech platforms in the world: Facebook, for example, admitted it had leaked the personal data of nearly 150 million users; Twitter leaked the passwords of nearly all 330 million of its users; and even mighty Google had two of its products hacked: Firebase (an app monitoring tool) leaked the data of more than 100 million users, and Google+ leaked 500,000 users’ personal info.
The unmistakable message is that the state of cyber security within some of the world’s most prominent organizations remained weak in 2018. It certainly didn’t escape Congress, which called in the leaders of Facebook and Google to testify in a series of highly charged (and sometimes hilariously ham-handed) hearings about privacy and data security.
Media coverage of these high-profile data breaches and the subsequent congressional hearings are some of the main ways to generate greater public awareness and scrutiny of digital services in the United States. Hopefully the spotlight will lead to better practices on the part of the platforms and increased trust and accountability. Facebook’s stock price, if not the size of its user base, would seem to depend on it—but what about people in the places where we work?
DAI’s Frontier Insights research is about understanding how people are using technology, and how they’re sharing and seeking information via digital tools. Given the growing awareness of significant data protection and privacy concerns with the big social media platforms, we took a look through the last two years of data on topics related to cyber security to see if we could pull out any patterns or key learnings on this issue. Turns out, we’ve learned quite a lot about how the people we engage with think about cyber security. Our key findings:
DAI's Jean Succar carries out Frontier Insights research in Haiti in 2018.
People Still Love Facebook…For Now
Across our Frontier Insights work—which now includes thousands of interviews across multiple developing countries—there’s one overarching lesson: People love digital tools. They love WhatsApp, Facebook, and Google, and generally for the same reasons we all do: freedom to explore the world at a single touch from the safety of home; most of the information known to humankind at palm’s reach; and an instant connection to the people we care about. Facebook, in particular, is omnipresent. Almost everywhere we’ve performed research for Frontier Insights, we’ve found heavy Facebook usage, particularly among youth and particularly in urban areas where 3G and 4G data are more accessible. This pattern has held across Cambodia, Honduras, Palestine, Afghanistan, and Bangladesh and just about everywhere else we’ve asked about it. Following the pattern, we found little Facebook usage in rural Rwanda and Malawi, where 3G data and smartphones are—to date—rare, but in the places where Facebook is popular, it’s growing even more so. Do these nascent Facebook users understand how the platform works? Do they know what they’re giving up in exchange for access? If they did, would they care? Is the Facebook backlash being felt in emerging markets? We hope to explore these questions in future research.
Trust Remains a Major Challenge for Digital Platforms Not Named Facebook, Especially for Digital Financial Services
For some, there remains a great deal of skepticism among people about technology in general, not just social media. For example, in Haiti, many of the people we interviewed said that they didn’t trust mobile money systems because they weren’t transparent and were perceived to steal users’ money. In Afghanistan (blog post coming soon), many of the people we interviewed said that they did not trust online vendors because the products’ quality and durability couldn’t be guaranteed. Is this skepticism the result of the recent data breaches? Probably not. But in years past, ICT4D specialists and others who promote new technologies might have greeted these concerns with a quiet confidence that such skepticism was unfounded; the lesson of 2018 is that maybe the skeptics had it right all along.
We Can’t Rely on the Platforms to Police Themselves in Developing Countries
Both Google and Facebook sell user data to advertisers, who use that data to target ads for their products. The more data they can get about users, the more valuable that data is; so, where’s the incentive to be secure, transparent, and accountable? While the U.S. Congress might have the ability to dress down the leaders of Facebook and Google for their data practices in front of a live TV audience, Cambodia and Honduras simply can’t. Sure, they can shut the platforms down in their countries, but that’s an approach fraught with its own risks. When Brazil tried to shut down WhatsApp in 2016, the app’s 100 million Brazilian users were enraged and the ban was quickly defeated in court. The ban ended up making the app, which is owned by Facebook, more powerful and popular than before.
Given that, can we depend on developing country governments—which by definition have difficulty with basic service provision—to educate their populations on cyber security and data protection best practices? It would seem unlikely—and it is precisely that sort of gap that the international development community and ICT4D practitioners should be filling with capacity building and technical assistance.
For more on what our role might look like in the cyber security space, see the rest of the Cyber Security Series and subscribe to our blog for future updates on this important topic.