The recent revelation of Facebook’s sale of its members’ personal data to the British consulting firm Cambridge Analytica for use by political campaigns is only the tip of a colossal iceberg that must be taken seriously by every user of modern technology, warns a veteran application developer who once was a senior executive for a wireless service provider.
“Nobody’s saying, ‘OK, why are we seeing all of these cyber security threats?'” said Rex Lee, owner of RML Business Consulting in San Antonio, Texas.
“We are not recognizing the big picture.”
Lee, whose discoveries have ended up in a Department of Homeland Security report and are now being analyzed by the staffs of two U.S. senators preparing to grill CEO Facebook Mark Zuckerberg on Tuesday, said what’s happening can be summed up in a business model some privacy activists are calling “surveillance capitalism.”
It amounts to the use of deceptive user agreements and practices that enable companies to exploit personal information for financial gain.
“We’re being served up as products to be exploited,” Lee said in an interview with WND.
He said the problems “do not look so bad, story by story, unless you connect all of the stories to surveillance capitalism.”
It’s the model, he said, adopted by Google, Apple, Microsoft, Facebook, Sony, Samsung, the Chinese “Google” BAIDU and other major technology developers and electronic manufacturers.
BAIDU, by the way, Lee said, has a pre-installed app in Samsung phones that collects user location data, meaning simply: It knows everywhere you go.
He asks: “Which is worse, selling access to your telecom related personal and professional Digital DNA to Cambridge Analytica or selling access to your telecom related personal and professional Digital DNA to a state-owned Chinese company such as BAIDU?”
Lee explained that after three years of research, he’s discovered that typically buried in smartphones and computers – beyond the knowledge of the typical user – are thousands of pages of dense “legalese” that gives providers a right to mine their customers’ personal data, such as contact and calendar information, and email attachments.
“They’re not surveilling and data-mining the user for an email address to sell bubble gum and hamburgers. They’re taking content off of your phone,” he told WND.
If it were the government doing this, he explained, a warrant would be required from a top secret FISA court.
However, by becoming a partner of companies such as Google, the government can collect such personal information.
“It’s way worse than Edward Snowden. Trust me,” he said, referring to the massive government surveillance exposed by the NSA whistleblower.
Through the system Snowden exposed, Prism, the government was collecting “metadata,” Lee pointed out, rather than detailed content.
“They weren’t attaching themselves to the GPS, to be able to turn things on and off. They weren’t collecting your contacts. They couldn’t connect to the address book, couldn’t get to your calendar events and your email,” he explained.
“Pretty much everything you do is being collected, including touchscreen activity and keylogging,” Lee said, referring to software that records keystrokes and is typically used by hackers to access passwords and other confidential information.
He said it requires a “deep dive,” through as many as 14 swipes of a smartphone, to find the user hidden agreements, which total as many as 3,000 pages.
Once he found the user agreements, it took him four months to analyze the dense legal language.
“It’s like having the product warning for cigarettes on the inside of the package,” Lee said.
RELATED STORY: How to stop Google from collecting your info
To vet his analysis, he sent it to Google, Samsung and T-Mobile. They never responded, and he then went to the FCC and filed a complaint. The FCC forced T-Mobile to respond, and the wireless company confirmed his suspicion.
T-Mobile effectively admitted that products that have become necessities in daily life – smartphones, PCs and tablets – are not private nor secure.
T-Mobile’s Privacy Team wrote in 2015 in response to Lee’s complaint: “We, too, remember a time before smartphones when it was reasonable to conclude that when you activated service with T-Mobile that only T-Mobile would have access to our personal information. However, with the Samsung Galaxy Note, the iPhone, and many other devices, there are indeed a variety of parties that may collect and use information.”
Since then, Lee has been warning members of the defense and critical-infrastructure communities and lawmakers.
“These companies are selling products that are not private, nor secure, using deceptive trade practices, possibly via fraud inducement,” Lee told WND.
Their ads, he noted, “don’t tell the consumer that their communications aren’t private and that they will be surveilled and data-mined for financial gain.”
After a meeting with Zuckerberg on Monday, Sen. Bill Nelson, D-Fla., told reporters he’s concerned about Facebook’s “business model.”
“If I am on Facebook and communicating with friends that I like chocolate, do they know of a good chocolate shop,” he said, “and suddenly I have an advertisement pop up chocolates, is that an invasion of my privacy? I think that’s a real question. And that’s their business model.”
Monday morning, Sandy Parakilas, a former Facebook platform operations manager, explained to “CBS This Morning” that the social media platform, from the beginning, “wasn’t built with the safety of users in mind.”
Over time, he said, he “saw some of the risks coming” to user privacy, as did other Facebook managers and executives.
When he heard about the Cambridge Analytica breach, he recalled saying: “Oh no. This is something I tried to raise some alarm about, and now it’s being used for a really devastating purpose.”
Over the weekend, Apple co-founder Steve Wozniak told USA Today he’s leaving Facebook out of growing concern for the carelessness with which Facebook and other Internet companies treat users’ private information.
“Users provide every detail of their life to Facebook and … Facebook makes a lot of advertising money off this,” he said. “The profits are all based on the user’s info, but the users get none of the profits back.”
The New York Times reported Monday a coalition of more than 20 consumer advocacy groups plans to file a complaint with federal officials claiming that YouTube, a subsidiary of Google, has been collecting and profiting from the personal information of young children on its main site, although the company says the platform is meant only for users 13 and older.
And Bloomberg columnist Steven L. Carter wrote Friday that consumers shouldn’t be shocked that the Department of Homeland Security has discovered evidence that cellphone tracking tools are being used by “unauthorized” parties in and around Washington. The devices, often called stingrays, fool a phone’s baseband into believing it is in contact with a cell tower. They can use a phone’s signal to track movements and contacts, and could persuade the phone to turn off its encryption. Federal officials admit that although they can detect the devices, they can’t find them.
On Capitol Hill
Lee is lobbying lawmakers in Washington to propose an Electronic Bill of Rights to “protect consumers and children from companies that employ predatory and exploitative surveillance and data-mining business practices.”
He is targeting Sens. Ted Cruz, R-Texas, and Richard Blumenthal, D-Conn., with his request for congressional action as they prepare to question Facebook CEO Mark Zuckerberg this week.
Zuckerberg, who disclosed last week that up to 87 million users had their data improperly shared, is scheduled to testify before a joint Senate Judiciary and Commerce Committee hearing on Tuesday and before the House Energy and Commerce Committee on Wednesday.
Lee said the staffs of the two senators have shown considerable interest in his discoveries.
But he said he is well aware of the power of the tech giants and their massive teams of lobbyists.
Lee’s analysis already has been used by the Department of Homeland Security for its “Study on Mobile Device Security,” published in April 2017.
“It is time for lawmakers to start passing laws to protect consumers, including children, from data-driven technology providers and manufacturers who employ ‘nontransparent’ predatory surveillance and data-mining business practices,” he said.
China is watching you?
Lee warned that sensitive user data is ending up in the hands of a state-owned Chinese company, BAIDU, regarded as the Google of China, through a pre-installed app in Samsung phones.
Collecting location data is one of the things he discovered the app can do.
“Imagine a CEO for a company being surveilled by a Chinese state-owned company,” he told WND. “Imagine a U.S. general who used an Android device, watching where he’s going and what locations he is at.”
He noted the Fitbit incident with the U.S. Army in which the fitness-oriented tech company posted a heat map showing the locations of soldiers and the black ops that they were running.
Tech giant forced to confess
Product developers themselves are admitting publicly that they purposefully developed addictive products for financial gain, Lee pointed out.
Sean Parker, a co-founder of Facebook and Spotify, was candid in an interview last November with Axios.
“It’s a social-validation feedback loop … exactly the kind of thing that a hacker like myself would come up with, because you’re exploiting a vulnerability in human psychology,” Parker said.
He wondered aloud about the physiological as well as psychological impact.
“God only knows what it’s doing to our children’s brains,” he said.
Parker contends the digital media companies, at the very top, are well aware of what they are doing.
“The inventors, creators – it’s me, it’s Mark [Zuckerberg], it’s Kevin Systrom on Instagram, it’s all of these people – understood this consciously. And we did it anyway.”
Tristan Harris, a former Google app developer, noted the average person checks his or her phone 150 times a day.
“Why do we do this? Are we making 150 conscious choices? One major reason why is the number one psychological ingredient in slot machines: intermittent variable rewards,” he wrote in an essay published on the website of the leading German magazine Der Spiegel.
Harris said “addictiveness is maximized when the rate of reward is most variable.”
“By shaping the menus we pick from, technology hijacks the way we perceive our choices and replaces them with new ones. But the closer we pay attention to the options we’re given, the more we’ll notice when they don’t actually align with our true needs,” he wrote.