tv Inside Story Al Jazeera April 5, 2021 8:30pm-9:00pm +03
8:30 pm
froid last year mr show then is facing charges including 2nd degree murder after handcuffing floyd face down and then nearly on his neck for nearly 9 and a half minutes in may last year and much of the prosecution questioning so far has been focused on practical training and professional standards are making sure that all of us as are accountable for knowing and following the same policies will be bringing you more on that trial live here on out of there when we return but for now let's speak to alan fischer he joins us outside the courthouse in minneapolis and we've been saying this is fairly unusual for a police chief to testify against one of his own presumably chief eridanus one of the more critical witnesses for the prosecution here. it's a big going to have him on the stand as we've said before it's an important cultural moment if you look back over trials like this it is very rare for there to be breaches in what's become known as the blue wall when one police officer will give evidence against another and here we have as one of the key witnesses for the prosecution the actual head of the police service here in minneapolis someone who
8:31 pm
the day after george floyd died called derek shaaban into his office and fire to me said it was a key moment in the history of the department what we've heard from him has largely dealt with the training of police officers chief for ondo has been a police officer for many many years more than 30 years for the last 3 years been the chief here in this city and he said even he goes through training process is he's meant to nor what is in the truly documents he writes some of them but every officer on the beat should also know about that and the key is to treat the community meet them where they are and treat them with dignity and respect and so i suspect what the prosecution here is doing is trying to defeat the argument that the defense will make is that derek shogun was acting within the guidelines laid down by the police in minneapolis when he detained george floyd the way he did and he put him into the position that he did with his knee on. his neck earlier we
8:32 pm
heard from the doctor who had treated george floyd in the emergency room he said he walked on the body for some considerable time but there was no way that he was going to be able to approach produce a heartbeat that would have george floyd breathing operating on his own and so 30 minutes after he was brought in to the hospital he was declared dead he said he died from as fixation that was because he believed that it was caused by a lack of oxygen but he did concede there may have been other issues and fester there with all the very latest for us from outside that courthouse in minneapolis thanks so much allan. well as i was saying we all follow the trial of missed a show in the film the minneapolis police officer who's accused of killing an unarmed black man last year to remind you mr sherman is facing those charges including 2nd degree murder off the handcuffing him face down meaning on his neck for the only 9 and a half minutes we'll have more fuel live here on out of there off to inside story to stay with us.
8:33 pm
it's seen as a golden opportunity for hackers and cyber criminals the 1st settled out of more than a half a 1000000000 facebook users shared online so who is responsible for the security breach and how can users be protected this is inside story. hello and welcome to the program. it may seem safe enough to post your phone number and date of birth on social media but that information could end up being shared all over the web that's what happened to more than half
8:34 pm
a 1000000000 facebook users their personal details were posted online on a website for hackers according to the business insider publication the security breach affects people from $106.00 countries including the u.s. u.k. and india cyber security experts are worried the accounts are subject to identity theft and could be used for fraud and cyber crimes facebook says the data was collected in 2019. it's not the 1st time facebook has been breached and users data exposed online a technical which in 2008 revealed confidential birthdates of 80000000 facebook users in 2013 a software flaw exposed phone numbers and e-mail addresses of 6000000 users in 2018 profile details from 87000000 users were improperly accessed by political data firm can bridge analytical facebook's messaging platform whatsapp had a security breach in 2019 that allowed hackers to install spyware on phones via the apps phone call function and last year its social media accounts were temporarily
8:35 pm
taken over by a group of hackers who said it was an attempt to show cyber vulnerabilities let's have a look at how big a problem the hacking business is a car school study at the university of maryland says there's a hacker attack every 39 seconds i did a theft a spike during the krona virus pandemic with 1400000 reports of such incidents in the u.s. alone last year google has registered more than 2000000 phishing sites as of january 17th this year it's estimated by top 20 $25.00 cybercrime will cost the world more than $10.00 trillion dollars a year and by 2027 it's forecast the cyber security market will be worth more than $400000000000.00. all right let's bring in our guests in washington d.c. jodi westby is chief executive of global cyber risk technology and advisory services firm joining us from must catalina go on to is this a professor in private law must drift university and co-manager a must drift law and tech lab and in berlin caroline sender's visiting researcher
8:36 pm
at wits and bomb institute and fellow at harvard kennedy school jody let me start with you today facebook has said in a statement that this is old data that was previously reported on a 2019 they also said that they had found and fixed this issue in august of 200-1000 but whether or not this issue was fixed by facebook the user data is still out there right. well it's not only out there it's a lot of it is ballad brecht a sort of ballad no matter how old they are some of the personal particulars that were included in this data you know e-mails and phone numbers and birth dates and and other personal affiliations that is still valid data certainly birth dates are and emails and south phone numbers especially are very valuable so for them to just dismiss that this says oh it's all data if we fix this 2 years ago just completely
8:37 pm
shows disrespect for all those 500000000 users those personal identification as is now out there carol you know what's the liability of companies like facebook and other tech giants when it comes to their cyber security standards and when our data breaches and the hacks a sign of negligence. that's a great question so from a data protection perspective also according to the g.d.p. our companies 1st and foremost are going to have an obligation to notify not only the data protection authorities but also the users when they identify that there has been a very considerable harm brought to the users because of these data breaches for instance in the netherlands the fine of not notifying the data protection authority can go up to what 850000 euros that is something that is at least straightforward on the other hand what you are asking about standards that are a political or from the perspective of cyber security that's
8:38 pm
a little bit less clear because from a legal perspective we need to look into contractual liability into tort liability and that is really going to depend on the jurisdiction and perhaps what we could say is that if there is going to be a harm brought to the ball or a bill user because they're going to get scammed due to the fact that as jodi mentioned their e-mail address and their phone number is out there on the internet perhaps there can be a torrent of liability because of this situation or as i said a contractual liability caroline how does this incident differ from other incidents in the past and how significant is it that this data is now on hacking website how much more accessible is it. i would say it's extremely accessible and as troy hunt who runs have even posted which is a great website for people to check if their passwords or e-mails have been our
8:39 pm
private data breach and he noted on twitter that the data set of this person information has been shared many times and it's been now replicated on different websites so at this point it's really out in the public if one website is taken down you know the dataset itself is now replicated in store and other places so what it is it's now a large data set in access of people's personal information that really many people can access and use for a variety of nefarious ways i guess in terms of how it differs it's a lot of it is the size for example and we have to ask about the steps facebook has taken to notify notify the users and also the amount and the different kinds of data that's been shared so it's not just phone numbers it is things like email and things like but initially people's addresses their real names etc so it's a lot of data it's not just for example a password or an e-mail address but a lot more personal and as jodi has said you know valid information about an individual can lead i saw you nodding to
8:40 pm
a lot of what caroline was saying is there's a let me ask you to expand on some of what she was saying 1st of all let me see if you have a reaction when she was saying but secondly i want to ask you i mean what do we know as far as what facebook has done what steps they've taken to notify people whose data has been breached. so i was just in agreement with everything that caroline mentioned because the thing is that as you were also saying earlier facebook says this is old data so this is why we're not going to take any kind of measures but i think what we need to do is take a step back and ask ourselves indeed is this data actually the result of the exploitation of a security vulnerability or is it even worse than that because at least when respecting about a vulnerability that it can be a very sophisticated and maybe jodi has more information about that but if this is a very sophisticated cyber security standard that's one thing but facebook has been using as its graph a.p.i. to give access to a lot of 3rd parties
8:41 pm
a lot of developers to the type of data that caroline was mentioning so that is also very likely that this type of data set is just an aggregated data set based on web scraping and also based on the use of the graph a.p.i. and that's where the liability for us for it facebook could be even multiplied because it happened that in 2018 i believe the information commissioner's office or from of the united kingdom actually find facebook 500000 pounds because of the data sharing practices that led to the came channel atika incident and so did the italian competition authority on a different ground on the ground that facebook has been misleading its consumers with respect to the kind of data sharing standards that it's actually disclosing to the consumers so it's saying one thing but it's doing a completely different thing jodi it seems like every few months we hear about another big hack or data breach whether we're talking about users of social media platforms and their information or whether we're talking about cyber warfare that
8:42 pm
are affecting entire countries and governments from your perspective are people paying enough attention tension are people alarmed by what's going on or as alarmed as they should be. you know it's interesting i think people are alarmed and i'd like to step back just a 2nd though to the cause that thread that you were just on because we have to remember that facebook is under an order from our federal trade commission who find facebook $5000000000.00 for the cambridge analytical problems and breaching its can it's consent order and so it is under an order to have security at bull's security program and so it you know it it it it does have a legal obligation and. they were notified i think in january
8:43 pm
that they were birthdates were able to be seen on users and so when we go forward and look at this we can say well you know that they had noticed yes mistakes can happen there isn't a silver bullet through security but they are notorious for not having good privacy for not having a good governance practices and for violating their own requirements and the f.t.c. consent order so i think all of that has to be considered caroline how much are hackers changing their techniques as cyber security advances and how easy a target are social media sites and feeds. well i'm not really sure if i'm the best person to necessarily answer that but one thing i will say is you know actors are often looking for any and all kinds of vulnerabilities be it you know white hat hackers or black out ones you know with with the creation of a bug bounties trying to actually find vulnerabilities in terms of fix them that's
8:44 pm
pretty normal but i think it's important to remember and actually point out the amount of personal data that social social media platforms collect on people in the amount of data they actually request so for example with facebook facebook was repeatedly requesting people's phone numbers in terms of things like factor authentication so another way for a user to try to add a little more security to their account and then as wife had pointed out those phone numbers ended up being used or were targeted at so i think it's incredibly important to point out that there's a lot of information people place into social media and then are also given in terms to verify their account 6 that trust and that kind of personal information is are things when leaked again as joe does point out call that calling it valid information it's information that one flea is incredibly difficult for user to change or augment it it's different and the a slightly easier to change
8:45 pm
a password but how do you change your birthdate for example or your social security number or your address or your phone number those things are much more stickier and harder and personal people actually need that kind of information to function right in any different as a society that or a city that they're existing and so you know we have to also look at how class forums in general big tech companies are requesting information how they're storing it why they're requesting it and also what they're using it for and facebook is you know when we can we can point out many different different examples of of facebook misusing the data that they access even on. catalina are breaches of this magnitude being reported to data protection authorities and which of the data protection authorities are the ones that would take measures to him to try and ensure this doesn't happen again so when it comes to data protection authorities in principle if you look at also the data that was reported to have been leaked in the
8:46 pm
past days you can see that there is a plethora of countries and jurisdictions that have victims or that have users on their territories who have been affected by this leak now in principle facebook should be reporting this type of situation to all of these data protection authorities wherever they exist however the problem is also that these authorities are very often completely overburdened with the type of harms that happen on digital markets and although there is a legal framework for the reporting and there is a legal framework for even the cooperation between different data protection authorities so for instance the g.d.p. are even has a chapter a full chapter on that how different national data protection authorities can operate and can exchange information so that they can have joint investigations that at the end of the day and it just boils down to the kind of resources that these agencies have and this is what happens in practice is that
8:47 pm
a lot of these data protection authorities simply are not going to take that many measures depending on the jurisdiction and this leans the citizens and and the consumers completely vulnerable and this is why i would like to also mention that citizens can even take another type. of path to protect themselves and that is collective actions and we're going to see more of that in the european union as a 2023 when a new directive is going to come into force judy what do you think will be more collective actions taken in the u.s. . oh yes there will be a class action lawsuit and depending on whether this has an impact on facebook you know they are already have had shareholder derivative suits filed against their board and securities class action suits and so it'll be interesting to see whether another round based on this incident gets gets started but the plaintiff's bar is
8:48 pm
definitely awake and very alert to these types of incidents caroline is is facebook and her other you know media companies doing enough to allay the fears of users right now i would say probably not if facebook's reaction to for example this this leak in particular is to say that this information is old and not necessarily highlight or take take ownership over how much data has been leaked and no that's not enough right and you know we see a variety of different kinds of harms coming out platforms from. you know how networks islands and harassment to proliferate on platforms from spaces where we see conspiracy theories sort of launching and coming into the major trends in campaigns and then in this case to where we see like major data breaches with kind of either a hand waving as
8:49 pm
a term of reaction or you know not necessarily quit or taking the steps of of how this happened and how it could be fixed so my my response would be no not enough ken let me ask you something that i asked jody earlier as well i mean from your vantage point do you think that you know people are as alarmed as they should be when it comes to these breaches or have they become accustomed to hearing about them are they worried about you know the cyber warfare that's been going on that's affecting you know countries around the world and governments around the world as well. i believe that consumers do not know and to not realize nearly as much as they ought to when it comes to the kind of harms that they open themselves to when they do decide because this is also a matter of personal a personal decision making to share a lot of information with facebook's i'm not even speaking about the information that caroline was mentioning the fact that facebook would ask for for instance the phone number for one purpose and then maybe misuse it but
8:50 pm
a lot of users also have tonight the tapes thinking that any kind of information any kind of personal data that they share is going to be safe on facebook however what we see is that especially for consumers there is going to be a massive honorability 'd in terms of the type of social engineering that can be done on the basis of these types of data sets bought or shared on the dark web or on hacker forums because a lot of elderly populations especially are going to fall prey to the type of phone calls that will use some of these data points to gain the trust of that particular user and then basically deeply let's say the savings an 80 year old and this type of activity is now so incredibly popular criminally speaking that even you tubers are now launching you tube channels and and twitch channels where they actually play the elderly and then they try to play with the social scammers so it's
8:51 pm
a tremendous risk and i think that we really need to do more as a society also to just educate our population on these kind of harms jodi i saw you nodding along somewhat catalina was saying did you want to jump in. well just that that i fully agree i don't think that people are as aware. as to all the exploits that something that can be done performed using your personal information the list has ground significantly it's not just identity theft anymore and so i think people are somewhat. become somewhat immune to hearing about this but then they realize that the harm is out there because it's the person that ultimately has to unravel the damage to their lives. but it's it's also that we don't have enough action by government officials to really come down and hammer companies on this because they just this just keeps happening and
8:52 pm
companies just simply aren't spending the money they need to spend to put in the right kinds of security programs so i think it's a lot of things it's that consumers who don't really understand the environment it's everyone have going oh another one of those events and then also the government's just not being as strict and and in forcing everything we possibly can and after these incidents occur carolyn i also saw you reacting to some what jodi was saying right now did you want to add to that. sure and to give an example of of of of how i think consumers either aren't aware or maybe it doesn't enter their periphery enough and it's me on my harassment research work i do one of the things we've been looking at is how do you how do you encourage people to take preventative steps toward harassment and that's very linked to security for example of of having more security or privacy protocols of such
8:53 pm
a up once passwords frequently of doing things like 2 factor authentication of regularly removing their data from the internet by using things like delete me and really you can tell people a series of steps to engage and but it doesn't actually really seem to register with the users the that something to do until they face harm until they have to respond to a harm that they face to then engage in those actions so it's i think it's a very similar thing when we talk about these data breaches of until someone faces perhaps more direct harm from the data breach do they realize how it's linked to their information being put out there and that is that is a problem when we're trying to create things like preventative education for example if the if the only response is once you face the harm you understand the level of it catalina from from your perspective what are the steps sort of the concrete steps that could be taken you know to really help with this kind of situation to really educate people to try to make sure this doesn't happen again. i think a soprano a situational perspective just to echo what jody was saying i think that it would
8:54 pm
be very important for consumer protection authorities data protection authorities even competition authorities to launch themselves into more public campaigns just awareness campaigns to reach all of these users and to perhaps really push the message that indeed it is very important to be more hygene it when it comes to internet use and this is a this is a problem right now that you see that all of these institutions are not only underfunded when it comes to or relatively to the nature and the scope of parm that we see on to the markets but they also remain quite essentially national so we have in the european union now the g.d.p. r and as i was mentioning we have these coordination and cooperation frameworks but the problem is that these harms are international they are transnational yet everything that we do it just remains national and i think that that's that's just something that we need to tackle and we need to figure out how to deal with in the
8:55 pm
future a majority if we can take a step back for a moment and look at a theme that keeps coming up in our discussion today i mean this all really shows that the lifespan of a breach or a hack it really just goes on and on doesn't. it does and you know it really highlights the need for cyber due diligence and mergers and acquisitions because when you buy a company you buy all of its previous breaches you buy all of its vulnerabilities and that is something many of us have talked about but it also just highlights the need for. companies to just in general and or stand that just because something happened a year or 2 ago doesn't mean that problem is over like facebook seems to thank best it's old news that old data and we also have to remember too that intelligence agencies from all over the world are going to be all over this data because this gives them a lot of very useful data about a high volume of users in countries around the world and so there's
8:56 pm
a another reason the u.s. government should be all over facebook and saying get this information secure and we can't have this kind of data leakage it's it's just a very compact plex problem that has so many different. quails if you will that can they can reach out and and impact people and governments and society that it's very problematic and it highlights the need for cyber security to be taken more seriously by everybody individuals companies and governments catalina v new privacy laws that have come into existence and parts of europe and parts of the united states how much of an impact are they going to have on social media companies going forward. so what we've seen is that the g.d.p. our for instance has been ad really counted as a gold standard and privacy but there have also been some some opinions according
8:57 pm
to which the f.t.c. actually has been really trying to enforce the national or let's say federal standards of privacy and the u.s. in a much more in a much more but let's say impactful way than the data protection authorities have done in the european union so on the one hand it's an interesting development also fall from a legal perspective but on the other hand it's also a short of what we still need and to also just build and what was mentioning it was mentioned before and i think that perhaps some stringent rules on a cybersecurity and also the idea of ok what are the standards what are the official legal standards that any social media company ought to fulfill from a security perspective not some high a so you know standardization approaches that just signal industry compliance but actual legal standards that can hold these companies accountable for the fact that
Documents
8:58 pm
they are downplaying the role of cyber security in their operations there's a book by bruce schneier which i absolutely love it's called click here to kill everybody and i think it's really a great metaphor for what's happening right now if people and specially companies are getting very ignorant when it comes to their operations and the cyber security stuff they need to comply with all right we've run out of times we're going to have to leave the conversation there thank you so much to all of our guests jody west because lena go on to and caroline cinders. and thank you for watching you can see the program again any time a visiting our website al jazeera dot com and for further discussion go to our facebook page that's facebook dot com forward slash a.j. inside story you can also join the conversation on twitter our handle is at a.j. and sad story for me my material in the hall of fame here i found out.
8:59 pm
most people will never know what's beyond these still. deafening silence this $100.00 unfolds how it feels to touch danger free day. most people live in knowing what it's like to work with every breath scripts. with . it's not an option. but when most people. xenophobia violent and beating the drum for an ethnic civil war in the heart of europe. generation identity was at one time the fastest growing far right
9:00 pm
organization on the continent now watch the investigation that led to the french government banning the group. generation 8. part one of a special 2 part investigation on the. this is al jazeera. hello there on the stand here 10 you're watching our special coverage of the matter trial of derek shows and he's a former u.s. police officer accused of murdering george szell as the african american man died after shave and knelt on has an echo after detaining him.
43 Views
Uploaded by TV Archive on