Facebook and Cambridge Analytica. By now we know the basic facts: Aleksandr Kogan, purporting to be a researcher, developed an authorized Facebook application. As was Facebook’s practice at the time, when users connected the app to their Facebook accounts, the app scooped up not only the users’ personal information, but also their friends’ personal information. In this manner, Dr. Kogan was able to amass information about 50 million Facebook users – even though only 270,000 individuals used the app. Dr. Kogan then, exceeding his authorized use of the data, funneled that information to Cambridge Analytica, a firm that purported to engage in “psychographics” to influence voters on behalf of the Trump campaign.
Recently, Sen. Mark R. Warner (D-VA), Vice Chairman of the Senate Select Committee on Intelligence, urged policymakers to develop a national cybersecurity strategy at the South by Southwest Conference (SXSW). Sen. Warner asked lawmakers to reexamine software liability terms and use federal purchasing power to drive minimum security standards for Internet of Things devices in formulating such a strategy.
For nearly three months last summer, the sensitive personal data of more than 145 million American consumers was exposed to bad actors thanks to some “ham-fisted” behavior on the part of credit reporting giant, Equifax. Americans were outraged, and lawmakers began to scrutinize Equifax’s behavior during the breach, including three Equifax senior executives selling shares worth almost $1.8 million in the days after the company discovered the hack.
Today, Senators Mark R. Warner (D-VA) and Elizabeth Warren (D-MA) introduced the Data Breach Prevention and Compensation Act to hold credit reporting agencies like Equifax accountable for data breaches that jeopardize consumer data.
Today the White House released the Vulnerabilities Equities Policy and Process (VEP) Charter. The Charter establishes a Vulnerabilities Equities Review Board to oversee the government’s disclosure of vulnerabilities that are not publicly known in information technology products and systems. Public Knowledge commends the government for increasing the transparency of its approach to disclosing hardware and software vulnerabilities.